Score:0

Server

Apache serving HTTP instead of HTTPS

Mike

2/4/23, 5:19 PM

I recently upgraded from Apache 2.2 to 2.4 (I know, I'm slow to upgrade, don't hate me). I have the following virtual host:

<VirtualHost _default_:30000>
    DocumentRoot /opt/phpmyadmin
    ErrorLog ${APACHE_LOG_DIR}/error.log

    <Directory /opt/phpmyadmin>
        Options -Indexes +IncludesNOEXEC +FollowSymLinks
        Require all granted
    </Directory>
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
    SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    LogLevel warn
</VirtualHost>

This was working previously using the Allow from all syntax, and HTTPS is working perfectly for other virtual hosts on port 443. However, when I go to https://localhost:30000, it serves HTTP content instead of HTTPS. This is also the only virtual host that uses port 30000, so I'm assuming it can't be due to conflicts with other virtual hosts taking precedence.

HTTPS request:

$ curl -v https://localhost:30000
* Rebuilt URL to: https://localhost:30000/
* Hostname was NOT found in DNS cache
*   Trying ::1...
* Connected to localhost (::1) port 30000 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Closing connection 0
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

This then produces the following in the Apache access log:

127.0.0.1:80 XXX.XXX.XXX.149 - - [04/Oct/2021:13:14:37 -0400] "\x16\x03\x01\x02" 400 0 "-" "-"

HTTP request

$ curl -v http://localhost:30000
* Rebuilt URL to: http://localhost:30000/
* Hostname was NOT found in DNS cache
*   Trying ::1...
* Connected to localhost (::1) port 30000 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.38.0
> Host: localhost:30000
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Mon, 04 Oct 2021 16:47:46 GMT
* Server Apache is not blacklisted
< Server: Apache
< Vary: Accept-Encoding
< Content-Length: 481
< Content-Type: text/html;charset=UTF-8
< 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
 <head>
  <title>Index of /</title>
 </head>
 <body>
<h1>Index of /</h1>
  <table>
   <tr><th valign="top"><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a></th></tr>
   <tr><th colspan="5"><hr></th></tr>
   <tr><th colspan="5"><hr></th></tr>
</table>
</body></html>

Edit:

I just noticed one thing. I have -Indexes set, but the HTTP content returned is a directory index. So I'm thinking that maybe somehow another virtual host is being used. I still don't know how that's possible since this is the only one using port 30000.

301

0 + 0

linux

ssl

https

apache-2.2

apache-2.4

Steffen Ullrich

2/4/23, 5:47 PM

Please check the error log of the server for any clues. Also, try to disable this complete VirtualHost and see what happens - the connection should completely fail unless there is some other thing at this port running.

Mike

2/4/23, 5:50 PM

@SteffenUllrich Nothing relevant is in the error log.

Steffen Ullrich

2/4/23, 5:50 PM

Also, `SSLCertificateChainFile` is obsolete with 2.4

Steffen Ullrich

2/4/23, 5:54 PM

*"Nothing relevant is in the error log."* - Maybe you consider log information irrelevant even if they are not? Please isolate the specific configuration so that port 30000 is the only thing in the config. Then everything which shows up in the log files should be relevant. Also, is this the only error log file for the whole Apache? Maybe you need to look into other logs too.

Mike

2/4/23, 6:03 PM

@SteffenUllrich The only thing in the error log was server restart messages. And no, it's not the only error log file. Almost all virtual hosts have their own dedicated log file. Anyway, I figured out my problem. Answer posted.

Score:2

Server

Mike

2/4/23, 5:59 PM

Ok, I figured out my problem. I was previously using /etc/apache2/sites-enabled/domain, but I needed to change it to /etc/apache2/sites-enabled/domain.conf.

0 + 0

Steffen Ullrich

2/4/23, 6:02 PM

That explanation is strange for me, at least considering what you wrote in the question. If the configuration for this VirtualHost is not loaded at all then there should be nothing answering on port 30000 at all - given that you claimed that this is the only VirtualHost using this port.

Mike

2/4/23, 6:06 PM

I have `Listen 30000` in `ports.conf`, so I'm guessing that there must be a default VirtualHost that listens on all ports without actually specifying them individually. Doing a `grep -HR 30000 /etc/apache2/` only returns the `ports.conf` file and the single virtual host I have set up on that port.

Steffen Ullrich

2/4/23, 6:08 PM

Right, I forgot that with Apache one need to predeclare the ports used.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Apache serving HTTP instead of HTTPS

TH: Apache ให้บริการ HTTP แทน HTTPS

RO: Apache servește HTTP în loc de HTTPS

RU: Apache, обслуживающий HTTP вместо HTTPS

VI: Apache phục vụ HTTP thay vì HTTPS

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.