I can't seem to get SSL to work. When I point my browser to
https://FQDN.com I get an unable to connect error message. While posting this I realized I don't have an <ifmodule> for php, but I'm not there yet. In my error log I receive the following error:
[Wed May 14 21:01:52.268088 2014] [core:emerg] [pid 1012:tid 3069626112] (22)Invalid argument: AH00024: Couldn't set permissions on the ssl-cache mutex; check User and Group directives
AH00016: Configuration Failed
I tried using SSLMutex directive but then it won't start claiming I misspelled SSLMutex.
Anyway here is my httpd.conf:
[edit]
# httpd.conf
ServerName 192.168.1.3
ServerRoot "/usr"
PidFile /var/run/httpd.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxClients 150
MaxRequestsPerChild 0
Listen 80
<IfModule unixd_module>
User apache
Group apache
</IfModule>
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy all
</Files>
DefaultType None
HostnameLookups Off
ErrorLog /var/log/httpd/error_log
LogLevel warn
LoadModule unixd_module lib/httpd/modules/mod_unixd.so
LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so
LoadModule access_compat_module lib/httpd/modules/mod_access_compat.so
LoadModule authn_core_module lib/httpd/modules/mod_authn_core.so
LoadModule authz_host_module lib/httpd/modules/mod_authz_host.so
LoadModule authz_groupfile_module lib/httpd/modules/mod_authz_groupfile.so
LoadModule authz_core_module lib/httpd/modules/mod_authz_core.so
LoadModule auth_basic_module lib/httpd/modules/mod_auth_basic.so
LoadModule reqtimeout_module lib/httpd/modules/mod_reqtimeout.so
LoadModule mime_module lib/httpd/modules/mod_mime.so
LoadModule setenvif_module lib/httpd/modules/mod_setenvif.so
LoadModule ssl_module lib/httpd/modules/mod_ssl.so
LoadModule mpm_event_module lib/httpd/modules/mod_mpm_event.so
LoadModule status_module lib/httpd/modules/mod_status.so
LoadModule autoindex_module lib/httpd/modules/mod_autoindex.so
LoadModule vhost_alias_module lib/httpd/modules/mod_vhost_alias.so
LoadModule negotiation_module lib/httpd/modules/mod_negotiation.so
LoadModule dir_module lib/httpd/modules/mod_dir.so
LoadModule alias_module lib/httpd/modules/mod_alias.so
LoadModule php5_module lib/httpd/modules/libphp5.so
<IfModule alias_module>
#add aliases
</IfModule>
<IfModule autoindex_module>
IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
</IfModule>
<IfModule negotiation_module>
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no p pt pt-BR ru sv tr
ForceLanguagePriority Prefer Fallback
</IfModule>
<IfModule reqtimeout_module>
RequestReadTimeout header=20-40,minrate=500
RequestReadTimeout body=10,minrate=500
</IfModule>
<IfModule setenvif_module>
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^gvfs/1" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCMI" redirect-carefully
BrowserMatch "Konqueror/4" redirect-carefully
</IfModule>
<IfModule ssl_module>
Listen 443
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/run/httpd/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLProtocol all -SSLv2
# SSLMutex file:/var/run/httpd/ssl_mutex
SSLCertificateFile /etc/ssl/certs/webserver.pem
SSLCertificateKeyFile /etc/ssl/private/webserver.pem
# <FilesMatch "\.(cgi|shtml|phtml|php)$">
# SSLOptions +StdEnvVars
# </FilesMatch>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
<VirtualHost *:443>
SSLEngine on
ServerAdmin webmaster@localhost
DocumentRoot /home/www/secure
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
</IfModule>
<IfModule status_module>
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 192.0.2.0/24
</Location>
</IfModule>
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /home/www/data
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/www/data>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
As always any help is appreciated.
Thanks
Here is the final version that worked:
# httpd.conf
ServerName 192.168.1.3
ServerRoot "/usr"
PidFile /var/run/httpd.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxClients 150
MaxRequestsPerChild 0
Mutex default:/var/run
Listen 80
#<IfModule unixd_module>
User apache
Group apache
#</IfModule>
#Don't know why I had to comment out the above ifmodule block but I did and that fixed my ssl situation.
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy all
</Files>
DefaultType None
HostnameLookups Off
ErrorLog /var/log/httpd/error_log
LogLevel warn
LoadModule unixd_module lib/httpd/modules/mod_unixd.so
LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so
LoadModule access_compat_module lib/httpd/modules/mod_access_compat.so
LoadModule authn_core_module lib/httpd/modules/mod_authn_core.so
LoadModule authz_host_module lib/httpd/modules/mod_authz_host.so
LoadModule authz_groupfile_module lib/httpd/modules/mod_authz_groupfile.so
LoadModule authz_user_module lib/httpd/modules/mod_authz_user.so
LoadModule authz_core_module lib/httpd/modules/mod_authz_core.so
LoadModule auth_basic_module lib/httpd/modules/mod_auth_basic.so
LoadModule reqtimeout_module lib/httpd/modules/mod_reqtimeout.so
LoadModule mime_module lib/httpd/modules/mod_mime.so
LoadModule setenvif_module lib/httpd/modules/mod_setenvif.so
LoadModule ssl_module lib/httpd/modules/mod_ssl.so
LoadModule mpm_event_module lib/httpd/modules/mod_mpm_event.so
LoadModule status_module lib/httpd/modules/mod_status.so
LoadModule autoindex_module lib/httpd/modules/mod_autoindex.so
LoadModule vhost_alias_module lib/httpd/modules/mod_vhost_alias.so
LoadModule negotiation_module lib/httpd/modules/mod_negotiation.so
LoadModule dir_module lib/httpd/modules/mod_dir.so
LoadModule alias_module lib/httpd/modules/mod_alias.so
LoadModule php5_module lib/httpd/modules/libphp5.so
LoadModule authn_file_module lib/httpd/modules/mod_authn_file.so
<IfModule alias_module>
#add aliases
</IfModule>
<IfModule autoindex_module>
IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
</IfModule>
<IfModule negotiation_module>
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no p pt pt-BR ru sv tr
ForceLanguagePriority Prefer Fallback
</IfModule>
<IfModule reqtimeout_module>
RequestReadTimeout header=20-40,minrate=500
RequestReadTimeout body=10,minrate=500
</IfModule>
<IfModule setenvif_module>
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^gvfs/1" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCMI" redirect-carefully
BrowserMatch "Konqueror/4" redirect-carefully
</IfModule>
<IfModule ssl_module>
Listen 443
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/run/httpd/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLProtocol all -SSLv2
# SSLMutex file:/var/run/httpd/ssl_mutex
SSLCertificateFile /etc/ssl/certs/webserver.pem
SSLCertificateKeyFile /etc/ssl/private/webserver.pem
# <FilesMatch "\.(cgi|shtml|phtml|php)$">
# SSLOptions +StdEnvVars
# </FilesMatch>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
<VirtualHost *:443>
SSLEngine on
ServerAdmin webmaster@localhost
DocumentRoot /home/www/secure
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
</IfModule>
<IfModule status_module>
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 192.0.2.0/24
</Location>
</IfModule>
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /home/www/data
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/www/data>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>