Re: https and mod_rewrite. was: SSL Trouble with httpd-ssl.conf include
I got it working, but not sure if it's the best solution. I had to add the apache RewriteRules to the httpd-ssl.conf file. I just copied what I have in the httpd.conf file into this file, under the General setup for the virtual host stuff, e.g. # General setup for the virtual host DocumentRoot "/Library/WebServer/Documents" ServerName localhost:443 ServerAdmin j...@netbrackets.com ErrorLog "/private/var/log/apache2/error_log" TransferLog "/private/var/log/apache2/access_log" # rewrite logging RewriteLog "/tmp/rewrite.log" # mod_rewrite rules RewriteEngine On RewriteRule ^/netBrackets(.*)$ /cgi-bin/WebObjects/netBrackets.woa$1 [PT,L,NC] On Nov 29, 2010, at 10:30 AM, Jeff Schmitz wrote: > OK, thanks for all your help. Thought I'd change the subject and hope > someone has experience with rewrite and SSL... > > > On Nov 29, 2010, at 10:08 AM, Henrique Gomes wrote: > >> >> My experience ends there, I'm afraid. I've setup apache with SSL, but never >> did any specific coding in WebObjects for it. >> Hope others can help. >> >> Henrique Gomes >> >> On Nov 29, 2010, at 4:52 PM, Jeff Schmitz wrote: >> >>> yes, am using rewrite rules, and that's the problem. >>> Application._rewriteURL doesn't get called when secure WOHyperlinks are >>> selected. Will have to read up a bit on that to see how to get rewrites to >>> work with https. Or perhaps I should use the >>> completeURLWithRequestHandlerKey method somehow to inject the >>> cgi-bin/WebObjects back into the link for secure requests? >>> >>> >>> On Nov 29, 2010, at 9:23 AM, Henrique Gomes wrote: >>> It shouldn't make any difference but the default files have a VirtualHost like this: Also I noticed you are using non standard URLs. Why the 'netBrackets' instead of /cgi-bin/WebObjects? Did you change the WebObjectsAlias directive? Are you using URL rewrite rules? > https://localhost/netBrackets/-/wa/poolLogin On Nov 29, 2010, at 3:10 PM, Jeff Schmitz wrote: > Tried that with the same result. Here's what I now have for the section > of httpd-ssl.conf that gets updated per the wiki. Note I did move the > cert and key files up into the apache 2 dir and and named them server.crt > and server.key. Also, the config-ssl file is Included in my httpd.conf > file... > > > ## > ## SSL Virtual Host Context > ## > > > > # General setup for the virtual host > DocumentRoot "/Library/WebServer/Documents" > ServerName localhost:443 > ServerAdmin j...@netbrackets.com > ErrorLog "/private/var/log/apache2/error_log" > TransferLog "/private/var/log/apache2/access_log" > > # SSL Engine Switch: > # Enable/Disable SSL for this virtual host. > SSLEngine on > > # SSL Cipher Suite: > # List the ciphers that the client is permitted to negotiate. > # See the mod_ssl documentation for a complete list. > SSLCipherSuite > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > > # Server Certificate: > # Point SSLCertificateFile at a PEM encoded certificate. If > # the certificate is encrypted, then you will be prompted for a > # pass phrase. Note that a kill -HUP will prompt again. Keep > # in mind that if you have both an RSA and a DSA certificate you > # can configure both in parallel (to also allow the use of DSA > # ciphers, etc.) > #SSLCertificateFile > "/private/etc/apache2/devsslcerts/localhost_server.crt" > SSLCertificateFile "/private/etc/apache2/server.crt" > #SSLCertificateFile "/private/etc/apache2/server-dsa.crt" > > On Nov 29, 2010, at 4:54 AM, Henrique Gomes wrote: > >> >> On Nov 28, 2010, at 3:58 PM, Jeff Schmitz wrote: >> >>> >>> >>> It doesn't find the generated URL of: >>> >>> https://localhost/netBrackets/-/wa/poolLogin >>> >>> but if I just remove the 's' from https, it finds the page: >>> >>> http://localhost/netBrackets/-/wa/poolLogin >>> >>> I'm thinking it has to do with the secure port not being generated >>> correctly. Shouldn't :443 be specified as part of the https url? >>> >> >> (You don;t a need a :443 for https the same way you don't need a :80 for >> http, they are the default ports for those protocols.) >> >> On the httpd-ssl.conf could you try changing the ServerName to >> localhost:443? Like these: >> >> ServerName localhost:443 >> >> Henrique Gomes >> >> >>> >>> On Nov 28, 2010, at 8:08 AM, Henrique Gomes wrote: >>> What's the URL that's not found? What code or bindings are you using to generate the hyperlink to the secure page? Henrique Gomes On Nov 28, 2010, at 2:51 PM, Jeff
