* Re: ssl with apache again @ Tyler Spivey 0 siblings, 0 replies; 8+ messages in thread From: Tyler Spivey @ UTC (permalink / raw) To: speakup try setting the permissions owner and group of that one file to the permissions owner the group of the other files in that directory. just my .02, Tyler Spivey ^ permalink raw reply [flat|nested] 8+ messages in thread
* ssl with apache again @ Gregory Nowak ` Janina Sajka ` Aaron Howell 0 siblings, 2 replies; 8+ messages in thread From: Gregory Nowak @ UTC (permalink / raw) To: speakup Hi all. I found the modssl manual, read most of it (including the faq), and made the ssl keys. Then, I configured mod_ssl.conf (correctly I think), and uncommented the include line for it in httpd.conf. Running apachectl test and apachectl restart went fine. However, if I try to access anything (including the plain old http://www.romuald.net.eu.org url), lynx gives me the last message that it is waiting for the http request response, and just sits there. In my error_log, I get a reptition of the following. [Mon Aug 5 14:56:01 2002] [error] mod_ssl: Child could not open SSLMutex lockfile /var/log/apache/ssl_mutex.203 (System error follows) [Mon Aug 5 14:56:01 2002] [error] System: Permission denied (errno: 13) What kind of permissions and ownership and group do I need to set? I then remark out the include line for mod_ssl.conf in httpd.conf, do apachectl restart, and can access http://www.romuald.net.eu.org once again. Could someone please help? Thanks. Greg ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ssl with apache again Gregory Nowak @ ` Janina Sajka ` Gregory Nowak ` Aaron Howell 1 sibling, 1 reply; 8+ messages in thread From: Janina Sajka @ UTC (permalink / raw) To: speakup Just a guess, Greg, but check 1.) that the directory and file exist -- perhaps do a touch on the file 2.) that that the file is owned apache:root (on Red Hat), www-data:www-data (on Debian), or whatever it is in Slack, look at your index.html to find out. 3.) That the directory and files are writable. Usually, these errors are system setup issues in my experience, not application setup errors. On Mon, 5 Aug 2002, Gregory Nowak wrote: > Hi all. > > I found the modssl manual, read most of it (including the faq), and made the ssl keys. > > Then, I configured mod_ssl.conf (correctly I think), and uncommented the include line for it in httpd.conf. > > Running apachectl test and apachectl restart went fine. However, if I try to access anything (including the plain old http://www.romuald.net.eu.org url), lynx gives me the last message that it is waiting for the http request response, and just sits there. In my error_log, I get a reptition of the following. > > [Mon Aug 5 14:56:01 2002] [error] mod_ssl: Child could not open SSLMutex lockfile /var/log/apache/ssl_mutex.203 (System error follows) > [Mon Aug 5 14:56:01 2002] [error] System: Permission denied (errno: 13) > > What kind of permissions and ownership and group do I need to set? > > I then remark out the include line for mod_ssl.conf in httpd.conf, do apachectl restart, and can access http://www.romuald.net.eu.org once again. > > Could someone please help? Thanks. > Greg > > > _______________________________________________ > Speakup mailing list > Speakup@braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup > -- Janina Sajka, Director Technology Research and Development Governmental Relations Group American Foundation for the Blind (AFB) Email: janina@afb.net Phone: (202) 408-8175 Chair, Accessibility SIG Open Electronic Book Forum (OEBF) http://www.openebook.org ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ssl with apache again ` Janina Sajka @ ` Gregory Nowak 0 siblings, 0 replies; 8+ messages in thread From: Gregory Nowak @ UTC (permalink / raw) To: speakup Thanks for the suggestion Janina. However, I still think this is a config error. What doesn't make sense to me is that apache is able to access its other log files in that directory just fine. Greg On Mon, Aug 05, 2002 at 04:46:16PM -0400, Janina Sajka wrote: > Just a guess, Greg, > > but check > > 1.) that the directory and file exist -- perhaps do a touch on the > file > > 2.) that that the file is owned apache:root (on Red Hat), > www-data:www-data (on Debian), or whatever it is in Slack, look at your > index.html to find out. > > 3.) That the directory and files are writable. > > Usually, these errors are system setup issues in my experience, not > application setup errors. > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ssl with apache again Gregory Nowak ` Janina Sajka @ ` Aaron Howell ` Gregory Nowak 1 sibling, 1 reply; 8+ messages in thread From: Aaron Howell @ UTC (permalink / raw) To: speakup Hi Greg, Look in your httpd.conf file for the lines user= and group=. The user= line is the important one. make sure that /var/log/apache is writable (in other words owned by) the user that apache is specified to run as. Then you should be ok. Regards Aaron On Mon, Aug 05, 2002 at 03:08:37PM -0500, Gregory Nowak wrote: > Hi all. > > I found the modssl manual, read most of it (including the faq), and made the ssl keys. > > Then, I configured mod_ssl.conf (correctly I think), and uncommented the include line for it in httpd.conf. > > Running apachectl test and apachectl restart went fine. However, if I try to access anything (including the plain old http://www.romuald.net.eu.org url), lynx gives me the last message that it is waiting for the http request response, and just sits there. In my error_log, I get a reptition of the following. > > [Mon Aug 5 14:56:01 2002] [error] mod_ssl: Child could not open SSLMutex lockfile /var/log/apache/ssl_mutex.203 (System error follows) > [Mon Aug 5 14:56:01 2002] [error] System: Permission denied (errno: 13) > > What kind of permissions and ownership and group do I need to set? > > I then remark out the include line for mod_ssl.conf in httpd.conf, do apachectl restart, and can access http://www.romuald.net.eu.org once again. > > Could someone please help? Thanks. > Greg > > > _______________________________________________ > Speakup mailing list > Speakup@braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup -- +----------------------------------------------------------+ / |\ _,,,---,,_ /| / /,`.-'`' -. ;-;;,_ / | / |,4- ) )-,_. ,\ ( `'-' / | / '---''(_/--' `-'\_) / | +----------------------------------------------------------+ | | Aaron Howell Kitten Internet | | | aaron@kitten.net.au Internet consultancy, | | | Phone: +61-417-625550 System administration, | | | fax: +61-7-36010099 system design/integration. | | | icq: 6715521 http://www.kitten.net.au | | | | | | | + | | / | | / | | / | |/ +----------------------------------------------------------+ ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ssl with apache again ` Aaron Howell @ ` Gregory Nowak ` Aaron Howell 0 siblings, 1 reply; 8+ messages in thread From: Gregory Nowak @ UTC (permalink / raw) To: speakup Thanks Aaron. Even though it didn't make sense to me why apache would be able to write to all but one log file, I changed the user and group on its log directory, and it works. However, I still can't use https. According to my ssl_engine.log, ssl works. [05/Aug/2002 19:32:43 00203] [info] Init: 13nd restart round (already detached) [05/Aug/2002 19:32:43 00203] [info] Init: Reinitializing OpenSSL library [05/Aug/2002 19:32:43 00203] [info] Init: Seeding PRNG with 1160 bytes of entropy [05/Aug/2002 19:32:43 00203] [info] Init: Configuring temporary RSA private keys (512/1024 bits) [05/Aug/2002 19:32:43 00203] [info] Init: Configuring temporary DH parameters (512/1024 bits) [05/Aug/2002 19:32:43 00203] [info] Init: Initializing (virtual) servers for SSL Here is a demonstration of what happens when I try to access https urls. Yes, my lynx has https support, and yes, the sqwebmail binary is running properly. As you can see Aaron, the rewrite rule you gave me does work. Looking up www.romuald.net.eu.org Making HTTP connection to www.romuald.net.eu.org Sending HTTP request. HTTP request sent; waiting for response. HTTP/1.1 302 Found Data transfer complete HTTP/1.1 302 Found Looking up www.romuald.net.eu.org Making HTTPS connection to www.romuald.net.eu.org Alert!: Unable to connect to remote host. lynx: Can't access startfile http://www.romuald.net.eu.org/cgi-bin/sqwebmail So, my only guess is that I screwed up somewhere in mod_ssl.conf. If someone could please take the time to look it over and help me learn, please write me privately. Your time would be appreciated. Thanks. Greg On Tue, Aug 06, 2002 at 09:28:06AM +1000, Aaron Howell wrote: > Hi Greg, > Look in your httpd.conf file for the lines user= and group=. > The user= line is the important one. > make sure that /var/log/apache is writable (in other words owned by) the user that apache is specified to run as. > Then you should be ok. > Regards > Aaron ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ssl with apache again ` Gregory Nowak @ ` Aaron Howell ` Gregory Nowak 0 siblings, 1 reply; 8+ messages in thread From: Aaron Howell @ UTC (permalink / raw) To: speakup Greg, try apachectl startssl instead of just plain start. If that doesn't work, try to find a listen line in your config file and make sure there is one for both 80 and 443. Finally, make sure you have <virtualhost _default_:443> and make sure that the ssl stuff is configured in there. Also check your error log file for any startup errors. Its most likely a missing listen statement though since you seem to be getting ssl stuff in the engine log. Regards Aaron On Mon, Aug 05, 2002 at 07:53:52PM -0500, Gregory Nowak wrote: > Thanks Aaron. > > Even though it didn't make sense to me why apache would be able to write to all but one log file, I changed the user and group on its log directory, and it works. > > However, I still can't use https. > > According to my ssl_engine.log, ssl works. > > [05/Aug/2002 19:32:43 00203] [info] Init: 13nd restart round (already detached) > [05/Aug/2002 19:32:43 00203] [info] Init: Reinitializing OpenSSL library > [05/Aug/2002 19:32:43 00203] [info] Init: Seeding PRNG with 1160 bytes of entropy > [05/Aug/2002 19:32:43 00203] [info] Init: Configuring temporary RSA private keys (512/1024 bits) > [05/Aug/2002 19:32:43 00203] [info] Init: Configuring temporary DH parameters (512/1024 bits) > [05/Aug/2002 19:32:43 00203] [info] Init: Initializing (virtual) servers for SSL > > > Here is a demonstration of what happens when I try to access https urls. Yes, my lynx has https support, and yes, the sqwebmail binary is running properly. As you can see Aaron, the rewrite rule you gave me does work. > > > Looking up www.romuald.net.eu.org > Making HTTP connection to www.romuald.net.eu.org > Sending HTTP request. > HTTP request sent; waiting for response. > HTTP/1.1 302 Found > Data transfer complete > HTTP/1.1 302 Found > Looking up www.romuald.net.eu.org > Making HTTPS connection to www.romuald.net.eu.org > Alert!: Unable to connect to remote host. > > lynx: Can't access startfile http://www.romuald.net.eu.org/cgi-bin/sqwebmail > > > So, my only guess is that I screwed up somewhere in mod_ssl.conf. If someone could please take the time to look it over and help me learn, please write me privately. Your time would be appreciated. Thanks. > Greg > > > On Tue, Aug 06, 2002 at 09:28:06AM +1000, Aaron Howell wrote: > > Hi Greg, > > Look in your httpd.conf file for the lines user= and group=. > > The user= line is the important one. > > make sure that /var/log/apache is writable (in other words owned by) the user that apache is specified to run as. > > Then you should be ok. > > Regards > > Aaron > > _______________________________________________ > Speakup mailing list > Speakup@braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup -- +----------------------------------------------------------+ / |\ _,,,---,,_ /| / /,`.-'`' -. ;-;;,_ / | / |,4- ) )-,_. ,\ ( `'-' / | / '---''(_/--' `-'\_) / | +----------------------------------------------------------+ | | Aaron Howell Kitten Internet | | | aaron@kitten.net.au Internet consultancy, | | | Phone: +61-417-625550 System administration, | | | fax: +61-7-36010099 system design/integration. | | | icq: 6715521 http://www.kitten.net.au | | | | | | | + | | / | | / | | / | |/ +----------------------------------------------------------+ ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ssl with apache again ` Aaron Howell @ ` Gregory Nowak 0 siblings, 0 replies; 8+ messages in thread From: Gregory Nowak @ UTC (permalink / raw) To: speakup Hi Aaron and all. Doing apachectl startssl tells me that that's already running. I