0

Now (Rails version: 3.2.13, Ruby version: 2.1.9p490) I have a sles machine and I've got the following files to make it from http (which works) to https (does not work) connection by hand:

- cacert.crt
- intermediatcacert.crt
- rootcert.crt
- key.pem

I took over this system from a former colleague and I really don't know how to properly configure this. In the default-ssl.conf I inserted the paths to the upper files but it does not work when I restart the apache.

These are the following config files:

/etc/apache2/vhost.d/default.conf

<VirtualHost *:80>
LoadModule passenger_module /home/xxx/.rvm/gems/ruby-2.1.10/gems/passenger-4.0.41/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
PassengerRoot /home/xxx/.rvm/gems/ruby-2.1.10/gems/passenger-4.0.41
PassengerDefaultRuby /home/xxx/.rvm/gems/ruby-2.1.10/wrappers/ruby
</IfModule>

DocumentRoot /home/xxx/yyy/public
ServerAdmin xxx.it@mywebsite.com
ServerName mywebsite.com
ErrorLog /var/log/apache2/error_log
CustomLog /var/log/apache2/access_log combined
HostnameLookups Off
UseCanonicalName Off
ServerSignature On

<Directory /home/xxx/yyy/public>
    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
    Options -Multiviews 
    RailsEnv development
</Directory>

RewriteEngine On
RewriteRule "^/?$" "http://mywebsite.com/"
</VirtualHost>

And here the default-ssl.conf

<IfDefine SSL>
<IfDefine !NOSSL>

<VirtualHost _default_:443>

 LoadModule passenger_module /home/xxx/.rvm/gems/ruby-2.1.10/gems/passenger-4.0.41/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
    PassengerRoot /home/xxx/.rvm/gems/ruby-2.1.10/gems/passenger-4.0.41
    PassengerDefaultRuby /home/xxx/.rvm/gems/ruby-2.1.10/wrappers/ruby
</IfModule>

DocumentRoot "/srv/www/vhosts/default-ssl"
DocumentRoot "/home/xxx/yyy/public"
ServerName mywebsite.com:443
ServerAdmin xxx.it@mywebsite.com
ErrorLog /var/log/apache2/error-ssl_log
TransferLog /var/log/apache2/access-ssl_log
CustomLog /var/log/apache2/ssl_request_log   ssl_combined

#   <Directory "/srv/www/vhosts/default-ssl">
#       Options FollowSymLinks
#       AllowOverride None
#       Order allow,deny
#       Allow from all
#   </Directory>
#   RackBaseURI /xxx
<Directory "/home/xxx/yyy/public">
    Order allow,deny
    AllowOverride all
    Allow from all
    Options -Multiviews Indexes
    RailsEnv production
</Directory>

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH
SSLCertificateFile /etc/apache2/ssl.crt/cert-xxx.pem
SSLCertificateKeyFile /root/key.pem
SSLCertificateChainFile /etc/apache2/intermediatecacert/intermediatecacert.crt
SSLCACertificateFile /etc/apache2/rootcert/rootcert.crt        

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/srv/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
RewriteEngine On

RewriteRule "^/?$" "https://mywebsite.com/"

</VirtualHost>                                 

</IfDefine>
</IfDefine>

What am I missing?

Thank you in adcanve!

Marcel B
  • 1
  • 1
  • 2
    Thank you for posting your configs but do you get an actual error message that hints more at what is going wrong than the vague symptoms *"it does not work when I restart"* - check your error log for instance – HBruijn Apr 05 '19 at 11:13
  • Is it listening on port 443? You don't have the `listen` directive in there, but that could well be in another file. If Apache starts, run one of `ss -tlnp | column` or `netstat -tlnp` (depending on which is installed) and check for a line with 443 in it. If found, the process owning that should be Apache. – garethTheRed Apr 05 '19 at 11:32
  • @HBruijn there is no error. the problem is that only http works. Https doesn't work. Furthermore I am a noob in server configs. And the `error_log` has so much information I cannot interpet correctly. What would be a common error in the log file? – Marcel B Apr 05 '19 at 11:33
  • @garethTheRed if I use `ss -tlnp | column` it shows me only one line like `LISTEN ...*:80` and no port 443. So is this a sign that it does not listen on port 443? – Marcel B Apr 05 '19 at 11:38
  • You don't even say if the server fails to start after you make your modifications... If it doesn't you probably have a configuration error and the end/bottom of the error_log will probably contain (a hint to) the exact error. If the server does start, **what exactly** does not work when you restart? Browser error, the incorrect site, a connection refused etc... That matters. Without a clear error description your question is puzzle and guessing game. – HBruijn Apr 05 '19 at 11:39
  • @HBruijn yeah, right - sorry! the website works fine with http and the server can be restarted without any errors. I just tryed to configure the ssl config file. But the `default-ssl.config` seems not to have any impact on the server. And this is the main issue. – Marcel B Apr 05 '19 at 11:42
  • If you see _something_ listening on port 80 and not on 443, then it implies that Apache is not listening on that latter port. – garethTheRed Apr 05 '19 at 11:51

0 Answers0