I am trying to run a Site WEB on "Private Network" or by "Public Network via HTTPS (SSL) on XAMPP. I flow this etaps:
1- "C:\xampp\apache\makecert.bat" to make the Certificate.
2- httpd.conf Remove (#) form LoadModule ssl_module modules/mod_ssl.so
3- php.ini Remove (;) from extension=php_openssl.dll
Restart apache and chrome!
localhost uses an invalid security certificate. The certificate is not trusted because it is self-signed. Error code: SEC_ERROR_UNKNOWN_ISSUER
https://192.168.1.100 Peer’s Certificate issuer is not recognized.
HTTP Strict Transport Security: false
HTTP Public Key Pinning: false
Open your "apache/conf/httpd.conf" file and add the following lines (right after closing </Directory> tag):
<VirtualHost *:443>
DocumentRoot "C:\xampp\htdocs"
ServerName localhost:443
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
<Directory "C:\xampp\htdocs">
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
then restart your "Apache" and check back again "https://localhost".
Related
Basically facebook scraper (https://developers.facebook.com/tools/debug/og/object/) tells that:
Curl Error : SSL_CACERT SSL certificate problem: unable to get local issuer certificate
Tested my site's url here:
https://whatsmychaincert.com/?mysite.com
and this tells:
my site is misconfigured. This is the chain it should be using.
I'm scared to download the chain file from this site as I guess I already have it all from GoDaddy.
Coming back to my facebook scraper problem. I did google search and found that the Curl error is due to PHP version. As I checked, I have latest PHP running. But I still downloaded cacert.pem from official site and added in the same folder where my ssl certs reside(/etc/ssl/certs). Then edited php.ini located /opt/bitnami/php/etc.
so it reads:
curl.cainfo ="/etc/ssl/certs/cacert.pem"
Restarted apache still the issue persisted. So I focused on fixing the SSL cert issue.
This is how my default-ssl.conf looks like:
SSLCertificateFile /etc/ssl/certs/a639a4be86615af.crt
SSLCertificateKeyFile /etc/ssl/certs/mysite.key
SSLCertificateChainFile /etc/ssl/certs/mysite.com.chain.crt (downloaded from https://whatsmychaincert.com/)
SSLCACertificateFile /etc/ssl/certs/a639a4be86615af.pem
Bytheway my site shows https connection. But in Firefox I dont see any images loaded. Could that related to the (unable to get local issuer certificate)
What's wrong with my configuration? How do I fix it?
EDIT:
I'm using wordpress bitnami set.So I edited two paths for the ssl config. /etc/apache2/sites-available/default-ssl.conf and /opt/bitnami/apache2/conf/extra/httpd-ssl.conf
My latest SSL config file:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin hello#mysite.com
ServerName mysite.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/b8ad60af28cd1745.crt
SSLCertificateKeyFile /etc/ssl/private/mysite.key
SSLCertificateChainFile /etc/ssl/certs/b8ad60af28cd1745.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
Unlike browsers PHP Curl doesn't reconstruct the certificate tree from other sources. So if your cert tree is incomplete, CURL cannot verify your site certificate.
Your VirtualHost configuration should have following:
SSLCertificateFile - your site certificate
SSLCertificateKeyFile - key for the CertificateFile
SSLCertificateChainFile - file containing all intermediate certificates from leaf to root (so curl can connect your certificate to the one in /etc/ssl/certs/cacert.pem)
Since 2.4.8 you can put all certificates from leaf to root into SSLCertificateFile (https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile)
You can test your SSL configuration using https://www.ssllabs.com/ssltest/index.html which also reports incomplete certificate tree.
I inherited a php/Laravel app that was running on an Apache server that I don't have access to. My task is to get it running on another Apache server. I'm pretty good with php but relatively new to Laravel and very new to Apache configuration.
I have figured out how to get the Laravel app running on Apache that is running on an Ubuntu VM (VirtualBox.) I can access the Laravel app in a browser on the Ubuntu VM via http://localhost. I can also access the Laravel app in a browser from the Internet via http://appname.com/public. However, if I just use http://appname.com, then I just get a folder listing of /var/www/appname.
I have tried several modifications to the /etc/apache2/available-sites/appname.conf file but haven't quite got it right yet, apparently. I have also read a number of posts around the nets about making modifications to various other config files including php config files and Apache config files. It seems like these other mods (while they may be workable) shouldn't be necessary.
Here is my current /etc/apache2/available-sites/appname.conf
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName appname.com
ServiceAlias www.appname.com
DocumentRoot /var/www/appname/public
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Any advise is appreciated.
Bob
You need to allow the mod_rewrite in the apache server and allowSymLinks.
Source
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName appname.com
ServiceAlias www.appname.com
DocumentRoot /var/www/appname/public
<Directory "/var/www/appname/public">
Options FollowSymLinks
ReWriteEngine On
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
in the DocumentRoot Directory i would also allow MultiViews
<Directory "/var/www/appname/public">
Options FollowSymLinks MultiViews
ReWriteEngine On
</Directory>
You may need to also do
sudo a2enmod rewrite
to enable module rewrite.
Edit 1:
In my .conf files i got them with the quotes and they are working.
Did you enable the modudle rewrite?
Besides some options i also have the "/" folder with the next config.
<Directory "/">
Options FollowSymLinks
AllowOverride All
ReWriteEngine On
</Directory>
and here i'll write my full code of public directory
<Directory "/var/www/appname/public">
Options FollowSymLinks MultiViews
Order Allow,Deny
Allow from all
ReWriteEngine On
</Directory>
Try it and see if it works, after delete the options that you don't like to use.
Follow the steps and all will be good and easy,
1). Type following command in terminal
cd /etc/apache2/sites-available
2). Make a new config file
sudo cp 000-default.conf appname.dev.conf
3. Open the new config file and paste the following code
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin yourmail#example.com
ServerAlias appname.dev
DocumentRoot /var/www/html/appname/public
<Directory /var/www/html/appname/public>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
<FilesMatch \.php$>
#Change this "proxy:unix:/path/to/fpm.socket"
#if using a Unix socket
#SetHandler "proxy:fcgi://127.0.0.1:9000"
</FilesMatch>
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
4). CTRL+x, then press y then press enter and run following command in terminal
sudo a2ensite appname.dev.conf
5). Type following command and edit the /etc/hosts file
sudo nano /etc/hosts
127.0.0.1 appname.dev
press CTRL x then press Enter and type following command
sudo service apache2 restart
6). Now your app will execute on appname.dev successfully.
I'm using Win7 and all my asp.net applications are running at port 80
I've WAMP installed at c:\wamp and i've my php project folder under c:\wamp\www\ as proj1,proj2 etc.,
Now i tried to create virtual host with below steps
1) edited 'hosts' file and added below
127.0.0.1:9091 testsite1.mymachine.com
2) Opened the file "httpd.conf" at "C:/wamp/bin/apache/Apache2.2.22/conf/" and uncommented the line "Include conf/extra/httpd-vhosts.conf".
3) Opened the file "httpd.vhosts.conf" at "C:/wamp/bin/apache/Apache2.2.22/conf/extra" and added the below
<Directory C:/wamp/www/proj1>
Order Deny,Allow
Allow from all
</Directory>
after the above code added the below
<VirtualHost *:9091>
DocumentRoot "C:/wamp/www/proj1"
ServerName testsite1.mymachine.com
</VirtualHost>
4) Saved all the above edited files from step 1 through step 3, restarted the wamp server services.
But, i'm unable to access my proj1 using "testsite1.mymachine.com". did i missed anything ? Also please take note by using "http://localhost:8081/" i'm able to see wampserver - server configuration page.
Many Thanks
goto F:\wamp\bin\apache\Apache2.2.21\conf and open httpd.conf file in text editor
change line from #LoadModule vhost_alias_module modules/mod_vhost_alias.so
to this LoadModule vhost_alias_module modules/mod_vhost_alias.so (uncomment)
find following lines
# Virtual hosts
#Include conf/extra/httpd-vhosts.conf
replace it with
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
now goto F:\wamp\bin\apache\Apache2.2.21\conf\extra and open httpd-vhosts.conf
at the end add following code to httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin webmaster#dummy-host2.example.com
DocumentRoot "C:/wamp/www/(project folder name)"
ServerName (the name with which you want to deploy your project in the browser)
ServerAlias (copy paste the ServerName)
ErrorLog "logs/(deploy_name)-error.log"
CustomLog "logs/(deploy_name)-access.log" common
<Directory "/">
Deny from all
Allow from 127.0.0.1
</Directory>
</VirtualHost>
finallly update the hosts file in windows system
goto C:\Windows\System32\drivers\etc open hosts using notepad (open notepad as administrator).
find line 127.0.0.1 localhost
under it write 127.0.0.1 (copy paste the ServerName from "httpd-vhosts.conf")
restart all the services from wamp.
this should get the virtual host running, just type the server name in the addres bar of browser and hit enter.
Context: production server with SSL installed. Running apache server. PHP.
Problem: for an specific url like (for example: www.domain.com/whatever/edit/*) I want to ask users to use their certificate in order to authenticate them for an specific task.
I have read that this way of authentication is called two-way authentication SSL. I don't know whether I am right or not.
