I installed a SSL certificate in my apache server and I am having a problem. It happens that when I open my site on my phone it opens lots of popups asking to setup a pin for credential storage. On Macs it also opens a popup asking to select a certificate. Does anyone have/had this problem? I am also using django on my server if I helps for the answer.
my ssl configuration is this:
<VirtualHost *:80>
ServerAdmin blahblah#blah.pt
ServerName beta.site.pt
ErrorLog /var/log/apache2/vhost1-error.log
WSGIDaemonProcess netpecasbeta user=${APACHE_RUN_USER} group=${APACHE_RUN_GROUP} threads=25 python-path=/usr/local/lib/python2.7/site-packages
WSGIProcessGroup netpecasbeta
WSGIScriptAlias / /.../wsgi.py
<Location />
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R]
</Location>
</VirtualHost>
<VirtualHost *:443>
ServerName media.site.pt
DocumentRoot /var/www
ErrorLog /var/log/apache2/vhost1-error.log
CustomLog /var/log/apache2/vhost1-access.log combined
SSLEngine On
SSLCertificateFile /.../netpecas.pt.crt
SSLCertificateKeyFile /.../netpecas.key
SSLCertificateChainFile /.../gd_bundle.crt
SSLVerifyClient optional
LimitRequestBody 0
LimitRequestFieldSize 40940000
LimitXMLRequestBody 0
<Location />
SSLRequireSSL On
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
</Location>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin blabla#bla.pt
ServerName beta.site.pt
WSGIProcessGroup netpecasbeta
WSGIScriptAlias / /partfy/woofparts/Partfy/wsgi.py
ErrorLog /var/log/apache2/vhost1-error.log
CustomLog /var/log/apache2/vhost1-access.log combined
SSLEngine On
SSLCertificateFile /.../netpecas.pt.crt
SSLCertificateKeyFile /.../netpecas.key
SSLCertificateChainFile /.../gd_bundle.crt
SSLVerifyClient optional
LimitRequestBody 0
LimitRequestFieldSize 40940000
LimitXMLRequestBody 0
<Location />
SSLRequireSSL On
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
</Location>
</VirtualHost>
Change SSLVerifyClient from Optional to None, as specified here: https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifyclient
Related
Hi Guys I am trying to route my domain to server 139.5X.X.XXX
Following is My DNS record Details in Hostinger :-
Type Name Priority Content IP-V4 TTL
A www 0 139.5X.X.XXX 600
A # 0 139.5X.X.XXX 14400
Now I am seeing default apache page while browsing the domain (Server serving default apache page (Digital Ocean Ubuntu Droplet)) .
But after configuring a Django service to domain it taking too long to respond and ending up with "This Site can't be Reached"
following is the conf file which I am using
<VirtualHost *:80>
ServerName tellie.in
ServerAlias www.tellie.in
Redirect permanent / https://tellie.in/
RewriteEngine on
RewriteCond %{SERVER_NAME} =tellie.in [OR]
RewriteCond %{SERVER_NAME} =www.tellie.in
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin#tellie.in
ServerName tellie.in
ServerAlias www.tellie.in
DocumentRoot /home/srv/telli
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /static /home/srv/telli/telli/static
<Directory /home/srv/telli/telli/static>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Alias /media /home/srv/telli/telli/media
<Directory /home/srv/telli/telli/media>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /home/srv/telli/telli/telli>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess telli python-path=/home/srv/telli/telli python-home=/home/srv/telli/venv
WSGIProcessGroup telli
WSGIScriptAlias / /home/srv/telli/telli/telli/wsgi.py
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/tellie.in/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/tellie.in/privkey.pem
</VirtualHost>
Is there anything wrong that could cause the problem I am facing
Make sure that Apache has rx access to the directories under /home/srv/, It is better to move the code out of HOME and in a general mountpoint as /var or /data
I just installed SSL certs but when visiting the www domain of my site it now shows the Apache2 Ubuntu default page. How do I redirect the www to non-www with http --> https and * subdomains?
<VirtualHost *:80>
ServerName clearpath.site
ServerAlias *.clearpath.site
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =clearpath.site [OR]
RewriteCond %{SERVER_NAME} =*.clearpath.site
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
And me VH for port 443:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName clearpath.site
ServerAlias *.clearpath.site
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/
SSLCertificateKeyFile /etc/letsencrypt/
</VirtualHost>
</IfModule>
Any help is appreciated.
