logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in  RSS Apache Lounge  


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.



Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Connection refused on HTTPS
Author
rickwschneider



Joined: 23 Jan 2019
Posts: 7

PostPosted: Mon 01 Apr '19 22:58    Post subject: Connection refused on HTTPS Reply with quote

I've just discovered a strange issue on my apache server. According to Apache, it's listening on port 443 on IP address 192.168.142.50. I can reach the website "cms.hbidev.com" on port 80, but when I try to reach it over SSL (443), I get connection refused from the server. I've tried this both locally, from the server itself, and remotely.

The firewall is disabled, and SELinux is turned off. The HTTP daemon is running, so I don't think there's an issue with the SSL directives in the config. Any ideas what I might be doing wrong here?

Any help would be greatly appreciated. Thanks in advance.





Here is my configuration file:
Code:

<VirtualHost 192.168.142.50:80>
        ServerName cms.hbidev.com
        DocumentRoot /var/www/html/cms.hbidev.com/public_html
        ErrorLog /var/www/html/cms.hbidev.com/logs/error.log
        CustomLog /var/www/html/cms.hbidev.com/logs/requests.log combined
        Options +Includes
</VirtualHost>
<VirtualHost 192.168.142.50:443>
        ServerName cms.hbidev.com
        SSLEngine on
        SSLCertificateFile /etc/httpd/cert/_.hbidev.com.crt
        SSlCertificateKeyFile /etc/httpd/cert/_.hbidev.com.pem
        DocumentRoot /var/www/html/cms.hbidev.com/public_html
        ErrorLog /var/www/html/cms.hbidev.com/logs/error.log
        CustomLog /var/www/html/cms.hbidev.com/logs/requests.log combined
        Options +Includes
</VirtualHost>





Here is the output of apachectl -S:

Code:

[root@cms conf.d]# apachectl -S
VirtualHost configuration:
192.168.144.50:80      is a NameVirtualHost
....... (redacted) .........
192.168.144.50:443     is a NameVirtualHost
....... (redacted) .........
192.168.142.50:80      cms.hbidev.com (/etc/httpd/conf.d/cms.hbidev.com.conf:1)
192.168.142.50:443     cms.hbidev.com (/etc/httpd/conf.d/cms.hbidev.com.conf:8)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/etc/httpd/htdocs"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6684
Location: Germany, Next to Hamburg

PostPosted: Tue 02 Apr '19 15:25    Post subject: Reply with quote

There is something wrong configured with your ssl settings. Please post the rest of it.

My current working SSL config https://mariobrandt.de/archives/apache/http-2-0-sslciphersuites-with-256-bit-alias-crypto-wars-part-eight-tlsv1-3-1140/
Back to top
rickwschneider



Joined: 23 Jan 2019
Posts: 7

PostPosted: Tue 02 Apr '19 16:27    Post subject: Reply with quote

OK, here's the full output of apachectl -S:


Code:

VirtualHost configuration:
192.168.174.50:80      is a NameVirtualHost
         default server dev.zthefutureisnow.com (/etc/httpd/conf.d/dev.zthefutureisnow.com.conf:1)
         port 80 namevhost dev.zthefutureisnow.com (/etc/httpd/conf.d/dev.zthefutureisnow.com.conf:1)
         port 80 namevhost kaaltv.hbidev.com (/etc/httpd/conf.d/kaaltv.hbidev.com.conf:1)
                 alias kaaltv.preview.hbidev.com
         port 80 namevhost kob.hbidev.com (/etc/httpd/conf.d/kob.hbidev.com.conf:1)
                 alias kob.preview.hbidev.com
         port 80 namevhost kstp.hbidev.com (/etc/httpd/conf.d/kstp.hbidev.com.conf:1)
                 alias kstp.preview.hbidev.com
         port 80 namevhost wdio.hbidev.com (/etc/httpd/conf.d/wdio.hbidev.com.conf:1)
                 alias wdio.preview.hbidev.com
         port 80 namevhost whec.hbidev.com (/etc/httpd/conf.d/whec.hbidev.com.conf:1)
                 alias whec.preview.hbidev.com
         port 80 namevhost wnyt.hbidev.com (/etc/httpd/conf.d/wnyt.hbidev.com.conf:1)
                 alias wnyt.preview.hbidev.com
192.168.174.50:443     is a NameVirtualHost
         default server dev.zthefutureisnow.com (/etc/httpd/conf.d/dev.zthefutureisnow.com.conf:9)
         port 443 namevhost dev.zthefutureisnow.com (/etc/httpd/conf.d/dev.zthefutureisnow.com.conf:9)
         port 443 namevhost kaaltv.hbidev.com (/etc/httpd/conf.d/kaaltv.hbidev.com.conf:9)
                 alias kaaltv.preview.hbidev.com
         port 443 namevhost kob.hbidev.com (/etc/httpd/conf.d/kob.hbidev.com.conf:10)
                 alias kob.preview.hbidev.com
         port 443 namevhost kstp.hbidev.com (/etc/httpd/conf.d/kstp.hbidev.com.conf:10)
                 alias kstp.preview.hbidev.com
         port 443 namevhost wdio.hbidev.com (/etc/httpd/conf.d/wdio.hbidev.com.conf:10)
                 alias wdio.preview.hbidev.com
         port 443 namevhost whec.hbidev.com (/etc/httpd/conf.d/whec.hbidev.com.conf:10)
                 alias whec.preview.hbidev.com
         port 443 namevhost wnyt.hbidev.com (/etc/httpd/conf.d/wnyt.hbidev.com.conf:10)
                 alias wnyt.preview.hbidev.com
192.168.172.50:80      cms.hbidev.com (/etc/httpd/conf.d/cms.hbidev.com.conf:1)
192.168.172.50:443     cms.hbidev.com (/etc/httpd/conf.d/cms.hbidev.com.conf:8)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/etc/httpd/htdocs"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48
Back to top
rickwschneider



Joined: 23 Jan 2019
Posts: 7

PostPosted: Tue 02 Apr '19 16:34    Post subject: Reply with quote

And here is the contents of httpd.conf:

Code:

ServerRoot "/etc/httpd"

Listen 80

LoadModule speling_module modules/mod_speling.so
CheckSpelling on
CheckCaseOnly on
Include conf.modules.d/*.conf

User apache
Group apache


ServerAdmin root@localhost


<Directory />
    AllowOverride none
    Require all denied
</Directory>



<Directory "/var/www">
    AllowOverride All
    Require all granted
</Directory>

<Directory "/var/www/html">
    Options FollowSymLinks
    Options +Includes
    Options -MultiViews

    AllowOverride All

    Require all granted

        <Files ~ "\.inc$">
                <If "(%{SERVER_PROTOCOL} == 'INCLUDED')">
                        Require all granted
                </If>
                <Else>
                        Require all denied
                </Else>
        </Files>
</Directory>

<IfModule dir_module>
    DirectoryIndex index.cfm index.shtml index.html
</IfModule>

<Files ".ht*">
    Require all denied
</Files>

ErrorLog "logs/error_log"

LogLevel warn

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>


    CustomLog "logs/access_log" combined
</IfModule>

<IfModule alias_module>


    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

</IfModule>

<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule mime_module>
    TypesConfig /etc/mime.types

    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz



    <IfModule include_module>
        AddType text/html .shtml
        AddType text/html .html
        AddType text/html .inc
        AddOutputFilter INCLUDES .shtml
        AddOutputFilter INCLUDES .html
        AddOutputFilter INCLUDES .inc
    </IfModule>
</IfModule>

AddDefaultCharset UTF-8

<IfModule mime_magic_module>
    MIMEMagicFile conf/magic
</IfModule>


EnableSendfile on

IncludeOptional conf.d/*.conf
Include "/etc/httpd/conf/mod_jk.conf"
Include "/opt/coldfusion2018/config/wsconfig/1/mod_jk_vhost.conf"

KeepAlive Off
TimeOut 3700
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6684
Location: Germany, Next to Hamburg

PostPosted: Mon 08 Apr '19 20:30    Post subject: Reply with quote

The part of the SSL config is still missing.
If it still doesn't work, please try the SSL config that I posted.
Back to top


Reply to topic   Topic: Connection refused on HTTPS View previous topic :: View next topic
Post new topic   Forum Index -> Apache