You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Mahmood Naderan <nt...@yahoo.com.INVALID> on 2018/06/20 15:24:28 UTC
[users@httpd] https not working
Hi,My web site works on http without any problem. The location is /var/www/html/shob/ and I want to define an HTTPS virtualhost. So, I COPIED the content relative to my website from /etc/apach2/sites-available/000-default.conf to /etc/apache2/sites-available/default-ssl.conf and the content is
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
<Directory "/var/www/html/shob">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
LogLevel debug ssl:debug
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /root/cert.files/certificate-standard_wildcard.x.y.z.crt
SSLCertificateKeyFile /root/cert.files/certificate-standard_wildcard.x.y.z.key
SSLCertificateChainFile /root/cert.files/intermediate.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
I also added the following items in the /var/www/html/shob/.htaccess
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(subdomain\.)?X\.Y\.Z
RewriteRule ^(.*)$ https://subdomain.X.Y.Z/$1 [R,L]
Now when I enter https://w.x.y.z/shob in the browser, the request times out. What is missing here? Any idea?
Regards,
Mahmood
RE: [users@httpd] https not working
Posted by Mahmood Naderan <nt...@yahoo.com.INVALID>.
Have you enabled ssl and rewrite modules? I would verify also that there is no firewall blocking 443.
It seems that everything is fine
root@ce:~# apachectl -M | grep ssl
ssl_module (shared)
root@ce:~# apachectl -M | grep rewrite
rewrite_module (shared)
root@ce:~# netstat -tulpn | grep 443
tcp6 0 0 :::443 :::* LISTEN 5563/apache2
root@ce:~#
Unfortunately, the log files show nothing since the request never reaches the server.
Any idea?
Regards,
Mahmood
From: Alex K
Sent: Thursday, June 21, 2018 9:44 AM
To: users@httpd.apache.org; Mahmood Naderan
Subject: Re: [users@httpd] https not working
Hi,
Have you enabled ssl and rewrite modules? I would verify also that there is no firewall blocking 443.
Alex
On Wed, Jun 20, 2018, 18:24 Mahmood Naderan <nt...@yahoo.com.invalid> wrote:
Hi,
My web site works on http without any problem. The location is /var/www/html/shob/ and I want to define an HTTPS virtualhost. So, I COPIED the content relative to my website from /etc/apach2/sites-available/000-default.conf to /etc/apache2/sites-available/default-ssl.conf and the content is
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
<Directory "/var/www/html/shob">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
LogLevel debug ssl:debug
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /root/cert.files/certificate-standard_wildcard.x.y.z.crt
SSLCertificateKeyFile /root/cert.files/certificate-standard_wildcard.x.y.z.key
SSLCertificateChainFile /root/cert.files/intermediate.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
I also added the following items in the /var/www/html/shob/.htaccess
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(subdomain\.)?X\.Y\.Z
RewriteRule ^(.*)$ https://subdomain.X.Y.Z/$1 [R,L]
Now when I enter https://w.x.y.z/shob in the browser, the request times out. What is missing here? Any idea?
Regards,
Mahmood
RE: [users@httpd] https not working
Posted by Mahmood Naderan <nt...@yahoo.com.INVALID>.
No Idea?
I have stuck at that….
Regards,
Mahmood
From: Mahmood Naderan
Sent: Thursday, June 21, 2018 12:59 PM
To: Alex K; users@httpd.apache.org
Subject: RE: [users@httpd] https not working
Have you enabled ssl and rewrite modules? I would verify also that there is no firewall blocking 443.
It seems that everything is fine
root@ce:~# apachectl -M | grep ssl
ssl_module (shared)
root@ce:~# apachectl -M | grep rewrite
rewrite_module (shared)
root@ce:~# netstat -tulpn | grep 443
tcp6 0 0 :::443 :::* LISTEN 5563/apache2
root@ce:~#
Unfortunately, the log files show nothing since the request never reaches the server.
Any idea?
Regards,
Mahmood
From: Alex K
Sent: Thursday, June 21, 2018 9:44 AM
To: users@httpd.apache.org; Mahmood Naderan
Subject: Re: [users@httpd] https not working
Hi,
Have you enabled ssl and rewrite modules? I would verify also that there is no firewall blocking 443.
Alex
On Wed, Jun 20, 2018, 18:24 Mahmood Naderan <nt...@yahoo.com.invalid> wrote:
Hi,
My web site works on http without any problem. The location is /var/www/html/shob/ and I want to define an HTTPS virtualhost. So, I COPIED the content relative to my website from /etc/apach2/sites-available/000-default.conf to /etc/apache2/sites-available/default-ssl.conf and the content is
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
<Directory "/var/www/html/shob">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
LogLevel debug ssl:debug
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /root/cert.files/certificate-standard_wildcard.x.y.z.crt
SSLCertificateKeyFile /root/cert.files/certificate-standard_wildcard.x.y.z.key
SSLCertificateChainFile /root/cert.files/intermediate.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
I also added the following items in the /var/www/html/shob/.htaccess
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(subdomain\.)?X\.Y\.Z
RewriteRule ^(.*)$ https://subdomain.X.Y.Z/$1 [R,L]
Now when I enter https://w.x.y.z/shob in the browser, the request times out. What is missing here? Any idea?
