Re: how to enable SSL for a handler

Sun, 03 Jul 2022 03:32:39 -0700

Sure, comment out all the perl stuff that are not required for certbot to work, run something like: certbot certonly --rsa-key-size 4096 --agree-tos --email yongw...@gmail.com -d luck.cloudcache.net Get the cert, and then after uncomment what you previously commented out. It should work. 

Regards,
Jacques

On 2022/07/03 19:29, Yong Walt wrote:

This is my httpd.conf.

<VirtualHost *:80>

ServerAdmin webmaster@localhost

ServerName luck.cloudcache.net <http://luck.cloudcache.net>

PerlPostConfigRequire /etc/apache2/modperl/startup.pl <http://startup.pl>


<Location />

SetHandler modperl

PerlResponseHandler LuckyNum

</Location>



ErrorLog ${APACHE_LOG_DIR}/error.log

LogLevel warn

CustomLog ${APACHE_LOG_DIR}/luck.access.log combined


</VirtualHost>



How do you think I can set up the SSL?


I asked it just b/c "certbot --apache" doesn't work for this handler.


Thanks.


On Sun, Jul 3, 2022 at 6:24 PM Jacques Deguest <j...@deguest.jp> wrote:

    You do not even need to have a virtualhost with ssl enabled for
    certbot to work.
    You can have a simple VirtualHost responding to regular 80 port,
    then get the ssl certificate, then add the VirtualHost for SSL and
    all your modperl specifications to it. Something like the
    following, and once you got the certificate, you uncomment the 2nd
    part.

    ----
    <Virtualhost *:80>
        ServerName api.example.org:80 <http://api.example.org:80>
        ServerAdmin w...@example.org
        DocumentRoot /var/www/api.example.org <http://api.example.org>
        DirectoryIndex "index.html" "index.pl <http://index.pl>"
    "index.php"
        CustomLog "/var/log/apache2/api.example.org-access.log" combined
        ErrorLog "/var/log/apache2/api.example.org-error.log"
        LogLevel warn
        <Directory "/var/www/api.example.org <http://api.example.org>">
            Options All +MultiViews -ExecCGI -Indexes -Includes
            AllowOverride All
        </Directory>
        ScriptAlias     "/cgi-bin/"    
    "/var/www/api.example.org/cgi-bin/ <http://api.example.org/cgi-bin/>"
        <IfModule mod_alias.c>
            Alias "/icons/" "/var/www/icons/"
        </IfModule>
        <IfModule mod_ssl.c>
            RewriteEngine on
            RewriteRule ^\/?(.*)$ https://%{SERVER_NAME}/$1 [R,L]
        </IfModule>
    </VirtualHost>

    # <IfModule mod_ssl.c>
    #     <VirtualHost *:443>
    #         ServerName api.example.org:443 <http://api.example.org:443>
    #         ServerAdmin w...@example.org
    #         DocumentRoot /var/www/api.example.org
    <http://api.example.org>
    #         DirectoryIndex "index.html" "index.php"
    #         CustomLog "/var/log/apache2/api.example.org-access.log"
    combined
    #         ErrorLog "/var/log/apache2/api.example.org-error.log"
    #         LogLevel warn
    #         <Directory "/var/www/api.example.org
    <http://api.example.org>">
    #         RewriteEngine Off
    #             Options All +MultiViews -ExecCGI -Indexes -Includes
    #             AllowOverride All
    #         </Directory>
    #         ScriptAlias "/cgi-bin/"    
    "/var/www/api.example.org/cgi-bin/ <http://api.example.org/cgi-bin/>"
    #         <Directory "/var/www/api.example.org/cgi-bin/
    <http://api.example.org/cgi-bin/>">
    #             RewriteEngine Off
    #             Options All +Includes +ExecCGI -Indexes +MultiViews
    #             AllowOverride All
    #             SetHandler cgi-script
    #             AcceptPathInfo On
    #             Require all granted
    #         </Directory>
    #         <IfModule mod_perl.c>
    #             PerlOptions        +GlobalRequest
    #             PerlPassEnv        MOD_PERL
    #             PerlPassEnv        HOME
    #             PerlPassEnv        SERVER_NAME
    #             PerlPassEnv        HTTP_HOST
    #             PerlPassEnv        REMOTE_ADDR
    #             PerlPassEnv        REMOTE_HOST
    #             PerlPassEnv        PATH_INFO
    #             PerlPassEnv        LC_MESSAGES
    #             PerlPassEnv        LANGUAGE
    #             PerlModule        Apache2::Request
    #             PerlModule        Apache2::Status
    #             PerlModule        Apache::DBI
    #             <Location />
    #                 SetHandler        modperl
    #                 PerlHandler        Apache::Registry
    #                 PerlSendHeader      On
    #                 PerlSetupEnv        On
    #                 PerlOptions        +GlobalRequest
    #                 Options            +Includes +ExecCGI
    #                 Order allow,deny
    #                 Allow from all
    #             </Location>
    #         </IfModule>
    #
    #         SSLCertificateFile
    /etc/ssl/private/api.example.org/cert.pem
    <http://api.example.org/cert.pem>
    #         SSLCertificateKeyFile
    /etc/ssl/private/api.example.org/privkey.pem
    <http://api.example.org/privkey.pem>
    #         Include /etc/ssl/options-ssl-apache.conf
    #
    #         <IfModule mod_alias.c>
    #             Alias "/icons/" "/var/www/icons/"
    #         </IfModule>
    #     </Virtualhost>
    # </IfModule>
    ----


    On 2022/07/03 19:00, Yong Walt wrote:

    but that vhost has a modperl handler as the endpoint only.

    On Sun, Jul 3, 2022 at 12:19 PM Mithun Bhattacharya
    <mit...@gmail.com> wrote:

        You don't enable SSL for a endpoint you do it for a host/port
        combination. All endpoints under that virtual host is SSL
        enabled.

        On Sat, Jul 2, 2022, 9:01 PM Yong Walt <yongw...@gmail.com>
        wrote:

            Hello

            When I run certbot --apache for modperl handler service,
            it doesn't work.
            So how can I setup letsencrypt SSL for a pure handler web
            API?

            Thanks

Attachment: OpenPGP_0x5F3C0261CDB2E752.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply via email to