You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Robert Moskowitz <rg...@htt-consult.com> on 2017/04/05 02:47:21 UTC
[users@httpd] configured HTTP(80) on the standard HTTPS(443) port!
I just noticed the following in error_log on httpd startup:
[Tue Apr 04 21:20:43.030519 2017] [ssl:warn] [pid 15521] AH01916: Init:
(z9m9z.test.htt-consult.com:443) You configured HTTP(80) on the standard
HTTPS(443) port!
[Tue Apr 04 21:20:43.030759 2017] [ssl:warn] [pid 15521] AH02292: Init:
Name-based SSL virtual hosts only work for clients with TLS server name
indication support (RFC 4366)
What does this mean?
One of my .conf files is:
# cat 00-init.conf
ServerAdmin rgm@htt-consult.com
ServerName z9m9z.test.htt-consult.com
<VirtualHost *:80>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require ip 192.168.0.0/16
</Directory>
</VirtualHost>
<VirtualHost *:443>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require ip 192.168.0.0/16
</Directory>
</VirtualHost>
httpd -S reports:
VirtualHost configuration:
*:80 is a NameVirtualHost
default server z9m9z.test.htt-consult.com
(/etc/httpd/conf.d/00-init.conf:3)
port 80 namevhost z9m9z.test.htt-consult.com
(/etc/httpd/conf.d/00-init.conf:3)
port 80 namevhost webmail.test.htt-consult.com
(/etc/httpd/conf.d/roundcubemail.conf:1)
alias webmail
*:443 is a NameVirtualHost
default server z9m9z.test.htt-consult.com
(/etc/httpd/conf.d/00-init.conf:10)
port 443 namevhost z9m9z.test.htt-consult.com
(/etc/httpd/conf.d/00-init.conf:10)
port 443 namevhost webmail.test.htt-consult.com
(/etc/httpd/conf.d/roundcubemail.conf:16)
alias webmail
port 443 namevhost z9m9z.test.htt-consult.com
(/etc/httpd/conf.d/ssl.conf:56)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] configured HTTP(80) on the standard HTTPS(443)
port!
Posted by Robert Moskowitz <rg...@htt-consult.com>.
On 04/04/2017 11:37 PM, Yehuda Katz wrote:
> The first warning is telling you that you are serving regular HTTP
> traffic on what is usually an HTTPS port. This is because you do not
> have any SSL configuration on the virtual host on port 443. You need
> "SSLEngine on" and certificate information at least.
thanks. fixed.
> You can ignore the second warning about "server name indication"
> unless you specifically want to support really old and insecure browsers.
>
> - Y
>
> On Tue, Apr 4, 2017 at 10:47 PM, Robert Moskowitz <rgm@htt-consult.com
> <ma...@htt-consult.com>> wrote:
>
> I just noticed the following in error_log on httpd startup:
>
> [Tue Apr 04 21:20:43.030519 2017] [ssl:warn] [pid 15521] AH01916:
> Init: (z9m9z.test.htt-consult.com:443
> <http://z9m9z.test.htt-consult.com:443>) You configured HTTP(80)
> on the standard HTTPS(443) port!
> [Tue Apr 04 21:20:43.030759 2017] [ssl:warn] [pid 15521] AH02292:
> Init: Name-based SSL virtual hosts only work for clients with TLS
> server name indication support (RFC 4366)
>
> What does this mean?
>
> One of my .conf files is:
>
> # cat 00-init.conf
> ServerAdmin rgm@htt-consult.com <ma...@htt-consult.com>
> ServerName z9m9z.test.htt-consult.com
> <http://z9m9z.test.htt-consult.com>
> <VirtualHost *:80>
> <Directory "/var/www/html">
> Options Indexes FollowSymLinks
> AllowOverride None
> Require ip 192.168.0.0/16 <http://192.168.0.0/16>
> </Directory>
> </VirtualHost>
> <VirtualHost *:443>
> <Directory "/var/www/html">
> Options Indexes FollowSymLinks
> AllowOverride None
> Require ip 192.168.0.0/16 <http://192.168.0.0/16>
> </Directory>
> </VirtualHost>
>
> httpd -S reports:
>
> VirtualHost configuration:
> *:80 is a NameVirtualHost
> default server z9m9z.test.htt-consult.com
> <http://z9m9z.test.htt-consult.com> (/etc/httpd/conf.d/00-init.conf:3)
> port 80 namevhost z9m9z.test.htt-consult.com
> <http://z9m9z.test.htt-consult.com> (/etc/httpd/conf.d/00-init.conf:3)
> port 80 namevhost webmail.test.htt-consult.com
> <http://webmail.test.htt-consult.com>
> (/etc/httpd/conf.d/roundcubemail.conf:1)
> alias webmail
> *:443 is a NameVirtualHost
> default server z9m9z.test.htt-consult.com
> <http://z9m9z.test.htt-consult.com>
> (/etc/httpd/conf.d/00-init.conf:10)
> port 443 namevhost z9m9z.test.htt-consult.com
> <http://z9m9z.test.htt-consult.com>
> (/etc/httpd/conf.d/00-init.conf:10)
> port 443 namevhost webmail.test.htt-consult.com
> <http://webmail.test.htt-consult.com>
> (/etc/httpd/conf.d/roundcubemail.conf:16)
> alias webmail
> port 443 namevhost z9m9z.test.htt-consult.com
> <http://z9m9z.test.htt-consult.com> (/etc/httpd/conf.d/ssl.conf:56)
> ServerRoot: "/etc/httpd"
> Main DocumentRoot: "/var/www/html"
> Main ErrorLog: "/etc/httpd/logs/error_log"
> Mutex ssl-stapling: using_defaults
> Mutex proxy: using_defaults
> Mutex authn-socache: using_defaults
> Mutex ssl-cache: using_defaults
> Mutex default: dir="/run/httpd/" mechanism=default
> Mutex mpm-accept: using_defaults
> Mutex authdigest-opaque: using_defaults
> Mutex proxy-balancer-shm: using_defaults
> Mutex rewrite-map: using_defaults
> Mutex authdigest-client: using_defaults
> PidFile: "/run/httpd/httpd.pid"
> Define: DUMP_VHOSTS
> Define: DUMP_RUN_CFG
> User: name="apache" id=48
> Group: name="apache" id=48
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>
> For additional commands, e-mail: users-help@httpd.apache.org
> <ma...@httpd.apache.org>
>
>
Re: [users@httpd] configured HTTP(80) on the standard HTTPS(443) port!
Posted by Yehuda Katz <ye...@ymkatz.net>.
The first warning is telling you that you are serving regular HTTP traffic
on what is usually an HTTPS port. This is because you do not have any SSL
configuration on the virtual host on port 443. You need "SSLEngine on" and
certificate information at least.
You can ignore the second warning about "server name indication" unless you
specifically want to support really old and insecure browsers.
- Y
On Tue, Apr 4, 2017 at 10:47 PM, Robert Moskowitz <rg...@htt-consult.com>
wrote:
> I just noticed the following in error_log on httpd startup:
>
> [Tue Apr 04 21:20:43.030519 2017] [ssl:warn] [pid 15521] AH01916: Init: (
> z9m9z.test.htt-consult.com:443) You configured HTTP(80) on the standard
> HTTPS(443) port!
> [Tue Apr 04 21:20:43.030759 2017] [ssl:warn] [pid 15521] AH02292: Init:
> Name-based SSL virtual hosts only work for clients with TLS server name
> indication support (RFC 4366)
>
> What does this mean?
>
> One of my .conf files is:
>
> # cat 00-init.conf
> ServerAdmin rgm@htt-consult.com
> ServerName z9m9z.test.htt-consult.com
> <VirtualHost *:80>
> <Directory "/var/www/html">
> Options Indexes FollowSymLinks
> AllowOverride None
> Require ip 192.168.0.0/16
> </Directory>
> </VirtualHost>
> <VirtualHost *:443>
> <Directory "/var/www/html">
> Options Indexes FollowSymLinks
> AllowOverride None
> Require ip 192.168.0.0/16
> </Directory>
> </VirtualHost>
>
> httpd -S reports:
>
> VirtualHost configuration:
> *:80 is a NameVirtualHost
> default server z9m9z.test.htt-consult.com
> (/etc/httpd/conf.d/00-init.conf:3)
> port 80 namevhost z9m9z.test.htt-consult.com
> (/etc/httpd/conf.d/00-init.conf:3)
> port 80 namevhost webmail.test.htt-consult.com
> (/etc/httpd/conf.d/roundcubemail.conf:1)
> alias webmail
> *:443 is a NameVirtualHost
> default server z9m9z.test.htt-consult.com
> (/etc/httpd/conf.d/00-init.conf:10)
> port 443 namevhost z9m9z.test.htt-consult.com
> (/etc/httpd/conf.d/00-init.conf:10)
> port 443 namevhost webmail.test.htt-consult.com
> (/etc/httpd/conf.d/roundcubemail.conf:16)
> alias webmail
> port 443 namevhost z9m9z.test.htt-consult.com
> (/etc/httpd/conf.d/ssl.conf:56)
> ServerRoot: "/etc/httpd"
> Main DocumentRoot: "/var/www/html"
> Main ErrorLog: "/etc/httpd/logs/error_log"
> Mutex ssl-stapling: using_defaults
> Mutex proxy: using_defaults
> Mutex authn-socache: using_defaults
> Mutex ssl-cache: using_defaults
> Mutex default: dir="/run/httpd/" mechanism=default
> Mutex mpm-accept: using_defaults
> Mutex authdigest-opaque: using_defaults
> Mutex proxy-balancer-shm: using_defaults
> Mutex rewrite-map: using_defaults
> Mutex authdigest-client: using_defaults
> PidFile: "/run/httpd/httpd.pid"
> Define: DUMP_VHOSTS
> Define: DUMP_RUN_CFG
> User: name="apache" id=48
> Group: name="apache" id=48
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>