Regards,
Mahmood
Re: [users@httpd] https not working
Posted by Stefan Eissing <st...@greenbytes.de>.
Try "openssl s_client -debug -connect host:port" to see if your machine can contact the server at all.
> Am 21.06.2018 um 10:29 schrieb Mahmood Naderan <nt...@yahoo.com.INVALID>:
>
>
> Have you enabled ssl and rewrite modules? I would verify also that there is no firewall blocking 443.
>
> It seems that everything is fine
>
> root@ce:~# apachectl -M | grep ssl
> ssl_module (shared)
> root@ce:~# apachectl -M | grep rewrite
> rewrite_module (shared)
> root@ce:~# netstat -tulpn | grep 443
> tcp6 0 0 :::443 :::* LISTEN 5563/apache2
> root@ce:~#
>
>
> Unfortunately, the log files show nothing since the request never reaches the server.
> Any idea?
>
> Regards,
> Mahmood
>
>
> From: Alex K
> Sent: Thursday, June 21, 2018 9:44 AM
> To: users@httpd.apache.org; Mahmood Naderan
> Subject: Re: [users@httpd] https not working
>
> Hi,
>
> Have you enabled ssl and rewrite modules? I would verify also that there is no firewall blocking 443.
>
> Alex
>
> On Wed, Jun 20, 2018, 18:24 Mahmood Naderan <nt...@yahoo.com.invalid> wrote:
> Hi,
> My web site works on http without any problem. The location is /var/www/html/shob/ and I want to define an HTTPS virtualhost. So, I COPIED the content relative to my website from /etc/apach2/sites-available/000-default.conf to /etc/apache2/sites-available/default-ssl.conf and the content is
>
>
> <IfModule mod_ssl.c>
> <VirtualHost _default_:443>
> ServerAdmin webmaster@localhost
> DocumentRoot /var/www/html
> <Directory "/var/www/html/shob">
> Options Indexes FollowSymLinks
> AllowOverride All
> Order allow,deny
> Allow from all
> Require all granted
> </Directory>
> LogLevel debug ssl:debug
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
> SSLEngine on
> SSLCertificateFile /root/cert.files/certificate-standard_wildcard.x.y.z.crt
> SSLCertificateKeyFile /root/cert.files/certificate-standard_wildcard.x.y.z.key
> SSLCertificateChainFile /root/cert.files/intermediate.crt
>
>
> <FilesMatch "\.(cgi|shtml|phtml|php)$">
> SSLOptions +StdEnvVars
> </FilesMatch>
> <Directory /usr/lib/cgi-bin>
> SSLOptions +StdEnvVars
> </Directory>
> BrowserMatch "MSIE [2-6]" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
> </VirtualHost>
> </IfModule>
>
>
>
>
> I also added the following items in the /var/www/html/shob/.htaccess
>
>
> RewriteEngine On
> RewriteCond %{SERVER_PORT} 80
> RewriteCond %{HTTP_HOST} ^(subdomain\.)?X\.Y\.Z
> RewriteRule ^(.*)$ https://subdomain.X.Y.Z/$1 [R,L]
>
>
>
>
> Now when I enter https://w.x.y.z/shob in the browser, the request times out. What is missing here? Any idea?
>
>
> Regards,
> Mahmood
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: RE: [users@httpd] https not working
Posted by Richard <li...@listmail.innovate.net>.
> Date: Sunday, June 24, 2018 14:22:10 +0000
> From: Richard <li...@listmail.innovate.net>
>
>> Date: Saturday, June 23, 2018 17:09:41 +0000
>> From: Mahmood Naderan <nt...@yahoo.com.INVALID>
>>
>>> Try "openssl s_client -debug -connect host:port" to see if your
>>> machine can contact the server at all.
>> Should I run that on my laptop (the remote machine) or the server?
>>
>>
>>> You should try to telnet to port 443 from a) the localhost
>>
>> The output seems to be fine
>> mahmood@ce:~$ telnet localhost 443
>> Trying ::1...
>> Connected to localhost.
>> Escape character is '^]'.
>> ^]
>> telnet>
>>
>>> Note, from your output it looks like you only have this (only)
>>> configured for ipv6, which constrains what is and isn't going to
>>> work. You're going to need to understand whether the telnet test
>>> above is being done from ipv4 or v6 in order to interpret the
>>> results.
