FedoraForum.org - Fedora Support Forums and Community
Results 1 to 14 of 14
  1. #1
    Join Date
    Oct 2017
    Location
    Dijon, Burgundy, France
    Posts
    13

    fc26 apache mod ssl configured but https://www.mywebsite.com doesn't work

    Greats,

    I have configured my apache server for mod ssl.
    httpd.conf says to listen on port myip:8080 (it doesn't work if i want 443). ServerName is www.mywebsite.com:443. The same ServerName is indicated on conf.d/www.mywebsite.com.conf with <VirtualHost *:443>. on the two files is indicated ServerRoot /var/www/www.mywebsite.com.
    When i starts apache it ask me after the ssl password so all seems ok BUT
    If i want connect directly on https://mywebsite.com the server refuse connexion.
    www.mywebsite.com works but... it's not securised !!!

    Any help welcome, i should not be far from goal...
    Regards,

    FrancescoZozo

  2. #2
    Join Date
    Oct 2017
    Location
    Dijon, Burgundy, France
    Posts
    13

    Re: fc26 apache mod ssl configured but https://www.mywebsite.com doesn't work

    Greats Everybody !

    The thread is up !
    Another bug in my configuration : absolutely impossible to connect in localhost (127.0.0.1). Both are exclude.
    A little bit inconvenient for acess to phpmyadmin an phppgadmin...
    And i want get satisfaction anyway...

    Any help welcome,
    Regards,
    Franck

    ps : too fair to be honest ?!?

  3. #3
    Join Date
    Oct 2017
    Location
    Arizona
    Posts
    2

    Re: fc26 apache mod ssl configured but https://www.mywebsite.com doesn't work

    By default Apache should be listing on 80 for HTTP and 443 for HTTPS. When you go to a secure website https://www.mywebsite.com/ your browser will attempt to connect to port 443. If you changed the default port then you must include the port number after the domain. ex. https://www.mywebsite.com:8080. You indicated your Virtual Host is set to *:443, which is correct. To get apache working with SSL you will need to have at minimum in your Apache configs.

    Needed in one of the config files, Ether httpd.conf, ssl.conf, Should not be placed inside of VirtualHost.

    Listen 443 #This tells Apache to listen on port 443


    Needed inside the Virtual Host

    SSLEngine on #Tells Apache to enable SSL (Secure Site)
    SSLProtocol all -SSLv3 #Tells Apache to use SSLv1, SSLv2, TLSv1.0, TLSv1.1 TLSv1.2
    SSLCertificateFile /path/to/public/cert #Used to tell Apache where SSL Public Cert is.
    SSLCertificateKeyFile /path/to/private/key #Used top tell Apache where Private Key is.


    If any of the above is missing Apache will not work over a secure connection. I recently had issues getting a php site working over SSL. In my Virtual Host I had forgotten to include SSLEngine on causing Apache to not serve my site over a secure connection.

  4. #4
    Join Date
    Oct 2017
    Location
    Dijon, Burgundy, France
    Posts
    13

    Re: fc26 apache mod ssl configured but https://www.mywebsite.com doesn't work

    Greats Omniterm, and thank you very much for your answer.
    httpd.conf says
    Listen 127.0.0.1:8080
    Listen ::1:8080
    Listen myip:8080
    If i indicate 443 the server can't start
    But ssl.conf precise
    Listen 443 https
    I have also put the four lines in virtualhost
    SSL Engine on
    SSLProtocol all SSLv3
    SSLCertificateFile /etc/pki/tls/certs/mywebsite.com.cert
    SSLCertificateKeyFile /etc/pki/tls/private/mywebsite.com.key
    These four informations are also in ssl.conf
    I have also mentioned the ServerName and ServerRoot in ssl.conf
    But not working yet anyway...
    I have correctly configured iptables for 8080 and 443 ports, i think nothing bad this way
    Any more ideas ?
    Regards,
    Francesco

  5. #5
    Join Date
    Oct 2017
    Location
    Dijon, Burgundy, France
    Posts
    13

    Re: fc26 apache mod ssl configured but https://www.mywebsite.com doesn't work

    Greats Everybody !

