You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Chris Dagnon <ch...@isthmusgroup.com> on 2006/08/25 18:11:23 UTC

Re: [users@httpd] Add SSL + https to Apache2 Proxied site - won't start!

Thanks for that hint - I didn't think to check log files since it didn't
start.  error.log said the app's log file couldn't be created so I updated
that location to match my previous values.  Victim of cut-and-paste-itis.

But I'm back to 'can't establish a connection to the server at...' when
trying to reach the SSL'd site from Firefox.  With apache2's stop and
start I continue to see:

   apache2: Could not determine the server's fully qualified domain name,
using 127.0.1.1 for ServerName (sic)

This is Ubuntu 6, and it automatically put a hosts entry of 127.0.1.1 to
the machine's name which explains the odd IP, but what I have for the
VirtualHost *:443's ServerName is also sitting in the hosts file on the
line for 127.0.0.1, just like the PHP site's name which works fine.  I
also tried commenting out the VirtualHost *:80's entry in case there was
forwarding confusion, but that tag actually works forwarding the http to
https.

The only intelligent question I can ask is: could Apache2 be confused
because I have an https proxied to an http://localhost:3000/ ?  I wouldn't
think so, but maybe ProxyPass/Reverse forwards the encrypted request
instead of decrypting it and passing it along..?

Thanks again,

-Chris

Joshua Slive said:
> On 8/24/06, Chris Dagnon <ch...@isthmusgroup.com> wrote:
>> Hello all,
>>
>> I've been using a site configured to Proxy requests to another port for
>> one ServerName and another on the same Apache2 directly serving PHP
>> pages.
>>  That's been working fine.  But now I want to add SSL to the proxied
>> pages
>> and it isn't going so smoothly.  I had hints from a coworker and tried
>> integrating that with my existing vhost files, but even at the best of
>> times Apache2 fails startup.
>
> What does the error log say?
>
> Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Alias/RewriteRule/ProxyPass/SSL - how do they coexist?

Posted by Devraj Mukherjee <de...@gmail.com>.

UseCanonicalNames Off

On 8/26/06, Chris Dagnon <ch...@isthmusgroup.com> wrote:
> Here is hopefully a succinct re-statement of my current problem:
>
> I had a website setup and it was working fine using VirtualHost ProxyPass
> to forward to another port and a server-level Alias+Directory pair to
> forward all image requests to a concrete, common directory.
>
> Now that I've added SSL into the mix, and the Alias never seems to be
> triggered for that site, though it is for a non-SSL site.  My newest
> question is wondering if it is because there is one VirtualHost *:80 with
> a RewriteRule with [R,L].  That should be fine since it is forwarding on
> to the VirtualHost *:443 rules.  But again, the Alias isn't getting
> triggered.
>
> I did try replacing [R,L] with variations including PT as mod_rewrite's
> docs suggest, but saw no changes after restarting Apache2.  I also tried
> moving and copying the Alias w/wo Directory into VirtualHost *:443 and
> before it, with no change seen.
>
> Is there anyway I can have Apache2 and/or it's mods do some painfully
> detailed logging so I can determine just what logic and what order
> everything is being processed?  I'm down to it being an interaction with
> SSL but that doesn't make sense to me.  Of course there are a couple
> warnings in the console on Apache2 startup, but nothing in the logs about
> those problems.
>
>   -      apache2: Could not determine the server's fully qualified domain
> name, using 127.0.0.1 for ServerName
>   -      [Fri Aug...] [warn] NameVirtualHost *:80 has no VirtualHosts
>
>
> Thanks for ideas on where to look or how to resolve this!
>
> -Chris
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] Alias/RewriteRule/ProxyPass/SSL - how do they coexist?

Posted by Chris Dagnon <ch...@isthmusgroup.com>.

Here is hopefully a succinct re-statement of my current problem:

I had a website setup and it was working fine using VirtualHost ProxyPass
to forward to another port and a server-level Alias+Directory pair to
forward all image requests to a concrete, common directory.

Now that I've added SSL into the mix, and the Alias never seems to be
triggered for that site, though it is for a non-SSL site.  My newest
question is wondering if it is because there is one VirtualHost *:80 with
a RewriteRule with [R,L].  That should be fine since it is forwarding on
to the VirtualHost *:443 rules.  But again, the Alias isn't getting
triggered.

I did try replacing [R,L] with variations including PT as mod_rewrite's
docs suggest, but saw no changes after restarting Apache2.  I also tried
moving and copying the Alias w/wo Directory into VirtualHost *:443 and
before it, with no change seen.

