Hello,
I'm using FC5 and Apache 2. Apache 2 is using SSL, but I would like to serve only HTTPS.
How to use Apache 2 with HTTPS only, please?
A snippet of my ssl.conf: " <VirtualHost _default_:443> SSLEngine on SSLOptions +StrictRequire <Directory /> SSLRequireSSL </Directory> </VirtualHost> "
TIA, Vinicius.
Vinicius wrote:
Hello,
I'm using FC5 and Apache 2. Apache 2 is using SSL, but I would like to serve only HTTPS.
How to use Apache 2 with HTTPS only, please?
A snippet of my ssl.conf: "
<VirtualHost _default_:443> SSLEngine on SSLOptions +StrictRequire <Directory /> SSLRequireSSL </Directory> </VirtualHost> "
TIA, Vinicius.
But HTTPS uses also SSL. The SSL protocol is the base of https (https = http + ssl).
On Sun, Jul 30, 2006 at 07:45:58AM -0300, Vinicius wrote:
How to use Apache 2 with HTTPS only, please? A snippet of my ssl.conf:
<VirtualHost _default_:443> SSLEngine on SSLOptions +StrictRequire <Directory /> SSLRequireSSL </Directory> </VirtualHost>
In the configuration for your port 80 host, put:
Redirect permanent / https://yoursecuresite.example.org
That way, anyone accessing the non-secure site is transparently redirected to being secure. If you don't do this, people who forget the 's' won't be able to find your site.
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Matthew Miller wrote:
On Sun, Jul 30, 2006 at 07:45:58AM -0300, Vinicius wrote:
How to use Apache 2 with HTTPS only, please? A snippet of my ssl.conf:
<VirtualHost _default_:443> SSLEngine on SSLOptions +StrictRequire <Directory /> SSLRequireSSL </Directory> </VirtualHost>
what about having it listen *only* on port 443?
On Sun, Jul 30, 2006 at 07:02:36AM -0500, Anthony Messina wrote:
Matthew Miller wrote:
On Sun, Jul 30, 2006 at 07:45:58AM -0300, Vinicius wrote:
How to use Apache 2 with HTTPS only, please? A snippet of my ssl.conf:
<VirtualHost _default_:443> SSLEngine on SSLOptions +StrictRequire <Directory /> SSLRequireSSL </Directory> </VirtualHost>
what about having it listen *only* on port 443?
Well, as I mention int eh comment you snipped out of your reply, if you do that, someone who connects to http://yoursite.example.org would get an error. That's confusing to non-technical people. So it's generally better to run on port 80 as well, but redirect all requests.
Matthew Miller wrote:
On Sun, Jul 30, 2006 at 07:02:36AM -0500, Anthony Messina wrote:
Matthew Miller wrote:
On Sun, Jul 30, 2006 at 07:45:58AM -0300, Vinicius wrote:
How to use Apache 2 with HTTPS only, please? A snippet of my ssl.conf:
<VirtualHost _default_:443> SSLEngine on SSLOptions +StrictRequire <Directory /> SSLRequireSSL </Directory> </VirtualHost>
what about having it listen *only* on port 443?
Well, as I mention int eh comment you snipped out of your reply, if you do that, someone who connects to http://yoursite.example.org would get an error. That's confusing to non-technical people. So it's generally better to run on port 80 as well, but redirect all requests.
that's true. i guess i was considering that he said "HTTPS only",
On Sun, Jul 30, 2006 at 07:14:48AM -0500, Anthony Messina wrote:
what about having it listen *only* on port 443?
[...] if you do that, someone who connects to http://yoursite.example.org would get an error. That's confusing to non-technical people. So it's generally better to run on port 80 as well, but redirect all requests.
that's true. i guess i was considering that he said "HTTPS only",
The effect of doing the redirect is that everything is served via https only, but yeah, if you literally want only https, you could not listen on port 80..
Matthew Miller escreveu:
On Sun, Jul 30, 2006 at 07:14:48AM -0500, Anthony Messina wrote:
what about having it listen *only* on port 443?
[...] if you do that, someone who connects to http://yoursite.example.org would get an error. That's confusing to non-technical people. So it's generally better to run on port 80 as well, but redirect all requests.
that's true. i guess i was considering that he said "HTTPS only",
The effect of doing the redirect is that everything is served via https only, but yeah, if you literally want only https, you could not listen on port 80..
Thanks.
I did do "RedirectPermanent / https://myserver.com/", but the site is presenting an error.
Both the server and the client use certificates issued by a local CA, and I created a SSLRequire rule to allow only the client to enter the site. I think the SSL check failed because of the RedirectPermanent.
Any ideas, please?
Regards, Vinicius.
On Mon, 2006-07-31 at 02:53 -0300, Vinicius wrote:
I did do "RedirectPermanent / https://myserver.com/", but the site is presenting an error.
Which one? The redirecting HTTP one, or the HTTPS one they're directed to?
