OSX Local SSL not Respected? - cakephp

I'm clearly missing something, probably something obvious, but I'm just not seeing it. I have a self-signed certificate configured on my MBP (running Apache via Macports). It's a wildcard cert for *.local and I've configured a named virtual host for a site I'm working on, but when I attempt to access it via https, PHP's $_SERVER variables indicate that the SSL access isn't been recognized/respected. Even though I'm accessing https://mynamedhost.local, the PORT key reports port 80 and no HTTPS key exists.
This is a CakePHP site, so the lack of an HTTPS key prevents RequestHandler::isSSL() from reporting true. Any insights would be much appreciated.
Here's my httpd settings output:
$ httpd -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:443 is a NameVirtualHost
default server www.example.com (/opt/local/apache2/conf/extra/httpd-ssl.conf:74)
port 443 namevhost www.example.com (/opt/local/apache2/conf/extra/httpd-ssl.conf:74)
port 443 namevhost mynamedhost.local (/Users/rob/Library/Application Support/MacPorts/apache/conf.d/mynamedhost.conf:17)
*:80 is a NameVirtualHost
default server localhost (/Users/rob/Dropbox/Application Support/apache/conf.d.osx/_localhost.conf:1)
port 80 namevhost localhost (/Users/rob/Dropbox/Application Support/apache/conf.d.osx/_localhost.conf:1)
port 80 namevhost mynamedhost.local (/Users/rob/Library/Application Support/MacPorts/apache/conf.d/mynamedhost.conf:1)
Syntax OK
My namedhost virtual host definition looks like this:
<VirtualHost *:80>
ServerName mynamedhost.local
DocumentRoot /var/www/mynamedhost/app/webroot
ErrorLog /var/www/.logs/mynamedhost_error_log
CustomLog /var/www/.logs/mynamedhost_access_log common
<Directory /var/www/mynamedhost/app/webroot>
Options FollowSymLinks Indexes
AllowOverride All
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName namedhost.local
DocumentRoot /var/www/mynamedhost/app/webroot
ErrorLog /var/www/.logs/mynamedhost_error_log
CustomLog /var/www/.logs/mynamedhost_access_log common
<Directory /var/www/mynamedhost/app/webroot>
Options FollowSymLinks Indexes
AllowOverride All
Order deny,allow
Allow from all
</Directory>
</VirtualHost>

Got it. In the Macports extras/httpd-ssl.conf file, the SSL engine was turned on and the certificate files defined. I thought this would trickle down to custom virtual hosts, but I was wrong. On a lark, I decided to drop the following into the *:443 virtual host definition:
SSLEngine on
SSLCertificateFile "/opt/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/opt/local/apache2/conf/server.key"
Now everything seems to work as expected. I still think I have something funky going on in my config, but this is going to have to be okay for now. For anyone playing at home, the modified virtual host config looks like this (the *:80 config as shown above didn't change):
<VirtualHost *:443>
ServerName mynamedhost.local
DocumentRoot /var/www/mynamedhost/app/webroot
ErrorLog /var/www/.logs/mynamedhost_error_log
CustomLog /var/www/.logs/mynamedhost_access_log common
SSLEngine on
SSLCertificateFile "/opt/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/opt/local/apache2/conf/server.key"
<Directory /var/www/mynamedhost/app/webroot>
Options FollowSymLinks Indexes
AllowOverride All
Order deny,allow
Allow from all
</Directory>
</VirtualHost>

