Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: stevezemlicka on May 20, 2008, 06:52:24 PM

Title: httpd issue?
Post by: stevezemlicka on May 20, 2008, 06:52:24 PM

I recently followed the following guide
http://smesmith.de/download/Howtos/website-access-security-howto.html

Ever since that, I have not been able to log on to the webmin server.  At first, it seemed to be the certificate mismatch issue but I think I fixed that and now httpd seems to be starting ok but I still get refused connection in Epiphany browser and failed to connect errors in Firefox.  I can log on via ssh though.

IMAP e-mail seems to work just fine internally and externally.

I have searched for several hours a few days ago and I that's when I regenerated the ssl keys to get httpd to actually start.  I had a few more pages with potential fixes but can't seem to find them again.

The latest error_log in /var/log/httpd doesn't have anything listed since the 17th (have rebooted several times today) so I'm assuming there are no general httpd errors.

The admin error log shows the following
[Tue May 20 10:31:26 2008] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Tue May 20 10:31:26 2008] [notice] Digest: generating secret for digest authentication ...
[Tue May 20 10:31:26 2008] [notice] Digest: done
[Tue May 20 10:31:27 2008] [notice] Apache configured -- resuming normal operations
[Tue May 20 10:39:43 2008] [notice] caught SIGTERM, shutting down
[Tue May 20 10:41:22 2008] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Tue May 20 10:41:23 2008] [notice] Digest: generating secret for digest authentication ...
[Tue May 20 10:41:23 2008] [notice] Digest: done
[Tue May 20 10:41:25 2008] [notice] Apache configured -- resuming normal operations

The latest admin access log is empty as is the access log.

This is what appears to me to be relevant in the httpd.conf but I am far from an expert so let me know if you need more.
    # skipping SSL directives
   
    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]


    RewriteRule ^/server-manager(/.*|$)    https://%{HTTP_HOST}/server-manager$1 [L,R]
    <Location /server-manager>
        order deny,allow
        deny from all
        allow from 127.0.0.1 192.168.1.0/255.255.255.0
    </Location>
    RewriteRule ^/server-common(/.*|$)    https://%{HTTP_HOST}/server-common$1 [L,R]
    <Location /server-common>
        order deny,allow
        deny from all
        allow from 127.0.0.1 192.168.1.0/255.255.255.0
    </Location>
    RewriteRule ^/user-password(/.*|$)    https://%{HTTP_HOST}/user-password$1 [L,R]
    <Location /user-password>
        order deny,allow
        deny from all   
        allow from 127.0.0.1 192.168.1.0/255.255.255.0
    </Location>


Any ideas or links would be greatly appreciated.

If I wanted to remove what I did from the link at the beginning of this post, how would I go about doing that?  From my limited understanding, I cannot simply edit the httpd.conf.  Do I have to generate from a template or something?

On a side note, I'm a windows convert and apache is a bit tedious compared to IIS.  I was wondering if anybody created a webmin applet for configuring apache?  I haven't done any searches yet because I've gotta get the webmin up and running first but any ideas would be very cool.

Title: Re: httpd issue?
Post by: Stefano on May 20, 2008, 06:59:20 PM

hi

simply do:

Code: [Select]

rm /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/86TestSecurity
expand-template /etc/httpd/conf/httpd.conf
service httpd-e-smith restart

if haven't done anything else than what's in the page you link, it should work

Ciao
Stefano

Title: Re: httpd issue?
Post by: stevezemlicka on May 20, 2008, 07:21:17 PM

Awesome, removing that worked.  Any ideas why it screwed it up.  It's probably because I did some modification.  Here's what I used

# ------------------
# Phreebooks Security
# ------------------
<Directory /home/e-smith/files/ibays/books/html>
RequireSSL on
Options -Indexes
AllowOverride None
order deny,allow
deny from all
allow from all
AuthName "Secure Access Only"
AuthType Basic
AuthUserFile /etc/httpd/conf/htpasswd.books
Require valid-user
AddType application/x-httpd-php .php .php3
php_flag magic_quotes_gpc on
php_flag track_vars on
</Directory>
# ----------------

I verified I had the ibay "books" setup as well as the file htpasswd.books.  Why would that goof up the entire webmin page?  shouldn't that section only affect the https://servername/books (/home/e-smith/files/ibays/books/html) site?  I am setting up phreebooks and want all the communication to be ssl.  Is this a good way to do it or is there a different/better way.  Again, I'm new to Apache but well versed in iis so I know the concepts, just gotta learn a slightly different way of doing things.

Also, if anybody's setup phreebooks on sme server that may be able to help me a bit, let me know.

Title: Re: httpd issue?
Post by: warren on May 20, 2008, 09:42:32 PM

Quote

# ------------------
# Phreebooks Security
# ------------------
<Directory /home/e-smith/files/ibays/books/html>
RequireSSL on

That directive is for the old sme 6 and prior ( ie older version of Apache )

It should read
# ------------------
# Phreebooks Security
# ------------------
<Directory /home/e-smith/files/ibays/books/html>
SSLRequireSSL