SSL not working

lost · October 19, 2021, 1:16pm

Hi. I’ve installed open ondemand on CentOS 8 using the GitHub - OSC/ood-ansible: An ansible playbook for Open Ondemand ansible role. I’m accessing the server just via IP.

I’m using OIDC for authentication and before I configured for SSL, Open Ondemand seemed to be “working” (as in it redirected me to the OIDC provider page, and then the redirect back failed because I’d given an https address to the provider as their redirect address in anticpation of getting SSL working, but that’s ok at this stage).

The critical bit in getting that far was setting:

servername:

to avoid the ansible role configuring a ServerName in the <VirtualHost> config which seemed to break things.

I then started configuring for SSL, discovering that actually the mod_ssl package which gets installed generates keys, so I didn’t need to do that. But the global SSL config on the server didn’t appear to have any SSLProtocol configured, so I think a minimal ssl config is:

ssl:
  - SSLCertificateFile /etc/pki/tls/certs/localhost.crt
  - SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
  - SSLProtocol TLSv1.2 TLSv1.3

However, now if I go to https://<my.server.id> I get the default apache landing page (as shown here). Looking at the apache logs I can see this is using TLSv1.3.

Noting that the role configures an http → https redirect, I tried going to http://<my.server.id>. This does redirect to https://<my.server.id>:80/ but Chrome throws:

This site can’t provide a secure connection
<my.server.ip> sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

Any suggestions please, I am getting totally stuck!

lost · October 19, 2021, 1:55pm

Ok turns out you need to set httpd_port: 443, then https:// ... works. The redirect from http:// is still broken though. And it doesn’t look as though that takes a list.

jeff.ohrstrom · October 19, 2021, 1:55pm

Hi and welcome!

Can you confirm the VirtualHost for OOD is on 443?
I’d be this line in /etc/httpd/conf.d/ood-portal.conf

# The Open OnDemand portal VirtualHost
#
<VirtualHost *:443>

Also try going directly to https://<my.server.id>/pun/sys/dashboard. It could be just that you need to use_rewrites for redirects from the root url (or from using http & 80 port).

Specifying https with port 80 (https://<my.server.id>:80/) is expected behavior. It’s the wrong protocol for that port, I think you’d have to use http to get that redirect to work (along with use_rewrites).

If that doesn’t help feel free to share the ood_portal.yml with anything obsfucated.

lost · October 19, 2021, 2:00pm

Thank you - that was fast!

As per what someone suggested to me elsewhere I do now have that virtualhost line after adding httpd_port: 443 and https://... works.

It’d be nice to get the http:// redirect working too though. I have use_rewrites: true (as per defaults) and I’m getting the following on ood-portal.conf:

<VirtualHost *:80>
  RewriteEngine On
  RewriteRule ^(.*) https://%{SERVER_NAME}:443$1 [R=301,NE,L]
</VirtualHost>

But going to http://my.server.ip is redirecting to https://my.server.ip:80/, which seems odd.

jeff.ohrstrom · October 19, 2021, 2:04pm

I wonder if you’ve cached the redirect? Can you try without your cache (in a private window, clearing your cache or disabling it in dev tools).

lost · October 19, 2021, 2:28pm

Agh, you were right, in a private window http:// worked fine! I didn’t know redirects got cached… Thanks again.

system · May 17, 2022, 6:33pm

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Enabling ssl/https failing Get Help question	12	639	May 26, 2022
Ondemand httpd ssl issue Get Help	6	272	April 20, 2024
Keycloak on ondemand having issue Get Help	29	279	October 30, 2023
OIDC redirect failing Get Help question	14	3970	May 26, 2022
Error OpenID Remote user could not be set Get Help ondemand2 , question	7	924	September 19, 2023

SSL not working

Related Topics