Related

Apache2 bad matching virtualhost

I have a little problem with virtualhosts.
My configuration is:
<VirtualHost *:80>
ServerName www.site2.com
DocumentRoot /var/www/domains/site2.com
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/domains/site1.com
ServerName www.site1.com
SSLEngine on
SSLCertificateKeyFile /etc/apache2/ssl/....
SSLCertificateFile /etc/apache2/ssl/...
SSLCertificateChainFile /etc/apache2/ssl/...
</VirtualHost>
If you enter the following URLs into browser:
https://www.site1.com - OK (matches VHost with /var/www/domains/site1.com DocumentRoot)
http://www.site2.com - OK (matches Vhost with /var/www/domains/site2.com DocumentRoot)
but when I try site2.com with https protocol (https://www.site2.com). Apache finds wrong Vhost with /var/www/domains/site1.com DocumentRoot..
Why?
Thanks for help.
It's because you only have HTTPS configured for site1 and not site2.
You'll need to duplicate the site1 VirtualHost configuration and apply site2's information to it so it'll look something like the one below:
<VirtualHost *:80>
ServerName www.site2.com
DocumentRoot /var/www/domains/site2.com
</VirtualHost>
<VirtualHost *:443>
ServerName www.site2.com
DocumentRoot /var/www/domains/site2.com
SSLEngine on
SSLCertificateKeyFile /etc/apache2/ssl/....
SSLCertificateFile /etc/apache2/ssl/...
SSLCertificateChainFile /etc/apache2/ssl/...
</VirtualHost>
<VirtualHost *:443>
ServerName www.site1.com
DocumentRoot /var/www/domains/site1.com
SSLEngine on
SSLCertificateKeyFile /etc/apache2/ssl/....
SSLCertificateFile /etc/apache2/ssl/...
SSLCertificateChainFile /etc/apache2/ssl/...
</VirtualHost>
I'm assuming you have a separate SSL certificate for your other site or are just testing.
You may also run into the issue of hosting multiple domains with HTTPS with only one IP address on your server, in which you should follow the instructions here: http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
This is simply how virtual hosts work in Apache. The match for the IP:PORT combination at the TCP layer is checked first. If there are multiple virtual hosts with the "best match", then hostnames (from the HTTP Host: header) are checked.
In your simple case, that means the best match for a request on port 443 is the single *:443 vhost. It will never look at worse matches to find a matching hostname.

VirtualHost on Apache2 gives no response

I'm trying to create a virtual host on apache2 but I am getting no response. I have tried serveral tutorials but nothing has helped. This is my file:
<VirtualHost *:80>
ServerName androidwebservice.com
DocumentRoot "/var/www/my_webservice/public"
LogLevel warn
ErrorLog /var/log/apache2/redmine_error.log
CustomLog /var/www/my_webservice/android_access.log combined
<Directory "/var/www/my_webservice/">
Options FollowSymLinks
AllowOverride All
Order deny,allow
Allow from all
RailsEnv production
RailsBaseURI /my_webservice
PassengerResolveSymlinksInDocumentRoot on
</Directory>
</VirtualHost>
I have enabled it using the command sudo a2ensite androidbackend(this is the file name). The file is located in /etc/apache2/sites-available.
The ServerName has been declared in /etc/hosts:
127.0.1.1 androidwebservice.com
Are you visiting androidwebservice.com or www.androidwebservice.com
Because you have declared androidwebservice.com not www.androidwebservice.com
The basic (working) example is over here:
https://reformatcode.com