Both the server and the client use certificates issued by a local CA, and I created a SSLRequire rule to allow only the client to enter the site. I think the SSL check failed because of the RedirectPermanent.
More details needed. Server configuration, the specific redirection rules, at least.
Tim escreveu:
On Mon, 2006-07-31 at 02:53 -0300, Vinicius wrote:
I did do "RedirectPermanent / https://myserver.com/", but the site is presenting an error.
Which one? The redirecting HTTP one, or the HTTPS one they're directed to?
Both the server and the client use certificates issued by a local CA, and I created a SSLRequire rule to allow only the client to enter the site. I think the SSL check failed because of the RedirectPermanent.
More details needed. Server configuration, the specific redirection rules, at least.
Hello,
I did do the following: 1. created a CA certificate; 2. created a server certificate signed by the CA; 3. created a client certificate, CA as root; Imported it to Firefox; 4. created a "SSLRequire" rule to allow only this specific client to enter the site. It checks the O, OU and the CN. 5. disabled the "Listen" Directive for HTTP.
Now, I would like to use DAV, but the application DAVExplorer's (DAVExplorerSSL.sh) authentication fails with the message: "Connection error: javavx.net.ssl.SSLPeerUnverifiedException: peer not authenticated". I have entered the address https://localhost/upload .
The snippet of httpd.conf regarding DAV: " <Directory /var/www/upload> Dav On AuthName "Top Secret" AuthUserFile /var/davpasswd AuthType Basic </Directory> "
Any ideas, please?
TIA, Vinicius.
Vinicius:
I did do "RedirectPermanent / https://myserver.com/", but the site is presenting an error.
Tim:
Which one? The redirecting HTTP one, or the HTTPS one they're directed to?
You haven't answered the above. Which part of the server is presenting the error.
Both the server and the client use certificates issued by a local CA, and I created a SSLRequire rule to allow only the client to enter the site. I think the SSL check failed because of the RedirectPermanent.
More details needed. Server configuration, the specific redirection rules, at least.
Vinicius:
Hello,
I did do the following:
- created a CA certificate;
- created a server certificate signed by the CA;
- created a client certificate, CA as root; Imported it to Firefox;
- created a "SSLRequire" rule to allow only this specific client to
enter the site. It checks the O, OU and the CN. 5. disabled the "Listen" Directive for HTTP.
In what way did you "disable" it? I seem to recall that if you don't have one, you end up with defaults.
Now, I would like to use DAV, but the application DAVExplorer's (DAVExplorerSSL.sh) authentication fails with the message: "Connection error: javavx.net.ssl.SSLPeerUnverifiedException: peer not authenticated". I have entered the address https://localhost/upload .
The snippet of httpd.conf regarding DAV: " <Directory /var/www/upload> Dav On AuthName "Top Secret" AuthUserFile /var/davpasswd AuthType Basic
</Directory> "
I'd fix other problems before starting on a new one, but basic authentication and HTTPS aren't compatible with each other.
Tim escreveu:
Vinicius:
I did do "RedirectPermanent / https://myserver.com/", but the site is presenting an error.
Tim:
Which one? The redirecting HTTP one, or the HTTPS one they're directed to?
You haven't answered the above. Which part of the server is presenting the error.
It's in the past now. When I disabled the "Listen" and the "RedirectPermanent" directives then both the server and the client are working fine with HTTPS. The server is only serving HTTPS.
Both the server and the client use certificates issued by a local CA, and I created a SSLRequire rule to allow only the client to enter the site. I think the SSL check failed because of the RedirectPermanent.
More details needed. Server configuration, the specific redirection rules, at least.
Vinicius:
Hello,
I did do the following:
- created a CA certificate;
- created a server certificate signed by the CA;
- created a client certificate, CA as root; Imported it to Firefox;
- created a "SSLRequire" rule to allow only this specific client to
enter the site. It checks the O, OU and the CN. 5. disabled the "Listen" Directive for HTTP.
In what way did you "disable" it? I seem to recall that if you don't have one, you end up with defaults.
Now, I would like to use DAV, but the application DAVExplorer's (DAVExplorerSSL.sh) authentication fails with the message: "Connection error: javavx.net.ssl.SSLPeerUnverifiedException: peer not authenticated". I have entered the address https://localhost/upload .
The snippet of httpd.conf regarding DAV: " <Directory /var/www/upload> Dav On AuthName "Top Secret" AuthUserFile /var/davpasswd AuthType Basic
</Directory> "
I'd fix other problems before starting on a new one, but basic authentication and HTTPS aren't compatible with each other.
I have heard that's possible to use DAV and SSL together.
Any ideas, pl'ease?
TIA, Vinicius.
Tim:
basic authentication and HTTPS aren't compatible with each other.
Vinicius :
I have heard that's possible to use DAV and SSL together.
Any ideas, pl'ease?
Possibly, it is. But you'd have to use some other form of authentication.
ya when trying to go to ur site i got
Server not found
Firefox can't find the server at myserver.com.
