httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Moskowitz <...@htt-consult.com>
Subject Re: [users@httpd] configured HTTP(80) on the standard HTTPS(443) port!
Date Wed, 05 Apr 2017 12:50:33 GMT


On 04/04/2017 11:37 PM, Yehuda Katz wrote:
> The first warning is telling you that you are serving regular HTTP 
> traffic on what is usually an HTTPS port. This is because you do not 
> have any SSL configuration on the virtual host on port 443. You need 
> "SSLEngine on" and certificate information at least.

thanks.  fixed.

> You can ignore the second warning about "server name indication" 
> unless you specifically want to support really old and insecure browsers.
>
> - Y
>
> On Tue, Apr 4, 2017 at 10:47 PM, Robert Moskowitz <rgm@htt-consult.com 
> <mailto:rgm@htt-consult.com>> wrote:
>
>     I just noticed the following in error_log on httpd startup:
>
>     [Tue Apr 04 21:20:43.030519 2017] [ssl:warn] [pid 15521] AH01916:
>     Init: (z9m9z.test.htt-consult.com:443
>     <http://z9m9z.test.htt-consult.com:443>) You configured HTTP(80)
>     on the standard HTTPS(443) port!
>     [Tue Apr 04 21:20:43.030759 2017] [ssl:warn] [pid 15521] AH02292:
>     Init: Name-based SSL virtual hosts only work for clients with TLS
>     server name indication support (RFC 4366)
>
>     What does this mean?
>
>     One of my .conf files is:
>
>     # cat 00-init.conf
>         ServerAdmin rgm@htt-consult.com <mailto:rgm@htt-consult.com>
>         ServerName z9m9z.test.htt-consult.com
>     <http://z9m9z.test.htt-consult.com>
>     <VirtualHost *:80>
>     <Directory "/var/www/html">
>             Options Indexes FollowSymLinks
>             AllowOverride None
>             Require ip 192.168.0.0/16 <http://192.168.0.0/16>
>     </Directory>
>     </VirtualHost>
>     <VirtualHost *:443>
>     <Directory "/var/www/html">
>             Options Indexes FollowSymLinks
>             AllowOverride None
>             Require ip 192.168.0.0/16 <http://192.168.0.0/16>
>     </Directory>
>     </VirtualHost>
>
>     httpd -S reports:
>
>     VirtualHost configuration:
>     *:80                   is a NameVirtualHost
>              default server z9m9z.test.htt-consult.com
>     <http://z9m9z.test.htt-consult.com> (/etc/httpd/conf.d/00-init.conf:3)
>              port 80 namevhost z9m9z.test.htt-consult.com
>     <http://z9m9z.test.htt-consult.com> (/etc/httpd/conf.d/00-init.conf:3)
>              port 80 namevhost webmail.test.htt-consult.com
>     <http://webmail.test.htt-consult.com>
>     (/etc/httpd/conf.d/roundcubemail.conf:1)
>                      alias webmail
>     *:443                  is a NameVirtualHost
>              default server z9m9z.test.htt-consult.com
>     <http://z9m9z.test.htt-consult.com>
>     (/etc/httpd/conf.d/00-init.conf:10)
>              port 443 namevhost z9m9z.test.htt-consult.com
>     <http://z9m9z.test.htt-consult.com>
>     (/etc/httpd/conf.d/00-init.conf:10)
>              port 443 namevhost webmail.test.htt-consult.com
>     <http://webmail.test.htt-consult.com>
>     (/etc/httpd/conf.d/roundcubemail.conf:16)
>                      alias webmail
>              port 443 namevhost z9m9z.test.htt-consult.com
>     <http://z9m9z.test.htt-consult.com> (/etc/httpd/conf.d/ssl.conf:56)
>     ServerRoot: "/etc/httpd"
>     Main DocumentRoot: "/var/www/html"
>     Main ErrorLog: "/etc/httpd/logs/error_log"
>     Mutex ssl-stapling: using_defaults
>     Mutex proxy: using_defaults
>     Mutex authn-socache: using_defaults
>     Mutex ssl-cache: using_defaults
>     Mutex default: dir="/run/httpd/" mechanism=default
>     Mutex mpm-accept: using_defaults
>     Mutex authdigest-opaque: using_defaults
>     Mutex proxy-balancer-shm: using_defaults
>     Mutex rewrite-map: using_defaults
>     Mutex authdigest-client: using_defaults
>     PidFile: "/run/httpd/httpd.pid"
>     Define: DUMP_VHOSTS
>     Define: DUMP_RUN_CFG
>     User: name="apache" id=48
>     Group: name="apache" id=48
>
>
>
>     ---------------------------------------------------------------------
>     To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>     <mailto:users-unsubscribe@httpd.apache.org>
>     For additional commands, e-mail: users-help@httpd.apache.org
>     <mailto:users-help@httpd.apache.org>
>
>


Mime
View raw message