httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ajay Garg <ajaygargn...@gmail.com>
Subject [users@httpd] Re: Problem in configuring "WebDAV" on Debian Squeeze
Date Sun, 09 Sep 2012 03:42:50 GMT
Hi all.

Managed to solve the issue :)

Initially, I had been loading ssl-module manually in
"/etc/apache2/sites-available/default". As a result, the condition check
"<IfModule mod_ssl.c>" was not passing in "/etc/apache2/ports.conf".

Now, I loaded the module via "a2enmod ssl"; thus causing the "<IfModule
mod_ssl.c>" condition to be true throughout; which ultimately solved the
issue - it  opened port 443 for listening (which was embedded in the
"<IfModule mod_ssl.c>" condition in "/etc/apache2/ports.conf").


Thanks and Regards,
Ajay

On Wed, Sep 5, 2012 at 5:14 PM, Ajay Garg <ajaygargnsit@gmail.com> wrote:

> Hi all.
>
> I have been able to setup WebDAV sharing on a server hosted on Fedora-14
> and Fedora-17.
> However, when I try to do the same on a Debian Squeeze, I am unsuccessful.
>
>
> Here is the relevant info that I think is important ::
>
>
> === SETUP ===
>
> *
> Debian Squeeze is installed as a VM, on a Fedora-14 Virtualbox.
>
> *
> Thus, Debian is the "Guest", while Fedora-14 is the "Host".
>
>
>
>
>
>
>
>
> === CONFIG FILE ON DEBIAN VM ===
>
> Following are the contents of "/etc/apache2/sites-available/default" ::
>
>
>
> #########################################################################################################
> <VirtualHost *:80>
>     ServerAdmin webmaster@localhost
>         ServerName ceibal.uy:80
>     DocumentRoot /var/www/apache2-default/
>     <Directory />
>         Options FollowSymLinks
>         AllowOverride None
>     </Directory>
>     <Directory /var/www/apache2-default/>
>         Options Indexes FollowSymLinks MultiViews
>         AllowOverride None
>         Order allow,deny
>         Allow from 192.168.4.0/22
>     </Directory>
>
>     ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
>     <Directory "/usr/lib/cgi-bin">
>         AllowOverride None
>         Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
>         Order allow,deny
>         Allow from 192.168.4.0/22
>     </Directory>
>
>     ErrorLog ${APACHE_LOG_DIR}/error.log
>
>     # Possible values include: debug, info, notice, warn, error, crit,
>     # alert, emerg.
>     LogLevel warn
>
>     CustomLog ${APACHE_LOG_DIR}/access.log combined
>
>     Alias /doc/ "/usr/share/doc/"
>     <Directory "/usr/share/doc/">
>         Options Indexes MultiViews FollowSymLinks
>         AllowOverride None
>         Order deny,allow
>     Allow from 192.168.4.0/22
>         Deny from all
>     Allow from 127.0.0.0/255.0.0.0 ::1/128
>     </Directory>
>
> </VirtualHost>
>
>
> LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
> LoadModule dav_module /usr/lib/apache2/modules/mod_dav.so
>
> <VirtualHost *:443>
>         SSLEngine on
>
>     DocumentRoot /var/www
>     <Directory />
>         Options FollowSymLinks
>         AllowOverride None
>     </Directory>
>     <Directory /var/www/>
>         Options Indexes FollowSymLinks MultiViews
>         AllowOverride None
>         Order allow,deny
>         allow from all
>     </Directory>
>
>     ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
>     <Directory "/usr/lib/cgi-bin">
>         AllowOverride None
>         Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
>         Order allow,deny
>         Allow from all
>     </Directory>
>
>     ErrorLog ${APACHE_LOG_DIR}/error.log
>
>     # Possible values include: debug, info, notice, warn, error, crit,
>     # alert, emerg.
>     LogLevel warn
>
>     CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
>
>     Alias /doc/ "/usr/share/doc/"
>     <Directory "/usr/share/doc/">
>         Options Indexes MultiViews FollowSymLinks
>         AllowOverride None
>         Order deny,allow
>         Deny from all
>         Allow from 127.0.0.0/255.0.0.0 ::1/128
>     </Directory>
>
>     #   SSL Engine Switch:
>     #   Enable/Disable SSL for this virtual host.
>     SSLEngine on
>
>     #   A self-signed (snakeoil) certificate can be created by installing
>     #   the ssl-cert package. See
>     #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
>     #   If both key and certificate are stored in the same file, only the
>     #   SSLCertificateFile directive is needed.
>     SSLCertificateFile    /root/ssl.crt
>     SSLCertificateKeyFile /root/ssl.key
>
>     #   Server Certificate Chain:
>     #   Point SSLCertificateChainFile at a file containing the
