httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy Canfield <andycanfi...@yandex.com>
Subject Re: [users@httpd] https
Date Thu, 03 Apr 2014 10:10:22 GMT

Files:

-rw-r--r-- 1 root 859 Apr  3 11:45 /etc/apache2/ssl/crt/vhost1.crt

-rw-r--r-- 1 root 916 Apr  3 11:45 /etc/apache2/ssl/key/vhost1.key

So AFAIK I've got a certificate I've generated myself. Nobody vouches
for me but it shoud enable encryption and make my TCP/IP packets hard to
read.

Contents of /etc/apache2/ports.conf:
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
    Listen 443
</IfModule>
<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

Files:

-rw-r--r-- 1 andy 1439 Apr  3 14:48 /etc/apache2/sites-available/default
-rw-r--r-- 1 andy 7485 Jun 16  2011 /etc/apache2/sites-available/default-ssl
-rw-r--r-- 1 root 7469 Feb  7  2012
/etc/apache2/sites-available/default-ssl.original
-rw-r--r-- 1 root  950 Feb  7  2012
/etc/apache2/sites-available/default.original

I see here that /etc/apache2/sites-available has one symbolic link to
/etc/apache2/sites-available/default, and no symbolic links to any of
the other entries in the sites-available directory. Also all the other
entries in /etc/apache2/sites-available are symbolic links to
configuration files such as

lrwxrwxrwx 1 root 21 May  6  2012 /etc/apache2/sites-enabled/opal.conf -> /www/opal/apache.conf

These links have been working fine for years as links into the site
control directory and not into 'sites-available'. But perhaps that is wrong.

Maybe what I need is a symbolic link from sites-enabled to
../sites-available/default-ssl ? Nope, tested, did not solve the problem....

When I give this command (as root) -

    /etc/init.d/apache2 restart

I see only this output:

apache2: Could not reliably determine the server's fully qualified
domain name, using 192.168.1.112 for ServerName
 ... waiting apache2: Could not reliably determine the server's fully
qualified domain name, using 192.168.1.112 for ServerName
                                                                           
[ OK ]

But nmap still says that nothing is listening to port 443.

Thank you Oren.

On 04/03/2014 04:04 PM, Oren wrote:
> Hi Andy.
> Process basically include getting/creating a certificate, define it on
> your site and reload apache.
> here is a centos manual which is not exactly the same on ubuntu but
> pretty much explains the order of things
> http://wiki.centos.org/HowTos/Https
>
> on ubuntu you will have to open the 443 port
> <IfModule mod_ssl.c>
>     Listen 443
> </IfModule>
>
> once the https is ready, you can do a redirect to the https site from
> http. (with mod_rewrite)
>
> do you have logs or any information on what is not working?
>
> Oren
>
> On 04/03/2014 11:39 AM, Andy Canfield wrote:
>> I have been using apache for maybe ten years now, and maintain two
>> servers in addition to the apache on my notebook computer for testing.
>> All using Ubuntu Linux *.04 LTS. It now appears that I ought to convert
>> from http to https.
>>
>> But the documentation is insane. A piece here, a piece there, have to do
>> X (but first? and afterwards?). Assuming everything is else is OK, this
>> is way you edit this line in VirtualHost file (there is no
>> "/etc/apache2/.../VirtualHost" file!)
>>
>> I figure that I need to do it in two steps:
>> [1] Get the https version up and running, and
>> [2] Make the http version automatically switch to https.
>>
>> But I can't get https working at all, for anything. There's a "Listen
>> 443" in /etc/apache2/ports.conf but 'nmap localhost' says 443 is a
>> closed port.
>>
>> Has anybody else ever converted a hosted site from http to https? What
>> did you have to do to get the secure one working?
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> .
>


Mime
View raw message