There are several lines in places that read
<IfModule mod_ssl.c>
There is no file on my hard disk named "mod_ssl.c". There is, however, a
file named
/usr/lib/apache2/modules/mod_ssl.so
Is there some magic connection between "mod_ssl.c" and "mod_ssl.so"?
Like was the ssl module written in C?
On 04/03/2014 09:46 PM, Yehuda Katz wrote:
> Debian/Ubuntu have a slightly different default layout and include
> some tools to help you work with it. The tools just create the
> symlinks for you, but the major benefit is that all of them support
> tab-completion, so you know what is available.
>
> a2enmod / a2dismod: enable or disable apache modules
> a2ensite / a2dissite: enable or disable apache vhosts
> a2enconf / a2disconf: enable or disable apache configuration files
> (added in Ubuntu 13.10)
>
> The first this to check is that you have loaded mod_ssl, either by
> running `a2enmod ssl` or looking at the modules-enabled directory.
> You are probably not listening on 443 since it is inside the
> <ifmodule> and the module is not loaded.
Then as instructed by a2enmod I ran the command
service apache2 restart
I normally use '/etc/init.d/apache2 restart' but I did it with 'service'
this time.
After some editing for fixing up things like DocumentRoot (changed to my
own) I got it to restart with no errors.
>
> You should have Ubuntu's default SSL vhost in
> sites-available/default-ssl.conf and you can enable it using the tool
> (or manual symlink).
There is no file extension on
"/etc/apache2/sites-available/default-ssl", I assume that file is
correct. It starts with these two lines:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
The above has they keyword "_default_" in the VirtualHost line. All of
my existing http config files read like this:
<VirtualHost *:80>
There is no Virtual Host name in that line, so presumably they all share
the same virtual host, yes? Do I need multiple virtual hosts for https,
or will one virtual host be OK for all the sites?
Wonderful! I rebooted the computer just to make 100% sure of my
restarting EVERYTHING, and then ran 'nmap localhost' and it finally
showed me this line:
443/tcp open https
Great! Now somebody is listening.
I sent Firefox to "https://localhost/"; and after a bunch of crabbing
about the certificate I got to see the same site. So now I have to
figure out how to make a certificate (FYI I am an anarchist).
I went to one of my sites and followed a link and discovered that it
switched back to "http://"; because that is what is in the HTML. Gotta
fix that.
> You can enable any vhost for SSL by adding a few directives to it (it
> will stop listening on non-ssl):
> - Change the vritualhost port to 443
> - SSLEngine on
> - SSLCertificateFile /etc/apache2/ssl/example.com.crt
> - (SSLCertificateKeyFile /etc/apache2/ssl/example.com.key if the key
> is not in the same file)
>
> There are a few other default things in the default-ssl vhost to fix
> buggy browsers and provide more info to cgi-scripts.
"buggy browsers" as in Internet Explorer, right? These are intra-company
web sites, and we simply tell people not to use IE.
>
> - Y
Thank you very much Yehuda. I think I am launched and can follow on for
a while by myself.
>
>
> On Thu, Apr 3, 2014 at 6:10 AM, Andy Canfield <[email protected]
> <mailto:[email protected]>> wrote:
>
>
> Files:
>
> -rw-r--r-- 1 root 859 Apr 3 11:45 /etc/apache2/ssl/crt/vhost1.crt
>
> -rw-r--r-- 1 root 916 Apr 3 11:45 /etc/apache2/ssl/key/vhost1.key
>
> So AFAIK I've got a certificate I've generated myself. Nobody
> vouches for me but it shoud enable encryption and make my TCP/IP
> packets hard to read.
