ssl - ZNC Broke After Enable TUN/TAP on my VPS

06
2014-04
  • Fogest

    After enabling TUN/TAP via my vps and then disabling (causing restarts to server as well), ZNC will no longer work. ZNC won't start on boot, or manually. Here are the errors:

    [ !! ] Binding to port [+1025] using ipv4... [ SSL is not enabled ]
[ ** ] Unrecoverable config error.

    Note: Other applications which I have use SSL as well and they still work fine.

    • Answers
  • grawity

    This message is shown only if you compiled ZNC without OpenSSL support. This is not related to TUN/TAP – you probably just compiled a newer version with missing options, then forgot to test it, but it got started on next reboot.

    Recompile with ./configure --with-openssl, and make sure you have the OpenSSL devel headers installed (libssl-dev or such).


    • Related Question

    debian - Configure Apache to serve multiple subdomains via HTTP + HTTPS
  • Apache User

    I have a virtual server hosted at ISP with 2 public IPv4 addresses. I want to run several subdomains (more than 2) with Apache and serve them via both HTTP and HTTPS. The SSL cert is a wildcard one for *.mydomain.com.

    I tried to configure Apache in Debian this way but failed. Either my virtualhosts are not accepted or I get SSL errors. (I know that Apache doesn't see hostname requested before serving the cert but the cert includes all subdomains possible)

    Please help to create an httpd.conf that works best with Debian's Apache config layout.

    All the details:

    • Apache listening on *:80 for HTTP and *:443 for HTTPS
    • All NameVirtualHosts, aliases etc. shall be defined for both ports/protocols at once
    • default mydomain.com and www.mydomain.com should root to /var/www
    • additional NameVirtualHosts for foo.mydomain.com and bar.mydomain.com etc. which can be configured specially, e.g. to have another DocumentRoot

    • Related Answers
  • grawity

    Apache can see the hostname requested, using TLS Server Name Indication.

    However, this requires a relatively recent web browser. For example, those using Internet Explorer on Windows XP will receive certificate mismatch messages for additional domains. (Thankfully, WinXP/IE users are almost extinct.) The Wikipedia article has a list, and here's a test page if you're unsure.

    NameVirtualHost *:80

<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www
    <Directory /var/www/>
        Options Indexes FollowSymlinks MultiViews
    </Directory>
</VirtualHost>

NameVirtualHost *:443

<VirtualHost *:443>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www
    <Directory /var/www/>
        Options Indexes FollowSymlinks MultiViews
    </Directory>

    SSLEngine on
    SSLCertificateFile /etc/ssl/private/example.com.pem
</VirtualHost>

    Additional (sub)domains:

    <VirtualHost *:80>
    ServerName foo.example.com
    DocumentRoot /sites/foo
</VirtualHost>

<VirtualHost *:443>
    ServerName foo.example.com
    DocumentRoot /sites/foo

    SSLEngine on
    SSLCertificateFile /etc/ssl/private/foo.example.com.pem
</VirtualHost>