* Check the address for typing errors such as ww.example.com instead of www.example.com
* If you are unable to load any pages, check your computer's network connection.
* If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
On 7/30/06, Vinicius cviniciusm@uol.com.br wrote:
Matthew Miller escreveu:
On Sun, Jul 30, 2006 at 07:14:48AM -0500, Anthony Messina wrote:
what about having it listen *only* on port 443?
[...] if you do that, someone who connects to http://yoursite.example.org would get an error. That's confusing to non-technical people. So it's generally better to run on port 80 as well, but redirect all requests.
that's true. i guess i was considering that he said "HTTPS only",
The effect of doing the redirect is that everything is served via https only, but yeah, if you literally want only https, you could not listen
on
port 80..
Thanks.
I did do "RedirectPermanent / https://myserver.com/", but the site is presenting an error.
Both the server and the client use certificates issued by a local CA, and I created a SSLRequire rule to allow only the client to enter the site. I think the SSL check failed because of the RedirectPermanent.
Any ideas, please?
Regards, Vinicius.
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hex Star escreveu:
ya when trying to go to ur site i got
Server not found
Firefox can't find the server at myserver.com http://myserver.com.
* Check the address for typing errors such as ww.example.com <http://ww.example.com> instead of www.example.com <http://www.example.com> * If you are unable to load any pages, check your computer's network connection. * If your computer or network is protected by a firewall or proxy,make sure that Firefox is permitted to access the Web.
On 7/30/06, *Vinicius* <cviniciusm@uol.com.br mailto:cviniciusm@uol.com.br> wrote:
Matthew Miller escreveu: > On Sun, Jul 30, 2006 at 07:14:48AM -0500, Anthony Messina wrote: >>>> what about having it listen *only* on port 443? >>> [...] if you do that, someone who connects to >>> http://yoursite.example.org would get an error. That's confusing to >>> non-technical people. So it's generally better to run on port 80 as >>> well, but redirect all requests. >> that's true. i guess i was considering that he said "HTTPS only", > > The effect of doing the redirect is that everything is served via https > only, but yeah, if you literally want only https, you could not listen on > port 80.. > Thanks. I did do "RedirectPermanent / https://myserver.com/", but the site is presenting an error. Both the server and the client use certificates issued by a local CA, and I created a SSLRequire rule to allow only the client to enter the site. I think the SSL check failed because of the RedirectPermanent. Any ideas, please? Regards, Vinicius. -- fedora-list mailing list fedora-list@redhat.com <mailto:fedora-list@redhat.com> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
It's internal yet, it's not on the Internet. It's not in production yet.
Regards, Vinicius.
On Sun, 2006-07-30 at 07:45 -0300, Vinicius wrote:
I'm using FC5 and Apache 2. Apache 2 is using SSL, but I would like to serve only HTTPS.
How to use Apache 2 with HTTPS only, please?
If you're talking about to the public, and it not mattering about to the localhost, and you mean not serving HTTP and HTTPS, then that's probably easy enough to do in a few different ways, probably in combination:
Change the Listen directive in the main (HTTP / port 80) configuration to not listen to the public interface.
Set the DocumentRoot directive in the main configuration so that it can't serve out the files that your HTTPS site does. Additionally, use a re-write rule so that visitors are redirected to the HTTPS address.
You can set up firewall rules blocking port 80, but I'd recommend against doing this by itself. You'd be relying on your firewall, instead of simply configuring the server appropriately.
Tim escreveu:
On Sun, 2006-07-30 at 07:45 -0300, Vinicius wrote:
I'm using FC5 and Apache 2. Apache 2 is using SSL, but I would like to serve only HTTPS.
How to use Apache 2 with HTTPS only, please?
If you're talking about to the public, and it not mattering about to the localhost, and you mean not serving HTTP and HTTPS, then that's probably easy enough to do in a few different ways, probably in combination:
Change the Listen directive in the main (HTTP / port 80) configuration to not listen to the public interface.
Set the DocumentRoot directive in the main configuration so that it can't serve out the files that your HTTPS site does. Additionally, use a re-write rule so that visitors are redirected to the HTTPS address.
You can set up firewall rules blocking port 80, but I'd recommend against doing this by itself. You'd be relying on your firewall, instead of simply configuring the server appropriately.
Hello,
If I do an iptables rule to deny access to port 80 then any TCP/IP packets will be dropped, so the redirect will not work, is that correct?
Regards, Vinicius.
On Mon, 2006-07-31 at 02:54 -0300, Vinicius wrote:
If I do an iptables rule to deny access to port 80 then any TCP/IP packets will be dropped, so the redirect will not work, is that correct?
Yes. That was a suggestion based on the idea that you didn't want any HTTP activity, just HTTPS. But I tend to think that you're better off responding to HTTP queries, but moving people along to the HTTPS server with a redirect.
-
Anthony Joseph Messina -
Hex Star -
Liloulinx -
Matthew Miller -
Tim -
Vinicius