>
> Contents of /etc/apache2/ports.conf:
> NameVirtualHost *:80
> Listen 80
>
> <IfModule mod_ssl.c>
> Listen 443
> </IfModule>
> <IfModule mod_gnutls.c>
> Listen 443
> </IfModule>
>
> Files:
>
> -rw-r--r-- 1 andy 1439 Apr 3 14:48
> /etc/apache2/sites-available/default
> -rw-r--r-- 1 andy 7485 Jun 16 2011
> /etc/apache2/sites-available/default-ssl
> -rw-r--r-- 1 root 7469 Feb 7 2012
> /etc/apache2/sites-available/default-ssl.original
> -rw-r--r-- 1 root 950 Feb 7 2012
> /etc/apache2/sites-available/default.original
>
> I see here that /etc/apache2/sites-available has one symbolic link
> to /etc/apache2/sites-available/default, and no symbolic links to
> any of the other entries in the sites-available directory. Also
> all the other entries in /etc/apache2/sites-available are symbolic
> links to configuration files such as
>
> lrwxrwxrwx 1 root 21 May 6 2012 /etc/apache2/sites-enabled/opal.conf ->
> /www/opal/apache.conf
>
> These links have been working fine for years as links into the
> site control directory and not into 'sites-available'. But perhaps
> that is wrong.
>
> Maybe what I need is a symbolic link from sites-enabled to
> ../sites-available/default-ssl ? Nope, tested, did not solve the
> problem....
>
> When I give this command (as root) -
>
> /etc/init.d/apache2 restart
>
> I see only this output:
>
> apache2: Could not reliably determine the server's fully qualified
> domain name, using 192.168.1.112 for ServerName
> ... waiting apache2: Could not reliably determine the server's
> fully qualified domain name, using 192.168.1.112 for ServerName
>
>
> [ OK ]
>
> But nmap still says that nothing is listening to port 443.
>
> Thank you Oren.
>
>
> On 04/03/2014 04:04 PM, Oren wrote:
>> Hi Andy.
>> Process basically include getting/creating a certificate, define
>> it on your site and reload apache.
>> here is a centos manual which is not exactly the same on ubuntu
>> but pretty much explains the order of things
>> http://wiki.centos.org/HowTos/Https
>>
>> on ubuntu you will have to open the 443 port
>> <IfModule mod_ssl.c>
>> Listen 443
>> </IfModule>
>>
>> once the https is ready, you can do a redirect to the https site
>> from http. (with mod_rewrite)
>>
>> do you have logs or any information on what is not working?
>>
>> Oren
>>
>> On 04/03/2014 11:39 AM, Andy Canfield wrote:
>>> I have been using apache for maybe ten years now, and maintain two
>>> servers in addition to the apache on my notebook computer for
>>> testing.
>>> All using Ubuntu Linux *.04 LTS. It now appears that I ought to
>>> convert
>>> from http to https.
>>>
>>> But the documentation is insane. A piece here, a piece there,
>>> have to do
>>> X (but first? and afterwards?). Assuming everything is else is
>>> OK, this
>>> is way you edit this line in VirtualHost file (there is no
>>> "/etc/apache2/.../VirtualHost" file!)
>>>
>>> I figure that I need to do it in two steps:
>>> [1] Get the https version up and running, and
>>> [2] Make the http version automatically switch to https.
>>>
>>> But I can't get https working at all, for anything. There's a
>>> "Listen
>>> 443" in /etc/apache2/ports.conf but 'nmap localhost' says 443 is a
>>> closed port.
>>>
>>> Has anybody else ever converted a hosted site from http to
>>> https? What
>>> did you have to do to get the secure one working?
>>>
>>>
>>> ---------------------------------------------------------------------
>>>
>>> To unsubscribe, e-mail: [email protected]
>>> <mailto:[email protected]>
>>> For additional commands, e-mail: [email protected]
>>> <mailto:[email protected]>
>>>
>>
>> ---------------------------------------------------------------------
>>
>> To unsubscribe, e-mail: [email protected]
>> <mailto:[email protected]>
>> For additional commands, e-mail: [email protected]
>> <mailto:[email protected]>
>>
>>
>> .
>>
>
>
