0

So, I have created an owncloud instance and I want to be able to access it from the outside network (it works just fine on the itnernal) but an older administrator had created a "reverse proxy" (he mentioned it before) so I'm trying to understand his mess...

So, we have a domain with godaddy, domain.com in which I already added the owncloud.domain.com, so that part is good, now going to the reverse proxy..

  • Server 1 - Reverse proxy is on the DMZ

  • Server 1 - Has Wordpress on itself with ssl

  • Server 2 - Owncloud server is on the LAN

  • Server 2 - has ssl keys on itself

When I login to domain.com I get my wordpress site, which is great. But when I go to owncloud.domain.com then I get the error on chrome : ERR_SSL_PROTOCOL_ERROR

I have tried many things without success, I hope somebody can point me into the right direction.

Here are the VirtualHosts under sites-enabled:

OwnCloud

<VirtualHost *:80>
ServerName owncloud.domain.com
    <Proxy *>
        Order deny,allow
                Allow from all
        </Proxy>    
        <Location />
        ProxyPass owncloud.domain.com
        ProxyPassReverse owncloud.domain.com
        </Location>    
</VirtualHost>

DOmain (wordpress site)

<VirtualHost *:80>
    ServerName domain.com
    ServerAlias www.domain.com
    DocumentRoot /etc/httpd/htdocs/wordpress-new
    DirectoryIndex index.php
    <Directory />
        Options None
        Order deny,allow
        Deny from all
        AllowOverride None
    </Directory>
    <Directory /etc/httpd/htdocs/wordpress-new>
        Options -Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>

        <FilesMatch \.php$>
                SetHandler application/x-httpd-php
        </FilesMatch>

<FilesMatch "\.(engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template)$">
    Order allow,deny
</FilesMatch>
    RewriteEngine on
    RewriteLog logs/rewritelog

<IfModule mod_php5.c>
    php_value magic_quotes_gpc 0
    php_value register_globals 0
    php_value session.auto_start 0
    php_value mbstring.http_input pass
    php_value mbstring.http_output pass
    php_value encoding_translation 0
</IfModule>
</VirtualHost>

Any help will be much much appreciated!!!

user3311890
  • 181
  • 2
  • 8
  • Alright, sounds stupid but how do I get rid of the proxy? The ssl config is specified on the httpd.conf – user3311890 Nov 24 '15 at 21:40
  • Just configure a simple virtual host, pls check owncloud documentation for example. – Diamond Nov 24 '15 at 21:47
  • See the [owncloud installation manual](https://doc.owncloud.org/server/6.0/admin_manual/installation/installation_source.html), specially the "Web Server Configuration" part. – Diamond Nov 24 '15 at 22:17
  • Sorry! my mistake. I have updated my answer. Have a look. – Diamond Nov 25 '15 at 08:19

2 Answers2

1

Your virtual host configuration is missing the ssl part. It is listening only on HTTP port (80), so a request on HTTPS (443) won't work. You should check first, if you can reach the site with http, with your configuration.

You need something like following, you can compare with yours and adjust:

<VirtualHost *:443>
   ServerName owncloud.example.com
   ProxyRequests Off
   ProxyPass / http://owncloud.internal.net/
   ProxyPassReverse / http://owncloud.internal.net/
   SSLProxyEngine On
   SSLEngine on
   SSLCertificateFile    /etc/ssl/certs/cert.pem
   SSLCertificateKeyFile /etc/ssl/private/key.pem
</VirtualHost>
Diamond
  • 9,001
  • 3
  • 24
  • 38
  • Thanks! the SSLCertificateFile and SSLCertificateKeyFile are actually ont he LAN server that hosts Owncloud, is there any way to bypass this? or is it better to still create a ssl cert and key on the DMZ host? – user3311890 Nov 25 '15 at 16:14
  • Okay, so I disabled the SSL on the Owncloud server and used only the SSL from the DMZ as you suggested. It works, but the page is not functional. Meaning, I cannot see the CSS, colors and I can't login :( I feel I am just a step closer! – user3311890 Nov 25 '15 at 20:46
  • Do your owncloud install works locally `http://local_ip/owncloud`? Can you post your vhost config? – Diamond Nov 25 '15 at 20:52
0

SSL certificates should be installed on both servers (reverse proxy and the owncloud).
Add in the hosts file of your reverse proxy an entry for the owncloud server

i.e 192.168.1.1 myownlcoud.internaldomain.com

The domain name 'myowncloud.internaldomain.com should not be resolvable from outside.Also, add the 'fake' hostname at the reverse proxy configuration :

ProxyPass / http://myowncloud.internaldomain.com/
ProxyPassReverse / http://owncloud.internaldomain.com/
Nisse Engström
  • 208
  • 2
  • 5
LinuxmanCY
  • 1