New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !
Wiki: Redirect all connections over https
Wiki: Redirect all connections over https
The tutorial in Wiki for redirect all connections over https does not work for me! The result is that the redirecting page is shown, but nothing more happens. Any ideas?
Re: Wiki: Redirect all connections over https
you have to accept the ssl warnings, make sure you dont go through a proxy.
did you do exactly as listed? do you get the ssl page at all?
did you do exactly as listed? do you get the ssl page at all?
Re: Wiki: Redirect all connections over https
read
the
log
files
the
log
files
Re: Wiki: Redirect all connections over https
In the browser I get no warnings and I won't get any ssl page at all.
What log's would you suggest me to look in? I have looked in the apache2 error.log where the log for the relevant time span is:
"[Wed Nov 24 08:04:03 2010] [notice] SIGHUP received. Attempting to restart
[Wed Nov 24 08:04:03 2010] [notice] FastCGI: process manager initialized (pid 10985)
[Wed Nov 24 08:04:04 2010] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Nov 24 08:04:04 2010] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
[Wed Nov 24 08:04:04 2010] [notice] Apache/2.2.16 (Debian) mod_fastcgi/2.4.6 PHP/5.3.2-1ex1 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
[Wed Nov 24 08:16:11 2010] [notice] SIGHUP received. Attempting to restart
[Wed Nov 24 08:16:12 2010] [notice] FastCGI: process manager initialized (pid 11046)
[Wed Nov 24 08:16:13 2010] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Nov 24 08:16:13 2010] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
[Wed Nov 24 08:16:13 2010] [notice] Apache/2.2.16 (Debian) mod_fastcgi/2.4.6 PHP/5.3.2-1ex1 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations"
and access.log, wich doesn't seem to contain anything usefull. Neither does system.log and auth.log seem to contain anything usefull.
My bubba is a B3 with bubba-backend version 2.2.5 and bubba-frontend version 2.1.18.
Anyone else with a B3 that can try this litle trick out to see if im doing something wrong or if the guide is missing something?
Br.
What log's would you suggest me to look in? I have looked in the apache2 error.log where the log for the relevant time span is:
"[Wed Nov 24 08:04:03 2010] [notice] SIGHUP received. Attempting to restart
[Wed Nov 24 08:04:03 2010] [notice] FastCGI: process manager initialized (pid 10985)
[Wed Nov 24 08:04:04 2010] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Nov 24 08:04:04 2010] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
[Wed Nov 24 08:04:04 2010] [notice] Apache/2.2.16 (Debian) mod_fastcgi/2.4.6 PHP/5.3.2-1ex1 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
[Wed Nov 24 08:16:11 2010] [notice] SIGHUP received. Attempting to restart
[Wed Nov 24 08:16:12 2010] [notice] FastCGI: process manager initialized (pid 11046)
[Wed Nov 24 08:16:13 2010] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Nov 24 08:16:13 2010] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
[Wed Nov 24 08:16:13 2010] [notice] Apache/2.2.16 (Debian) mod_fastcgi/2.4.6 PHP/5.3.2-1ex1 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations"
and access.log, wich doesn't seem to contain anything usefull. Neither does system.log and auth.log seem to contain anything usefull.
My bubba is a B3 with bubba-backend version 2.2.5 and bubba-frontend version 2.1.18.
Anyone else with a B3 that can try this litle trick out to see if im doing something wrong or if the guide is missing something?
Br.
Re: Wiki: Redirect all connections over https
apache SSL can sometimes be a bit of trouble. What exactly do you mean by 'the redirecting page is shown'?
also, what is the output of apache2ctl -St (run as root)
also, what is the output of apache2ctl -St (run as root)
Re: Wiki: Redirect all connections over https
apache2ctl -St gives:
root@b3:/home/web# apache2ctl -St
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:443 b3.localdomain (/etc/apache2/sites-enabled/bubba:1)
*:80 is a NameVirtualHost
default server b3.localdomain (/etc/apache2/sites-enabled/bubba:44)
port 80 namevhost b3.localdomain (/etc/apache2/sites-enabled/bubba:44)
Syntax OK
What I meant with "the redirecting page is shown" was that the page that you get to when entering the bubba domain name that says "redirecting..." for a fraction of a second until the domainname.myownb3.com/admin/ is loaded showed, but not the /admin page. But unfortunately that was firefox not reloading properly, so you can ignore that... Nothing showed up at all...
root@b3:/home/web# apache2ctl -St
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:443 b3.localdomain (/etc/apache2/sites-enabled/bubba:1)
*:80 is a NameVirtualHost
default server b3.localdomain (/etc/apache2/sites-enabled/bubba:44)
port 80 namevhost b3.localdomain (/etc/apache2/sites-enabled/bubba:44)
Syntax OK
What I meant with "the redirecting page is shown" was that the page that you get to when entering the bubba domain name that says "redirecting..." for a fraction of a second until the domainname.myownb3.com/admin/ is loaded showed, but not the /admin page. But unfortunately that was firefox not reloading properly, so you can ignore that... Nothing showed up at all...
Re: Wiki: Redirect all connections over https
What I'd do in this circumstance is create a separate logfile for the SSL site so you're sure which traffic goes where. You can do this by changing
to the <virtualhost> directive. Then restart and look at the contents of these two files. If they are empty it means the traffic never got there.
If you go to shell, and look at the site from local, do you get the correct page?
(do this by
hope this helps
Ubi
Code: Select all
CustomLog "/var/log/apache2/ssl-access.log" combined
ErrorLog "/var/log/apache2/ssl-error.log"
If you go to shell, and look at the site from local, do you get the correct page?
(do this by
Code: Select all
apt-get install links
links https://localhostUbi
Re: Wiki: Redirect all connections over https
Ok, so the ssl-error.log gives me the folowing two events:
oot@b3:/home/web# cat /var/log/apache2/ssl-error.log
[Wed Nov 24 16:30:06 2010] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Nov 24 16:30:06 2010] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
every time I restarts the apache2ctl. The ssl-access.log never shows anything
The links works like a charm (appart from it being more black and white than normal
)
AAAHHH!!! I suddenly realized what went wrong! I only opened port 80 in my firewall!!!
Will fix that when I get home and try again!
Sorry for me being a moron and thanks verry much for the help!
oot@b3:/home/web# cat /var/log/apache2/ssl-error.log
[Wed Nov 24 16:30:06 2010] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Nov 24 16:30:06 2010] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
every time I restarts the apache2ctl. The ssl-access.log never shows anything
The links works like a charm (appart from it being more black and white than normal
)AAAHHH!!! I suddenly realized what went wrong! I only opened port 80 in my firewall!!!
Will fix that when I get home and try again!Sorry for me being a moron and thanks verry much for the help!
Re: Wiki: Redirect all connections over https
yeah, because the ssl-access log gave nothing it meant the traffic actually never got there. Your local links test proved that technically everything worked fine, and that your problem was therefore on the routing/firewall end, not on the webserver 