apache2 vhost going to wrong webroot

All of my vhosts are being sunk into the first available webroot and not their assigned webroot except for my second which is just going wild.
if I try and access ipv6mailer.com I watch the hit live go ->
[error] [client 24.184.110.39] script not found or unable to stat: /home/downlowd/www/login-form.php
True, that file does 'not' exist. it should be looking in /home/ipv6mailer/www
I have 3 vhosts and two are going to /home/downlwd/www and ignoring ServerName completely.
If I comment our downlowd.com, the log output try to access ipv6mailer.com looks like ->
[Wed Aug 21 15:23:12 2013] [crit] [client 24.184.110.39] (13)Permission denied: /home/wemail1/www/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
It's going to the 'new' default and not ServerName
# Virtual Hosts
#
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#<IfDefine DEFAULT_VHOST>
# see bug #178966 why this is in here
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80
# Use name-based virtual hosting.
NameVirtualHost *:80
# When virtual hosts are enabled, the main host defined in the default
# httpd.conf configuration will go away. We redefine it here so that it is
# still available.
#
# If you disable this vhost by removing -D DEFAULT_VHOST from
# /etc/conf.d/apache2, the first defined virtual host elsewhere will be
# the default.
# vim: ts=4 filetype=apache
<VirtualHost *:80>
ServerName www.downlowd.com
ServerAlias downlowd.com *.downlowd.com
ServerPath /downlowd.com
DocumentRoot /home/downlowd/www
<Directory "/home/downlowd/www">
Options Indexes FollowSymLinks MultiViews ExecCGI Includes
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
AddHandler cgi-script .php .php4 .php3
<VirtualHost *:80>
ServerName www.wemail1.com
ServerAlias wemail1.com *.wemail1.com
ServerPath /wemail1.com
DocumentRoot /home/wemail1/www
<Directory "/home/wemail1/www">
Options Indexes FollowSymLinks MultiViews ExecCGI Includes
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName www.ipv6mailer.com
ServerAlias ipv6mailer *.ipv6mailer.com
ServerPath /ipv6mailer
DocumentRoot /home/ipv6mailer/www
<Directory "/home/ipv6mailer/www">
Options Indexes FollowSymLinks MultiViews ExecCGI Includes
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
dev-box-201 www # /usr/sbin/apache2 -S
apache2: Could not reliably determine the server's fully qualified domain name, using dev-box-201.nyctelecomm.com for ServerName
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:80 is a NameVirtualHost
default server www.downlowd.com (/etc/apache2/vhosts.d/00_default_vhost.conf:42)
port 80 namevhost www.downlowd.com (/etc/apache2/vhosts.d/00_default_vhost.conf:42)
port 80 namevhost www.wemail1.com (/etc/apache2/vhosts.d/00_default_vhost.conf:58)
port 80 namevhost www.ipv6mailer.com (/etc/apache2/vhosts.d/00_default_vhost.conf:71)
Syntax OK
The user apache is running as (www-data?) needs search permission (+x on a dir) for every path between / and the file you're serving, if that directory has an effective value of AllowOverride != none (IOW, if Apache is configured to look for htaccess there).

Virtual Host don't redirect properly with CakePHP and MAMP

I'm developing a web with cakePHP (using MAMP as localhost) and I just configured a virtual hosts to the root of my project.
My /etc/hosts is
127.0.0.1 localhost
127.0.0.1 altair.loc
And my httpd.conf
NameVirtualHost *
<VirtualHost *>
DocumentRoot "/Volumes/Macintosh HD/Users/robotThree/www/"
ServerName localhost
</VirtualHost>
<VirtualHost *>
DocumentRoot "/Volumes/Macintosh HD/Users/robotThree/www/ALTAIR/altair/"
ServerName altair.loc
</VirtualHost>
With this I can access to my project typing http://altair.loc and all controllers and actions works perfectly (i.e. http://altair.loc/controller/action).
The problem is that all files accessed statically fails. For example http://altair.loc/css/main.css fails, but it works if I type http://altair.loc/ALTAIR/altair/css/main.css, as if the virtual host wasn't configured.
Do you know what could be happening?
Thank you in advance
Solved. In httpd.conf is necessary to check that Override is for all, it was an .htaccess and mod_rewrite issue:
<Directory />
Options Indexes FollowSymLinks
AllowOverride All
</Directory>

apache2 vhost doesn't always respond

I added the following virtualhost (i have the default *:80 one of course) to my apache:
Listen 8989
NameVirtualHost 10.8.0.1:8989
<VirtualHost 10.8.0.1:8989>
DocumentRoot /var/crib
ServerName Thor
ServerAlias Thor
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/crib/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from 10.8.0.0/255.255.255.0 ::1/128
</Directory>
</VirtualHost>
But sometimes it doesn't always respond... so I'm wondering what could be the problem?
I don't even know where to look... 10.8.0.1 is my VPN address. The virtual host 80 works perfectly and am wondering if my configuration has any flaws
Are you planning on having >1 virtual host (diff. hostnames) on that same IP and port? if not, remove the NameVirtualHost option and ServerName and ServerAlias. If you are going to do name based hosting, leave all of that, but use a name that resolves in DNS. You can just put something in /etc/hosts on the local system for testing, but eventually you'll have to get a real hostname for other people to access your site/application.

Resources