New Apache2 setup only working with https
The default virtual host in sites-available directory has a correct entry for document root setting. I have three files in sites-available:
default default-ssl laftechsecure.net
laftechsecure.net is the site I am trying to get up and running. I noticed earlier that default and default-ssl had the default /var/www entries for document root so I went ahead and changed those to the correct value and restarted Apache using:
sudo service apache2 restart
but still have the same problem. I also noticed that all of the directories under sites-available had become owned by root (I have a bad habit of doing things under root) and I was pretty sure they were owned by my user account earlier so I ran:
chown -R steve:steve sites-available
And just to straighten out any potential problems with permissions, I ran chmod 775 on these directories and re-ran chmod a+rx on my home directory and chmod -R a+rx ~/public (on the directory hosting my web files per Linode instructions).
And of course, I'm still having the same problem! So once again I turn to you good people. Please, can anyone point me in the right direction? Thanks.
Edit: The site that is working is https://www.laftechsecure.net
Site that is not working is http://www.laftechsecure.net (same site just standard http).
In case it may help, here is my conf for laftechsecure.net. Please let me know if you need any other files:
# domain: example.com
# public: /home/example_user/public/example.com/
<virtualhost 198.58.111.161:443="">SSLEngine On
SSLCertificateFile /etc/apache2/ssl/www.laftechsecure.net.crt
SSLCertificateKeyFile /etc/apache2/ssl/www.laftechsecure.net.key
SSLCACertificateFile /etc/apache2/ssl/ca.txt
# SSLCACertificateFile /etc/apache2/ssl/positivessl.cer
ServerAdmin webmaster@laftechsecure.net
ServerName www.laftechsecure.net
DocumentRoot /home/steve/public/laftechsecure.net/public
ErrorLog /home/steve/public/laftechsecure.net/log/error.log
CustomLog /home/steve/public/laftechsecure.net/log/access.log combined</virtualhost>
7 Replies
<virtualhost *:80="" *:443=""></virtualhost>
but when I tried connecting this way, I kept getting a generic Apache error about talking to an SSL site using plain text http.
I looked in ports.conf and there was no NameVirtualHost defined, just Listen 80 statement. So I fried placed the ip address however I kept get a warning: NameVirtualHost 198.58.111.161:80 has no VirtualHosts whenever I reload/restart Apache.
I went back into laftechsecure.net in sites-enabled and tried adding Listen 80 and Listen 443 but the webserver would fail to load. So I now I have the first line set to:
<virtualhost 198.58.111.161:80="" 198.58.111.161:443=""></virtualhost>
and there are no errors but I'm still having the same problem.
Now I am just trying to include the CACertificate in the definition for *:80 for the SSL certificate I purchased. I know that it can't be used with the key for port 80 but I thought there was a way to have it show a kind of digital signature from the issuing agency I purchased it from.
Oh well, it's working fine for https and I plan on using my .htaccess file to have clients connect to https after receiving an http request. If I may ask, is this a "graceful" thing? Meaning if https is not possible for client then the client will just continue on http? Many thanks.
@IceClimber:
Oh well, it's working fine for https and I plan on using my .htaccess file to have clients connect to https after receiving an http request. If I may ask, is this a "graceful" thing? Meaning if https is not possible for client then the client will just continue on http? Many thanks.
You have clients that can't do SSL? Are they using something that predates IE 5?
I'd just redirect all http requests to the equivalent https URL and not worry about gracefully handling clients that cannot support SSL (unless you have some very interesting clients).
AFAIK CA Certs are useless for a non-https connection, and I've never heard of having a digital signature for a website.
I agree with dcraig about redirecting http requests to https – at the very least, for any sort of registration, login (and post-login), or form type deal. For anyting else, I think it useless to force https.
Digital signature was the wrong word but what I meant was something that verifies who you are, a la Verisign. I didn't realize these were Extended Evaluation certificates, which are far too expensive.
I agree, it is pretty useless to force normal pages to use SSL but part of my site deals with computer security so I thought it would look better to use https. I still plan on using .htaccess to force https but so far it's been harder than I thought to find a free php script that works. Oh well, I'll find one soon.