Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Apache: Users

Apache SSL issue.

 

 

Apache users RSS feed   Index | Next | Previous | View Threaded


mlebbink at photographITy

Apr 24, 2012, 2:55 AM

Post #1 of 4 (408 views)
Permalink
Apache SSL issue.

Gentlepeople,

Got the following situation that I can't seem to solve. Would love some
suggestions or a faq/link on how to
solve this:

Running a Ubuntu LAMP with 2 virtual hosts, let's say site1.example.com &
site2.example.com.
site1 is on port 80 and site 2 is on 443. Both working fine and if I switch
site1 to 443 and site2 to 80, both
still work fine.

Now for the issue. I want, using Redirect Permanent, for site1 to run on
port 5001 and site2 to run on port
5002 both using SSL. Port 443 can then be closed. But if I replace port 443
with port 5001 or 5002, it all falls
apart with an Error code: ssl_error_rx_record_too_long. Seems I can't find
the correct syntax for the
Redirect Permanent.

Somehow there should be something like: Redirect permanent /
https://site1.example.com:5001, but that does not
work. A redirect to https://site1.example.com works, but gives the
ssl_error.

Current working config (with parts left out):
ports.conf
NameVirtualHost *:80
<IfModule mod_ssl.c>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>


Host definition in sites-available for the ssl site
<VirtualHost *:80>
ServerAdmin someone [at] example
ServerName site2.example.com
Redirect permanent / https://site2.example.com
</VirtualHost>
<VirtualHost *:443>
ServerAdmin someone [at] example
ServerName site2.example.com
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
</VirtualHost>

Changing all 443 for 5001 does not do the trick.... what am I missing
here...?




If it helps, I run my one DNS forward and reverse working fine and private
proxy also working fine.





Met vriendelijke groet, Kind regards,


M. Lebbink

PhotographITy
Almere



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


icicimov at gmail

Apr 24, 2012, 8:04 AM

Post #2 of 4 (372 views)
Permalink
Re: Apache SSL issue. [In reply to]

So where are your Listen statements for ports 5001/2?
On Apr 24, 2012 7:56 PM, "M. Lebbink" <mlebbink [at] photographity> wrote:

> Gentlepeople,
>
> Got the following situation that I can't seem to solve. Would love some
> suggestions or a faq/link on how to
> solve this:
>
> Running a Ubuntu LAMP with 2 virtual hosts, let's say site1.example.com &
> site2.example.com.
> site1 is on port 80 and site 2 is on 443. Both working fine and if I switch
> site1 to 443 and site2 to 80, both
> still work fine.
>
> Now for the issue. I want, using Redirect Permanent, for site1 to run on
> port 5001 and site2 to run on port
> 5002 both using SSL. Port 443 can then be closed. But if I replace port 443
> with port 5001 or 5002, it all falls
> apart with an Error code: ssl_error_rx_record_too_long. Seems I can't find
> the correct syntax for the
> Redirect Permanent.
>
> Somehow there should be something like: Redirect permanent /
> https://site1.example.com:5001, but that does not
> work. A redirect to https://site1.example.com works, but gives the
> ssl_error.
>
> Current working config (with parts left out):
> ports.conf
> NameVirtualHost *:80
> <IfModule mod_ssl.c>
> Listen 443
> </IfModule>
> <IfModule mod_gnutls.c>
> Listen 443
> </IfModule>
>
>
> Host definition in sites-available for the ssl site
> <VirtualHost *:80>
> ServerAdmin someone [at] example
> ServerName site2.example.com
> Redirect permanent / https://site2.example.com
> </VirtualHost>
> <VirtualHost *:443>
> ServerAdmin someone [at] example
> ServerName site2.example.com
> SSLEngine on
> SSLCertificateFile /etc/apache2/apache.pem
> </VirtualHost>
>
> Changing all 443 for 5001 does not do the trick.... what am I missing
> here...?
>
>
>
>
> If it helps, I run my one DNS forward and reverse working fine and private
> proxy also working fine.
>
>
>
>
>
> Met vriendelijke groet, Kind regards,
>
>
> M. Lebbink
>
> PhotographITy
> Almere
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe [at] httpd
> For additional commands, e-mail: users-help [at] httpd
>
>


mlebbink at photographITy

Apr 24, 2012, 8:29 AM

Post #3 of 4 (371 views)
Permalink
RE: Apache SSL issue. [In reply to]

You are correct that these are missing
When switching to the 5001 & 5002 the actual ports.conf would look more like
this:

NameVirtualHost *:80

<IfModule mod_ssl.c>
Listen 5001
Listen 5002
</IfModule>

<IfModule mod_gnutls.c>
Listen 5001
Listen 5002
</IfModule>


Host definition would be like (does not work!):
<VirtualHost *:80>
        ServerAdmin someone [at] example
        ServerName site2.example.com
        Redirect permanent / https://site2.example.com
</VirtualHost>

<VirtualHost *:5001>
        ServerAdmin someone [at] example
       ServerName site2.example.com

# Setup security
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem

# Indexes + Directory Root.
DirectoryIndex index.html index.htm index.php
DocumentRoot /var/www/site2.example.com/htdocs/

# CGI Directory
ScriptAlias /cgi-bin/ /var/www/site2.example.com/cgi-bin/
<Location /cgi-bin>
Options +ExecCGI
</Location>

# Logfiles
ErrorLog /var/www/site2.example.com/log/error.log
CustomLog /var/www/site2.example.com/log/access.log combined
</VirtualHost>


With this setup (5001 replacing the 443), after restarting apache, I get the

SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)

message.... and i can't figure out why... again, on 443 it works fine.
Somehow
I think a need to change more, but i don;t know what....




From: Igor Cicimov [mailto:icicimov [at] gmail]
Sent: dinsdag 24 april 2012 17:05
To: users [at] httpd
Subject: Re: [users [at] http] Apache SSL issue.

So where are your Listen statements for ports 5001/2?
On Apr 24, 2012 7:56 PM, "M. Lebbink" <mlebbink [at] photographity> wrote:
Gentlepeople,

Got the following situation that I can't seem to solve. Would love some
suggestions or a faq/link on how to
solve this:

Running a Ubuntu LAMP with 2 virtual hosts, let's say site1.example.com &
site2.example.com.
site1 is on port 80 and site 2 is on 443. Both working fine and if I switch
site1 to 443 and site2 to 80, both
still work fine.

Now for the issue. I want, using Redirect Permanent, for site1 to run on
port 5001 and site2 to run on port
5002 both using SSL. Port 443 can then be closed. But if I replace port 443
with port 5001 or 5002, it all falls
apart with an Error code: ssl_error_rx_record_too_long. Seems I can't find
the correct syntax for the
Redirect Permanent.

Somehow there should be something like: Redirect permanent /
https://site1.example.com:5001, but that does not
work. A redirect to https://site1.example.com works, but gives the
ssl_error.

Current working config (with parts left out):
ports.conf
       NameVirtualHost *:80
       <IfModule mod_ssl.c>
            Listen 443
       </IfModule>
       <IfModule mod_gnutls.c>
            Listen 443
       </IfModule>


Host definition in sites-available for the ssl site
       <VirtualHost *:80>
               ServerAdmin someone [at] example
               ServerName site2.example.com
               Redirect permanent / https://site2.example.com
       </VirtualHost>
       <VirtualHost *:443>
               ServerAdmin someone [at] example
               ServerName site2.example.com
               SSLEngine on
               SSLCertificateFile /etc/apache2/apache.pem
       </VirtualHost>

Changing all 443 for 5001 does not do the trick.... what am I missing
here...?




If it helps, I run my one DNS forward and reverse working fine and private
proxy also working fine.





Met vriendelijke groet, Kind regards,


M. Lebbink

PhotographITy
Almere



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1913 / Virus Database: 2411/4955 - Release Date: 04/23/12


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


icicimov at gmail

Apr 25, 2012, 4:32 PM

Post #4 of 4 (345 views)
Permalink
Re: Apache SSL issue. [In reply to]

This
Redirect permanent / https://site2.example.com

should be:
Redirect permanent / https://site2.example.com:5001

In general, the error "Error code: ssl_error_rx_record_too_long" means you
are sending SSL traffic to a host/port that has no SSL listener enabled.

