Find the answer to your Linux question:
Page 2 of 2 FirstFirst 1 2
Results 11 to 17 of 17
Originally Posted by yereke Yes, the server has a static IP address with specific DNS domain name, connected through university IT service provider and it is identified by mydomain hostname. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353

    Quote Originally Posted by yereke View Post
    Yes, the server has a static IP address with specific DNS domain name, connected through university IT service provider and it is identified by mydomain hostname. So it is accessed like mydomain.university.com (e.g.)
    i just followed the F17 guide you linked to, and got everything going all right. I used "localhost" as my hostname everywhere (in httpd.conf, ssl.conf, and when making the SSL keys). Maybe give that a shot. This is the guide I used for creating the keys.

    Note that the guide omits one step: you have to move server.key to ../private when you are done, or systemctl will fail to restart the httpd service.

  2. #12
    Just Joined!
    Join Date
    Nov 2012
    Posts
    12
    As a localhost the server works fine. I can open using ssl on the same machine where page is stored.
    But never works via network. the port 443 of the server is open on the firewall.

    The client machine can open https pages on the internet. how could client have blocked port 443?

  3. #13
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    From the client, try a port scan of your server's https port, e.g.:

    Code:
     nmap -n -p 443 <server_ip_address>
    It should say open, and not filtered/closed.

    on the server, you can also run some sort of network sniffer to watch for the request. for example, if your server's ip address is on eth0, then you could do (as root):

    Code:
    ngrep -d eth0
    then try to access the page from the client and see if the request comes through the wire.

  4. #14
    Just Joined!
    Join Date
    Nov 2012
    Posts
    12

    Solved! Check port 443 in Firewall!

    This helped to solve. The port 443 was indeed blocked by SELinux.
    I added a line to /etc/sysconfig/iptables

    Code:
    -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
    and restarted the service

    Thanks a million!

    Now I am including a permanent redirection to https. This was the idea to have a secured web page.

    So added a line to httpd.conf
    Code:
    Redirect permanent / https://mydomain.com
    However, the browser had an error

    The page isn't redirecting properly

    Firefox has detected that the server is redirecting the request for this address in a way that will never complete

    I tried to search for solutions, but couldn't find anything relevant. Any suggestions?


    Quote Originally Posted by atreyu View Post
    From the client, try a port scan of your server's https port, e.g.:

    Code:
     nmap -n -p 443 <server_ip_address>
    It should say open, and not filtered/closed.

    on the server, you can also run some sort of network sniffer to watch for the request. for example, if your server's ip address is on eth0, then you could do (as root):

    Code:
    ngrep -d eth0
    then try to access the page from the client and see if the request comes through the wire.

  5. #15
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    Quote Originally Posted by yereke View Post
    This helped to solve. The port 443 was indeed blocked by SELinux.
    I added a line to /etc/sysconfig/iptables

    Code:
    -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
    and restarted the service
    So I think you mean the port was blocked by iptables, not SELinux (not to say that SELinux doesn't get in the way sometimes, too).

    Now I am including a permanent redirection to https. This was the idea to have a secured web page.

    So added a line to httpd.conf
    Code:
    Redirect permanent / https://mydomain.com
    However, the browser had an error

    The page isn't redirecting properly
    That line works as expected on my box. Are you sure it is resolving the domain name properly? Does it do the same thing if you substitute your ip address?

  6. #16
    Just Joined!
    Join Date
    Nov 2012
    Posts
    12

    Resolved redirection

    Quote Originally Posted by atreyu View Post
    So I think you mean the port was blocked by iptables, not SELinux (not to say that SELinux doesn't get in the way sometimes, too).


    That line works as expected on my box. Are you sure it is resolving the domain name properly? Does it do the same thing if you substitute your ip address?
    Resolved this issue by adding a few lines in httpd.conf
    # This will enable the Rewrite capabilities
    RewriteEngine On

    # This checks to make sure the connection is not already HTTPS
    RewriteCond %{HTTPS} !=on

    # This will redirect all users who are using any part of /secure/ to the same location but using HTTPS.
    # i.e. http: // example. com/secure/ to https: // example. com/secure/
    # This means if you dont want to force HTTPS for all directories you can force it for a specific sub-section of the site.
    RewriteRule ^/?private/(.*) https://%{SERVER_NAME}/private/$1 [R,L]


  7. #17
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    Excellent, glad you got it sorted, and thanks for posting your solution.

    If you're satisfied, you can mark this thread as Solved using the Thread Tools link at the top of the page.

Page 2 of 2 FirstFirst 1 2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •