httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pete Beebe <pete_j...@yahoo.com>
Subject Re: [users@httpd] HTTP misconfiguration?
Date Mon, 13 Apr 2009 22:31:09 GMT

Thank you, Tony,

HTTPD was installed form the 2.2.6 source against a RHES4.0 OS.

The end-user that reported the issue simply stated "web site down" whereas when I navigated
to the default pages I was looking at the contents of the http-ssl.conf file with no error
message.

The only recent changes to the Apache install was an update to the ssl.conf file's certificate
names and adjusting the proxy_pass/rewrite commands in order to properly pass traffic from
Apache to Tomcat's webapp.  I thought that perhaps the proxy_pass/rewrite bit might have been
the issue but figured if it was configured wrong a more persistent error would be evident.

Config params for the source compile were:

"./configure" \
"-prefix=/d01/apache" \
"--enable-ssl" \
"--enable-proxy" \
"--enable-dav" \
"--enable-dav-fs" \
"--enable-dav-lock" \
"--enable-vhost-alias" \
"--enable-rewrite" \
"--enable-so" \
"--with-include-apr" \
"--with-ssl=/usr/include/openssl" \
"--with-mpm=worker" \

The Apache server listens on two NICs for two sites which both run on a Tomcat back-end.

-----------
HTTPD.CONF:
-----------

ServerRoot "/d01/apache"
Listen 80
<IfModule !mpm_netware_module>
User daemon
Group daemon
</IfModule>
ServerAdmin jondoe.admin@jondoe.com DocumentRoot "/d01/apache/htdocs"
<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>
<Directory "/d01/apache/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>
<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>
ErrorLog logs/error_log
LogLevel warn
LoadModule jk_module modules/mod_jk.so
Include "/d01/apache/conf/mod_jk.conf"
<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog logs/access_log common
</IfModule>
<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/d01/apache/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/d01/apache/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>
DefaultType text/plain
<IfModule mime_module>
    TypesConfig conf/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
</IfModule>
Include conf/extra/httpd-mpm.conf
Include conf/extra/httpd-ssl.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
Alias /abc /d01/tomcat/webapps/zeABC
<Directory /d01/tomcat/webapps/zeABC>
Options FollowSymLinks Includes
DirectoryIndex index.html
AddHandler server-parsed shtml
order allow,deny
allow from all
</Directory>

<VirtualHost 10.0.0.11:80>
  ServerAdmin jondoe.admin@jondoe.com
  DocumentRoot /d01/tomcat/webapps/zeABC
  ServerName www.zeABC.com
  ServerAlias zeABC.com
  ScriptAlias /cgi-bin/ /home/zeABC/cgi-bin/
  RewriteEngine on
  RewriteCond   %{SERVER_PORT}  !^443$
#  RewriteRule ^(.*)$ https://www.zeABC.com/abc/$1 [L,R]
  RewriteRule ^(.*)$ https://www.zeABC.com/zeABC$1 [L,R]
</VirtualHost>
<VirtualHost 10.0.0.12:80>
  ServerAdmin jondoe.admin@jondoe.com
  DocumentRoot /d01/tomcat/webapps/zeABC
  ServerName www.XYZ.com
  ServerAlias XYZ.com
  ScriptAlias /cgi-bin/ /home/zeABC/cgi-bin/
  RewriteEngine on
  RewriteRule ^(.*) https://www.XYZ.com/abc
</VirtualHost>
ServerTokens Minimal

--------------
HTTP-SSL.CONF:
--------------
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/d01/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300
SSLMutex  "file:/d01/apache/logs/ssl_mutex"
<VirtualHost 10.0.0.11:443>
  DocumentRoot "/home/ABC_ssl/tmp"
  ServerName www.ABC.com
  ServerAdmin jondoe.admin@jondoe.org
  ErrorLog logs/ssl_error_log
  CustomLog logs/ssl_access_log combined
  <Directory "/home/ABC_ssl/tmp">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
  </Directory>
   ScriptAlias /cgi-bin/ "/home/ABC_ssl/cgi-bin/"
  <Directory "/home/ABC_ssl/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
    SSLOptions +StdEnvVars
  </Directory>
  ProxyPass        /ABC/ http://10.0.0.11:9001/ABC/
  ProxyPassReverse /ABC/ http://10.0.0.11:9001/ABC/
  SSLEngine on
  SSLProtocol -ALL +SSLv3 +TLSv1
  SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
  SSLCertificateFile /d01/apache/conf/ssl.crt/www_ABC_com.2009.crt
  SSLCertificateKeyFile /d01/apache/conf/ssl.key/www.ABC.com.key
  SSLCACertificateFile /d01/apache/conf/ssl.prm/intermediate.crt
  SSLCertificateChainFile /d01/apache/conf/ssl.crt/www_ABC_com.ca-bundle
   <Location />
    SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
    ErrorDocument 403 http://www.ABC.com/error_4035.cfm
  </Location>
   SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown
</VirtualHost>
<VirtualHost 10.0.0.12:443>
  DocumentRoot "/home/xyz"
  ServerName www.XYZ.com
  ServerAdmin jondoe.admin@jondoe.org
  <Directory "/home/xyz">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
  </Directory>
  ScriptAlias /cgi-bin/ "/home/xyz/cgi-bin/"
  <Directory "/home/xyz/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
    SSLOptions +StdEnvVars
  </Directory>
  RewriteEngine on
  RewriteRule ^/abc /ABC/XYZOMG/ [R]
  ProxyPass        /ABC/ http://10.0.0.11:9001/ABC/
  ProxyPassReverse /ABC/ http://10.0.0.11:9001/ABC/
 
  SSLEngine on
  SSLProtocol -ALL +SSLv3 +TLSv1
  SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
  SSLCertificateFile /d01/apache/conf/ssl.crt/www_XYZ_com.crt
  SSLCertificateKeyFile /d01/apache/conf/ssl.key/www.XYZ.com.key
  SSLCACertificateFile /d01/apache/conf/ssl.prm/intermediate.crt
  SSLCertificateChainFile /d01/apache/conf/ssl.crt/www_XYZ_com.ca-bundle 
   <Location />
    SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
    ErrorDocument 403 http://www.ABC.com/error_4035.cfm
  </Location>
  SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown
</VirtualHost>

> From: Tony Stevenson <tony@pc-tony.com>
> Subject: Re: [users@httpd] HTTP misconfiguration?
> Pete,
> 
> I would suggest initially you tell us about your install of
> of HTTPD, is from source, or from a vendor package?
> Ca you show us your config? Either an anonomised one, or
> one that covers the main httpd config, along with your ssl
> config.
> 
> Is it possible that you have an overlapping config, that
> exposes your config files.  i.e. a misconfigured docroot, or
> symlinks?
> 
> Also, what error were you getting when the "site was
> down"  40x?, 50x? - Specifics can help us here.


      

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message