404 Apache

HowTo: Set Up Multiple SSL Certificates on One IP with Apache

Posted on Updated on

As the Apache Web server grows and matures, new features are added and old bugs are fixed. Perhaps one of the most important new features added to recent Apache versions (2.2.12, to be specific) is the long-awaited support for multiple SSL sites on a single IP address.

prerequisites,

  • The server, obviously, must use Apache 2.2.12 or higher.
  • It must also use OpenSSL 0.9.8f or later and must be built with the TLS extensions option.
  •  Apache must be built against this version of OpenSSL as it will enable SNI support if it detects the right version of OpenSSL — the version of OpenSSL that includes TLS extension support.( Default installation contains all these things)

Note:

SNI can only be used for serving multiple SSL sites from your web server and is not likely to work at all on other daemons, such as mail servers, etc. There are also a small percentage of older web browsers that may still give certificate errors. Wikipedia has an updated list of software that does and does not support this TLS extension.

Here am using wild card SSL for hosting two sub-domain in single server, similearly we can also use different ssl for different domain with the same IP.

Follow the basic installation of apache

Redhat :

[root@ip-10-132-82-251 ~]# yum install httpd openssl openssl-devel mod_ssl

Ubuntu:

apt-get install apache2 openssl mod_ssl

Get the the certificate from the authority or use self singed SSL, Verify you have enabled SSL module in the existing apache installation

[root@ip-10-132-82-251 ~]# httpd -M  |grep ssl

Add the following lines in the apace main configuration file httpd.conf

[root@ip-10-132-82-251 ~]#  vi /etc/httpd/conf/httpd.conf 
###FOR SSL
NameVirtualHost *:443
<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>
<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

Create the Virtual Hosts

Once you downloaded all required files for SSL, proceed to creating Vhost.

Here is the Vhost entry that I used

[root@ip-10-132-82-251 ~]# vi /etc/httpd/conf.d/domain1-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName domain1.mydomain.com
        DocumentRoot "/opt/web-home/domain1/public_html"
        <Directory />
                Options FollowSymLinks
                AllowOverride all
        </Directory>
        <Directory /opt/web-home/domain1/public_html>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride all
                Order allow,deny
                allow from all
        </Directory>
        ScriptAlias /cgi-bin/ /opt/web-home/domain1/public_html/cgi-bin/
        <Directory "/opt/web-home/domain1/public_html/cgi-bin/">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/ssl/certs/planetcure.in.crt
SSLCertificateKeyFile /etc/ssl/certs/planetcure.in.key
SSLCertificateChainFile /etc/ssl/certs/planetcure.in.csr
SSLCACertificateFile /etc/ssl/certs/planetcure.in.ca
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>
</IfModule>
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

You can also create more Vhost files using this entry. By changing the domain name and the SSL path.

Now restart the apache

[root@ip-10-132-82-251 ~]# service httpd restart

To verify the list of enabled vhost, use the below command

[root@ip-10-132-82-251 ~]# apachectl -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:443                  is a NameVirtualHost
         default server domain1.planetcure.in (/etc/httpd/conf.d/domain1-ssl.conf:2)
         port 443 namevhost domain1.planetcure.in (/etc/httpd/conf.d/domain1-ssl.conf:2)
         port 443 namevhost domain2.planetcure.in (/etc/httpd/conf.d/domain2-ssl.conf:2)
Syntax OK

Phew, these domains having their own SSL with single IP 🙂

Advertisements

Howto: Install ssl with tomcat Appserver.

Posted on Updated on

Five easy steps to enable SSL for tomcat application server.

1, generate Key store

keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore planetcure-in.jks

It ask few information that we would like to publish along with the SSL

==Certificate information==

Common Name : *.planetcure.in
Organization name: Xtermpro
Country/Region name: myregion
City/Locality: mycity
State/Province: mystate

2, Generate CSR

CSR it to submit to the SSL provider for digital signing Now you receive CRT file from the SSL provider, you may see the signing information in it.

keytool -certreq -alias server -file planetcure-in.csr -keystore planetcure-in.jks

3, Import CA

You may also receive a public CA from the certificate Authority, now you need to import it. This will be called as intermediate CA

keytool -import -alias intermediate -trustcacerts -file intermediateCA.cer  -keystore planetcure-in.jks

4, Now this is the final stage you have to import cert file , you can see that their is another key already installed in the key store that is generated along with the keystore generation, it have to replace with the valid certificate.

keytool -import -alias server -trustcacerts -file planetcure-in.crt -keystore planetcure-in.jks

This will give the success output, now move to the configuration changes.

5, Edit the server.xml for the valid entries.  Default tomcat SSL port is 8443, here I user 443 .

<Connector port="443"
           protocol="HTTP/1.1"
           maxThreads="150"
           scheme="https" secure="true" SSLEnabled="true"       
           keystoreFile="${catalina.home}/conf/keystore/planetcure-in.jks"
           keystorePass="keystorepassword" keyAlias="server"
           clientAuth="false" sslProtocol="TLS"/>

that’s it, now restart the web server to make the changes effect .

ERROR: SQL error: [unixODBC][Driver Manager]Data source name not found, and no default driver specified

Posted on Updated on

One of our server getting odbc_connection error after migration, this will usually  happens because ODBC module has not enabled on the server,  While I tried to set up ODBC with freeTDS in order to connect to a MSSQL server faced several issues.

MSSQL uses Tabular Data Stream (TDS) as a communication protocol which is same like in Sybase. freeTDS is an implementation of TDS protocol.

Before trying to connect with freetds to the mssql server, make sure, that your MSSQL server has remote access to connect.

[02-May-2013 02:21:31 America/Denver] PHP Warning: odbc_connect() [<a href='function.odbc-connect'>function.odbc-connect</a>]: SQL error: [unixODBC][Driver Manager]Data source name not found, and no default driver specified, SQL state IM002 in SQLConnect in /home/anand/public_html/mssql2000.php on line 69

We need below packages installed to get this done.

1, php-odbc
2, unixODBC
3, freetds

Installation : 

#pecl  install php-odbc
#yum install unixODBC-devel unixODBC freetds-devel freetds

Or,

Download unixODBC and untar it

#wget ftp://ftp.unixodbc.org/pub/unixODBC/unixODBC-2.3.0.tar.gz
#tar –xzf unixODBC-2.3.0.tar.gz
#cd unixODBC-2.3.0 ; ./configure ; make ; make install

Installing freeTDS
Set environmental variable at /etc/profile. Add following lines at end

#vi /etc/profile
 # TDS
SYBASE=/usr/local 
LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:$SYBASE/lib 
export SYBASE LD_LIBRARY_PATH 
#http://ibiblio.org/pub/Linux/ALPHA/freetds/stable/freetds-stable.tgz
#tar –xzf freetds*.tar.gz ; cd freetds* ; ./configure --with-tdsver=8.0 --with-unixodbc=/usr/local ; make ; make install

Configuration:
Note: tdsver=8.0 if you use SQL 2000, tdsver=7.0 if you use SQL 7.0, More info about freetds.conf here

root@server [~]# cat /etc/freetds.conf
[MSSQLSERVER]               
host = 11.222.333.44
port = 1433
tds version = 8.0

Setup ODBC:
Create template for both driver and configuration. before creating make sure that the driver files are valid.

root@server [~]# vi tds.driver.template
#Driver for MS SQL
[FreeTDS]                       #"FreeTDS" is the unique name for this driver
Description = FreeTDS driver
Driver = /usr/lib64/libtdsodbc.so.0
Setup = /usr/lib64/libtdsS.so.1
FileUsage = 1
UsageCount =1

root@server [~]# vi tds.datasource.template
[MSSQL]               #"MSSQL" is the DSN name that we call to connect database
Driver = FreeTDS      # name that we specified in the driver file
Description = MSSQL ReflectiveLearning
Trace = No
TraceFile = /var/log/freetds.log
Servername = MSSQLSERVER    # this  name specified in the freetds.conf
Port = 1433
Database = reflective_Live
TDS_Version = 8.0
 Now install the data source and driver

The below commands will create configuration file for odbc but odbc.ini has create in users home dir by default we have to move it manually to /etc/

odbcinst -i -d -f tds.driver.template
odbcinst -i -s -f tds.datasource.template
cp -rpf ~/.odbc.ini /etc/odbc.ini
mv /etc/odbc.ini /usr/local/etc
mv /etc/odbcinst.ini /usr/local/etc
cd /etc
ln -s /usr/local/etc/odbc.ini
ln -s /usr/local/etc/odbcinst.ini
chmod 0664 /usr/local/etc/odbc*.ini
cd ~

check by using command line
#tsql -H Hostname_OR_IP -p PortNumber -U Username

root@server [~]# isql -v DSNname Username 'Password'
+---------------------------------------+
| Connected!                            |
|                                       |
| sql-statement                         |
| help [tablename]                      |
| quit                                  |
|                                       |
+---------------------------------------+
SQL> quit
That’s all, now the application will works fine.
some PHP code to connect to it
<?php
//*************************************************************************
//Open Database Connection
//************************************************************************* 
$dbserver="ipaddress";
$dbusername="tester4";
$dbpassword="password1234";
$defaultdb="testdb";
$cn = mssql_connect($dbserver,$dbusername,$dbpassword) or die("Connection Error");
$db = mssql_select_db($defaultdb,$cn) or die("Database Error");
echo "Connection Success"
?>

Some of the useful commands,

odbcinst -j         # to check the ODBC version and configuration.
odbcinst -q -d   # View loaded drivers.
odbcinst -q -s   # View DSN entry
tsql -LH 22.33.55.44   #To list MSSQL server instant name,version etc.,
osql -S DSN -U Username -P ‘Password’ #list the configuration files loaded to connect ODBC

Error: 404 while trying to reach temporary URL on Cpanel.

Posted on Updated on

Here is my problem that getting 404 error when I am trying to access temporary URL on Cpanel server. The url looks like this http://111.222.333.444/~domainusername/

Error Logs:

root@server2 [~]#tail -f /usr/local/apache/logs/error_log
[Thu May 15 14:21:23 2008] [error] [client 12.34.45.203] File does not exist: /usr/local/apache/htdocs/~username, referer: http://12.13.14.15:2086/scripts2/lis...rtorder=domain
[Thu May 15 14:21:23 2008] [error] [client 12.34.45.203] File does not exist: /usr/local/apache/htdocs/~username, referer: http://12.13.14.15/~domainusername/

This will happens while mod_userdir protection is enabled for the user nobody (DefaultHost) and it should be disabled using WHM or edit the below entry on httpd.conf

UserDir disabled
# To enable enter domainusername seperated by space
UserDir enabled user1 user2 user3