What I have tried on server configuration is the following
<VirtualHost _default_:433>
ServerAdmin webmaster#localhost
DocumentRoot /Applications/MAMP/htdocs/smartdataprotection/web/
Options FollowSymLinks
Options Indexes FollowSymLinks MultiViews
LogLevel warn
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/ssl_access.log combined
SSLEngine on
SSLCertificateFile /Applications/MAMP/htdocs/certificates/server.cer
SSLCertificateKeyFile /Applications/MAMP/htdocs/certificates/server.key
SSLOptions +StdEnvVars
# Below for 2 way ssl
SSLVerifyClient require
SSLVerifyDepth 10
SSLCACertificateFile /Applications/MAMP/htdocs/certificates/ca.cer
What I would like to get is something similar to the following screen capture:
Thank you very much in advanced any help will be very welcome and highly appreciate.
Regards.
I think that you're missing SSLCipherSuite directive . In apache documentation:
This complex directive uses a colon-separated cipher-spec string
consisting of OpenSSL cipher specifications to configure the Cipher
Suite the client is permitted to negotiate in the SSL handshake phase.
Also normally you want to login in a site with certificate in specific location not directly in www.yourdomain.com, for example in a button link with goes to wwww.yourdomain.com/yourApp/loginCert so you have to configure <Location> inside the <VirtualHost>.
Finally check the file indicated in the SSLCACertificateFile directive, this file is a concatenation of CA certificates in a PEM format, which issues the certificates allowed to login in your site, if your certificate is not issued by one of the CAs inside this file they will be not showed up in the browser popup.
The configuration could looks like:
<VirtualHost _default_:433>
...
<Location /yourApp/loginCert>
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCACertificateFile conf/trustedCA.cer
SSLVerifyClient required
SSLVerifyDepth 10
SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate
</Location>
Hope this helps,
I am using a wamp version 2.5
My Apache is 2.4.9
PHP: 5.5.12
MySQL: 5.6.17
I have these configurations:
On my httpd.conf
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
On my G:\wamp\bin\apache\apache2.4.9\conf\extra\httpd-vhost.conf
# Virtual Hosts
#
# Required modules: mod_log_config
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.4/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
ServerAdmin webmaster#dummy-host.example.com
DocumentRoot "g:/Apache24/docs/dummy-host.example.com"
ServerName dummy-host.example.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/dummy-host.example.com-error.log"
CustomLog "logs/dummy-host.example.com-access.log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster#dummy-host2.example.com
DocumentRoot "g:/Apache24/docs/dummy-host2.example.com"
ServerName dummy-host2.example.com
ErrorLog "logs/dummy-host2.example.com-error.log"
CustomLog "logs/dummy-host2.example.com-access.log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster#dummy-host.example.com
DocumentRoot "g:/wamp/www"
ServerName localhost
ErrorLog "logs/localhost-error.log"
CustomLog "logs/localhost-access.log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "g:\wamp\www\mysite\public"
ServerName mysite.dev
</VirtualHost>
On my c:\Windows\System32\Drivers\etc\hosts
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
127.0.0.1 mysite.dev
# ::1 localhost
I try to access my project using this URL: http://www.mysite.dev/ BUT I am getting a Server not found error I tried accessing it using www.mysite.dev , http://mysite.dev but still having a bad luck!
My virtual host was working before but i'm not sure why it wasn't working now. Some weird stuff going on.
I am not sure what's happening. Any ideas will be greatly appreciated!
Thanks!
First you need to remove the example dummy definitions from your vhost-httpd.conf file. They are there as examples only just to get you started with the syntax, and should not remain in an active conf/extra/httpd-vhosts.conf as they are pointing to non existant folders.
So remove these 2 definitions from the file:
<VirtualHost *:80>
ServerAdmin webmaster#dummy-host.example.com
DocumentRoot "g:/Apache24/docs/dummy-host.example.com"
ServerName dummy-host.example.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/dummy-host.example.com-error.log"
CustomLog "logs/dummy-host.example.com-access.log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster#dummy-host2.example.com
DocumentRoot "g:/Apache24/docs/dummy-host2.example.com"
ServerName dummy-host2.example.com
ErrorLog "logs/dummy-host2.example.com-error.log"
CustomLog "logs/dummy-host2.example.com-access.log" common
</VirtualHost>
Second Apache 2.4.x is IPV4 ( 127.0.0.1 ) and IPV6 (::1) aware so your hosts file should look like this with definitions for both IPV4 and IPV6 versions for each site. The browser can arbitrarily use either so you need both but will probably use the IPV6 network in preference to the IPV4 if both are actually active on your PC.
