connorourke
(Conn O'Rourke)
February 28, 2024, 2:10pm
1
I am trying to get SSL working with a fresh install of open on demand.
If I don’t have it on I can access the open on demand page, and log in etc.
I have certificates issued, and have added them to: /etc/ood/config/ood_portal.yml
I have removed the
Listen 80
line from /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf
and added in the following:
Listen 443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/my_server.ac.uk.crt
SSLCertificateKeyFile /etc/pki/tls/private/my_server.ac.uk.key
SSLCertificateChainFile /etc/pki/tls/certs/-ssl-chain.crt
</VirtualHost>
the following lines to
ssl:
- 'SSLCertificateFile "/etc/pki/tls/certs/my_server.ac.uk.crt"'
- 'SSLCertificateKeyFile "/etc/pki/tls/private/my_server.ac.uk.ac.uk.key"'
- 'SSLCertificateChainFile "/etc/pki/tls/certs/ssl-chain.crt"'
I have updated with updated and restarted the services:
/opt/ood/ood-portal-generator/sbin/update_ood_portal -f
systemctl restart httpd24-httpd.service
systemctl restart ondemand-dex.service
Now when I navigate to https://my_server.ac.uk i get an apache Red Hat Enterprise Linux Test Page, not the open on demand page.
Is there a missing or incorrect step here?
Thanks!
From our docs - Apache httpd tips — Open OnDemand 3.1.0 documentation
If you’re seeing the default Apache webpage you likely have to configure
the ServerName which corresponds directly to Apache’s ServerName
configuration (and restart Apache).
The document page has links on where/how to configure the servername
.
connorourke
(Conn O'Rourke)
February 28, 2024, 2:26pm
3
Thanks for the prompt response @jeff.ohrstrom !
The servername is configured in my ood_portal.yml:
servername: 'my_server.ac.uk'
and as:
ServerName "my_server.ac.uk"
in /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf
The output of
/opt/rh/httpd24/root/usr/sbin/httpd-scl-wrapper -S
gives:
VirtualHost configuration:
*:80 my_server.ac.uk (/opt/rh/httpd24/root/etc/httpd/conf.d/ood-portal.conf:46)
*:443 is a NameVirtualHost
default server my_server.ac.uk (/opt/rh/httpd24/root/etc/httpd/conf/httpd.conf:44)
port 443 namevhost my_server.ac.uk (/opt/rh/httpd24/root/etc/httpd/conf/httpd.conf:44)
port 443 namevhost my_server.ac.uk (/opt/rh/httpd24/root/etc/httpd/conf.d/ood-portal.conf:55)
ServerRoot: "/opt/rh/httpd24/root/etc/httpd"
Main DocumentRoot: "/opt/rh/httpd24/root/var/www/html"
Main ErrorLog: "/opt/rh/httpd24/root/etc/httpd/logs/error_log"
Mutex proxy: using_defaults
Mutex ldap-cache: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/opt/rh/httpd24/root/etc/httpd/run/" mechanism=default
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "/opt/rh/httpd24/root/etc/httpd/run/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48
Any other suggestions?
Your default server is being served from here. Seems like you should remove something on line 44 in this file?
connorourke
(Conn O'Rourke)
February 28, 2024, 2:33pm
5
I also get a ‘Cant connect to server’ if I go to http://my_server.ac.uk rather than be redirected.
connorourke
(Conn O'Rourke)
February 28, 2024, 2:34pm
6
Line 44 is the start of the:
<VirtualHost *:443>
block in /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf
, which I added in manually.
connorourke
(Conn O'Rourke)
February 28, 2024, 2:38pm
7
Ah - ok. Removing that block, but leaving in the 443 port has sorted it out.
Thanks!
Still not getting redirected from http://my_server.ac.uk though.
Because the server you’re being routed to is the default server in your other comment.
connorourke:
Line 44 is the start of the:
<VirtualHost *:443>
block in /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf
, which I added in manually.
Apache recognizes this as the default server, so it’s routing you there instead of routing you to the server defined in ood-portal.conf
.
This is why the docs have you run httpd-scl-wrapper -S
- this output is telling you how apache is routing requests and it’s telling you that it’s routing to the virtualhost defined in httpd.conf
not the OOD virtualhost in ood-portal.conf
.
1 Like
system
(system)
Closed
August 26, 2024, 2:39pm
9
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.