Is there anyway I can have Apache2 and/or it's mods do some painfully
detailed logging so I can determine just what logic and what order
everything is being processed?  I'm down to it being an interaction with
SSL but that doesn't make sense to me.  Of course there are a couple
warnings in the console on Apache2 startup, but nothing in the logs about
those problems.

  -      apache2: Could not determine the server's fully qualified domain
name, using 127.0.0.1 for ServerName
  -      [Fri Aug...] [warn] NameVirtualHost *:80 has no VirtualHosts


Thanks for ideas on where to look or how to resolve this!

-Chris

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Add SSL + https to Apache2 Proxied site - won't start!

Posted by Chris Dagnon <ch...@isthmusgroup.com>.

1. Sorry about cc'ing to you personally - I did a Reply All to keep the
message and forgot to amend the headers.

2. Reproducible fix:
Finally got the secured site to server by adding to
/etc/apache2/mods-available/ssl.conf one line:
      Listen 443

3. Reproducible fix:
I eliminated the wrong-DNS dialog after accepting the certificate by
regenerating the cert.  Problem with apache2's mod_ssl ssl_faq is that it
doesn't say that the CommonName needs to be the fully qualified server
name!

Unfortunately I may not have undone all the things I found by googling -
most of which had no immediate effects.  One of which installed Apache 1
as a by-product, which I uninstalled.


4. Problems, non-fatal:
I've added back the *:80 forwarding part to the secure site, and added a
second vhost file with another *:80 entry in it for a separate but related
website.  On startup Apache2 gives these errors:
  -      apache2: Could not determine the server's fully qualified domain
name, using 127.0.0.1 for ServerName
  -      [Fri Aug...] [warn] NameVirtualHost *:80 has no VirtualHosts
But it starts up.


5. Problem, incorrect behaviour:
The Alias + Directory command which worked before the SSL seems to work
for the plain *:80 site but no longer for the newly SSL'd site.  The
secured site tries to serve it directly as content instead of Apache using
the Directory directive:
    Alias /images/ /www/sites/images/
    <Directory /www/sites/images>
        Order allow,deny
        Allow from all
    </Directory>
I've tried copying the Alias with/without Directory into the secured
VirtualHost tags, but with no change in behaviour.  Otherwise secured
content does show up correctly on the unsecured site without a certificate
dialog as desired.


Ideas on how to correct either 4 or 5 is appreciated.  I always stop and
start apache between changes when trying them out, and force Firefox to
refresh content.  Apache's error.log shows only SIGTERM shutdown/startup
entries now, and I am using Apache2 on Ubuntu 6.

Thanks!

-Chris


Chris Dagnon said:
> Thanks for that hint - I didn't think to check log files since it didn't
> start.  error.log said the app's log file couldn't be created so I updated
> that location to match my previous values.  Victim of cut-and-paste-itis.
>
> But I'm back to 'can't establish a connection to the server at...' when
> trying to reach the SSL'd site from Firefox.  With apache2's stop and
> start I continue to see:
>
>    apache2: Could not determine the server's fully qualified domain name,
> using 127.0.1.1 for ServerName (sic)
>
> This is Ubuntu 6, and it automatically put a hosts entry of 127.0.1.1 to
> the machine's name which explains the odd IP, but what I have for the
> VirtualHost *:443's ServerName is also sitting in the hosts file on the
> line for 127.0.0.1, just like the PHP site's name which works fine.  I
> also tried commenting out the VirtualHost *:80's entry in case there was
> forwarding confusion, but that tag actually works forwarding the http to
> https.
>
> The only intelligent question I can ask is: could Apache2 be confused
> because I have an https proxied to an http://localhost:3000/ ?  I wouldn't
> think so, but maybe ProxyPass/Reverse forwards the encrypted request
> instead of decrypting it and passing it along..?
>
> Thanks again,
>
> -Chris
>
>
> Joshua Slive said:
>> On 8/24/06, Chris Dagnon <ch...@isthmusgroup.com> wrote:
>>> Hello all,
>>>
>>> I've been using a site configured to Proxy requests to another port for
>>> one ServerName and another on the same Apache2 directly serving PHP
>>> pages.
>>>  That's been working fine.  But now I want to add SSL to the proxied
>>> pages
>>> and it isn't going so smoothly.  I had hints from a coworker and tried
>>> integrating that with my existing vhost files, but even at the best of
>>> times Apache2 fails startup.
>>
>> What does the error log say?
>>
>> Joshua.
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org