    The thread is up !!!
    Veryfying iptables the configuration is correct but i'm asking why i could not choose the 443 port to directly configure apache to be systematically on SSL mode. Still the same problem, https://... don't work, but with the configuration mentioned above i can although get the www.mywebsite.com address with the fedora apache test page.
    I don't understand why the 443 port give acess on unsecured mode.

    Any help welcome !!!
    Regards,
    Franck

  6. #6
    Join Date
    Nov 2015
    Location
    Gothenburg, Sweden
    Posts
    35

    Re: fc26 apache mod ssl configured but https://www.mywebsite.com doesn't work

    Quote Originally Posted by FrancescoZozo
    Greats Omniterm, and thank you very much for your answer.
    httpd.conf says
    Listen 127.0.0.1:8080
    Listen ::1:8080
    Listen myip:8080
    For https to work on a non-standard port, I think you need to remove the other 8080 lines and replace them with
    Code:
    Listen 8080 https
    If i indicate 443 the server can't start
    Anything in the logs or on the console that may explain why?
    But ssl.conf precise
    Listen 443 https
    I have also put the four lines in virtualhost
    SSL Engine on
    SSLProtocol all SSLv3
    SSLCertificateFile /etc/pki/tls/certs/mywebsite.com.cert
    SSLCertificateKeyFile /etc/pki/tls/private/mywebsite.com.key
    These four informations are also in ssl.conf
    I have also mentioned the ServerName and ServerRoot in ssl.conf
    But not working yet anyway...
    I have correctly configured iptables for 8080 and 443 ports, i think nothing bad this way
    I don't know how to help with the problem you're describing, but you should probably turn off SSLv3 as suggested. While you're at it, turn off TLSv1 and TLSv1.1 too and limit the cipher suite to make https://www.ssllabs.com/ssltest/anal...=mywebsite.com happy :-) You can only use the ssllabs test if you are using port 443 for https though. Anyway, this setup is safer and I've heard noone complain that they can't connect because I've restricted it to TLSv1.2 and removed the unsafest of the cipher suites.
    Code:
    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    SSLHonorCipherOrder     on
    SSLOptions +StrictRequire
    Br,
    Ted

  7. #7
    Join Date
    Oct 2017
    Location
    Dijon, Burgundy, France
    Posts
    13

    Re: fc26 apache mod ssl configured but https://www.mywebsite.com doesn't work

    Hello Ted,

    Nice to you to answer my thread. Id did indicate in httpd.conf Listen 8080 https
    I have a doubt : 8080 is a non standard port but 443 is effectively the port for https, isn't it ?
    I have also configured my virtualhost and ssl.conf with the ssl parameters you indicates.
    htttps:// still don't work, and ssl labs answer Assessment failed: Unable to connect to the server.
    Another thing I can't explain is that i can't connect also with the localhost address, either nor 127.0.0.1.

    Thanks anyway for your help, if you have some other ideas, you're welcome !

    Francesco

  8. #8
    Join Date
    Nov 2015
    Location
    Gothenburg, Sweden
    Posts
    35

    Re: fc26 apache mod ssl configured but https://www.mywebsite.com doesn't work

    Quote Originally Posted by FrancescoZozo
    Id did indicate in httpd.conf Listen 8080 https
    I have a doubt : 8080 is a non standard port
    Yes
    but 443 is effectively the port for https, isn't it ?
    Only if you specify that you'd like to listen on that port. So either do:
    Listen 443
    or:
    Listen 8080 https

    Unless your ISP has blocked 443 for some obscure reason, I think you should only do "Listen 443" for now.
    I have also configured my virtualhost and ssl.conf with the ssl parameters you indicates.
    htttps:// still don't work, and ssl labs answer Assessment failed: Unable to connect to the server.
    It'll only work if you Listen on 443.
    Another thing I can't explain is that i can't connect also with the localhost address, either nor 127.0.0.1.
    If you connect using https://127.0.0.1/ I suspect that your VirtualHost defined by
    Code:
    ::: conf.d/ssl.conf :::
    <VirtualHost _default_:443>
    # no ServerName defined here ...
    will be used. Is that setup in the same way as the ServerName'd VirtualHost?