127.0.0.1 localhost
::1 localhost
127.0.0.1 mysite.dev
::1 mysite.dev
Now on the 2 Virtual Hosts that actually exist on your system try this as the Virtual Host definition :
<VirtualHost *:80>
DocumentRoot "g:/wamp/www"
ServerName localhost
ServerAlias localhost
ErrorLog "logs/localhost-error.log"
CustomLog "logs/localhost-access.log" common
<Directory "G:/wamp/www">
AllowOverride All
Options Indexes FollowSymLinks
Require local
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "g:\wamp\www\mysite\public"
ServerName mysite.dev
ServerAlias www.mysite.dev
ErrorLog "logs/mysite-error.log"
CustomLog "logs/mysite-access.log" common
<Directory "G:/wamp/www/mysite/public">
AllowOverride All
Options Indexes FollowSymLinks
Require local
</Directory>
</VirtualHost>
The <Directory>....</Directory> section within the <VirtualHost>....</VirtualHost> section tells Apache which IP Addresses it is allowed to accept connections from, so using the Apache 2.4 syntax Require local limits access so that only the PC running WAMPServer i.e. Apache can connect to any of these site.
Avoid mixing Apache 2.2 syntax and Apache 2.4 syntax together in the same definition. So dont use
Order Allow,Deny
Allow from all
and
Require all granted
in the same definition. You are using Apache 2.4 so use the Apache 2.4 syntax.
If you find you want to allow other PC's inside your local network to see you site i.e. work mate or the kids etc, you can add this syntax to one or more of your Virtual Host definition.
Allow just a single other PC into your site
Require local
Require ip 192.168.1.100
or 2 other PC's
Require local
Require ip 192.168.1.100, 192.168.1.101
Or to anyone on your local network just use the first 3 of the 4 quartiles of the ip address.
Require ip 192.168.1
Also avoid using the syntax that allows access from anywhere i.e.
Require all granted <--Apache 2.4 syntax
or
Order Allow,Deny <-- Apache 2.2 syntax
Allow from all
It may solve your issues in the short term, but is just waiting to catch you sometime later when you decide you want to show your site to a friend/client/boss. If you get to the stage of Port Forwarding you router so that the world is allowed into your network that would cause ALL OF YOUR SITES to become available to the world.
Better to change the ONE Virtual Host Definition for the ONE site you want people to see for testing/bragging from Require local to Require all granted and only allow that single site to be access from the internet.
Once you have made all these changes remember to restart Apache.
Also if you change the hosts file to make the chnages active you should either reboot or run these command from the command line of a command windows started ising the Runs as Administrator option.
net stop dnscache
net start dnscache
If you are using Windows 10 the above dns commands no longer work, you should do this instead.
ipconfig /flushdns
Due to Google acquiring .dev gTLD, having .dev development sites is no longer easily possible, best way to mitigate is to just rename your development domain into .local or something that you prefer.
What happens in the background is that the local DNS server redirects the browser to 127.0.53.53 (open cmd > nslookup yourdomain.dev) in order to inform end-users of .dev gTLD being acquired. Since the .dev domain in hosts file is set to 127.0.0.1 it shows connection refused.
You can change 127.0.0.1 to 127.0.53.53 in the hosts file and see that the browser error changes from ERR_CONNECTION_REFUSED to ERR_ICANN_NAME_COLLISION.
Following is working for me
<VirtualHost *:80>
DocumentRoot "G:\project\test.dev"
ServerAdmin test#gmail.com
ServerName test.dev
ErrorLog "logs/test.dev-error.log"
CustomLog "logs/test.dev-access.log" common
<Directory "G:\project\test.dev">
AllowOverride All
Options Indexes FollowSymLinks
Require local
</Directory>
</VirtualHost>
I fix the same problem by uncomment some lines in httpd.conf in Apache folder.
Uncomment lines below:
Include conf/extra/httpd-vhosts.conf
LoadModule vhost_alias_module modules/mod_vhost_alias.so
Save file and Restart your Apache and it will work.
Many thanks to this guy:
https://john-dugan.com/wamp-vhost-setup/
I am coming very late to this question, I did all what was mentioned by #RiggsFolly but one thing I changed made it to work instantly. I changed .dev to .test as .dev is reserved. hope this helps
Check out this modules uncommented in httpd.conf
proxy_module
proxy_http_module
try this on you apache httpd.config file:
<VirtualHost *:80>
ServerName mysite.dev
DocumentRoot "g:\wamp\www\mysite\public"
SetEnv APPLICATION_ENV "development"
<Directory "g:\wamp\www\mysite\public">
DirectoryIndex index.php
Options All Includes Indexes
Options All Indexes FollowSymLinks
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>
restart your wamp server and put url like mysite.dev/ on you browser.
hope it will help you.
thank you.