i created the certificates with OpenSSL for use in localhost.
Fine, but when I set VirtualHost in Apache, if I set DocumentRoot the page is loaded normal, without a different mark in address bar.
When I don't specify a DocumentRoot, the Firefox load the Xampp page, but with secure mark in adress bar.
My actual Vhost is:
<VirtualHost *:443>
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
ServerName www.agurbana.com.br
SSLCertificateFile "E:/agenda.crt"
SSLCertificateKeyFile "E:/server_unsecured.key"
SSLCACertificatePath "E:/"
SSLCACertificateFile "E:/ca.crt"
<FilesMatch "\.(cgi|shtml|pl|asp|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
DocumentRoot "E:/SITES/AU2/"
ErrorLog "E:/error.log"
<Directory "E:/SITES/AU2/">
AllowOverride All
Allow from All
</Directory>
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
how I can do appear a secure mark in address bar when i set up DocumentRoot?
By chance, do you also have a vhost set-up to listen to port:80 in your httpd-vhosts.conf file?
In that case, the scheme will be determined by the user, not by the server. You can get rid of the :80 listener, but now the user has to remember to type https, which is bad. Therefore use Apache re-directs to force usage of SSL, e.g. http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html
Related
I was surfing on the internet and I don't know what's going on anymore.
I flipped across Google ;)
How to setting my VPS for all user's accounts? Could you help me?
Example:
Server "top" domain: srv1.myserver.com
Customer domain: ubuntu001.com (now it's OK: www.myserver.com/~ubuntu001)
Customer domain: garfield.net (now it's OK: www.myserver.com/~garfield)
I need this "format":
ubuntu001.myserver.com OR ubuntu001.com.myserver.com
garfield.myserver.com OR garfield.net.myserver.com
How to config my CWP VPS (apache vhosts)?
Thank you for all the guidelines.
UPDATE:
Edit this conf file:
/usr/local/apache/conf.d/vhosts/myserver.com.conf
Add "ServerAlias" for VirtualHost block
Restart Apache service on server
<VirtualHost 1.2.3.4:80>
ServerName ubuntu001.com
ServerAlias www.ubuntu001.com
ServerAlias ubuntu001.myserver.com
ServerAlias www.ubuntu001.myserver.com
ServerAdmin webmaster#ubuntu001.com
DocumentRoot /home/ubu001/public_html
[...]
<IfModule mod_setenvif.c>
SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on
</IfModule>
<Directory "/home/ubu001/public_html">
Options -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>
[...]
</VirtualHost>
I's OK: http://ubuntu001.myserver.com
I's not working: httpS://ubuntu001.myserver.com
(the myserver.com is an example domain)
I have just configured my server with an open-source ALM tool, e.g. ZenTao. Now I need to edit httpd.conf to visit it through my domain with https, but I don't know-how, could someone help with that?
I am using Ubuntu 18.04 LTS (GNU) and I have already applied for a certificate for my domain from Letsencrypt.
If you want to make your https work for your ZenTao domain, you should provision your httpd.conf with port 443 details, which you could refer to the following,
DocumentRoot and Directory should be your /zentao/www root,
And you should configure with your SSL certificates in it as well,
<VirtualHost *:443>
ServerName *.xxx.com
ServerAlias *.xxx.com
DocumentRoot "/zentaoalm/www/"
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/xxx.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/xxx.com.key
SSLCertificateChainFile /etc/apache2/ssl/xxx.com.pem
<Directory "/zentaopms/www">
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
we need our new dedicated IP address (and all future ones) to "point" to the same root directory of our VPS' "parent" domain (main domain with all business logic, where $_SERVER['host'] is detected to connect associated files etc. )
So, for example, domain.net (x.x.x.146) should show content of domain.com (x.x.x.170) etc
We have list of dedicated IPs, added to WHM. We have number of domain names, with those IPS as DNS A records. We have added those domains via cPanel to point to the same public_html..
But all the domains resolve to : cgi-sys/defaultwebpage.cgi with "SORRY! If you are the owner of this website, please contact your hosting provider:" error.
Any suggestions? This is supposed to be quite an easy task, but clearly - not so.
Thank you
Why do you need many IP address? one IP address should be enough for what you want to do.
Indeed HTTP/1.1 protocol is meant for this purpose: many different domains for one IP.
In your VPS you can use for example "Apache" as a Web server with this basic configuration:
ceate/edit on "/etc/apache2/sites-available/" example.com.conf :
<VirtualHost *:80>
DocumentRoot /home/user/pulic_html
ServerName example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
then create/edit example.org.conf:
<VirtualHost *:80>
ServerName example.org
Redirect permanent / http://example.com/
</VirtualHost>
and so on..
then to enable your configuration :
a2ensite example.com.conf example.org.conf
sudo service apache2 restart
If you still want to use many IPs you can install apache in every machine hosting the IP, then redirect to your main site/domain(http://example.com), as shown above. Otherwise, if your hosting provider allow, you can redirect your children domain to your parent domain from your provider website with GUI.
here is the solution. It is not ideal bot it looks like there's not much we can do, having cPanel/WHM installed.
<VirtualHost x.x.x.x:443>
ServerName domain.net
ServerAlias www.domain.net
DocumentRoot /home/user/public_html
#todo common contact mail
ServerAdmin support#domain.net
UseCanonicalName Off
<IfModule mod_suphp.c>
suPHP_UserGroup user user
</IfModule>
<IfModule ssl_module>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/domain.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.net/chain.pem
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</IfModule>
<IfModule headers_module>
RequestHeader set X-HTTPS 1
</IfModule>
</VirtualHost>
redirect from 80 to 443 set separately:
RewriteEngine On
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
I've read several posts like mine, but none of them seem to work.
I've got a regular apache config on CentOS 7 with a working website, both HTTP and HTTPS (certbot).
I have another service with a web port of `:3000 and i'd like to have it work as such:
http(s)://example.com (regular website content)
http(s)://example.com/new_site (the service on port 3000)
I've got the website set up as a virtual host with a custom webroot in /var/www/example.com/docroot
This is my current working config. I realized that the connection between the localhost does not need to be HTTPS, just the incoming requests:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
ProxyPass /my_site http://localhost:3000
ProxyPassReverse /my_site http://localhost:3000
ErrorLog /var/log/httpd/my_vhost_log
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
</VirtualHost>
</IfModule>
I also cleared up permissions issues by enabling the httpd_can_network_connect SELinux boolean.
UPDATE:
My issue now is that the above config overwrites my regular website content, so if you go to the https://example.com, it will just show the Apache welcome page, rather than the content in the /var/www/example.com/docroot.
Main config:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/docroot
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
</VirtualHost>
</IfModule>
In the event that anyone comes across this,
The fix is simply to add the Proxy lines to your main domain config. You only need a single config file.
I try to add Alfresco 5.0.d CE as a Sharepoint place within MS Office Mobile (Android 5).
Sharepoint protocol and online edit via Share generally works fine with MS Office desktop version. VTI is configured to run via https on port 7070 (as per http://blyx.com/2014/04/01/alfresco-tip-how-to-enable-ssl-in-alfresco-sharepoint-protocol/).
But the mobile app throws a problem: when I try to connect, the MS Office mobile app gives me the error: "We don't support this authentication scheme."
Screenshot:
alfresco-global.properties (excerpt):
# Authentication Chain (sorba1:sorba is my custom authentication)
authentication.chain=alfrescoNtlm1:alfrescoNtlm,sorba1:sorba
...
# Sharepoint / VTI
vti.server.port=7070
vti.server.protocol=https
vti.server.ssl.keystore=C:\\path\\to\\MyCert.pfx
vti.server.ssl.password=SomeSecretPassword
vti.server.url.path.prefix=/alfresco
vti.server.external.host=alfresco.mydomain.com
vti.server.external.port=7070
vti.server.external.protocol=https
vti.server.external.contextPath=/alfresco
I found this forum post, but it's not really helpful:
http://answers.microsoft.com/en-us/mobiledevices/forum/mdlumia-mdupdate/sharepoint-doesnt-support-this-authentication/5ba8116a-6955-4486-b19e-c93affa346a8
============ Update ==========
A user adviced me (https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/configuration/alfrescosharepoint-and-ms-office) to use a reverse proxy (which makes sense in a way that I can use the regular https port 443 and not port 7070 as the external vti port), but not sure how to proceed from the current configuration as below:
I did setup a reverse proxy now (Apache httpd), but I still don't see how port 7070 fits in there exactly. I search for other posts, and contrary to the first blog I found, they usually use 443 as the external VTI port, and not 7070.
https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/configuration/ssl-sharepoint-behind-ngnix
https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/configuration/proxy-spp-apache-and-ssl
https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/configuration/sharepoint-protocol-over-ssl
https://github.com/marsbard/puppet-alfresco/issues/18
Now, this is my vti setting:
vti.server.port=7070
vti.server.protocol=http
vti.server.ssl.keystore=C:/Alfresco/alf_data/keystore/ssl.keystore
vti.server.ssl.password=kT9X6oe68t
vti.server.url.path.prefix=/alfresco
vti.server.external.host=drive.sorba.ch
vti.server.external.port=443
vti.server.external.protocol=https
vti.server.external.contextPath=/alfresco
and this is the virtual host config:
<VirtualHost *:80>
#LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://alfresco.mycompany.ch/share$1 [R=301,NC,L]
</VirtualHost>
<VirtualHost *:443>
ServerAdmin mlin#mycompany.ch
ServerName alfresco.mycompany.ch
# share is our default application
Redirect / /share/
# Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn
# SSL Engine Switch:
SSLEngine on
SSLCertificateFile /etc/ssl/certs/chainfile.domaincert.key.crt
SSLCertificateKeyFile /etc/ssl/private/Star_MyCompany.key
SSLCertificateChainFile /etc/ssl/certs/chainfile.domaincert.key.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
TimeOut 3600
KeepAlive On
# Einstellungen fuer den Alfresco-Tomcat
AddDefaultCharset UTF-8
# Einstellungen fuer den AJP Proxy
ProxyPass /alfresco http://alfresco.mycompany.ch:8080/alfresco
ProxyPassReverse /alfresco http://alfresco.mycompany.ch:8080/alfresco
ProxyPass /share http://alfresco.mycompany.ch:8080/share
ProxyPassReverse /share http://alfresco.mycompany.ch:8080/share
<Proxy *>
AddDefaultCharset on
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>
How does the port 7070 configuration (ProxyPass, ProxyPassReverse) fit in here? In other forum postings, I also so some RuleConditions where they check for the client to be of "Microsoft Office" beforehand. Not sure how to proceed from here now. Thanks for any advice.