>>
>> Where do you mean? I have no problem with removing ipv6.
>>
>> What I have done already is to test one of the websites (and not a
>> subdomain) with https. I mean if you consider the main url as
>> http://myuni.com then http://myuni.com/shb works fine. What I have
>> done is that I have created an entry in default-ssl.conf for
>> /var/www/html/shb. Therefore, I want to test https://myuni.com/shb
>> Does that matter?
>>
>
> To get this to work:
>
> > Therefore, I want to test https://myuni.com/shb
> > Does that matter?
>
> you need to have https/port 443 configured correctly and open
> (including through firewalls) to whatever networks you want to give
> it access from (localhost, internal, external).
>
> Your telnet test shows you successfully connecting -- via ipv6
> (Trying ::1...) -- to port 443 on the local machine. You need to
> continue testing the "b" and "c" options from my earlier message:
>
> > b) a machine on the same network, c) a machine on a different
> > (ideally external) network
>
> if you want clients to be able to connect from "b" internal networks
> and/or "c" external networks.
>
> As noted earlier, your netstat output is only showing ipv6 for port
> 443. That may be what you want, but generally isn't sufficient for
> full external client access. If you need ipv4 too you'll need to
> configure things appropriately -- that's a host networking, not
> apache/httpd, issue.
>
> By the way, the "s_client" test that was suggested is useful, but I
> think is harder to get the different types of server side responses
> from than a simple telnet. If the port is open but it's potentially
> a security protocol/certificate issue, then s_client is the right
> tool. Trying to debug your current issue with a browser is almost
> useless.
>
A clarification, the last part of this line:
> If you need ipv4 too you'll need to configure things
> appropriately -- that's a host networking, not
> apache/httpd, issue.
is imprecise. See:
<https://httpd.apache.org/docs/2.4/bind.html>
for more detail on ipv4/ipv6 bindings.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: RE: [users@httpd] https not working
Posted by Richard <li...@listmail.innovate.net>.
> Date: Saturday, June 23, 2018 17:09:41 +0000
> From: Mahmood Naderan <nt...@yahoo.com.INVALID>
>
>> Try "openssl s_client -debug -connect host:port" to see if your
>> machine can contact the server at all.
> Should I run that on my laptop (the remote machine) or the server?
>
>
>> You should try to telnet to port 443 from a) the localhost
>
> The output seems to be fine
> mahmood@ce:~$ telnet localhost 443
> Trying ::1...
> Connected to localhost.
> Escape character is '^]'.
> ^]
> telnet>
>
>> Note, from your output it looks like you only have this (only)
>> configured for ipv6, which constrains what is and isn't going to
>> work. You're going to need to understand whether the telnet test
>> above is being done from ipv4 or v6 in order to interpret the
>> results.
>
> Where do you mean? I have no problem with removing ipv6.
>
> What I have done already is to test one of the websites (and not a
> subdomain) with https. I mean if you consider the main url as
> http://myuni.com then http://myuni.com/shb works fine. What I have
> done is that I have created an entry in default-ssl.conf for
> /var/www/html/shb. Therefore, I want to test https://myuni.com/shb
> Does that matter?
>
To get this to work:
> Therefore, I want to test https://myuni.com/shb
> Does that matter?
you need to have https/port 443 configured correctly and open
(including through firewalls) to whatever networks you want to give
it access from (localhost, internal, external).
Your telnet test shows you successfully connecting -- via ipv6
(Trying ::1...) -- to port 443 on the local machine. You need to
continue testing the "b" and "c" options from my earlier message:
> b) a machine on the same network, c) a machine on a different
> (ideally external) network
if you want clients to be able to connect from "b" internal networks
and/or "c" external networks.
As noted earlier, your netstat output is only showing ipv6 for port
443. That may be what you want, but generally isn't sufficient for
full external client access. If you need ipv4 too you'll need to
configure things appropriately -- that's a host networking, not
apache/httpd, issue.
By the way, the "s_client" test that was suggested is useful, but I
think is harder to get the different types of server side responses
from than a simple telnet. If the port is open but it's potentially a
security protocol/certificate issue, then s_client is the right tool.
Trying to debug your current issue with a browser is almost useless.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: RE: [users@httpd] https not working
Posted by Mahmood Naderan <nt...@yahoo.com.INVALID>.
>Try "openssl s_client -debug -connect host:port" to see if your machine can contact the server at all.
Should I run that on my laptop (the remote machine) or the server?
>You should try to telnet to port 443 from a) the localhost
The output seems to be fine
mahmood@ce:~$ telnet localhost 443
Trying ::1...
Connected to localhost.
Escape character is '^]'.
^]
telnet>
>Note, from your output it looks like you only have this (only)
>configured for ipv6, which constrains what is and isn't going to
>work. You're going to need to understand whether the telnet test
>above is being done from ipv4 or v6 in order to interpret the results.
