Topic: Apache 2.4 ownCloud redirect query

[pnewbery]

Hi all,
I'm new here, so please be gentle with me!
I am running an ownCloud 10.x server on a Linux Mint PC with Apache 2.4. Due to a change in network infrastructure, access to the server has had to change. The server is in a DMZ on a router to which I have no administrative access. Port forwarding has been set up with 8080 going to port 80 and 40440 going to port 443. External access with the ownCloud client using port 40440 is working fine, but internally, it does not work. I have opened port 40440 on the server firewall and attempted to use a VirtualHost entry in the owncloud.conf in etc/apache2/sites-available, to forward port 40440 to https on 443 but cannot get it to work.
When an attempt is made to access the server using the external URL internally: https://harry.mydomain.org.uk:40440/owncloud, an error box is presented with the option to "use a different URL", "Retry Unencrypted using HTTP (Insecure)" [this works] or "Configure client-side TLS certificate". Cancelling out gives: "Failed to connect to ownCloud at https://blah.blah. SSL handshake failed"
Here's where I hope you guys will come in and save the day.
These are the entries in owncloud.conf:

<VirtualHost *:80>
Alias /owncloud "/var/www/owncloud/"
ServerName harry.mydomain.org.uk
DocumentRoot /var/www/owncloud
Redirect permanent / https:/harry.mydomain.org.uk
</VirtualHost>

listen *:40440
<VirtualHost *:40440>
Alias /owncloud "/var/www/owncloud/"
ServerName harry.mydomain.org.uk
DocumentRoot /var/www/owncloud
Redirect permanent / https://harry.mydomain.org.uk/
</VirtualHost>

<VirtualHost _default_:443>
Alias /owncloud "/var/www/owncloud/"
ServerName harry.mydomain.org.uk
DocumentRoot /var/www/owncloud

<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>

<IfModule mod_dav.c>
Dav off
</IfModule>

SetEnv HOME /var/www/owncloud
SetEnv HTTP_HOME /var/www/owncloud

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/owncloud.pem
SSLCertificateKeyFile /etc/apache2/ssl/owncloud.key
</VirtualHost>

I hope you can help
Paul Newbery

[James Blond]

Hi Paul,
remove the redirect on your 40440 port vhost and add the same SSL settings like on your 443 vhost.

[pnewbery]

Hi James, thanks for your reply.
I tried your suggestion of removing the 40440 redirect and copying the rest of the port 443 VirtualHost config (Including the modules and SSL bits) to the 40440 VirtualHost. Unfortunately, it doesn't work. I'm still getting the "Retry unencrypted etc." message box, so obviously when I come in on port 40440, it's not using ssl / https encryption, which is not what I'm after.
That's why I thought I needed the redirect to port 443.
Any other ideas?

[pnewbery]

After a little more research, I tried adding the https protocol to the port 40440 Listen statement thus:
Listen *:40440 https
That didn't work either.

[pnewbery]

Well, it seems I owe James an apology. When I first read James' post, it made such sense, that I knew it should work and it does. His suggestion works perfectly now that I have modified the correct config file!!
I read in another forum somewhere, that you should only modify a website's .conf file in the /sites-available directory and that's what I have been doing with no success. When I tried James' suggestions in the /sites-enabled .conf file, hey presto! It worked!
I must read up what the purpose of the 2 directories is.
Thanks again James.
Regards
Paul N

[James Blond]