Getting SSL working

I am trying to get SSL working with a fresh install of open on demand.

If I don’t have it on I can access the open on demand page, and log in etc.

I have certificates issued, and have added them to: /etc/ood/config/ood_portal.yml

I have removed the
Listen 80

line from /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf and added in the following:

Listen 443
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/my_server.ac.uk.crt
    SSLCertificateKeyFile /etc/pki/tls/private/my_server.ac.uk.key
    SSLCertificateChainFile /etc/pki/tls/certs/-ssl-chain.crt
</VirtualHost>

the following lines to

ssl:
  - 'SSLCertificateFile "/etc/pki/tls/certs/my_server.ac.uk.crt"'
  - 'SSLCertificateKeyFile "/etc/pki/tls/private/my_server.ac.uk.ac.uk.key"'
  - 'SSLCertificateChainFile "/etc/pki/tls/certs/ssl-chain.crt"'

I have updated with updated and restarted the services:

/opt/ood/ood-portal-generator/sbin/update_ood_portal -f
systemctl restart httpd24-httpd.service
systemctl restart ondemand-dex.service

Now when I navigate to https://my_server.ac.uk i get an apache Red Hat Enterprise Linux Test Page, not the open on demand page.

Is there a missing or incorrect step here?

Thanks!

From our docs - Apache httpd tips — Open OnDemand 3.1.0 documentation

If you’re seeing the default Apache webpage you likely have to configure 
the ServerName which corresponds directly to Apache’s ServerName 
configuration (and restart Apache).

The document page has links on where/how to configure the servername.

Thanks for the prompt response @jeff.ohrstrom!

The servername is configured in my ood_portal.yml:

servername: 'my_server.ac.uk'

and as:

ServerName "my_server.ac.uk"

in /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf

The output of

/opt/rh/httpd24/root/usr/sbin/httpd-scl-wrapper -S
gives:

VirtualHost configuration:
*:80                   my_server.ac.uk (/opt/rh/httpd24/root/etc/httpd/conf.d/ood-portal.conf:46)
*:443                  is a NameVirtualHost
         default server my_server.ac.uk (/opt/rh/httpd24/root/etc/httpd/conf/httpd.conf:44)
         port 443 namevhost my_server.ac.uk (/opt/rh/httpd24/root/etc/httpd/conf/httpd.conf:44)
         port 443 namevhost my_server.ac.uk (/opt/rh/httpd24/root/etc/httpd/conf.d/ood-portal.conf:55)
ServerRoot: "/opt/rh/httpd24/root/etc/httpd"
Main DocumentRoot: "/opt/rh/httpd24/root/var/www/html"
Main ErrorLog: "/opt/rh/httpd24/root/etc/httpd/logs/error_log"
Mutex proxy: using_defaults
Mutex ldap-cache: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/opt/rh/httpd24/root/etc/httpd/run/" mechanism=default 
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "/opt/rh/httpd24/root/etc/httpd/run/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

Any other suggestions?

Your default server is being served from here. Seems like you should remove something on line 44 in this file?

I also get a ‘Cant connect to server’ if I go to http://my_server.ac.uk rather than be redirected.

Line 44 is the start of the:

<VirtualHost *:443>

block in /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf, which I added in manually.

Ah - ok. Removing that block, but leaving in the 443 port has sorted it out.

Thanks!

Still not getting redirected from http://my_server.ac.uk though.

Because the server you’re being routed to is the default server in your other comment.

Apache recognizes this as the default server, so it’s routing you there instead of routing you to the server defined in ood-portal.conf.

This is why the docs have you run httpd-scl-wrapper -S - this output is telling you how apache is routing requests and it’s telling you that it’s routing to the virtualhost defined in httpd.conf not the OOD virtualhost in ood-portal.conf.