Mailing List Archive

Apache SSL issue.
Gentlepeople,

Got the following situation that I can't seem to solve. Would love some
suggestions or a faq/link on how to
solve this:

Running a Ubuntu LAMP with 2 virtual hosts, let's say site1.example.com &
site2.example.com.
site1 is on port 80 and site 2 is on 443. Both working fine and if I switch
site1 to 443 and site2 to 80, both
still work fine.

Now for the issue. I want, using Redirect Permanent, for site1 to run on
port 5001 and site2 to run on port
5002 both using SSL. Port 443 can then be closed. But if I replace port 443
with port 5001 or 5002, it all falls
apart with an Error code: ssl_error_rx_record_too_long. Seems I can't find
the correct syntax for the
Redirect Permanent.

Somehow there should be something like: Redirect permanent /
https://site1.example.com:5001, but that does not
work. A redirect to https://site1.example.com works, but gives the
ssl_error.

Current working config (with parts left out):
ports.conf
NameVirtualHost *:80
<IfModule mod_ssl.c>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>


Host definition in sites-available for the ssl site
<VirtualHost *:80>
ServerAdmin someone@example.com
ServerName site2.example.com
Redirect permanent / https://site2.example.com
</VirtualHost>
<VirtualHost *:443>
ServerAdmin someone@example.com
ServerName site2.example.com
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
</VirtualHost>

Changing all 443 for 5001 does not do the trick.... what am I missing
here...?




If it helps, I run my one DNS forward and reverse working fine and private
proxy also working fine.





Met vriendelijke groet, Kind regards,


M. Lebbink

PhotographITy
Almere



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Apache SSL issue. [ In reply to ]
So where are your Listen statements for ports 5001/2?
On Apr 24, 2012 7:56 PM, "M. Lebbink" <mlebbink@photographity.nl> wrote:

> Gentlepeople,
>
> Got the following situation that I can't seem to solve. Would love some
> suggestions or a faq/link on how to
> solve this:
>
> Running a Ubuntu LAMP with 2 virtual hosts, let's say site1.example.com &
> site2.example.com.
> site1 is on port 80 and site 2 is on 443. Both working fine and if I switch
> site1 to 443 and site2 to 80, both
> still work fine.
>
> Now for the issue. I want, using Redirect Permanent, for site1 to run on
> port 5001 and site2 to run on port
> 5002 both using SSL. Port 443 can then be closed. But if I replace port 443
> with port 5001 or 5002, it all falls
> apart with an Error code: ssl_error_rx_record_too_long. Seems I can't find
> the correct syntax for the
> Redirect Permanent.
>
> Somehow there should be something like: Redirect permanent /
> https://site1.example.com:5001, but that does not
> work. A redirect to https://site1.example.com works, but gives the
> ssl_error.
>
> Current working config (with parts left out):
> ports.conf
> NameVirtualHost *:80
> <IfModule mod_ssl.c>
> Listen 443
> </IfModule>
> <IfModule mod_gnutls.c>
> Listen 443
> </IfModule>
>
>
> Host definition in sites-available for the ssl site
> <VirtualHost *:80>
> ServerAdmin someone@example.com
> ServerName site2.example.com
> Redirect permanent / https://site2.example.com
> </VirtualHost>
> <VirtualHost *:443>
> ServerAdmin someone@example.com
> ServerName site2.example.com
> SSLEngine on
> SSLCertificateFile /etc/apache2/apache.pem
> </VirtualHost>
>
> Changing all 443 for 5001 does not do the trick.... what am I missing
> here...?
>
>
>
>
> If it helps, I run my one DNS forward and reverse working fine and private
> proxy also working fine.
>
>
>
>
>
> Met vriendelijke groet, Kind regards,
>
>
> M. Lebbink
>
> PhotographITy
> Almere
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
RE: Apache SSL issue. [ In reply to ]
You are correct that these are missing
When switching to the 5001 & 5002 the actual ports.conf would look more like
this:

