Apache and https

Hi Paul,

I do not have much exp. on apache ssl.  However, these links might shed some lights:

http://httpd.apache.org/docs-2.0/ssl/
http://www.ssl.com/support/multipleCAApache.jsp

I would believe that you might need to defined a different Vhost if you want to have a separate "view" for your SSL websites, otherwise, your regular HTTP and HTTPS client would be going to the same DocumentRoot.

cheers.

thanks,

your second comment, HTTP/HTTPS going to the same is what I would have expected although it doesn't seem to be true!

Do you have ssl installed on your system?  are you pointing the https to port 443?

John

I can connect to my server using https://<server ip>/ so SSL must be installed. Its just that when I connect I am not sure where the document root is, it doesn't seem to be the same place as when I connect with http://<server ip>/.

There are no virtual hosts in the conf file...

there in none, and I think you need to creat one, please refer to the link above for some example.

cheers.

Paul, I think you are (just a little bit) wrong in your assumption :)

The https and the http servers have their own (completely different) settings. There is a "<VirtualHost _default_:443>"
block in httpd.conf that has all the stuff used by the https server. All you have to do is to make it point in the right direction (DocumentRoot is probably what is of interest to you)

Just checked httpd.comd there is no virtual host for port 443. It seems like I have a completely different version of apache running somewhere for https!!

Is there something in xinetd I should look at?

Thanks again for your help,

xinetd ? Aren't you using a standalone apache ?
Anyway, chack if there is a /etc/xinetd.d directory and a file named something like httpd or apache in that directory.

You can check who is listening on 80 and 443 ports using netstat -an | grep tcp. You'll find out if there is an apache listening or if there is an (x)inetd listening on those ports.

no there isn't - I think I might have meant init.d because thats how I restart the server. /etc/init.d/httpd restart..

Sorry I am so bad at this - completely new to linux!

Thanks,

no there isn't - I think I might have meant init.d because thats how I restart the server. /etc/init.d/httpd restart..

Sorry I am so bad at this - completely new to linux!

Thanks,

I looked again in httpd.conf and saw that httpd is only listening on port 80 so I added Listen 443. Now it won't run saying:-

(98)Address already in use: make_sock: could not bind to address 192.168.0.3:443
no listening sockets available, shutting down

Does this mean another process is intercepting the SSL traffic?

Ok, have a look at the script (less /etc/init.dhttpd) There you should see how apache is called.
Use /etc/init.d/httpd stop and start, don't use restart, as you'll get more errors checked

What distribution are you using ? I might have one around and maybe I'll be able to tell you more ...

Yep, use netstat -an | grep 443 to see who that bad guy

Sorry, I mean

netstat -anp | grep 443

i have redhat 8

this is the output from the netstat

tcp  0  0  0.0.0.0:443  0.0.0.0:*   LISTEN

How do I know who is listening!

with the -anp!

tcp  0  0  0.0.0.0:443  0.0.0.0:*   LISTEN  6756/httpd

I'm confused...

If httpd is listening where is the doc root for it!

Ok, so there is a httpd listening on that port. Now let's find out who is that httpd. Try
ps aux | grep httpd

this is really active!

notification are pouring in like rain :)

good work.

it seems root is running one instance and there are 8 instances running by apache...

The root instance is the one listening, the others are servers started so that they can serve the request fast. But that' not importand right now :)
We're interested in the root line. It should show us the command line.

Another way of seeing the command line would be

cat /proc/<httpd pid>/cmdline

where <httpd pid> is the pid of the root httpd. (it should be 6756, if you didn't restart it - from netstat -anp :)

The pid was 6756 but the command didn't return anything?!

do you mean /usr/sbin/httpd

?

Thanks again :)

you typed
cat /proc/6756/cmdline
and it didn't return anything ? It shuld have returned at least "httpd" or something.

We are trying to find out how httpd was started so that we can see where the config file is located.

You should be able to see the invocation of the process also with
ps aux | grep httpd

It should give you at least /bla/bla/httpd

Ok, now run
/usr/sbin/httpd -S

:))))

says -S is an illegal option!!

I did -V and this is the output...

Server version: Apache/2.0.40
Server built:   Sep  4 2002 17:20:34
Server's Module Magic Number: 20020628:0
Architecture:   32-bit
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

Oops. that is an upper case "S". If it still says that, what version of apache are you running ? (/usr/sbin/httpd -v, that's a lower case "v" )

The server config file listed is the one I have tried to edit!

Now I am really confused!!!

Have a look after an "include" in the httpd.conf file

It has

Include conf.d/*.conf

Is there a file in conf.d i should be editing?

do a
grep 443 conf.d/*.conf

I've got it!! The virtual host for SSL is listed here in a file called imaginatively ssl.conf!

Thanks very much for your help on this one mbarbos you are a star. 100 points coming your way!!

yeah I've learnt quite a bit of linux just through this,

thanks again.