Re: [users@httpd] virtual host gives unexpected network read error

[Luca Toscano <to...@gmail.com>]

Hi David,

2018-01-29 19:45 GMT-08:00 David Mehler <da...@gmail.com>:

> Hello,
>
> Can someone take a look at the below virtual host configuration?
> Whenever I put it in my apache 2.4 the server returns an alert
> unexpected network read error connection aborted message. If I take it
> out the server behaves normally. Of course nothing is in any of the
> logs I've got LogLevel set to warn. An apachectl -t says the files are
> syntactically correct.
>
> Any ideas?
>
> Thanks.
> Dave.
>
> #
> # Virtual host file
> #
>
> # The example.com http  and https virtual host
> <VirtualHost *:80 *:443>
>
> SSLCertificateFile "/usr/local/etc/ssl/acme/example.com/fullchain.pem"
> SSLCertificateKeyFile "/usr/local/etc/ssl/acme/private/
> example.com/privkey.pem"
> SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-
> RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-
> RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-
> AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-
> AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-
> AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-
> RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:
> ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-
> SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:
> AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!
> EXPORT:!DES:!MD5:!PSK:!RC4:!3DES
> SSLEngine on
>
>
In this way you are enabling SSL/TLS on both 80 and 443 port, I don't
believe that it will work (even if I didn't test it properly). Any reason
why you have this settings? Can you try without the "*:80" ? In your case
I'd simply create a *:80 Vhost to force a http->https redirect, and then
apply SSL/etc.. settings only to *:443.

Luca