NameVirtualHost *:80

<IfModule mod_ssl.c>
Listen 5001
Listen 5002
</IfModule>

<IfModule mod_gnutls.c>
Listen 5001
Listen 5002
</IfModule>


Host definition would be like (does not work!):
<VirtualHost *:80>
        ServerAdmin someone@example.com
        ServerName site2.example.com
        Redirect permanent / https://site2.example.com
</VirtualHost>

<VirtualHost *:5001>
        ServerAdmin someone@example.com
       ServerName site2.example.com

# Setup security
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem

# Indexes + Directory Root.
DirectoryIndex index.html index.htm index.php
DocumentRoot /var/www/site2.example.com/htdocs/

# CGI Directory
ScriptAlias /cgi-bin/ /var/www/site2.example.com/cgi-bin/
<Location /cgi-bin>
Options +ExecCGI
</Location>

# Logfiles
ErrorLog /var/www/site2.example.com/log/error.log
CustomLog /var/www/site2.example.com/log/access.log combined
</VirtualHost>


With this setup (5001 replacing the 443), after restarting apache, I get the

SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)

message.... and i can't figure out why... again, on 443 it works fine.
Somehow
I think a need to change more, but i don;t know what....




From: Igor Cicimov [mailto:icicimov@gmail.com]
Sent: dinsdag 24 april 2012 17:05
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache SSL issue.

So where are your Listen statements for ports 5001/2?
On Apr 24, 2012 7:56 PM, "M. Lebbink" <mlebbink@photographity.nl> wrote:
Gentlepeople,

Got the following situation that I can't seem to solve. Would love some
suggestions or a faq/link on how to
solve this:

Running a Ubuntu LAMP with 2 virtual hosts, let's say site1.example.com &
site2.example.com.
site1 is on port 80 and site 2 is on 443. Both working fine and if I switch
site1 to 443 and site2 to 80, both
still work fine.

Now for the issue. I want, using Redirect Permanent, for site1 to run on
port 5001 and site2 to run on port
5002 both using SSL. Port 443 can then be closed. But if I replace port 443
with port 5001 or 5002, it all falls
apart with an Error code: ssl_error_rx_record_too_long. Seems I can't find
the correct syntax for the
Redirect Permanent.

Somehow there should be something like: Redirect permanent /
https://site1.example.com:5001, but that does not
work. A redirect to https://site1.example.com works, but gives the
ssl_error.

Current working config (with parts left out):
ports.conf
       NameVirtualHost *:80
       <IfModule mod_ssl.c>
            Listen 443
       </IfModule>
       <IfModule mod_gnutls.c>
            Listen 443
       </IfModule>


Host definition in sites-available for the ssl site
       <VirtualHost *:80>
               ServerAdmin someone@example.com
               ServerName site2.example.com
               Redirect permanent / https://site2.example.com
       </VirtualHost>
       <VirtualHost *:443>
               ServerAdmin someone@example.com
               ServerName site2.example.com
               SSLEngine on
               SSLCertificateFile /etc/apache2/apache.pem
       </VirtualHost>

Changing all 443 for 5001 does not do the trick.... what am I missing
here...?




If it helps, I run my one DNS forward and reverse working fine and private
proxy also working fine.





Met vriendelijke groet, Kind regards,


M. Lebbink

PhotographITy
Almere



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1913 / Virus Database: 2411/4955 - Release Date: 04/23/12


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Apache SSL issue. [ In reply to ]
This
Redirect permanent / https://site2.example.com

should be:
Redirect permanent / https://site2.example.com:5001

In general, the error "Error code: ssl_error_rx_record_too_long" means you
are sending SSL traffic to a host/port that has no SSL listener enabled.

