LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 05-14-2014, 06:16 PM   #1
pettijohne
LQ Newbie
 
Registered: Mar 2014
Distribution: Slackware 14.1, LinuxMint 16
Posts: 16

Rep: Reputation: Disabled
SSL on Apache


I can't seem to get SSL to work. When I point my browser to https://FQDN.com I get an unable to connect error message. While posting this I realized I don't have an <ifmodule> for php, but I'm not there yet. In my error log I receive the following error:

[Wed May 14 21:01:52.268088 2014] [core:emerg] [pid 1012:tid 3069626112] (22)Invalid argument: AH00024: Couldn't set permissions on the ssl-cache mutex; check User and Group directives
AH00016: Configuration Failed
I tried using SSLMutex directive but then it won't start claiming I misspelled SSLMutex.

Anyway here is my httpd.conf:
[edit]
# httpd.conf
ServerName 192.168.1.3
ServerRoot "/usr"
PidFile /var/run/httpd.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxClients 150
MaxRequestsPerChild 0
Listen 80
<IfModule unixd_module>
User apache
Group apache
</IfModule>

AccessFileName .htaccess

<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy all
</Files>

DefaultType None
HostnameLookups Off
ErrorLog /var/log/httpd/error_log
LogLevel warn

LoadModule unixd_module lib/httpd/modules/mod_unixd.so
LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so
LoadModule access_compat_module lib/httpd/modules/mod_access_compat.so
LoadModule authn_core_module lib/httpd/modules/mod_authn_core.so
LoadModule authz_host_module lib/httpd/modules/mod_authz_host.so
LoadModule authz_groupfile_module lib/httpd/modules/mod_authz_groupfile.so
LoadModule authz_core_module lib/httpd/modules/mod_authz_core.so
LoadModule auth_basic_module lib/httpd/modules/mod_auth_basic.so
LoadModule reqtimeout_module lib/httpd/modules/mod_reqtimeout.so
LoadModule mime_module lib/httpd/modules/mod_mime.so
LoadModule setenvif_module lib/httpd/modules/mod_setenvif.so
LoadModule ssl_module lib/httpd/modules/mod_ssl.so
LoadModule mpm_event_module lib/httpd/modules/mod_mpm_event.so
LoadModule status_module lib/httpd/modules/mod_status.so
LoadModule autoindex_module lib/httpd/modules/mod_autoindex.so
LoadModule vhost_alias_module lib/httpd/modules/mod_vhost_alias.so
LoadModule negotiation_module lib/httpd/modules/mod_negotiation.so
LoadModule dir_module lib/httpd/modules/mod_dir.so
LoadModule alias_module lib/httpd/modules/mod_alias.so
LoadModule php5_module lib/httpd/modules/libphp5.so

<IfModule alias_module>
#add aliases
</IfModule>

<IfModule autoindex_module>
IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
</IfModule>

<IfModule negotiation_module>
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no p pt pt-BR ru sv tr
ForceLanguagePriority Prefer Fallback
</IfModule>

<IfModule reqtimeout_module>
RequestReadTimeout header=20-40,minrate=500
RequestReadTimeout body=10,minrate=500
</IfModule>

<IfModule setenvif_module>
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^gvfs/1" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCMI" redirect-carefully
BrowserMatch "Konqueror/4" redirect-carefully
</IfModule>

<IfModule ssl_module>
Listen 443
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/run/httpd/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLProtocol all -SSLv2
# SSLMutex file:/var/run/httpd/ssl_mutex
SSLCertificateFile /etc/ssl/certs/webserver.pem
SSLCertificateKeyFile /etc/ssl/private/webserver.pem
# <FilesMatch "\.(cgi|shtml|phtml|php)$">
# SSLOptions +StdEnvVars
# </FilesMatch>

BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

<VirtualHost *:443>
SSLEngine on
ServerAdmin webmaster@localhost
DocumentRoot /home/www/secure
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
</IfModule>

<IfModule status_module>
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 192.0.2.0/24
</Location>
</IfModule>

<VirtualHost *:80>
ServerAdmin webmaster@localhost

DocumentRoot /home/www/data
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/www/data>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
As always any help is appreciated.

