apache2 - Apache SSL working with IP but not FQDN

apache2 ssl

06
2014-04

Sam Carleton

All was well in my little network until I switch internet providers and had to change my IP address on my internal network from 172.16.0.x to 192.168.1.x, they have funky hardware and this is in my house.

So, I have Apache 2.2 running on a machine, when I access it via IP address, the SSL pages come up just fine and load. When I try to FQDN on the server, it works fine, when I try it on any other machine, they all see the unsigned cert and warn me, then they give me a "connection was reset"

The only Listen statements I have look like this:

Listen 80
Listen 443

And then this is a trimmed down version of the virtual host:

<VirtualHost _default_:443>

    ServerName www.domain.local:443
    DocumentRoot "k:/apache/htdocs-ssl"

    <Directory k:/apache/htdocs-ssl>
        Order Allow,Deny
        Allow from all
    </Directory>

</VirtualHost>

The results from httpd -S:

VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
_default_:443          secure.domain.com (H:/Apache2.2/conf/sslsettings.conf:11)
*:80                   is a NameVirtualHost
         default server server1.domain.com (H:/Apache2.2/conf/httpd-vhosts.conf:22)
         port 80 namevhost server1.domain.com (H:Apache2.2/conf/httpd-vhosts.conf:22)
         port 80 namevhost devinst.domain.com (H:Apache2.2/conf/httpd-vhosts.conf:53)

Any suggestions on what I might be missing?

Answers

Know someone who can answer? Share a link to this question via email, Google+, Twitter, or Facebook.

Related Question

proxy - SSL support with Apache and Proxytunnel

proxy apache ssl

whuppy

I'm inside a strict corporate environment. https traffic goes out via an internal proxy (for this example it's 10.10.04.33:8443) that's smart enough to block ssh'ing directly to ssh.glakspod.org:443.

I can get out via proxytunnel. I set up an apache2 VirtualHost at ssh.glakspod.org:443 thus:

ServerAdmin ssh@orl[email protected] ServerName ssh.glakspod.org

    <!-- Proxy Section -->
    <!-- Used in conjunction with ProxyTunnel -->
    <!-- proxytunnel -q -p 10.10.04.33:8443 -r ssh.glakspod.org:443 -d %host:%port -->
    ProxyRequests on
    ProxyVia on
    AllowCONNECT 22
    <Proxy *>
            Order deny,allow
            Deny from all
            Allow from 74.101
    </Proxy>

So far so good: I hit the Apache proxy with a CONNECT and then PuTTY and my ssh server shake hands and I'm off to the races.

There are, however, two problems with this setup:

The internal proxy server can sniff my CONNECT request and also see that an SSH handshake is taking place. I want the entire connection between my desktop and ssh.glakspod.org:443 to look like HTTPS traffic no matter how closely the internal proxy inspects it.

I can't get the VirtualHost to be a regular https site while proxying. I'd like the proxy to coexist with something like this: SSLEngine on SSLProxyEngine on SSLCertificateFile /path/to/ca/samapache.crt SSLCertificateKeyFile /path/to/ca/samapache.key SSLCACertificateFile /path/to/ca/ca.crt

DocumentRoot /mnt/wallabee/www/html
<Directory /mnt/wallabee/www/html/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
</Directory>


<!-- Need a valid client cert to get into the sanctum -->
<Directory /mnt/wallabee/www/html/sanctum>
        SSLVerifyClient require
        SSLOptions +FakeBasicAuth +ExportCertData
        SSLVerifyDepth 1
</Directory>

So my question is: How to I enable SSL support on the ssh.glakspod.org:443 VirtualHost that will work with ProxyTunnel?

I've tried various combinations of proxytunnel's -e, -E, and -X flags without any luck.

The only lead I've found is Apache Bug No. 29744, but I haven't been able to find a patch that will install cleanly on Ubuntu Jaunty's Apache version 2.2.11-2ubuntu2.6.

Thanks in advance.

Home

apache2 - Apache SSL working with IP but not FQDN