Topic: Web access only via HTTPS

[alext]

I seem to have mis-configured my SME 7.0rc2 installation as I find that web access via http://www.mydomain.ch will no longer work. The only way that I can access is via https://www.mydomain.ch

It's probably only a simple mistake but any help in solving it would be appreciated.

Thanks

[cactus]

I seem to have mis-configured my SME 7.0rc2 installation as I find that web access via http://www.mydomain.ch will no longer work. The only way that I can access is via https://www.mydomain.ch

It's probably only a simple mistake but any help in solving it would be appreciated.

Thanks

You probably have an error in the /etc/httpd/conf/httpd.conf file and therefore httpd won't start anymore. You can verify that by seeing if httpd is running:

Code: [Select]

ps ax | grep httpd
You should see about ten instances of httpd like this:

Code: [Select]

3228 ?        S      0:00 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -D FOREGROUNDIf you don't see any of these lines there is probably something wrong with the configuration file. Have a look at the last lines of the log file:

Code: [Select]

tail /var/log/httpd/error_logIf you can't figure it out you can post the output here and perhaps we can be of help.

[alext]

Thanks for the quick response Cactus,

As it's a holiday here today I am looking at the server-manager via Remote Desktop and can't get down to the .conf files but I did have a look at the httpd/error_log and found some irregularities (?).

[Mon Jun 05 13:03:53 2006] [warn] RSA server certificate CommonName (CN) abc-gateway.abc-suisse.ch' does NOT match server name!?
[Mon Jun 05 13:03:54 2006] [notice] Digest: generating secret for digest authentication ...
[Mon Jun 05 13:03:54 2006] [notice] Digest: done

This is repeated many times.
I also find a wierd entry in Host Names and Addresses:

Hostnames and addresses
   Add hostname

Current list of hostnames for abc-suisse.ch.
Hostname     Location     IP Address        Ethernet address     Action
ftp.abc-suisse.ch     Self            192.168.1.122                 Modify  Remove  
abc-gateway.abc-suisse.ch Self            192.168.1.122      
mail.abc-suisse.ch             Self            192.168.1.122                 Modify  Remove  
proxy.abc-suisse.ch           Self            192.168.1.122                 Modify  Remove  
wpad.abc-suisse.ch            Self            192.168.1.122                 Modify  Remove  
www.abc-suisse.ch             Self            192.168.1.122                 Modify  Remove  

As you'll notice the second line in the table seems wrong and I can't remove or modify it. I believe that this may be causing the problem.

I will be in the office tomorrow so I can then access the .conf files.

Any ideas before then will be welcome,

Thanks and best regards,
Alex

[cactus]

Thanks for the quick response Cactus,

As it's a holiday here today I am looking at the server-manager via Remote Desktop and can't get down to the .conf files but I did have a look at the httpd/error_log and found some irregularities (?).

[Mon Jun 05 13:03:53 2006] [warn] RSA server certificate CommonName (CN) abc-gateway.abc-suisse.ch' does NOT match server name!?
[Mon Jun 05 13:03:54 2006] [notice] Digest: generating secret for digest authentication ...
[Mon Jun 05 13:03:54 2006] [notice] Digest: done

This is repeated many times.
I also find a wierd entry in Host Names and Addresses:

Hostnames and addresses
   Add hostname

Current list of hostnames for abc-suisse.ch.
Hostname     Location     IP Address        Ethernet address     Action
ftp.abc-suisse.ch     Self            192.168.1.122                 Modify  Remove  
abc-gateway.abc-suisse.ch Self            192.168.1.122      
mail.abc-suisse.ch             Self            192.168.1.122                 Modify  Remove  
proxy.abc-suisse.ch           Self            192.168.1.122                 Modify  Remove  
wpad.abc-suisse.ch            Self            192.168.1.122                 Modify  Remove  
www.abc-suisse.ch             Self            192.168.1.122                 Modify  Remove  

As you'll notice the second line in the table seems wrong and I can't remove or modify it. I believe that this may be causing the problem.

I will be in the office tomorrow so I can then access the .conf files.

Any ideas before then will be welcome,

Thanks and best regards,
Alex

There is nothing wrong with all that it is noise in your logs but this is inheritable to the SME Server architecture. From the information I can digest that your server is called abc-gateway and your domain is abc-suisse.ch. SME Server probably generates a certificate for these settings while the dafult server name is probably www.abc-suisse.ch. Apache checks this and reports that the two are not the same.

This also explains why you can not modify one of the entries. It is your primary domain, and this is build from your servername and the domain configured during installation and that is also based on SME Server architecture.

Was there nothing else in your error_log file? What does the /var/log/messages file say?

[alext]

Hi Cactus,

Hmm, stranger and stranger...

My MESSAGES log file is very long so I don't want to clog up this BB with the listing. I had a look at it from the last reboot, (this afternoon), but could find no obvious problems.

I have listed here my "Review Configuration" listing for you to have a look at.

One thing of note is that when I built the server the server name was abc-gateway and later I changed it via the server-manager panel (Configuration > Workgroup), to abc-mail for conformity with the old SME 6 server. This is maybe where things went wrong. What do you think?

Code: [Select]


Review configuration
Networking Parameters
Server Mode servergateway
Local IP address / subnet mask 192.168.1.122/255.255.255.0
External IP address / subnet mask 10.10.10.2/255.255.255.0
Gateway 10.10.10.1
Additional local networks 192.168.1.0/255.255.255.0
DHCP server enabled
Beginning of DHCP address range 192.168.1.65
End of DHCP address range 192.168.1.85
Server names
DNS server 192.168.1.122
Web server www.abc-suisse.ch
Proxy server proxy.abc-suisse.ch:3128
FTP server ftp.abc-suisse.ch
SMTP, POP, and IMAP mail servers mail.abc-suisse.ch
Domain information
Primary domain abc-suisse.ch
Virtual domains abc-suisse.ch
Primary web site http://www.abc-suisse.ch
Server manager https://abc-gateway/server-manager/
User password panel https://abc-gateway/user-password/
Email Addresses useraccount@abc-suisse.ch
firstname.lastname@abc-suisse.ch
firstname_lastname@abc-suisse.ch
 

[CharlieBrady]

You probably have an error in the /etc/httpd/conf/httpd.conf file and therefore httpd won't start anymore.

If that were the case, then https access wouldn't work either.

The problem here is likely to be the ISP blocking port 80 access. The only things you can do about that are pay more money (buy a business account) or change ISPs.

[cactus]

You probably have an error in the /etc/httpd/conf/httpd.conf file and therefore httpd won't start anymore.

If that were the case, then https access wouldn't work either.

The problem here is likely to be the ISP blocking port 80 access. The only things you can do about that are pay more money (buy a business account) or change ISPs.

I had the same problem while I had an error in my httpd.conf file. You are partly right that you cannot access your server than neither by http nor by https, however the admin daemon will still function which will provide you internally with https (at least for the server-manager). I missed OP's remark that access over https was still possible. Strange that providers change all this without notice to their customer.

[CharlieBrady]

I had the same problem while I had an error in my httpd.conf file. You are partly right that you cannot access your server than neither by http nor by https, however the admin daemon will still function which will provide you internally with https (at least for the server-manager).

No, it will not. The admin web server is not directly accessible (from WAN or LAN), either via http or https. It's accessed via the main web server, via a proxy pass.

I know you are trying to be helpful, but please try to check your facts before posting. Misleading responses are probably worse than no responses at all.

[mmccarn]

The problem here is likely to be the ISP blocking port 80 access. The only things you can do about that are pay more money (buy a business account) or change ISPs.

You should be able to test this by creating a port forwarding rule that forwards an unused port (8181, for example) to port 80 on localhost - then testing to see if your website is available at that port...

[alext]

...The problem here is likely to be the ISP blocking port 80 access. The only things you can do about that are pay more money (buy a business account) or change ISPs.

Well, I had a serious talk with my ISP and they assure me that they are NOT blocking port 80.

I feel that the problem is within hppd.conf

Any further help/suggestions would be greatly appreciated.

Thanks,
Alex