Where do you mean? I have no problem with removing ipv6.
What I have done already is to test one of the websites (and not a subdomain) with https. I mean if you consider the main url as http://myuni.com then http://myuni.com/shb works fine. What I have done is that I have created an entry in default-ssl.conf for /var/www/html/shb. Therefore, I want to test https://myuni.com/shb
Does that matter?
Regards,
Mahmood
RE: [users@httpd] https not working
Posted by Richard <li...@listmail.innovate.net>.
If "the request never reaches the server" then it's most likely a
firewall issue.
You should try to telnet to port 443 from a) the localhost, b) a
machine on the same network, c) a machine on a different (ideally
external) network. If you get a "hang", as opposed to "connection
refused", then it's very likely a firewall. Which of the above you
are (or aren't) able to connect from will give you a hint of whether
it's local to the machine or at the network level. If you get a
"connection refused" response, then the issue is that httpd isn't
listening on that port.
Note, from your output it looks like you only have this (only)
configured for ipv6, which constrains what is and isn't going to
work. You're going to need to understand whether the telnet test
above is being done from ipv4 or v6 in order to interpret the results.
- Richard
> Date: Friday, June 22, 2018 19:45:26 +0430
> From: Mahmood Naderan <nt...@yahoo.com.INVALID>
>
> No Idea?
> I have stuck at that….
>
>
> Regards,
> Mahmood
>
>
> From: Mahmood Naderan
> Sent: Thursday, June 21, 2018 12:59 PM
> To: Alex K; users@httpd.apache.org
> Subject: RE: [users@httpd] https not working
>
>
> Have you enabled ssl and rewrite modules? I would verify also that
> there is no firewall blocking 443.
>
> It seems that everything is fine
>
> root@ce:~# apachectl -M | grep ssl
> ssl_module (shared)
> root@ce:~# apachectl -M | grep rewrite
> rewrite_module (shared)
> root@ce:~# netstat -tulpn | grep 443
> tcp6 0 0
> :::443
> :::* LISTEN
> 5563/apache2 root@ce:~#
>
>
> Unfortunately, the log files show nothing since the request never
> reaches the server. Any idea?
>
> Regards,
> Mahmood
>
>
> From: Alex K
> Sent: Thursday, June 21, 2018 9:44 AM
> To: users@httpd.apache.org; Mahmood Naderan
> Subject: Re: [users@httpd] https not working
>
> Hi,
>
> Have you enabled ssl and rewrite modules? I would verify also that
> there is no firewall blocking 443.
>
> Alex
>
------------ End Original Message ------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] https not working
Posted by Alex K <ri...@gmail.com>.
Hi,
Have you enabled ssl and rewrite modules? I would verify also that there is
no firewall blocking 443.
Alex
On Wed, Jun 20, 2018, 18:24 Mahmood Naderan <nt...@yahoo.com.invalid>
wrote:
> Hi,
> My web site works on http without any problem. The location is
> /var/www/html/shob/ and I want to define an HTTPS virtualhost. So, I COPIED
> the content relative to my website from /etc/apach2/sites-available/000-default.conf
> to /etc/apache2/sites-available/default-ssl.conf and the content is
>
>
> <IfModule mod_ssl.c>
> <VirtualHost _default_:443>
> ServerAdmin webmaster@localhost
> DocumentRoot /var/www/html
> <Directory "/var/www/html/shob">
> Options Indexes FollowSymLinks
> AllowOverride All
> Order allow,deny
> Allow from all
> Require all granted
> </Directory>
> LogLevel debug ssl:debug
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
> SSLEngine on
> SSLCertificateFile
> /root/cert.files/certificate-standard_wildcard.x.y.z.crt
> SSLCertificateKeyFile
> /root/cert.files/certificate-standard_wildcard.x.y.z.key
> SSLCertificateChainFile /root/cert.files/intermediate.crt
>
>
> <FilesMatch "\.(cgi|shtml|phtml|php)$">
> SSLOptions +StdEnvVars
> </FilesMatch>
> <Directory /usr/lib/cgi-bin>
> SSLOptions +StdEnvVars
> </Directory>
> BrowserMatch "MSIE [2-6]" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
> </VirtualHost>
> </IfModule>
>
>
>
>
> I also added the following items in the /var/www/html/shob/.htaccess
>
>
> RewriteEngine On
> RewriteCond %{SERVER_PORT} 80
> RewriteCond %{HTTP_HOST} ^(subdomain\.)?X\.Y\.Z
> RewriteRule ^(.*)$ https://subdomain.X.Y.Z/$1 [R,L]
>
>
>
>
> Now when I enter https://w.x.y.z/shob in the browser, the request times
> out. What is missing here? Any idea?
>
>
> Regards,
> Mahmood
>