Here's an example; I've always been explicit in listing my subdomains, but you should be able to use wildcards: https://httpd.apache.org/docs/2.4/mod/core.html#serveralias
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com subdomain.example.com other.example.com
Redirect permanent / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
TimeOut 300
SSLEngine On
ServerName www.example.com
ServerAlias example.com subdomain.example.com other.example.com
# Set to the lobal Application Group
WSGIApplicationGroup %{GLOBAL}
# Pass Authorizations through to the WSGI app for Django REST Framework Token Auth
WSGIPassAuthorization On
WSGIDaemonProcess mysite-master-https python-home=/path/to/django/mysite-master/venv request-timeout=300 user=apache group=apache processes=6
WSGIProcessGroup mysite-master-https
WSGIScriptAlias / /path/to/django/mysite-master/config/wsgi.py process-group=mysite-master-https
<Directory /path/to/django/mysite-master/config>
Require all granted
</Directory>
Alias /static/ /path/to/django/mysite-master/static/
</VirtualHost>
Good luck!
I have a white-label web app that runs with subdomains to divide out the labels. Let's say cust1.app.com and cust2.app.com. I have SSL on my site, but I am having troubles making the site redirect from http to https. I want to do this all within http.conf, as opposed to .htaccess files. Here is my http.conf:
<VirtualHost *:443>
<Directory /var/www/html/>
Options -Indexes
Require all granted
AllowOverride All
</Directory>
ServerAlias *.app.com
DocumentRoot /var/www/app
SSLEngine on
SSLCertificateFile /var/www/certs/cert.pem
SSLCertificateKeyFile /var/www/certs/privkey.pem
SSLCertificateChainFile /var/www/certs/fullchain.pem
</VirtualHost>
<VirtualHost *:80>
ServerAlias *.app.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R,L]
</VirtualHost>
When visiting http://www.app.com or http://cust1.app.com, I get a simple ERR_CONNECTION_REFUSED, however when I manually put in the https, the site serves fine on all subdomains.
How do I redirect to https while honoring my wildcard subdomains?
Turns out I was missing the Listen directive for port 80, I must have deleted it from ports.conf or something at some point in the long and hair-pulling troubleshooting process. Here's my http.conf now:
Listen 80
Listen 443
<VirtualHost *:443>
<Directory /var/www/html/>
Options -Indexes
Require all granted
AllowOverride All
</Directory>
ServerAlias *.app.com
DocumentRoot /var/www/app
SSLEngine on
SSLCertificateFile /var/www/certs/cert.pem
SSLCertificateKeyFile /var/www/certs/privkey.pem
SSLCertificateChainFile /var/www/certs/fullchain.pem
</VirtualHost>
<VirtualHost *:80>
ServerAlias *.app.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R,L]
</VirtualHost>
I want to rename my localhost server to other name, however I have encountered a 404 error. I have followed the steps how to set this up, But still I get error. I wonder what's wrong. I will provide the changes done.
c:\Windows\System32\Drivers\Etc\hosts.file
127.0.0.1 localhost
127.0.0.1 bluescript.com.ph
::89 localhost
::89 bluescript.com.ph
c:\wamp\bin\apache\apache2.4.9\conf\extra\httpd-vhost.conf
I added the third host on the file
<VirtualHost *:80>
ServerAdmin webmaster#dummy-host.example.com
DocumentRoot "c:/Apache24/docs/dummy-host.example.com"
ServerName dummy-host.example.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/dummy-host.example.com-error.log"
CustomLog "logs/dummy-host.example.com-access.log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster#dummy-host2.example.com
DocumentRoot "c:/Apache24/docs/dummy-host2.example.com"
ServerName dummy-host2.example.com
ErrorLog "logs/dummy-host2.example.com-error.log"
CustomLog "logs/dummy-host2.example.com-access.log" common
</VirtualHost>
<VirtualHost *:80>
ServerName bluescript.com.ph
DocumentRoot "c:/wamp/www/bluescript/"
<Directory "c:/wamp/www/bluescript/">
Options +Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require local
</Directory>
</VirtualHost>
Under httpd.conf i did changed my port to 8989, since skype will use port 80
ServerName localhost:8989
#Listen 12.34.56.78:8989
Listen 0.0.0.0:8989
Listen [::0]:8989
I've already restarted WAMP and re-open the web browser and type url: http://bluescript.com.ph and get error: HTTP Error 404. The requested resource is not found. Where did i go wrong?
1) Remove these dummy (Example) Virtual Hosts that point to non existing folders
<VirtualHost *:80>
ServerAdmin webmaster#dummy-host.example.com
DocumentRoot "c:/Apache24/docs/dummy-host.example.com"
ServerName dummy-host.example.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/dummy-host.example.com-error.log"
CustomLog "logs/dummy-host.example.com-access.log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster#dummy-host2.example.com
DocumentRoot "c:/Apache24/docs/dummy-host2.example.com"
ServerName dummy-host2.example.com
ErrorLog "logs/dummy-host2.example.com-error.log"
CustomLog "logs/dummy-host2.example.com-access.log" common
</VirtualHost>
2)
If you must use a Non-Standard port number for Apache then that port number needs to be on the Virtual Host as well.
