desperado101
asked on
Apache and https
Hi,
I have a webserver setup using apache v2. I have created my own directory structure and updated httpd.conf (DocumentRoot) to point to this which works fine. However if I connect to my server using https://blah... I get the apache test screen. I assume that this means there is a seperate DocumentRoot for secure connections, but how do I find it or move it?
Many thanks,
Paul.
I have a webserver setup using apache v2. I have created my own directory structure and updated httpd.conf (DocumentRoot) to point to this which works fine. However if I connect to my server using https://blah... I get the apache test screen. I assume that this means there is a seperate DocumentRoot for secure connections, but how do I find it or move it?
Many thanks,
Paul.
ASKER
thanks,
your second comment, HTTP/HTTPS going to the same is what I would have expected although it doesn't seem to be true!
your second comment, HTTP/HTTPS going to the same is what I would have expected although it doesn't seem to be true!
Do you have ssl installed on your system? are you pointing the https to port 443?
John
John
ASKER
there in none, and I think you need to creat one, please refer to the link above for some example.
cheers.
cheers.
Paul, I think you are (just a little bit) wrong in your assumption :)
The https and the http servers have their own (completely different) settings. There is a "<VirtualHost _default_:443>"
block in httpd.conf that has all the stuff used by the https server. All you have to do is to make it point in the right direction (DocumentRoot is probably what is of interest to you)
The https and the http servers have their own (completely different) settings. There is a "<VirtualHost _default_:443>"
block in httpd.conf that has all the stuff used by the https server. All you have to do is to make it point in the right direction (DocumentRoot is probably what is of interest to you)
ASKER
Just checked httpd.comd there is no virtual host for port 443. It seems like I have a completely different version of apache running somewhere for https!!
Is there something in xinetd I should look at?
Thanks again for your help,
Is there something in xinetd I should look at?
Thanks again for your help,
xinetd ? Aren't you using a standalone apache ?
Anyway, chack if there is a /etc/xinetd.d directory and a file named something like httpd or apache in that directory.
Anyway, chack if there is a /etc/xinetd.d directory and a file named something like httpd or apache in that directory.
You can check who is listening on 80 and 443 ports using netstat -an | grep tcp. You'll find out if there is an apache listening or if there is an (x)inetd listening on those ports.
ASKER
no there isn't - I think I might have meant init.d because thats how I restart the server. /etc/init.d/httpd restart..
Sorry I am so bad at this - completely new to linux!
Thanks,
Sorry I am so bad at this - completely new to linux!
Thanks,
ASKER
no there isn't - I think I might have meant init.d because thats how I restart the server. /etc/init.d/httpd restart..
Sorry I am so bad at this - completely new to linux!
Thanks,
Sorry I am so bad at this - completely new to linux!
Thanks,
ASKER
I looked again in httpd.conf and saw that httpd is only listening on port 80 so I added Listen 443. Now it won't run saying:-
(98)Address already in use: make_sock: could not bind to address 192.168.0.3:443
no listening sockets available, shutting down
Does this mean another process is intercepting the SSL traffic?
(98)Address already in use: make_sock: could not bind to address 192.168.0.3:443
no listening sockets available, shutting down
Does this mean another process is intercepting the SSL traffic?
Ok, have a look at the script (less /etc/init.dhttpd) There you should see how apache is called.
Use /etc/init.d/httpd stop and start, don't use restart, as you'll get more errors checked
Use /etc/init.d/httpd stop and start, don't use restart, as you'll get more errors checked
What distribution are you using ? I might have one around and maybe I'll be able to tell you more ...
Yep, use netstat -an | grep 443 to see who that bad guy
Sorry, I mean
netstat -anp | grep 443
netstat -anp | grep 443
ASKER
i have redhat 8
this is the output from the netstat
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
How do I know who is listening!
this is the output from the netstat
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
How do I know who is listening!
ASKER
with the -anp!
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 6756/httpd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 6756/httpd
ASKER
I'm confused...
If httpd is listening where is the doc root for it!
If httpd is listening where is the doc root for it!
Ok, so there is a httpd listening on that port. Now let's find out who is that httpd. Try
ps aux | grep httpd
ps aux | grep httpd
this is really active!
notification are pouring in like rain :)
good work.
notification are pouring in like rain :)
good work.
ASKER
it seems root is running one instance and there are 8 instances running by apache...
The root instance is the one listening, the others are servers started so that they can serve the request fast. But that' not importand right now :)
We're interested in the root line. It should show us the command line.
Another way of seeing the command line would be
cat /proc/<httpd pid>/cmdline
where <httpd pid> is the pid of the root httpd. (it should be 6756, if you didn't restart it - from netstat -anp :)
We're interested in the root line. It should show us the command line.
Another way of seeing the command line would be
cat /proc/<httpd pid>/cmdline
where <httpd pid> is the pid of the root httpd. (it should be 6756, if you didn't restart it - from netstat -anp :)
ASKER
The pid was 6756 but the command didn't return anything?!
ASKER
do you mean /usr/sbin/httpd
?
Thanks again :)
?
Thanks again :)
you typed
cat /proc/6756/cmdline
and it didn't return anything ? It shuld have returned at least "httpd" or something.
We are trying to find out how httpd was started so that we can see where the config file is located.
You should be able to see the invocation of the process also with
ps aux | grep httpd
It should give you at least /bla/bla/httpd
cat /proc/6756/cmdline
and it didn't return anything ? It shuld have returned at least "httpd" or something.
We are trying to find out how httpd was started so that we can see where the config file is located.
You should be able to see the invocation of the process also with
ps aux | grep httpd
It should give you at least /bla/bla/httpd
Ok, now run
/usr/sbin/httpd -S
:))))
/usr/sbin/httpd -S
:))))
ASKER
says -S is an illegal option!!
ASKER
I did -V and this is the output...
Server version: Apache/2.0.40
Server built: Sep 4 2002 17:20:34
Server's Module Magic Number: 20020628:0
Architecture: 32-bit
Server compiled with....
-D APACHE_MPM_DIR="server/mpm /prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED _ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOG S
-D HTTPD_ROOT="/etc/httpd"
-D SUEXEC_BIN="/usr/sbin/suex ec"
-D DEFAULT_PIDLOG="logs/httpd .pid"
-D DEFAULT_SCOREBOARD="logs/a pache_runt ime_status "
-D DEFAULT_LOCKFILE="logs/acc ept.lock"
-D DEFAULT_ERRORLOG="logs/err or_log"
-D AP_TYPES_CONFIG_FILE="conf /mime.type s"
-D SERVER_CONFIG_FILE="conf/h ttpd.conf"
Server version: Apache/2.0.40
Server built: Sep 4 2002 17:20:34
Server's Module Magic Number: 20020628:0
Architecture: 32-bit
Server compiled with....
-D APACHE_MPM_DIR="server/mpm
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOG
-D HTTPD_ROOT="/etc/httpd"
-D SUEXEC_BIN="/usr/sbin/suex
-D DEFAULT_PIDLOG="logs/httpd
-D DEFAULT_SCOREBOARD="logs/a
-D DEFAULT_LOCKFILE="logs/acc
-D DEFAULT_ERRORLOG="logs/err
-D AP_TYPES_CONFIG_FILE="conf
-D SERVER_CONFIG_FILE="conf/h
Oops. that is an upper case "S". If it still says that, what version of apache are you running ? (/usr/sbin/httpd -v, that's a lower case "v" )
ASKER
The server config file listed is the one I have tried to edit!
Now I am really confused!!!
Now I am really confused!!!
Have a look after an "include" in the httpd.conf file
ASKER
It has
Include conf.d/*.conf
Is there a file in conf.d i should be editing?
Include conf.d/*.conf
Is there a file in conf.d i should be editing?
do a
grep 443 conf.d/*.conf
grep 443 conf.d/*.conf
ASKER
I've got it!! The virtual host for SSL is listed here in a file called imaginatively ssl.conf!
Thanks very much for your help on this one mbarbos you are a star. 100 points coming your way!!
Thanks very much for your help on this one mbarbos you are a star. 100 points coming your way!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yeah I've learnt quite a bit of linux just through this,
thanks again.
thanks again.
I do not have much exp. on apache ssl. However, these links might shed some lights:
http://httpd.apache.org/docs-2.0/ssl/
http://www.ssl.com/support/multipleCAApache.jsp
I would believe that you might need to defined a different Vhost if you want to have a separate "view" for your SSL websites, otherwise, your regular HTTP and HTTPS client would be going to the same DocumentRoot.
cheers.