1

I have a multi-host setup for my Apache web server with letsencrypt SSL running. I'm basically hosting 2 applications which are OpenProject and SugarCRM which I don't believe should matter. Here's my environment.

Centos 7-4.1708 64 Bit
Webserver: Apache Web Server 2.4
All running as VM in ESXI
OpenProject IP: 192.168.1.121
SugarCRM IP: 192.168.1.122
Gateway: 192.168.1.1

So every time I logged in to the OpenProject with https, it accepted the username and password but then it gave me this error.

Bad Request.
Your browser sent a request that this server could not understand.  
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

My config setting is as follow.

<VirtualHost *:4000>
ServerName pm.server1.com
ServerAlias server1.com
ServerAdmin myemail@gmail.com
DocumentRoot /opt/openproject/public
ErrorLog /var/log/httpd/pm.server1.com-error_log
CustomLog /var/log/httpd/pm.server1.com-access_log common

<Directory /opt/openproject/public>
      Options +FollowSymLinks +Includes
      AllowOverride All
      Require all granted
   </Directory>

ProxyRequests off
ProxyPass / http://127.0.0.1:6000/ retry=0
ProxyPassReverse / http://127.0.0.1:6000/

SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/pm.server1.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/pm.server1.com/privkey.pem
</VirtualHost>

<VirtualHost *:4001>
   ServerAdmin myemail@gmail.com
   ServerName sugar.server1.com
   ServerAlias server1.com
   DocumentRoot /opt/sugarcrm
   ErrorLog /var/log/httpd/sugar.server1.com-error_log
   CustomLog /var/log/httpd/sugar.server1.com-access_log common


<Directory /opt/sugarcrm>
      Options +FollowSymLinks +Includes
      AllowOverride All
      Require all granted
   </Directory>

SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/sugar.server1.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sugar.server1.com/privkey.pem
</VirtualHost>

I'm sure I'm missing something in this configuration and for the life of me after dinkin around for a couple of days, I still couldn't figure out what I did wrong. I believe it has something to do with wrong redirect configuration. I'm so frustrated right now that t's getting to the point of writer's block. Can any one of you, Apache web server master share with me some inside on how to fix my config file for Apache? Many thanks in advance for all of your help..

Le Dude
  • 361
  • 2
  • 6
  • 14
  • 1
    Do you mean to have this HTTPS listener on port 4000 (and the other on port 4001)? How are you getting normal port 443 traffic to it? Or are you at all? – Michael Hampton Aug 09 '18 at 19:55
  • That settings works for me for now except the part where when login is successfull, the application redirects it to http instead of https. I don't think I setup a https listener on port 4001. but when I do everything directly with https, it works just fine. I purposely set it up that way because I have 2 web server applications running in the same server. Translation, I don't want anyone who just type https://www.server1.com will be directed to port 4000 or port 4001. I'm not sure whether I answered your question Michael. – Le Dude Aug 09 '18 at 20:09
  • 1
    Both of the virtual hosts you posted above are HTTPS. They have SSL turned on and certificates configured. You didn't post any HTTP virtual hosts. Nor did you mention how you are getting traffic into this server anyway. – Michael Hampton Aug 09 '18 at 20:12
  • Thanks Michael. I do get the traffic in the server either via www.server1.com:4000 or www.server1.com:4001. I'm just not sure what do you mean by how I got the traffic into the server. If you were me, how'd you set the configuration correctly? – Le Dude Aug 09 '18 at 20:15
  • Normally you have HTTP on port 80 and HTTPS and port 443. So it's very confusing that you have put these apps on other ports. – Michael Hampton Aug 09 '18 at 20:21
  • Agree it's confusing but I have no choice because I can't have 2 web servers in one server using https for both servers. If I'm not mistaken, there's no other way. – Le Dude Aug 09 '18 at 20:52
  • 1
    You are mistaken. You can run both sites on the same port. That has been possible for many years. It's called [Server Name Indication](https://serverfault.com/q/109800/126632). You can even run them on the _usual_ port (443). – Michael Hampton Aug 09 '18 at 21:00
  • You are right. I forgot that I can use SNI but I can't remember why I decided to do what I did. I had this apps installed and ran for about a year already. However, any suggestion on how to fix current issue other than convert it to SNI. – Le Dude Aug 09 '18 at 21:05

0 Answers0