>     #   concatenation of PEM encoded CA certificates which form the
>     #   certificate chain for the server certificate. Alternatively
>     #   the referenced file can be the same as SSLCertificateFile
>     #   when the CA certificates are directly appended to the server
>     #   certificate for convinience.
>     #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
>
>     #   Certificate Authority (CA):
>     #   Set the CA certificate verification path where to find CA
>     #   certificates for client authentication or alternatively one
>     #   huge file containing all of them (file must be PEM encoded)
>     #   Note: Inside SSLCACertificatePath you need hash symlinks
>     #         to point to the certificate files. Use the provided
>     #         Makefile to update the hash symlinks after changes.
>     #SSLCACertificatePath /etc/ssl/certs/
>     #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
>
>     #   Certificate Revocation Lists (CRL):
>     #   Set the CA revocation path where to find CA CRLs for client
>     #   authentication or alternatively one huge file containing all
>     #   of them (file must be PEM encoded)
>     #   Note: Inside SSLCARevocationPath you need hash symlinks
>     #         to point to the certificate files. Use the provided
>     #         Makefile to update the hash symlinks after changes.
>     #SSLCARevocationPath /etc/apache2/ssl.crl/
>     #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
>
>     #   Client Authentication (Type):
>     #   Client certificate verification type and depth.  Types are
>     #   none, optional, require and optional_no_ca.  Depth is a
>     #   number which specifies how deeply to verify the certificate
>     #   issuer chain before deciding the certificate is not valid.
>     #SSLVerifyClient require
>     #SSLVerifyDepth  10
>
>     #   Access Control:
>     #   With SSLRequire you can do per-directory access control based
>     #   on arbitrary complex boolean expressions containing server
>     #   variable checks and other lookup directives.  The syntax is a
>     #   mixture between C and Perl.  See the mod_ssl documentation
>     #   for more details.
>     #<Location />
>     #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
>     #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
>     #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
>     #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
>     #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
>     #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
>     #</Location>
>
>     #   SSL Engine Options:
>     #   Set various options for the SSL engine.
>     #   o FakeBasicAuth:
>     #     Translate the client X.509 into a Basic Authorisation.  This
> means that
>     #     the standard Auth/DBMAuth methods can be used for access
> control.  The
>     #     user name is the `one line' version of the client's X.509
> certificate.
>     #     Note that no password is obtained from the user. Every entry in
> the user
>     #     file needs this password: `xxj31ZMTZzkVA'.
>     #   o ExportCertData:
>     #     This exports two additional environment variables:
> SSL_CLIENT_CERT and
>     #     SSL_SERVER_CERT. These contain the PEM-encoded certificates of
> the
>     #     server (always existing) and the client (only existing when
> client
>     #     authentication is used). This can be used to import the
> certificates
>     #     into CGI scripts.
>     #   o StdEnvVars:
>     #     This exports the standard SSL/TLS related `SSL_*' environment
> variables.
>     #     Per default this exportation is switched off for performance
> reasons,
>     #     because the extraction step is an expensive operation and is
> usually
>     #     useless for serving static content. So one usually enables the
>     #     exportation for CGI and SSI requests only.
>     #   o StrictRequire:
>     #     This denies access when "SSLRequireSSL" or "SSLRequire" applied
> even
>     #     under a "Satisfy any" situation, i.e. when it applies access is
> denied
>     #     and no other module can change it.
>     #   o OptRenegotiate:
>     #     This enables optimized SSL connection renegotiation handling
> when SSL
>     #     directives are used in per-directory context.
>     #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
>     <FilesMatch "\.(cgi|shtml|phtml|php)$">
>         SSLOptions +StdEnvVars
>     </FilesMatch>
>     <Directory /usr/lib/cgi-bin>
>         SSLOptions +StdEnvVars
>     </Directory>
>
