LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices


Reply
  Search this Thread
Old 06-17-2018, 07:24 AM   #1
mahmoodn
Member
 
Registered: May 2010
Posts: 426

Rep: Reputation: 16
http works but https doesn't work


I have added the following entry in the apache2 config file:

Code:
mahmood@ce:~$ cat /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        <Directory "/var/www/html/shb">
           Options Indexes FollowSymLinks
           AllowOverride All
           Order allow,deny
           Allow from all
           Require all granted
        </Directory>
</VirtualHost>
When I enter http://w.x.y.z/shb, I see the website and everything is fine.

Now, I added the same entry with some certificate files in the ssl default config file as below:
Code:
mahmood@ce:~$ cat /etc/apache2/sites-available/default-ssl.conf
<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@localhost

                DocumentRoot /var/www/html
                <Directory "/var/www/html/shb">
                       Options Indexes FollowSymLinks
                       AllowOverride All
                       Order allow,deny
                       Allow from all
                       Require all granted
                </Directory>

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
                SSLEngine on
                SSLCertificateFile    /root/scu/cert/files/certificate-standard_wildcard.FQDN.crt
                SSLCertificateKeyFile /root/scu/cert/files/certificate-standard_wildcard.FQDN.key
                SSLCertificateChainFile /root/scu/cert/files/intermediate.crt
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
                BrowserMatch "MSIE [2-6]" \
                                nokeepalive ssl-unclean-shutdown \
                                downgrade-1.0 force-response-1.0
                # MSIE 7 and newer should be able to use keepalive
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

        </VirtualHost>
</IfModule>
The certificates files exist. When I enter https://w.x.y.z/shb, it doesn't show the webpage and after a minute, it will end up with secure connection fail.

any idea?

Last edited by mahmoodn; 06-17-2018 at 07:25 AM.
 
Old 06-17-2018, 08:25 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,265

Rep: Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690
Hi,

You also need to enable mod_ssl and the https vhost:
Code:
sudo a2enmod ssl
sudo a2ensite default-ssl.conf
Regards
 
Old 06-17-2018, 12:43 PM   #3
mahmoodn
Member
 
Registered: May 2010
Posts: 426

Original Poster
Rep: Reputation: 16
OK I did
Code:
mahmood@ce:~$ sudo a2enmod ssl
[sudo] password for mahmood:
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
  service apache2 restart
mahmood@ce:~$ sudo a2ensite default-ssl.conf
Enabling site default-ssl.
To activate the new configuration, you need to run:
  service apache2 reload
mahmood@ce:~$ sudo service apache2 restart
 * Restarting web server apache2                                                                   [ OK ]
mahmood@ce:~$

But still I get secure connection failed from my laptop from remote.
 
Old 06-17-2018, 12:48 PM   #4
mahmoodn
Member
 
Registered: May 2010
Posts: 426

Original Poster
Rep: Reputation: 16
On the server, I ran wget on the FQDN. As you can see there are two things:
1- it can fetch from https
2- it redirects to http
Code:
mahmood@ce:~$ wget https://w.x.y.z/shb
--2018-06-17 22:10:00--  https://w.x.y.z/shb
Resolving w.x.y.z (w.x.y.z)... 192.168.168.180
Connecting to w.x.y.z (w.x.y.z)|192.168.168.180|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://w.x.y.z/shb/ [following]
--2018-06-17 22:10:01--  https://w.x.y.z/shb/
Reusing existing connection to w.x.y.z:443.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://w.x.y.z/shb/ [following]
--2018-06-17 22:10:01--  http://w.x.y.z/shb/
Connecting to w.x.y.z (w.x.y.z)|192.168.168.180|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘shb’

    [ <=>                                                             ] 26,591      --.-K/s   in 0s

2018-06-17 22:10:01 (284 MB/s) - ‘shb’ saved [26591]
 
Old 06-17-2018, 01:29 PM   #5
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,265

Rep: Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690
Quote:
On the server, I ran wget on the FQDN. As you can see there are two things:
1- it can fetch from https
2- it redirects to http
Could be that there is a .htaccess or similar, redirecting https to http.
You need to also use ServerName in both http and https vhosts and make sure that he hostname(s) used can be resolved to the IP of your server.
 
Old 06-17-2018, 02:02 PM   #6
mahmoodn
Member
 
Registered: May 2010
Posts: 426

Original Poster
Rep: Reputation: 16
There is no sign of redirection
Code:
mahmood@ce:~$ cat /var/www/html/shb/.htaccess
Options +FollowSymLinks
RewriteEngine On

AddEncoding gzip .gz
AddEncoding gzip .gzip
<FilesMatch "\.(js.gz|js.gzip)$">
  ForceType text/javascript
</FilesMatch>
<FilesMatch "\.(css.gz|css.gzip)$">
  ForceType text/css
</FilesMatch>

<Files CHANGELOG.txt>
deny from all
</Files>
<Files INSTALL.txt>
deny from all
</Files>
<Files UPDATE.txt>
deny from all
</Files>



RewriteCond %{REQUEST_URI} !^/index\.php
RewriteCond %{REQUEST_URI} !/ow_updates/index\.php
RewriteCond %{REQUEST_URI} !/ow_updates/classes
RewriteCond %{REQUEST_URI} !/ow_cron/run\.php
RewriteCond %{REQUEST_URI} !/ow_cron/run\.php
RewriteCond %{REQUEST_URI} !/e500\.php
RewriteCond %{REQUEST_URI} !/captcha\.php
#RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.xml|\.feed|robots\.txt|\.raw|/[^.]*)$  [NC]
RewriteCond %{REQUEST_FILENAME} (/|\.php|\.html|\.htm|\.xml|\.feed|robots\.txt|\.raw|/[^.]*)$  [NC]
RewriteRule (.*) index.php
Can you give an example about ServerName for both vhosts?
 
Old 06-18-2018, 12:05 AM   #7
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,265

Rep: Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690Reputation: 1690
Quote:
There is no sign of redirection
...
Well I thought it should be in .htaccess because it wasn't in the ssl vhost definition posted in your OP.
Anyway if you have https-->http, then there should be a redirect/rewrite. Perhaps it's in a .htaccess in an upstream directory or in some apache config file, so look recursively for .htaccess under /var/www or for redirect/rewrite code in the config files under /etc/apache2.

I don't know what is this shb you're trying to use, but you should read its documentation to see if it's doing some fancy stuff re. https.


Quote:
Can you give an example about ServerName for both vhosts?
D,oh. The ServerName directive could be the same for both http and https vhosts. It's up to you to decide what you want.
Just make sure that the name you pick, could be resolved back to your server, i.e. using the following in /etc/hosts:
Code:
192.168.168.180 www.domain.com
Then in this case, it should be:
Code:
ServerName www.domain.com
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Enabling apache compression - http works, https doesn't summersab Linux - Server 2 07-13-2017 06:10 PM
can't access https but http works fine through route-map ->squid proxy erion Linux - Newbie 7 12-19-2012 11:57 AM
An alias works for http and https (i donīt want it) albinworld Linux - Server 1 01-20-2009 02:41 PM
Firefox - HTTPS works, but HTTP doesn't, any ideas? (Newbie question) RichardDarling Linux - Networking 2 11-03-2005 08:23 AM
https works, but not http squeaks_27 Linux - Networking 1 05-31-2005 08:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu

All times are GMT -5. The time now is 07:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration