I created a new Azure VM, installed the LAMP stack, and when I visit the domain name in a browser, it serves the following error, which I am unable to find any information on through Google or Stack Overflow:
<?xml version="1.0" encoding="utf-8"?><Error><Code>InvalidQueryParameterValue</Code><Message>Value for one of the query parameters specified in the request URI is invalid.
RequestId:45ba52f4-0001-0086-13ed-e545cf000000
Time:2015-09-03T02:07:58.4816344Z</Message><QueryParameterName>comp</QueryParameterName><QueryParameterValue /><Reason /></Error>
When I use wget http://localhost while logged in through SSH, I get this error instead:
--2015-09-03 02:05:57-- http://localhost/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 65 [text/html]
index.html: Permission denied
Cannot write to ‘index.html’ (Permission denied).
The apache config for the default site is plain:
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
How do I get this VM to start serving using Apache?
This can occur on the 'Static Website hosting' feature if you point your CNAME to the wrong Azure server.
You must use the server DNS name that contains web in the name and not blob.
The first error (when opening from Internet) is (most probably) showing that you do not try to access the VM URL, but another service instead (i.e. Azure storage service, or some other Azure service)
To make things more confusing for newcommers Microsoft has now 2 parallel types of services - one is called classic and the other is called resource manager. In order to give you best answer, I have to know how did you create your VM - using the classic or using the resource manager (or shortly ARM) mode. If it was the clasic, your VM should live in a domain something like: mylinuxvm.cloudapp.net. You can check this going to the management portal then selecting VM and checking its settings / properties. Is it is the case, the only thing you need to add is an Endpoint for port 80, so that Internet traffic coming on TCP port 80 will be redirected to your VM.
If it is an ARM VM, you need a network security group rule that will send traffic on port 80 to your public IP Address, which has to be associated with the VM.
The second error:
When I use wget http://localhost while logged in through SSH, I get
this error instead:
--2015-09-03 02:05:57-- http://localhost/ Resolving localhost (localhost)... 127.0.0.1 Connecting to localhost
(localhost)|127.0.0.1|:80... connected. HTTP request sent, awaiting
response... 200 OK Length: 65 [text/html] index.html: Permission
denied
Cannot write to ‘index.html’ (Permission denied).
You get because you are using wget instead of curl. The difference is that curl will just render the result in stdout while wget tries to downalod and save the contet. The error is quite clear:
Cannot write to ‘index.html’ (Permission denied).
Which means you are executing the command in a folder to which you do not have write permission. This is usally the home of the root user when you do not do sudo before executing the command.
Related
I am trying to install a certificate using certbot from LetsEncrypt on a Raspberry Pi. I have installed Apache2 and created a webserver at http://subdomain.mydomain.com on the Raspberry Pi. The certbot command obtains a certificate and writes it to http://subdomain.mydomain.com/.well-known/acme-challenge/<etc.>
Background Info: I am doing this because I need a local server to address IoT devices and my Ajax calls are failing because I am not allowed to mix http with https. The IoT devices are incapable of a hosting a webserver with SSL - they use a simple http:/192.168.1.xx/<string> format
I don't want to create a DNS entry at my registrar/ISP because I am trying to create a scalable solution and creating hundreds (perhaps thousands if we do well) of subdomain entries there is impractical. Creating my own DNS server is a possibility, but I would rather just do it all on the Pi - my bash installation script will take care of everything (once I get it to work!).