Thanks

Here is the final version that worked:
# httpd.conf
ServerName 192.168.1.3
ServerRoot "/usr"
PidFile /var/run/httpd.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxClients 150
MaxRequestsPerChild 0
Mutex default:/var/run
Listen 80
#<IfModule unixd_module>
User apache
Group apache
#</IfModule>
#Don't know why I had to comment out the above ifmodule block but I did and that fixed my ssl situation.
AccessFileName .htaccess

<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy all
</Files>

DefaultType None
HostnameLookups Off
ErrorLog /var/log/httpd/error_log
LogLevel warn

LoadModule unixd_module lib/httpd/modules/mod_unixd.so
LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so
LoadModule access_compat_module lib/httpd/modules/mod_access_compat.so
LoadModule authn_core_module lib/httpd/modules/mod_authn_core.so
LoadModule authz_host_module lib/httpd/modules/mod_authz_host.so
LoadModule authz_groupfile_module lib/httpd/modules/mod_authz_groupfile.so
LoadModule authz_user_module lib/httpd/modules/mod_authz_user.so
LoadModule authz_core_module lib/httpd/modules/mod_authz_core.so
LoadModule auth_basic_module lib/httpd/modules/mod_auth_basic.so
LoadModule reqtimeout_module lib/httpd/modules/mod_reqtimeout.so
LoadModule mime_module lib/httpd/modules/mod_mime.so
LoadModule setenvif_module lib/httpd/modules/mod_setenvif.so
LoadModule ssl_module lib/httpd/modules/mod_ssl.so
LoadModule mpm_event_module lib/httpd/modules/mod_mpm_event.so
LoadModule status_module lib/httpd/modules/mod_status.so
LoadModule autoindex_module lib/httpd/modules/mod_autoindex.so
LoadModule vhost_alias_module lib/httpd/modules/mod_vhost_alias.so
LoadModule negotiation_module lib/httpd/modules/mod_negotiation.so
LoadModule dir_module lib/httpd/modules/mod_dir.so
LoadModule alias_module lib/httpd/modules/mod_alias.so
LoadModule php5_module lib/httpd/modules/libphp5.so
LoadModule authn_file_module lib/httpd/modules/mod_authn_file.so
<IfModule alias_module>
#add aliases
</IfModule>

<IfModule autoindex_module>
IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
</IfModule>

<IfModule negotiation_module>
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no p pt pt-BR ru sv tr
ForceLanguagePriority Prefer Fallback
</IfModule>

<IfModule reqtimeout_module>
RequestReadTimeout header=20-40,minrate=500
RequestReadTimeout body=10,minrate=500
</IfModule>

<IfModule setenvif_module>
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^gvfs/1" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCMI" redirect-carefully
BrowserMatch "Konqueror/4" redirect-carefully
</IfModule>

<IfModule ssl_module>
Listen 443
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/run/httpd/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLProtocol all -SSLv2
# SSLMutex file:/var/run/httpd/ssl_mutex
SSLCertificateFile /etc/ssl/certs/webserver.pem
SSLCertificateKeyFile /etc/ssl/private/webserver.pem
# <FilesMatch "\.(cgi|shtml|phtml|php)$">
# SSLOptions +StdEnvVars
# </FilesMatch>

BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

<VirtualHost *:443>
SSLEngine on
ServerAdmin webmaster@localhost
DocumentRoot /home/www/secure
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
</IfModule>

<IfModule status_module>
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 192.0.2.0/24
</Location>
</IfModule>

<VirtualHost *:80>
ServerAdmin webmaster@localhost

DocumentRoot /home/www/data
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/www/data>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>

Last edited by pettijohne; 05-14-2014 at 09:29 PM. Reason: solved
 
Old 05-14-2014, 06:44 PM   #2
willysr
Senior Member
 
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 4,763

Rep: Reputation: 1862Reputation: 1862Reputation: 1862Reputation: 1862Reputation: 1862Reputation: 1862Reputation: 1862Reputation: 1862Reputation: 1862Reputation: 1862Reputation: 1862
Did you uncomment this line?

Code:
# Secure (SSL/TLS) connections
#Include /etc/httpd/extra/httpd-ssl.conf
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache with SSL does not load the 2nd SSL certificate janstapel Linux - Newbie 1 06-17-2010 09:32 PM
[SOLVED] ssl.conf and multiple ssl certificastes on Apache kaoticsnow Linux - Server 22 04-08-2010 11:52 PM
SSL Servers vs Apache SSL mlewis Linux - Networking 2 04-02-2008 10:13 AM
Apache 1.3.33 (debian built) and Apache SSL does not respond to the proper ports lqorg_user Linux - Networking 0 11-06-2005 04:11 PM
apache and apache-ssl questions merana Debian 4 03-10-2005 10:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 07:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration