Skip to main content
Super User

Return to Question

Added more contents in the ssl config file
Source Link
RabidTunes
RabidTunes
  • 121
  • 8

/etc/apache2/sites-available/default-ssl.conf This file is very big and, I only modified these two lines to changewill remove the certcomments

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@localhost

                DocumentRoot /var/www/html

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                SSLEngine on

                SSLCertificateFile /etc/apache2/ssl/apache.crt
                SSLCertificateKeyFile /etc/apache2/ssl/apache.key
..
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
        </VirtualHost>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

/etc/apache2/sites-available/default-ssl.conf This file is very big and I only modified these two lines to change the cert

...
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
...

/etc/apache2/sites-available/default-ssl.conf This file is very big, I will remove the comments

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@localhost

                DocumentRoot /var/www/html

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                SSLEngine on

                SSLCertificateFile /etc/apache2/ssl/apache.crt
                SSLCertificateKeyFile /etc/apache2/ssl/apache.key

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
        </VirtualHost>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Added some config files
Source Link
RabidTunes
RabidTunes
  • 121
  • 8

These are the config files, in case they might be of help. With the exception of nextcloud.conf, I think the other ones are the default ones.

/etc/apache2/sites-available/nextcloud.conf

Alias /nextcloud "/var/www/nextcloud/"

<Directory /var/www/nextcloud/>
  Require all granted
  AllowOverride All
  Options FollowSymLinks MultiViews

  <IfModule mod_dav.c>
    Dav off
  </IfModule>

</Directory>

/etc/apache2/sites-available/000-default.conf

<VirtualHost *:80>
   ServerAdmin example@example

   RewriteEngine On
   RewriteCond %{HTTPS} off
   RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>

/etc/apache2/sites-available/default-ssl.conf This file is very big and I only modified these two lines to change the cert

...
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
...

/etc/apache2/ports.conf

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf

Listen 80

<IfModule ssl_module>
        Listen 443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

/etc/apache2/apache2.conf I suppressed the comments in this file otherwise it gets very big

# This is the main Apache server configuration file...
# ...
# The directory where shm and other runtime files will be stored.
DefaultRuntimeDir ${APACHE_RUN_DIR}

# PidFile: The file in which the server should record...
PidFile ${APACHE_PID_FILE}

# Timeout: The number of seconds...
Timeout 300

# KeepAlive: Whether or not to allow persistent connections...
KeepAlive On

# MaxKeepAliveRequests: The maximum number of requests to allow...
MaxKeepAliveRequests 100

# KeepAliveTimeout: Number of seconds to wait for the next request...
KeepAliveTimeout 5

# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

# HostnameLookups: Log the names of clients or just their IP addresses...
HostnameLookups Off

# ErrorLog: The location of the error log file
ErrorLog ${APACHE_LOG_DIR}/error.log

# LogLevel: Control the severity of messages...
LogLevel warn

# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

# Include list of ports to listen on
Include ports.conf


# Sets the default security model of the Apache2 HTTPD server...
<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

# AccessFileName: The name of the file to look...
AccessFileName .htaccess

# The following lines prevent .htaccess and .htpasswd files...
<FilesMatch "^\.ht">
        Require all denied
</FilesMatch>

# The following directives define some format nicknames...
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

These are the config files, in case they might be of help. With the exception of nextcloud.conf, I think the other ones are the default ones.

/etc/apache2/sites-available/nextcloud.conf

Alias /nextcloud "/var/www/nextcloud/"

<Directory /var/www/nextcloud/>
  Require all granted
  AllowOverride All
  Options FollowSymLinks MultiViews

  <IfModule mod_dav.c>
    Dav off
  </IfModule>

</Directory>

/etc/apache2/sites-available/000-default.conf

<VirtualHost *:80>
   ServerAdmin example@example

   RewriteEngine On
   RewriteCond %{HTTPS} off
   RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>

/etc/apache2/sites-available/default-ssl.conf This file is very big and I only modified these two lines to change the cert

...
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
...

/etc/apache2/ports.conf

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf

Listen 80

<IfModule ssl_module>
        Listen 443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

/etc/apache2/apache2.conf I suppressed the comments in this file otherwise it gets very big

# This is the main Apache server configuration file...
# ...
# The directory where shm and other runtime files will be stored.
DefaultRuntimeDir ${APACHE_RUN_DIR}

# PidFile: The file in which the server should record...
PidFile ${APACHE_PID_FILE}

# Timeout: The number of seconds...
Timeout 300

# KeepAlive: Whether or not to allow persistent connections...
KeepAlive On

# MaxKeepAliveRequests: The maximum number of requests to allow...
MaxKeepAliveRequests 100

# KeepAliveTimeout: Number of seconds to wait for the next request...
KeepAliveTimeout 5

# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

# HostnameLookups: Log the names of clients or just their IP addresses...
HostnameLookups Off

# ErrorLog: The location of the error log file
ErrorLog ${APACHE_LOG_DIR}/error.log

# LogLevel: Control the severity of messages...
LogLevel warn

# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

# Include list of ports to listen on
Include ports.conf


# Sets the default security model of the Apache2 HTTPD server...
<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

# AccessFileName: The name of the file to look...
AccessFileName .htaccess

# The following lines prevent .htaccess and .htpasswd files...
<FilesMatch "^\.ht">
        Require all denied
</FilesMatch>

# The following directives define some format nicknames...
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Source Link
RabidTunes
RabidTunes
  • 121
  • 8

Cannot access Apache Server from outside local network

I have a Raspberry Pi 4 with Raspberry Pi OS Lite and I have set up there an Apache server following this tutorial. I have also set up DuckDNS so I can point to my public IP address with a duckdns subdomain. However I can only reach this server either through LAN or a private Wireguard VPN, and I want to access it through my public IP. Neither port 80 nor port 443 seem to work.

At first I thought it might be a problem with port forwarding, I've read that some routers or ISPs block ports 80 and 443, but I've tried to start a simple HTTP Python server on my personal PC (using python -m http.server <port> where I replaced <port> with 80 and 443 to test both) and I could access the python server querying my public IP address, so I guess port forwarding is working. (Note: After testing the python server I redirected the ports to the Raspberry Pi local IP but still didn't work)

That only leaves me assuming that either the Apache configuration is wrong or the firewall is blocking it? I haven't manually set up any firewalls on the Raspberry Pi so any kind of configuration in that regard is the default one, and the Apache Config I'd say that it is also the same, so I don't know what might be happening.

How can I "debug" what is happening or who is blocking these requests?