>     #   SSL Protocol Adjustments:
>     #   The safe and default but still SSL/TLS standard compliant shutdown
>     #   approach is that mod_ssl sends the close notify alert but doesn't
> wait for
>     #   the close notify alert from client. When you need a different
> shutdown
>     #   approach you can use one of the following variables:
>     #   o ssl-unclean-shutdown:
>     #     This forces an unclean shutdown when the connection is closed,
> i.e. no
>     #     SSL close notify alert is send or allowed to received.  This
> violates
>     #     the SSL/TLS standard but is needed for some brain-dead browsers.
> Use
>     #     this when you receive I/O errors because of the standard
> approach where
>     #     mod_ssl sends the close notify alert.
>     #   o ssl-accurate-shutdown:
>     #     This forces an accurate shutdown when the connection is closed,
> i.e. a
>     #     SSL close notify alert is send and mod_ssl waits for the close
> notify
>     #     alert of the client. This is 100% SSL/TLS standard compliant,
> but in
>     #     practice often causes hanging connections with brain-dead
> browsers. Use
>     #     this only for browsers where you know that their SSL
> implementation
>     #     works correctly.
>     #   Notice: Most problems of broken clients are also related to the
> HTTP
>     #   keep-alive facility, so you usually additionally want to disable
>     #   keep-alive for those clients, too. Use variable "nokeepalive" for
> this.
>     #   Similarly, one has to force some clients to use HTTP/1.0 to
> workaround
>     #   their broken HTTP/1.1 implementation. Use variables
> "downgrade-1.0" and
>     #   "force-response-1.0" for this.
>     BrowserMatch "MSIE [2-6]" \
>         nokeepalive ssl-unclean-shutdown \
>         downgrade-1.0 force-response-1.0
>     # MSIE 7 and newer should be able to use keepalive
>     BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
>
>
>
> #        DocumentRoot /var/www/web1/web
>         <Directory /var/www/web1/web/>
>                 Options Indexes MultiViews
>                 AllowOverride None
>                 Order allow,deny
>                 allow from all
>         </Directory>
>
>         Alias /webdav /var/www/web1/web
>
>         <Location /webdav>
>             DAV On
>             AuthType Basic
>             AuthName "webdav"
>             AuthUserFile /var/www/web1/passwd.dav
>             Require valid-user
>         </Location>
>
> </VirtualHost>
>
> #########################################################################################################
>
>
>
>
>
>
>
> === OUTPUT, WHEN I RESTART APACHE2 ON DEBIAN VM ===
>
> Command Run ==>  "/etc/init.d/apache2 restart"
>
>
>
> #########################################################################################################
> Restarting web server: apache2[Wed Sep 05 08:29:09 2012] [warn] module
> dav_module is already loaded, skipping
> [Wed Sep 05 08:29:09 2012] [warn] module wsgi_module is already loaded,
> skipping
> apache2: Could not reliably determine the server's fully qualified domain
> name, using 127.0.1.1 for ServerName
>  ... waiting [Wed Sep 05 08:29:10 2012] [warn] module dav_module is
> already loaded, skipping
> [Wed Sep 05 08:29:10 2012] [warn] module wsgi_module is already loaded,
> skipping
> apache2: Could not reliably determine the server's fully qualified domain
> name, using 127.0.1.1 for ServerName.
>
> #########################################################################################################
>
>
>
>
>
>
> === OUTPUT OF NETSTAT, TO SEE WHAT PORTS ARE BEING LISTENED ON ===
>
> Command Run ==> "netstat -plunt | fgrep 443"
>
>
>
>
> #########################################################################################################
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
EMPTY
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>
> #########################################################################################################
>
>
>
>
>
>
> === TELNET OBSERVATIONS ===
>
> On the VM,
>
> *
> telnet open 127.0.0.1 80    ==> successful  (although I later get the
> "Permission Denied" message, due to only specific IPs being allowed).
>
>
> *
> telnet open 127.0.0.1 443  ==> Connection Refused (right away).
>
>
>
>
> =====================================================================================
>
>
>
> Please let me know if any other info is required, that may help isolate
> the issue.
>
> Looking forward to a reply.
>
>
>
> Thanks and Regards,
> Ajay
>

Mime
View raw message