    Btw, do you have a file looking like this?
    Code:
    # cat /etc/httpd/conf.modules.d/*-ssl.conf
    LoadModule ssl_module modules/mod_ssl.so

    Br,
    Ted

  9. #9
    Join Date
    Oct 2017
    Location
    Dijon, Burgundy, France
    Posts
    13

    Re: fc26 apache mod ssl configured but https://www.mywebsite.com doesn't work

    hello Ted,

    if i indicate Listen 443 in httpd.conf, there is a conflct with ssl.conf (Listen 443)... the system log says :
    AH00526: Syntax error on line 5 of /etc/httpd/conf.d/ssl.conf:
    Cannot define multiple Listeners on the same IPort
    id did reconfigure to use the standard 80 port for httpd, and 443 for https
    i did have a stupid error in iptables : the commands for 443 port was written with a wrong public address...
    maybe the problem could comme from that ?

    but actually httpd starts, but i have no service for www.infosysdevconcept.net...
    i still work on that.

    thanks anyway, i feel less lonely for this problem.

    nb : can't explain why localhost gives no result...

  10. #10
    Join Date
    Oct 2017
    Location
    Dijon, Burgundy, France
    Posts
    13

    Re: fc26 apache mod ssl configured but https://www.mywebsite.com doesn't work

    Some precisions !!!

    After a configuration with Listen 80 for httpd and Listen 443 for https, i have a connexion to lacalhost !!!
    And, more of that, i require phpmyadmin, i sall indicate https !!!
    Well, this connexion is well securised... an other part of work will to be configure mysql for https... but it is another story !

    But, www.infosysdevconcept.net gives no result

    Anyway i will do a pause and reconsider it after. But thanks to you, the changes are an advance !!!

    Listen 80 with no precision of ip address gives some cool results !

  11. #11
    Join Date
    Nov 2015
    Location
    Gothenburg, Sweden
    Posts
    35

    Re: fc26 apache mod ssl configured but https://www.mywebsite.com doesn't work

    Quote Originally Posted by FrancescoZozo
    if i indicate Listen 443 in httpd.conf, there is a conflct with ssl.conf (Listen 443)
    Yes, only do "Listen 443" in ssl.conf.

    After a configuration with Listen 80 for httpd and Listen 443 for https, i have a connexion to lacalhost !!!
    And, more of that, i require phpmyadmin, i sall indicate https !!!
    Well, this connexion is well securised... an other part of work will to be configure mysql for https... but it is another story !
    Great!

    But, www.infosysdevconcept.net gives no result
    Your firewall and/or router settings may prevent external connections.

    Listen 80 with no precision of ip address gives some cool results !
    I use one block like this for every virtual host to redirect people to the https version:
    Code:
    <VirtualHost *:80>
    ServerName mydomain.tld
    ServerAlias www.mydomain.tld
    RedirectPermanent / https://mydomain.tld
    </VirtualHost>
    Br,
    Ted

  12. #12
    Join Date
    Oct 2017
    Location
    Dijon, Burgundy, France
    Posts
    13

    Re: fc26 apache mod ssl configured but https://www.mywebsite.com doesn't work

    Hello Ted !

    Thank you very much for your help !!!
    Well, i try to configure, but not so very easy.
    First, you were right, my router was bad configured, i did redirect requests only from my public ip adress (i thought it was sufficent for thos who addressed this ip) and i hav chage for all ip sources... Better !
    I can now connect to www.infosysdevconcept.net, and have for result the fedora apache test file.
    I can also connect to https://www.infosysdevconcept.net, and i am redirected to the web directory of my symfony developement folder !!! Cool ;-)
    I have try the block of redirection in a file redirect.conf, but for result i am always redirected from https://localhost/phpmyadmin to https://infosysdevconcept.netphpmyadmin !!!
    I have delete the file, but the comportment still persist.
    I would love the localhost/... will be redirect to https://localhost/..., and www.infosysdevconcept.net to https://www.infosysdevconcept.net. In addition, i woul love to serve my website www.arpente.org on the same apache configuration, of course redirected in https://www.arpente.org
    I can't understand why sometimes apache starts without ServerName indicated in httpd.conf, and sometimes not !
    i would love no indication in httpd.conf (it seems me logical to have the connection for localhost), and neither in ssl.conf, but only in infosysdevconcept.net.conf !!!
    I think your block could find its place in infosysdevconcept.net.conf.
    For future i would have a arpente.org.conf with the appropriate similar informations !

