Trouble with adding SSL to Apache2

msidnam
msidnam used Ask the Experts™
on
I'm having a heck of a time getting SSL to work on an Ubuntu 18.04 server using Apache2. I've installed Mediawiki to /var/www/html/wiki. I have a mediawiki.conf file that has virtual host entries for both 80 and 443. I have SSLEngine on and for the certificate file and the key file I have them pointed to the correct directory.

I'm having two issues:

1. If i type https://domain.com/wiki, it gives me a 404 not found, yet it fills in the /index.php/Main_Page at the end of the URL but the port says 80
2. If i type https://domain.com/wiki/index.php/Main_page it works and it uses 443. The issue with that is, I'm getting an error with chrome that says I'm getting mixed content. When i go to developer tools in chrome it's telling me that the .png file im using for the logo is not secure.

I haven't messed with ubuntu and apache2 for a while so i'm probably missing something, im just not sure what.

Thank you.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Fractional CTO
Distinguished Expert 2018
Commented:
First, best to just get an empty directory serving, to ensure your Apache (no PHP) config is correct.

Then move onto getting your PHP working.

Both problems you report suggest your Apache config is slightly broken.

Here's the site template I use to setup SSL sites. This config expects you've correctly setup things like Stapling + cipher lists at a global level.

This also expects you're using free LetsEncrypt certs.

<VirtualHost *:80>
   ServerName  www.WEBSITE
   ServerAdmin support@WEBSITE
   RewriteEngine on
   RewriteCond %{HTTP_HOST} ^www\.(.+) [NC]
   RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [NC,L,R=301]
   Include logging.conf
</VirtualHost>

<VirtualHost *:80>
   ServerName  WEBSITE
   ServerAdmin support@WEBSITE
   RewriteEngine on
   RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [NC,L,R=301]
   Include logging.conf
</VirtualHost>

<IfModule mod_ssl.c>

   <VirtualHost *:443>

      ServerName  www.WEBSITE
      ServerAdmin support@WEBSITE

      RewriteEngine on
      RewriteCond %{HTTP_HOST} ^www\.(.+) [NC]
      RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [L,R=301]

      Include logging.conf

      SSLEngine on
      SSLUseStapling on

      SSLCertificateFile    /etc/letsencrypt/live/WEBSITE/fullchain.pem
      SSLCertificateKeyFile /etc/letsencrypt/live/WEBSITE/privkey.pem

      # Enable HTTP Strict Transport Security with a 2 year duration
      Header always set Strict-Transport-Security "max-age=63072000; preload"

   </VirtualHost>

   <VirtualHost *:443>

      ServerName  WEBSITE
      ServerAdmin support@WEBSITE

      DocumentRoot /sites/OWNER/WEBSITE/TYPE

      <Directory /sites/OWNER/WEBSITE/TYPE>
          Options +Indexes +FollowSymLinks
          AllowOverride All 
          Require all granted
      </Directory>

      Include logging.conf

      SSLEngine on
      SSLUseStapling on

      SSLCertificateFile    /etc/letsencrypt/live/WEBSITE/fullchain.pem
      SSLCertificateKeyFile /etc/letsencrypt/live/WEBSITE/privkey.pem

      # Enable HTTP Strict Transport Security with a 2 year duration
      Header always set Strict-Transport-Security "max-age=63072000; preload"

   </VirtualHost>

</IfModule>

Open in new window


This config redirects all common site requests to https://bare-domain.com so if you're using www, you'll have to rewrite the config.

Tip: Until you get your SSL config working correctly, change all 301s to 302s + comment out the HSTS lines.

This way if you make a mistake, you won't get the mistake logged in your browser cache for all time (301s live in browser caches forever).

Tip: Use the following command to debug problems, so there's no browser interaction...

curl -I -L yourdomin.com

Open in new window

Author

Commented:
Using the virtual hosts file you gave me, I am no longer getting the 404 page not found errors.

If i go to http://domain.com it redirects me to http://domain.com/wiki/index.php/Main_Page.
If i try it with https it send me back to the http version.
If i put in https://domain.com/wiki/index.php/Main_page it goes right to the https site. Also, when i use IE, i dont get the error that it has mixed content.

I'm starting to think it has something to do with the way mediawiki is also forwarding/rewriting the URL. If i use the curl command you gave me and only put in the domain.com, it gives me an HTTP/1.1 200 OK. If i put domain.com/wiki I get 2 301 Moved Permanently. one to /wiki/ and the other to /wiki/index.php/Main_Page.

If I am going to http://domain.com, should it be sending me to the https://domain.com?

Author

Commented:
I changed the port 80 virtual host to redirect by using the Redirect / https://domain.com/wiki/index.php/Main_Page.

Also, for some reason something is cached somewhere and it thinks my logo has a capital in the first letter. so i changed the filename on the server to have a capital for the first letter and the mixed content error went away.

as it stands, if i type http://domain.com or https://domain.com, they both go to https://domain.com.wiki/index.php/Main_Page

Thank you for the help.
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

David FavorFractional CTO
Distinguished Expert 2018

Commented:
Sounds like your MediaWiki config (PHP file somewhere) or database is polluted with links of the form http://domain.com which should be changed to //domain.com (no http: or https:) for protocol agnostic access.

My guess when you find where the http:// is hard coded + fix this, the rest of your problems will resolve.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
When you fix your database. Be sure to refer to MediaWiki docs regards serialized data.

https://www.mediawiki.org/wiki/Manual:Serialization

Serialized data requires a special mechanism to update data. Best to ask about this in the MediaWiki forums.

Author

Commented:
Thank you David for all of your help and knowledge.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial