En essayant de créer un environnement intermédiaire pour mon site Web WORDPRESS, je ne parviens pas à configurer la configuration HTTPS.
J'ai copié le dossier wordpress et sauvegardé la base de données Mysql et j'ai pu obtenir une copie de mon site Web, mais chaque fois que je clique sur un lien, cela me mènera à l'URL HTTPS et me montrera un SSL connection error
.
Precise64
uname -a
Linux test-www 3.5.0-23-generic #35~precise1-Ubuntu SMP Fri Jan 25 17:13:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
vagrant@test-www:/etc/Apache2$ more ssl.conf
<VirtualHost 192.168.33.10:443>
DocumentRoot /var/www
ServerName test-www.domain.com
ErrorLog /var/log/Apache2/error_secure.log
LogLevel info
SSLEngine on
SSLCertificateFile /etc/ssl/wildcard.domain.com/certificate.crt
SSLCertificateKeyFile /etc/ssl/wildcard.domain.com/server.key
SSLCACertificateFile /etc/ssl/wildcard.domain.com/test-www.domain.com.ca.crt
</VirtualHost>
vagrant@test-www:/etc/Apache2$ openssl s_client -connect 192.168.33.10:443
CONNECTED(00000003)
139816269579936:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:757:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 213 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
vagrant@test-www:/etc/Apache2$ wget http://192.168.33.10:443
--2015-02-02 17:24:31-- http://192.168.33.10:443/
Connecting to 192.168.33.10:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2015-02-02 17:24:31 ERROR 404: Not Found.
vagrant@test-www:/etc/Apache2$ wget https://192.168.33.10
--2015-02-02 17:25:23-- https://192.168.33.10/
Connecting to 192.168.33.10:443... connected.
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.
vagrant@test-www:/etc/Apache2$
#
# Generated by Chef
#
# Based on the Ubuntu Apache2.conf
ServerRoot "/etc/Apache2"
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
LockFile /var/lock/Apache2/accept.lock
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
#
PidFile /var/run/Apache2.pid
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5
##
## Server-Pool Size Regulation (MPM specific)
##
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_prefork_module>
StartServers 1
MinSpareServers 1
MaxSpareServers 2
ServerLimit 5
MaxClients 3
MaxRequestsPerChild 0
</IfModule>
# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>
StartServers 1
ServerLimit 3
MaxClients 3
MinSpareThreads 10
MaxSpareThreads 20
ThreadsPerChild 64
MaxRequestsPerChild 0
</IfModule>
User www-data
Group www-data
#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.Apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual Host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that Host's errors will be logged there and not here.
#
ErrorLog /var/log/Apache2/error.log
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
# COOK-1021: Dummy LoadModule directive to aid module installations
#LoadModule dummy_module modules/mod_dummy.so
# Include module configuration:
Include /etc/Apache2/mods-enabled/*.load
Include /etc/Apache2/mods-enabled/*.conf
# Include ports listing
Include /etc/Apache2/ports.conf
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# Putting this all together, we can internationalize error responses.
#
# We use Alias to redirect any /error/HTTP_<error>.html.var response to
# our collection of by-error message multi-language collections. We use
# includes to substitute the appropriate text.
#
# You can modify the messages' appearance without changing any of the
# default HTTP_<error>.html.var files by adding the line:
#
# Alias /error/include/ "/your/include/path/"
#
# which allows you to create your own set of files by starting with the
# /usr/share/Apache2/error/include/ files and copying them to /your/include/path/,
# even on a per-VirtualHost basis. The default include files will display
# your Apache version number and your ServerAdmin email address regardless
# of the setting of ServerSignature.
#
# The internationalized error documents require mod_alias, mod_include
# and mod_negotiation. To activate them, uncomment the following 30 lines.
# Alias /error/ "/usr/share/Apache2/error/"
#
# <Directory "/usr/share/Apache2/error">
# AllowOverride None
# Options IncludesNoExec
# AddOutputFilter Includes html
# AddHandler type-map var
# Order allow,deny
# Allow from all
# LanguagePriority en cs de es fr it nl sv pt-br ro
# ForceLanguagePriority Prefer Fallback
# </Directory>
#
# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
# ErrorDocument 410 /error/HTTP_GONE.html.var
# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
# Include generic snippets of statements
Include /etc/Apache2/conf.d/*.conf
# Include the virtual Host configurations:
Include /etc/Apache2/sites-enabled/
$ more ports.conf
# This file was generated by Chef for my-vm-precise64.
# Do NOT modify this file by hand!
Listen *:80
NameVirtualHost *:80
alors j'ai aussi essayé de les ajouter dans le ports.conf
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/Apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
vagrant@test-www:/etc/Apache2$ grep "SSLv" -r *
mods-available/ssl.conf:#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
mods-available/ssl.conf:# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2
mods-available/ssl.conf:SSLProtocol all -SSLv2 <=== ?
mods-enabled/ssl.conf:#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
mods-enabled/ssl.conf:# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2
mods-enabled/ssl.conf:SSLProtocol all -SSLv2 <=== ?
Mon mal, j'avais ssl.conf
dans /etc/Apache2
au lieu de /etc/Apache2/sites-enabled
après avoir déplacé le fichier et redémarré Apache2 service Apache2 restart
, tout a bien fonctionné.
Dans mon cas, je n'avais pas activé le site 'default-ssl'. Seul '000-default' était répertorié dans le dossier /etc/Apache2/sites-enabled
.
Activer le site SSL sur Ubuntu 14 LTS, Apache 2.4.7:
a2ensite default-ssl
service Apache2 reload