    Thanks for next informations,
    Greats,
    Francesco

  13. #13
    Join Date
    Nov 2015
    Location
    Gothenburg, Sweden
    Posts
    35

    Re: fc26 apache mod ssl configured but https://www.mywebsite.com doesn't work

    I can connect to your http service but the https one gives me HTTP ERROR 500 (Internal Server Error).

    One thing about the https connection: You need certificates that are not self-signed or else the connection will be shown as "unsafe" when people browse to your site using https. These certs used to cost some money but nowadays you can get them for free. I use certs from https://letsencrypt.org/ together with the "certbot" package (dnf install certbot) to renew the certs when needed (once every three months if I remember correctly).

    I did my redirects directly in /etc/httpd/conf/virtual_hosts.conf, but that's a matter of taste. It should be fairly straight forward. Perhaps you also need to specify the DocumentRoot for the http->https redirects. I notice that I have done so, but I don't remember why :-)

    Adding multiple sites shouldn't be a problem. I currently have three and the only thing to do was to add them as virtual hosts. Of course, your domains must all be pointing to your current IP too.

    I have no idea about why apache starts without ServerName. Sounds odd. :-/

    Both http://arpente.org and https://arpente.org are working fine (although the http version is not redirected to the https version). Also, the https version has real certificates. I noticed they are on a different IP number so I guess they are hosted somewhere else.

  14. #14
    Join Date
    Oct 2017
    Location
    Dijon, Burgundy, France
    Posts
    13

    Smile Re: fc26 apache mod ssl configured but https://www.mywebsite.com doesn't work

    Hello Ted, sorry for the latence, i just begin a new formation in Php / Symfony

    my apache server works nice now, but for the moment i still have auto-certificated keys, it's not ideal, but cool yet.
    mozilla firefox redirects https://localhost/phpmyadmin in https://www.infosysdevoncept.netphpmyadmin, and it don't give cool results as you can imagine !!! It's a bug, chrome gives me access to phpmyadmin (no need to configure a secured mode... mariadb was not started nor enabled !!!)
    www.arpente.org is by planethoster so it works as in http and https, and i will create a .htaccess file for redirection.
    Well, i did not correctly understand in which file insert the block you wrote for redirection, and i think it's not adaptedto a multisites apache server.
    I work actually for multisites wordpress configuration, and again i thank you very much for your help, it's not the easier way to use Fedora, but it is so important for the values of a more free world !
    And it's nice to communicate with members of this community, i hope find you again for others threads in this forum, and i hope technical informations you gave me here can also help some other people !
    Think you have wind and snow in Sweden, next here soon !!! but we had yesterday some sun. Today is grey !
    Nice to meet you, and see you later !

    Francesco

    Thanks to the developpers of Fedora Forum to have a better accessibility !!! Nice work !!! ;-)

    Well, i would forgot, but i still search a nice and secured solution to automatically start apache with the passphrases of my sites...
    So, the thread is not close, any help welcome !!!

Similar Threads

  1. [SOLVED] PHP test doesn't work after successfully installing Apache, MySQL, PHP
    By heigold1 in forum Installation, Upgrades and Live Media
    Replies: 0
    Last Post: 21st February 2012, 06:14 AM
  2. HTTPS doesn't work in F15
    By Pumpino in forum Servers & Networking
    Replies: 3
    Last Post: 16th June 2011, 09:49 AM
  3. Apache AllowOverride doesn't work?
    By DaveyG in forum Servers & Networking
    Replies: 0
    Last Post: 22nd May 2008, 06:00 AM
  4. Apache doesn't work... :|
    By scorpio2002 in forum Servers & Networking
    Replies: 5
    Last Post: 19th April 2005, 09:56 AM
  5. Custom apache module doesn't work in Apache 2
    By Skeptical in forum Using Fedora
    Replies: 2
    Last Post: 6th December 2004, 08:32 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •