?
Solved

Apache and https

Posted on 2003-03-06
37
Medium Priority
?
593 Views
Last Modified: 2010-05-18
Hi,

I have a webserver setup using apache v2.  I have created my own directory structure and updated httpd.conf (DocumentRoot) to point to this which works fine. However if I connect to my server using https://blah... I get the apache test screen. I assume that this means there is a seperate DocumentRoot for secure connections, but how do I find it or move it?

Many thanks,

Paul.
0
Comment
Question by:desperado101
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 18
  • 15
  • 3
  • +1
37 Comments
 
LVL 15

Expert Comment

by:samri
ID: 8079140
Hi Paul,

I do not have much exp. on apache ssl.  However, these links might shed some lights:

http://httpd.apache.org/docs-2.0/ssl/
http://www.ssl.com/support/multipleCAApache.jsp

I would believe that you might need to defined a different Vhost if you want to have a separate "view" for your SSL websites, otherwise, your regular HTTP and HTTPS client would be going to the same DocumentRoot.

cheers.
0
 

Author Comment

by:desperado101
ID: 8079371
thanks,

your second comment, HTTP/HTTPS going to the same is what I would have expected although it doesn't seem to be true!
0
 
LVL 1

Expert Comment

by:JOligario
ID: 8081187
Do you have ssl installed on your system?  are you pointing the https to port 443?

John
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 

Author Comment

by:desperado101
ID: 8081636
I can connect to my server using https://<server ip>/ so SSL must be installed. Its just that when I connect I am not sure where the document root is, it doesn't seem to be the same place as when I connect with http://<server ip>/.

There are no virtual hosts in the conf file...
0
 
LVL 15

Expert Comment

by:samri
ID: 8086646
there in none, and I think you need to creat one, please refer to the link above for some example.

cheers.
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 8087256
Paul, I think you are (just a little bit) wrong in your assumption :)

The https and the http servers have their own (completely different) settings. There is a "<VirtualHost _default_:443>"
block in httpd.conf that has all the stuff used by the https server. All you have to do is to make it point in the right direction (DocumentRoot is probably what is of interest to you)
0
 

Author Comment

by:desperado101
ID: 8087299
Just checked httpd.comd there is no virtual host for port 443. It seems like I have a completely different version of apache running somewhere for https!!

Is there something in xinetd I should look at?

Thanks again for your help,
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 8087324
xinetd ? Aren't you using a standalone apache ?
Anyway, chack if there is a /etc/xinetd.d directory and a file named something like httpd or apache in that directory.
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 8087333
You can check who is listening on 80 and 443 ports using netstat -an | grep tcp. You'll find out if there is an apache listening or if there is an (x)inetd listening on those ports.
0
 

Author Comment

by:desperado101
ID: 8087342
no there isn't - I think I might have meant init.d because thats how I restart the server. /etc/init.d/httpd restart..

Sorry I am so bad at this - completely new to linux!

Thanks,
0
 

Author Comment

by:desperado101
ID: 8087358
no there isn't - I think I might have meant init.d because thats how I restart the server. /etc/init.d/httpd restart..

Sorry I am so bad at this - completely new to linux!

Thanks,
0
 

Author Comment

by:desperado101
ID: 8087370
I looked again in httpd.conf and saw that httpd is only listening on port 80 so I added Listen 443. Now it won't run saying:-

(98)Address already in use: make_sock: could not bind to address 192.168.0.3:443
no listening sockets available, shutting down

Does this mean another process is intercepting the SSL traffic?
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 8087372
Ok, have a look at the script (less /etc/init.dhttpd) There you should see how apache is called.
Use /etc/init.d/httpd stop and start, don't use restart, as you'll get more errors checked
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 8087379
What distribution are you using ? I might have one around and maybe I'll be able to tell you more ...
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 8087387
Yep, use netstat -an | grep 443 to see who that bad guy
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 8087398
Sorry, I mean

netstat -anp | grep 443
0
 

Author Comment

by:desperado101
ID: 8087400
i have redhat 8

this is the output from the netstat

tcp  0  0  0.0.0.0:443  0.0.0.0:*   LISTEN

How do I know who is listening!
0
 

Author Comment

by:desperado101
ID: 8087408
with the -anp!

tcp  0  0  0.0.0.0:443  0.0.0.0:*   LISTEN  6756/httpd
0
 

Author Comment

by:desperado101
ID: 8087421
I'm confused...

If httpd is listening where is the doc root for it!
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 8087428
Ok, so there is a httpd listening on that port. Now let's find out who is that httpd. Try
ps aux | grep httpd
0
 
LVL 15

Expert Comment

by:samri
ID: 8087443
this is really active!

notification are pouring in like rain :)

good work.
0
 

Author Comment

by:desperado101
ID: 8087445
it seems root is running one instance and there are 8 instances running by apache...
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 8087469
The root instance is the one listening, the others are servers started so that they can serve the request fast. But that' not importand right now :)
We're interested in the root line. It should show us the command line.

Another way of seeing the command line would be

cat /proc/<httpd pid>/cmdline

where <httpd pid> is the pid of the root httpd. (it should be 6756, if you didn't restart it - from netstat -anp :)
0
 

Author Comment

by:desperado101
ID: 8087484
The pid was 6756 but the command didn't return anything?!
0
 

Author Comment

by:desperado101
ID: 8087499
do you mean /usr/sbin/httpd

?

Thanks again :)
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 8087508
you typed
cat /proc/6756/cmdline
and it didn't return anything ? It shuld have returned at least "httpd" or something.

We are trying to find out how httpd was started so that we can see where the config file is located.

You should be able to see the invocation of the process also with
ps aux | grep httpd

It should give you at least /bla/bla/httpd
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 8087515
Ok, now run
/usr/sbin/httpd -S

:))))
0
 

Author Comment

by:desperado101
ID: 8087522
says -S is an illegal option!!
0
 

Author Comment

by:desperado101
ID: 8087540
I did -V and this is the output...

Server version: Apache/2.0.40
Server built:   Sep  4 2002 17:20:34
Server's Module Magic Number: 20020628:0
Architecture:   32-bit
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 8087544
Oops. that is an upper case "S". If it still says that, what version of apache are you running ? (/usr/sbin/httpd -v, that's a lower case "v" )
0
 

Author Comment

by:desperado101
ID: 8087547
The server config file listed is the one I have tried to edit!

Now I am really confused!!!
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 8087557
Have a look after an "include" in the httpd.conf file
0
 

Author Comment

by:desperado101
ID: 8087564
It has

Include conf.d/*.conf

Is there a file in conf.d i should be editing?
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 8087574
do a
grep 443 conf.d/*.conf
0
 

Author Comment

by:desperado101
ID: 8087576
I've got it!! The virtual host for SSL is listed here in a file called imaginatively ssl.conf!

Thanks very much for your help on this one mbarbos you are a star. 100 points coming your way!!
0
 
LVL 6

Accepted Solution

by:
mbarbos earned 400 total points
ID: 8087579
Glad I could help.
I hope (at least) that this has been instructive :-)
0
 

Author Comment

by:desperado101
ID: 8087585
yeah I've learnt quite a bit of linux just through this,

thanks again.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question