Igor

On Wed, Apr 25, 2012 at 1:29 AM, M. Lebbink <mlebbink@photographity.nl>wrote:

> You are correct that these are missing
> When switching to the 5001 & 5002 the actual ports.conf would look more
> like
> this:
>
> NameVirtualHost *:80
>
> <IfModule mod_ssl.c>
> Listen 5001
> Listen 5002
> </IfModule>
>
> <IfModule mod_gnutls.c>
> Listen 5001
> Listen 5002
> </IfModule>
>
>
> Host definition would be like (does not work!):
> <VirtualHost *:80>
> ServerAdmin someone@example.com
> ServerName site2.example.com
> Redirect permanent / https://site2.example.com
> </VirtualHost>
>
> <VirtualHost *:5001>
> ServerAdmin someone@example.com
> ServerName site2.example.com
>
> # Setup security
> SSLEngine on
> SSLCertificateFile /etc/apache2/apache.pem
>
> # Indexes + Directory Root.
> DirectoryIndex index.html index.htm index.php
> DocumentRoot /var/www/site2.example.com/htdocs/
>
> # CGI Directory
> ScriptAlias /cgi-bin/ /var/www/site2.example.com/cgi-bin/
> <Location /cgi-bin>
> Options +ExecCGI
> </Location>
>
> # Logfiles
> ErrorLog /var/www/site2.example.com/log/error.log
> CustomLog /var/www/site2.example.com/log/access.log combined
> </VirtualHost>
>
>
> With this setup (5001 replacing the 443), after restarting apache, I get
> the
>
> SSL received a record that exceeded the maximum permissible length.
> (Error code: ssl_error_rx_record_too_long)
>
> message.... and i can't figure out why... again, on 443 it works fine.
> Somehow
> I think a need to change more, but i don;t know what....
>
>
>
>
> From: Igor Cicimov [mailto:icicimov@gmail.com]
> Sent: dinsdag 24 april 2012 17:05
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Apache SSL issue.
>
> So where are your Listen statements for ports 5001/2?
> On Apr 24, 2012 7:56 PM, "M. Lebbink" <mlebbink@photographity.nl> wrote:
> Gentlepeople,
>
> Got the following situation that I can't seem to solve. Would love some
> suggestions or a faq/link on how to
> solve this:
>
> Running a Ubuntu LAMP with 2 virtual hosts, let's say site1.example.com &
> site2.example.com.
> site1 is on port 80 and site 2 is on 443. Both working fine and if I switch
> site1 to 443 and site2 to 80, both
> still work fine.
>
> Now for the issue. I want, using Redirect Permanent, for site1 to run on
> port 5001 and site2 to run on port
> 5002 both using SSL. Port 443 can then be closed. But if I replace port 443
> with port 5001 or 5002, it all falls
> apart with an Error code: ssl_error_rx_record_too_long. Seems I can't find
> the correct syntax for the
> Redirect Permanent.
>
> Somehow there should be something like: Redirect permanent /
> https://site1.example.com:5001, but that does not
> work. A redirect to https://site1.example.com works, but gives the
> ssl_error.
>
> Current working config (with parts left out):
> ports.conf
> NameVirtualHost *:80
> <IfModule mod_ssl.c>
> Listen 443
> </IfModule>
> <IfModule mod_gnutls.c>
> Listen 443
> </IfModule>
>
>
> Host definition in sites-available for the ssl site
> <VirtualHost *:80>
> ServerAdmin someone@example.com
> ServerName site2.example.com
> Redirect permanent / https://site2.example.com
> </VirtualHost>
> <VirtualHost *:443>
> ServerAdmin someone@example.com
> ServerName site2.example.com
> SSLEngine on
> SSLCertificateFile /etc/apache2/apache.pem
> </VirtualHost>
>
> Changing all 443 for 5001 does not do the trick.... what am I missing
> here...?
>
>
>
>
> If it helps, I run my one DNS forward and reverse working fine and private
> proxy also working fine.
>
>
>
>
>
> Met vriendelijke groet, Kind regards,
>
>
> M. Lebbink
>
> PhotographITy
> Almere
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 2012.0.1913 / Virus Database: 2411/4955 - Release Date: 04/23/12
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>