I tried first to create an entry into the local hosts (/etc/hosts) file which looks like this:
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.1.1 SubDomain
192.168.1.111 subdomain.mydomain.com
This works for commands like ping, but not for nslookup or dig and definitely not for certbot. The certbot command finds my main server - DNS is configured with a * to go to my Public IP for all unknown subdomains:
A * xx.xx.xx.xx //My public IP address
So then I installed dnsmasq (See: When using proxy_pass, can /etc/hosts be used to resolve domain names instead of "resolver"?) and followed the configuration options shown here: How to Setup a Raspberry Pi DNS Server
However, that doesn't work either. certbot still looks at my main (external DNS) and finds my Public (wildcard) IP. Here's a summary of the changes made in /etc/dnsmasq.conf
domain-needed ## enabled
bogus-priv ## enabled
no-resolv ## enabled
server=8.8.8.8 ## added (#server=/localnet/192.168.0.1 left as is)
server=8.8.4.4 ## added
cache-size=1500 ##increased from 150
How can I force certbot to find and use my local/private IP 192.168.1.111? Any alternative solutions using scripts/redirection?
Create a wildcard certificate using Let's Encrypt DNS validation. You will then have to renew the certificate manually. Otherwise, your server must be on the public Internet with correct DNS settings.
I finally solved my problem but I abandoned LetsEncrypt entirely. The answer was not in DNS, but in approaching it from a completely different angle. This was pretty much 95% of the solution.
Important! This only works if you have control over the browser. We do, since it is for our kiosk application which runs in a browser.
Step 1: Become your own CA
Step 2: Sign your SSL certificate as a CA
Step 3: Import the signed CA (.pem file) into the browser (under Authorities)
Step 4: Point your Apache conf file to the local SSL (the process generates .key and .crt files for this as well).
I have hosted my website in Azure. I have created a Virtual Machine on which i have installed LAMP stack as i am using php for my website. I have a sub domain along with the main domain. I want to install SSL for both.
My client has provided me the certificate for SSL installation. I search many Stack overflow post but could not find any post helpful for a beginner like me.
Thanks
Certificate Installation: Apache 2.4.8+
Under Linux, to check the version number of your Apache server, execute the following command:
apache2ctl -version
or
apachectl -version
Note : If your Apache server's version is less than 2.4.8, please skip this article and go this link
Prerequisites:
Concatenate the CAbundle and the certificate file which we sent you using the following command.
cat domain_com.crt domain_com.ca-bundle > ssl-bundle.crt
If you are Using GUI Text Editor (Ex: Notepad):
(i) To concatenate the certificate files into single bundle file, first open domainname.crt and domainname.ca-bundle files using any text editor.
(ii) Now copy all the content of domainname.crt and paste it on the top of domainname.ca-bundle file.
(iii) Now save the file name as ‘ssl-bundle.crt’.
Configure the Apache server:
Locate the Apache configuration file (example httpd.conf / ssl.conf), the configuration file name can be different depending on your apache version or flavour. Or in a Windows environment (EasyPHP, Wamp, ...) :
C:\Program Files\Apache Software Foundation\Apache X.X\conf\SSL2015
C:\Program Files\Apache Software Foundation\EasyPHP\SSL2015
In a standard installation under Linux, the SSL advanced configuration file is located here:
/etc/apache2/mods-enabled/ssl.conf
but it is not in this file that you will activate the certificate for a website. You'll have to edit the file
/etc/apache2/sites-enabled/default-ssl.conf
Use the following command to figure out where Apache is pulling its configuration from:
apache2ctl -V | grep SERVER_CONFIG_FILE
or just
apachectl -V | grep SERVER_CONFIG_FILE
The situation for ubuntu on Apache differs, as the configurations for 443 and 80 ports for each site are located in separate files. You can find it at /etc/apache2/sites-enabled/ Edit or create the file with the VirtualHost for 443 port to set up the secure connection.
Actually you can duplicate the record for port 80 (should be in your VirtulHost file by default) and change port 80 to port 443. Simply add it below non-secure module.
In the Virtual Host settings for your site, locate the SSL certificate settings section and verify that you have the following 2 directives within the Virtual Host. Please add them in if they are not present:
SSLCertificateKeyFile ( path to the private_key.key file used for the initial generation of the CSR)
SSLCertificateFile ( path to the PEM file containing the end entity certificate and the intermediates )
Example VirtualHost Configuration:
DocumentRoot /etc/httpd/htdocs
ServerName comodo.com
SSLEngine on
SSLCertificateFile /usr/local/ssl/crt/ssl-bundle.crt
SSLCertificateKeyFile /usr/local/ssl/private/private.key
Note: As with the example above, file names can be domainname.crt, server.key, your server however may use a different naming convention. If you are using a different file location than the example above, you will need to change the paths to match your files on the server.
If you want to enable OCSP Stapling for the website, please add the following directive to the Virtual Host section:
SSLUseStapling on
Also specify OCSP cache response location and size outside of the Virtual Host section using SSLStaplingCache directive:Converting a SSL certificate in Apache to Windows
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
Note: OSCP Stapling can be configured starting from Apache HTTP server 2.3.3 and later.
After making changes to your config file it is good practice to check the file for syntax errors using "apachectl configtest". The command will return Syntax Ok if there are no errors.
Restart your apache web server:
apachectl stop
apachectl start
To verify if you have correctly installed the SSL, please use our SSL Analyzer.
You can check this link.
https://support.comodo.com/index.php?/Knowledgebase/Article/View/1185/0/certificate-installation-apache-248
Is in azure provided free SSL? Otherwise you will not be able to install SSL with green bars. You can donate at https://letsencrypt.org/ to get SSL service with low price and develop your website even better.
I like to build a demo of a website running on an eval board from ATMEL. For this eval board I am building an Linux by the use of Yocto. For handling the website the apache webserver should be used.
I got the apache2 recipe build and installed, as well as my simple website. But I failed to set up the apache configuration right.
My system has two ethernet ports eth0 and eth1. Eth0 is configured to the IP 1.2.3.4 and eth1 to dchp. The index.html should be accessed through eth0. Maybe it is possible to have an literal like "mywebsite" to access it.
The website files are put in to the custom dir: /var/www/html/
Actual I am copying an virtual host config(myweb.conf) to /etc/apache2/sites-available/. It looks like:
# Ensure that Apache listens on port 80
Listen 80
<VirtualHost *:80>
ServerName mywebsite
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/
<Directory /var/www/html/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
</VirtualHost>
The yocto recipe unzips the index.html which is in myweb.zip and installs the virtual host config. The code looks like:
SUMMARY = "myweb"
SECTION = "test"
LICENSE = "CLOSED"
SRC_URI = "file://myweb.zip \
file://myweb.conf \
"
DEPENDS = "apache2"
S = "${WORKDIR}"
WWWdestPATH = "/var/www/html/"
do_install () {
install -d ${D}${WWWdestPATH}
cp -r ${S}/myweb/* ${D}${WWWdestPATH}
install -d ${D}/etc/apache2/sites-available/
cp ${S}/myweb.conf ${D}/etc/apache2/sites-available/myweb.conf
}
FILES_${PN} += "${WWWdestPATH}*"
FILES_${PN} += "/etc/apache2/sites-available/*"
Any ideas how to modify the files to get the website started?
Stefan,
If I understand you correctly you want to host web pages on the ATMEL board for clients connecting via eth0. I can't see anything obviously incorrect in your virtual host definition.
Adding mywebsite as ServerName tells Apache that that is the name for this specific virtual host - but clients still need to be able to resolve that name. Please note that if you only have a single site on the server the name doesn't matter in the Apache configuration - what matters is the DNS configuration. As long as the hostname resolves to the web server any request for any hostname would get the default site - unless there is a virtual site with a name that matches the requested host name.
What I would do is to start from the web server end and work your way out from there:
If you have included telnet in your build you could for instance access the web page directly from the command line to make sure that it answers. Do this on the ATMEL board (e.g. via ssh or if you have a display+keyboard):
telnet localhost 80 <ENTER>
GET / HTTP/1.1 <ENTER>
Host: mywebsite <ENTER><ENTER>
If that returns your web page then the web server is configured correctly.