https and mod_rewrite. was: SSL Trouble with httpd-ssl.conf include
OK, thanks for all your help. Thought I'd change the subject and hope someone has experience with rewrite and SSL... On Nov 29, 2010, at 10:08 AM, Henrique Gomes wrote: > > My experience ends there, I'm afraid. I've setup apache with SSL, but never > did any specific coding in WebObjects for it. > Hope others can help. > > Henrique Gomes > > On Nov 29, 2010, at 4:52 PM, Jeff Schmitz wrote: > >> yes, am using rewrite rules, and that's the problem. >> Application._rewriteURL doesn't get called when secure WOHyperlinks are >> selected. Will have to read up a bit on that to see how to get rewrites to >> work with https. Or perhaps I should use the >> completeURLWithRequestHandlerKey method somehow to inject the >> cgi-bin/WebObjects back into the link for secure requests? >> >> >> On Nov 29, 2010, at 9:23 AM, Henrique Gomes wrote: >> >>> >>> It shouldn't make any difference but the default files have a VirtualHost >>> like this: >>> >>> >>> Also I noticed you are using non standard URLs. Why the 'netBrackets' >>> instead of /cgi-bin/WebObjects? Did you change the WebObjectsAlias >>> directive? Are you using URL rewrite rules? >>> https://localhost/netBrackets/-/wa/poolLogin >>> >>> >>> >>> On Nov 29, 2010, at 3:10 PM, Jeff Schmitz wrote: >>> Tried that with the same result. Here's what I now have for the section of httpd-ssl.conf that gets updated per the wiki. Note I did move the cert and key files up into the apache 2 dir and and named them server.crt and server.key. Also, the config-ssl file is Included in my httpd.conf file... ## ## SSL Virtual Host Context ## # General setup for the virtual host DocumentRoot "/Library/WebServer/Documents" ServerName localhost:443 ServerAdmin j...@netbrackets.com ErrorLog "/private/var/log/apache2/error_log" TransferLog "/private/var/log/apache2/access_log" # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. Keep # in mind that if you have both an RSA and a DSA certificate you # can configure both in parallel (to also allow the use of DSA # ciphers, etc.) #SSLCertificateFile "/private/etc/apache2/devsslcerts/localhost_server.crt" SSLCertificateFile "/private/etc/apache2/server.crt" #SSLCertificateFile "/private/etc/apache2/server-dsa.crt" On Nov 29, 2010, at 4:54 AM, Henrique Gomes wrote: > > On Nov 28, 2010, at 3:58 PM, Jeff Schmitz wrote: > >> >> >> It doesn't find the generated URL of: >> >> https://localhost/netBrackets/-/wa/poolLogin >> >> but if I just remove the 's' from https, it finds the page: >> >> http://localhost/netBrackets/-/wa/poolLogin >> >> I'm thinking it has to do with the secure port not being generated >> correctly. Shouldn't :443 be specified as part of the https url? >> > > (You don;t a need a :443 for https the same way you don't need a :80 for > http, they are the default ports for those protocols.) > > On the httpd-ssl.conf could you try changing the ServerName to > localhost:443? Like these: > > ServerName localhost:443 > > Henrique Gomes > > >> >> On Nov 28, 2010, at 8:08 AM, Henrique Gomes wrote: >> >>> >>> What's the URL that's not found? What code or bindings are you using to >>> generate the hyperlink to the secure page? >>> >>> Henrique Gomes >>> >>> >>> On Nov 28, 2010, at 2:51 PM, Jeff Schmitz wrote: >>> Thanks, That gets me closer. Apache is now running when I restart it, and when I click on the secure WOHyperlink it's creating a https URL, and it picks up the certificate, but then when I accept the certificate I get the "requested URL not found" error. If I simply change the url to be a http:// URL, the page comes up with no other changes to the generated URL. Looks like webobjects is not liking any https URL. Is there something I've forgotten to do? Thanks Jeff On Nov 26, 2010, at 12:11 PM, Henrique Gomes wrote: > The wiki is more complicated than what it's need on a recent system: > > After generating the certificate, just put the certificate