have listen lines for ports 80 and 443 in mod_ssl.conf. I also have a <virtualhost _default_:443> block there. My error log reports that apache, modssl, and openssl restarted without any errors. Is there anything else I should check. Thanks for all your help. Greg On Tue, Aug 06, 2002 at 11:02:53AM +1000, Aaron Howell wrote: > Greg, try > apachectl startssl > instead of just plain start. > If that doesn't work, try to find a listen line in your config file and make sure there is one for both 80 and 443. > Finally, make sure you have > <virtualhost _default_:443> > and make sure that the ssl stuff is configured in there. > Also check your error log file for any startup errors. > Its most likely a missing listen statement though since you seem to be getting ssl stuff in the engine log. > Regards > Aaron > On Mon, Aug 05, 2002 at 07:53:52PM -0500, Gregory Nowak wrote: > > Thanks Aaron. > > > > Even though it didn't make sense to me why apache would be able to write to all but one log file, I changed the user and group on its log directory, and it works. > > > > However, I still can't use https. > > > > According to my ssl_engine.log, ssl works. > > > > [05/Aug/2002 19:32:43 00203] [info] Init: 13nd restart round (already detached) > > [05/Aug/2002 19:32:43 00203] [info] Init: Reinitializing OpenSSL library > > [05/Aug/2002 19:32:43 00203] [info] Init: Seeding PRNG with 1160 bytes of entropy > > [05/Aug/2002 19:32:43 00203] [info] Init: Configuring temporary RSA private keys (512/1024 bits) > > [05/Aug/2002 19:32:43 00203] [info] Init: Configuring temporary DH parameters (512/1024 bits) > > [05/Aug/2002 19:32:43 00203] [info] Init: Initializing (virtual) servers for SSL > > > > > > Here is a demonstration of what happens when I try to access https urls. Yes, my lynx has https support, and yes, the sqwebmail binary is running properly. As you can see Aaron, the rewrite rule you gave me does work. > > > > > > Looking up www.romuald.net.eu.org > > Making HTTP connection to www.romuald.net.eu.org > > Sending HTTP request. > > HTTP request sent; waiting for response. > > HTTP/1.1 302 Found > > Data transfer complete > > HTTP/1.1 302 Found > > Looking up www.romuald.net.eu.org > > Making HTTPS connection to www.romuald.net.eu.org > > Alert!: Unable to connect to remote host. > > > > lynx: Can't access startfile http://www.romuald.net.eu.org/cgi-bin/sqwebmail > > > > > > So, my only guess is that I screwed up somewhere in mod_ssl.conf. If someone could please take the time to look it over and help me learn, please write me privately. Your time would be appreciated. Thanks. > > Greg > > > > > > On Tue, Aug 06, 2002 at 09:28:06AM +1000, Aaron Howell wrote: > > > Hi Greg, > > > Look in your httpd.conf file for the lines user= and group=. > > > The user= line is the important one. > > > make sure that /var/log/apache is writable (in other words owned by) the user that apache is specified to run as. > > > Then you should be ok. > > > Regards > > > Aaron > > > > _______________________________________________ > > Speakup mailing list > > Speakup@braille.uwo.ca > > http://speech.braille.uwo.ca/mailman/listinfo/speakup > > -- > +----------------------------------------------------------+ > / |\ _,,,---,,_ /| > / /,`.-'`' -. ;-;;,_ / | > / |,4- ) )-,_. ,\ ( `'-' / | > / '---''(_/--' `-'\_) / | > +----------------------------------------------------------+ | > | Aaron Howell Kitten Internet | | > | aaron@kitten.net.au Internet consultancy, | | > | Phone: +61-417-625550 System administration, | | > | fax: +61-7-36010099 system design/integration. | | > | icq: 6715521 http://www.kitten.net.au | | > | | | > | | + > | | / > | | / > | | / > | |/ > +----------------------------------------------------------+ > > > > > _______________________________________________ > Speakup mailing list > Speakup@braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~ UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
ssl with apache again Tyler Spivey
-- strict thread matches above, loose matches on Subject: below --
Gregory Nowak
` Janina Sajka
` Gregory Nowak
` Aaron Howell
` Gregory Nowak
` Aaron Howell
` Gregory Nowak
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).