Igor

On Wed, Apr 25, 2012 at 1:29 AM, M. Lebbink <mlebbink [at] photographity>wrote:

> You are correct that these are missing
> When switching to the 5001 & 5002 the actual ports.conf would look more
> like
> this:
>
> NameVirtualHost *:80
>
> <IfModule mod_ssl.c>
> Listen 5001
> Listen 5002
> </IfModule>
>
> <IfModule mod_gnutls.c>
> Listen 5001
> Listen 5002
> </IfModule>
>
>
> Host definition would be like (does not work!):
> <VirtualHost *:80>
> ServerAdmin someone [at] example
> ServerName site2.example.com
> Redirect permanent / https://site2.example.com
> </VirtualHost>
>
> <VirtualHost *:5001>
> ServerAdmin someone [at] example
> ServerName site2.example.com
>
> # Setup security
> SSLEngine on
> SSLCertificateFile /etc/apache2/apache.pem
>
> # Indexes + Directory Root.
> DirectoryIndex index.html index.htm index.php
> DocumentRoot /var/www/site2.example.com/htdocs/
>
> # CGI Directory
> ScriptAlias /cgi-bin/ /var/www/site2.example.com/cgi-bin/
> <Location /cgi-bin>
> Options +ExecCGI
> </Location>
>
> # Logfiles
> ErrorLog /var/www/site2.example.com/log/error.log
> CustomLog /var/www/site2.example.com/log/access.log combined
> </VirtualHost>
>
>
> With this setup (5001 replacing the 443), after restarting apache, I get
> the
>
> SSL received a record that exceeded the maximum permissible length.
> (Error code: ssl_error_rx_record_too_long)
>
> message.... and i can't figure out why... again, on 443 it works fine.
> Somehow
> I think a need to change more, but i don;t know what....
>
>
>
>
> From: Igor Cicimov [mailto:icicimov [at] gmail]
> Sent: dinsdag 24 april 2012 17:05
> To: users [at] httpd
> Subject: Re: [users [at] http] Apache SSL issue.
>
> So where are your Listen statements for ports 5001/2?
> On Apr 24, 2012 7:56 PM, "M. Lebbink" <mlebbink [at] photographity> wrote:
> Gentlepeople,
>
> Got the following situation that I can't seem to solve. Would love some
> suggestions or a faq/link on how to
> solve this:
>
> Running a Ubuntu LAMP with 2 virtual hosts, let's say site1.example.com &
> site2.example.com.
> site1 is on port 80 and site 2 is on 443. Both working fine and if I switch
> site1 to 443 and site2 to 80, both
> still work fine.
>
> Now for the issue. I want, using Redirect Permanent, for site1 to run on
> port 5001 and site2 to run on port
> 5002 both using SSL. Port 443 can then be closed. But if I replace port 443
> with port 5001 or 5002, it all falls
> apart with an Error code: ssl_error_rx_record_too_long. Seems I can't find
> the correct syntax for the
> Redirect Permanent.
>
> Somehow there should be something like: Redirect permanent /
> https://site1.example.com:5001, but that does not
> work. A redirect to https://site1.example.com works, but gives the
> ssl_error.
>
> Current working config (with parts left out):
> ports.conf
> NameVirtualHost *:80
> <IfModule mod_ssl.c>
> Listen 443
> </IfModule>
> <IfModule mod_gnutls.c>
> Listen 443
> </IfModule>
>
>
> Host definition in sites-available for the ssl site
> <VirtualHost *:80>
> ServerAdmin someone [at] example
> ServerName site2.example.com
> Redirect permanent / https://site2.example.com
> </VirtualHost>
> <VirtualHost *:443>
> ServerAdmin someone [at] example
> ServerName site2.example.com
> SSLEngine on
> SSLCertificateFile /etc/apache2/apache.pem
> </VirtualHost>
>
> Changing all 443 for 5001 does not do the trick.... what am I missing
> here...?
>
>
>
>
> If it helps, I run my one DNS forward and reverse working fine and private
> proxy also working fine.
>
>
>
>
>
> Met vriendelijke groet, Kind regards,
>
>
> M. Lebbink
>
> PhotographITy
> Almere
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe [at] httpd
> For additional commands, e-mail: users-help [at] httpd
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 2012.0.1913 / Virus Database: 2411/4955 - Release Date: 04/23/12
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe [at] httpd
> For additional commands, e-mail: users-help [at] httpd
>
>

Apache users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.