You should also add a Virtual Hosts for localhost
<VirtualHost *:8989>
ServerName localhost
DocumentRoot c:/wamp/www
<Directory "c:/wamp/www/">
Options +Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require local
</Directory>
</VirtualHost>
<VirtualHost *:8989>
ServerName bluescript.com.ph
DocumentRoot "c:/wamp/www/bluescript/"
<Directory "c:/wamp/www/bluescript/">
Options +Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require local
</Directory>
</VirtualHost>
Also remember to remove the comment from httpd.conf to activate the httpd-vhosts.conf file
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
Now restart Apache
And of course this means you must use the Non-Standard port number on all your urls. Like
http://bluescript.com.ph:8989
3)
Also this is wrong in your hosts file! Port number are not used in this file, so
::89 localhost
::89 bluescript.com.ph
Should be
::1 localhost
::1 bluescript.com.ph
After this change either reboot, or from a command window launched "As Adminitrator" do
net stop dnscache
net start dnscache
I am using a django based framework and have successfully figured Apache settings for http mode. Basically I have done the setting correctly on <VirtualHost *:80> ... </VirtualHost> and when I do, http://mysite.domain.com I get routed correctly to my site and the site pages and the skins get render correctly.
I have setup https://mysite.domain.com to work with shibboleth, shibboleth is working and when use the https I get routed to login credential page via shibboleth server, and after successful login I get redirect to https://mysite.domain.com but site doesn't get rendered correctly and skins don't show up as same as http://mysite.domain.com.
Here is my Apache settings, I am trying to understand what I am doing wrong here
<VirtualHost *:443>
ServerAdmin myname#mydomain.com
DocumentRoot /code/vEnviornment/mysite
ServerName mydomain.com
#<LocationMatch "^(?!/admin)">
#<LocationMatch "^(?!/m)">
# RewriteEngine on
# RewriteRule django.wsgi(.*)$ https://mydomain.com:443$1 [L,R=301]
#</LocationMatch>
SSLEngine on
#your SSL keys
#I have removed this wasn't comfortable putting SSL key info
#Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
Alias /admin/media/ /usr/local/lib/python2.7/dist-packages/django/contrib/admin/media/
WSGIScriptAlias /m/ /code/vEnviornment/mysite/django.wsgi
<Directory "/">
AuthType shibboleth
ShibRequestSetting requireSession 1
Require valid-user
</Directory>
Alias /Shibboleth.sso /tmp
# CustomLog /var/log/httpd/mysite/access_log common
# ErrorLog /var/log/httpd/mysite/error_log
CustomLog /var/log/apache2/mysite/access_log common
ErrorLog /var/log/apache2/mysite/error_log
</VirtualHost>
And here is how I have hetup http:
<VirtualHost *:80>
ServerAdmin myname#mydomain.com
DocumentRoot /code/vEnviornment/mysite
ServerName mysite.mydomain.com
#aliases to serve static media directly
#will probably need adjustment
Alias /m/ /code/vEnviornment/mysite/static/
Alias /upfiles/ /code/vEnviornment/mysite/myframework/upfiles/
<DirectoryMatch "/code/vEnviornment/mysite/myframework/skins/([^/]+)/media">
Order deny,allow
Allow from all
</DirectoryMatch>
<Directory "/code/vEnviornment/mysite/myframework/upfiles">
Order deny,allow
Allow from all
</Directory>
#must be a distinct name within your apache configuration
WSGIDaemonProcess mysite2
WSGIProcessGroup mysite2
WSGIScriptAlias / /code/vEnviornment/mysite/django.wsgi
#make all admin stuff except media go through secure connection
<LocationMatch "/admin(?!/media)">
RewriteEngine on
RewriteRule /admin(.*)$ https://128.101.35.71/admin$1 [L,R=301]
</LocationMatch>
# CustomLog /var/log/httpd/mysite/access_log common
# ErrorLog /var/log/httpd/mysite/error_log
CustomLog /var/log/apache2/mysite/access_log common
ErrorLog /var/log/apache2/mysite/error_log
LogLevel debug
</VirtualHost>
What am I doing wrong here to render the site incorrectly via https?
Alias /m/ /code/vEnviornment/mysite/static/
Alias /upfiles/ /code/vEnviornment/mysite/myframework/upfiles/
These two lines are missing in https virual host
and
your WSGIScriptAlias should point to / not /m/