Make sure that you can reach the ATMEL board from your client. On the client:
ping 1.2.3.4
If this doesn't work you need to put the client on the same network as the eth0 interface by setting it manually on the client or by adding a DHCP server on the ATMEL board, bound to eth0.
Make sure that the client can resolve the mywebsite host name. On the client:
ping mywebsite
If this doesn't work you need to add a DNS service (e.g. bind) to your image or, for a quick test, add the following line to the /etc/hosts file on your client (c:\windows\system32\drivers\etc\hosts if you are running Windows):
1.2.3.4 mywebsite
Hope that helps.
As i have enabled default-ssl site in my ubuntu linux server. When I load the site with Google Chrome I get this error:
SSL connection error
Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.
With Firefox:
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
As i have check log file of apache2. Which say suhosin-path mod_ssl
[Fri Apr 04 16:29:33 2014] [notice] Apache/2.2.22 (Ubuntu) PHP/5.3.10-1ubuntu3.9 with Suhosin-Patch mod_ssl/2.2.22 OpenSSL/1.0.1 mod_perl/2.0.5 Perl/v5.14.2 configured -- resuming normal operations
FYI,
when i run command "apachectl -S" i get this error
/usr/sbin/apachectl: 87: ulimit: error setting limit (Operation not permitted)
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:443 127.0.1.1 (/etc/apache2/sites-enabled/default-ssl:2)
*:80 is a NameVirtualHost
default server 127.0.1.1 (/etc/apache2/sites-enabled/000-default:1)
port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/000-default:1)
Syntax OK
if i run "apachectl configtest"
/usr/sbin/apachectl: 87: ulimit: error setting limit (Operation not permitted)
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
Syntax OK
EDIT 1
I am getting below error also
Invalid method in request \x16\x03\x01
Please help me.
It looks like you are setting up an HTTP server on port 443, e.g on a port usually used for HTTPS (HTTP wrapped inside a SSL connection). The Invalid method in request \x16\x03\x01 you get on the server side is the start of the SSL handshake of from the client. And because the client does not get the expected answer back from the server it complains.
I don't know what your intention with this setup is, but
if you want to use only HTTP keep the listener on port 80 and remove the one on port 443
if you want to set up HTTPS you need certificates etc (there is enough documentation out there)
Ok, Here is the solution.
As my domain (example.com) is configured for port forwarding and It was mapping to my Local server
To Access my local server through example.com
It was like this:
http://example.com:1234/project_name
and i was configuring my local server for https
which was accessible as
https://192.168.**.***/project_name
But it was giving error (Invalid method in request \x16\x03\x01) for below url
https://example.com:1234/project_name
Because example.com was not configured for ssl.
I am building a website and would not like to reconfigure the website from pointing to http://127.0.0.1 to http://www.example.com. Furthermore, the certificate that I am using is of course made with the proper domain name of www.example.com but my test environment makes calls to 127.0.0.1 which makes the security not work properly.
What I currently want to do is configure my development environment to assign the domain name www.example.com to 127.0.0.1 so that all http://www.example.com/xyz is routed to http://127.0.0.1:8000/xyz and https://www.example.com/xyz is routed to https://127.0.0.1:8080/xyz.
I am not using Apache. I am currently using node.js as my web server and my development environment is in Mac OS X Lion.
If you edit your etc/hosts file you can assign an arbitrary host name to be set to 127.0.0.1.
Open up /etc/hosts in your favorite text editor and add this line:
127.0.0.1 www.example.com
Unsure of how to avoid specifying the port in the HTTP requests you make to example.com, but if you must avoid specifying that at the request level, you could run nodejs as root to make it listen on port 80.
Edit: After editing /etc/hosts, you may already have the DNS request for that domain cached. You can clear the cached entry by running this on the command line.
dscacheutil -flushcache