0

I have setup apache2.4.1 on ubuntu 16.04 to two handle both http and https traffic on port 80 and 443. I am able to browse to both sites without any problems.

The server is accessible via both a public ip and private ip-which a remote api service uses to send traffic to my server via a vpn.

Here is my apachectl -S result

*:80                   APPSERVER.example.com (/etc/apache2/sites-enabled/000-default.conf:1)          
*:443                  is a NameVirtualHost                                                                     
     default server APPSERVER.example.com (/etc/apache2/sites-enabled/000-default-ssl.conf:2)     
     port 443 namevhost APPSERVER.example.com (/etc/apache2/sites-enabled/000-default-ssl.conf:2) 
     port 443 namevhost APPSERVER.example.com (/etc/apache2/sites-   enabled/default-ssl.conf:2)     
ServerRoot: "/etc/apache2"                                                                                      
Main DocumentRoot: "/var/www/html"                                                                              
Main ErrorLog: "/var/log/apache2/error.log"                                                                     
Mutex rewrite-map: using_defaults                                                                               
Mutex ssl-stapling-refresh: using_defaults                                                                      
Mutex ssl-stapling: using_defaults                                                                              
Mutex ssl-cache: using_defaults                                                                                 
Mutex default: dir="/var/lock/apache2" mechanism=fcntl                                                          
Mutex mpm-accept: using_defaults                                                                                
Mutex watchdog-callback: using_defaults                                                                         
PidFile: "/var/run/apache2/apache2.pid"                                                                         
Define: DUMP_VHOSTS                                                                                             
Define: DUMP_RUN_CFG                                                                                            
User: name="www-data" id=33                                                                                     
Group: name="www-data" id=33

Here is my 000-default.conf

<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
<Directory /var/www>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Here is 000-default-ssl.conf

 <IfModule mod_ssl.c>
  <VirtualHost *:443>
    ServerAdmin webmaster@localhost

    DocumentRoot /var/www/html
    <Directory /var/www>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    SSLEngine on

    SSLCertificateFile  /etc/apache2/ssl/certificate_bundle.cer
    SSLCertificateKeyFile /etc/apache2/ssl/appserver.key

    SSLCertificateChainFile /etc/apache2/ssl/intermediateCA.cer

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
            SSLOptions +StdEnvVars
    </Directory>

 </VirtualHost>
</IfModule>

The problem is , when the remote api service tries to send an xml post request using https, I get the infamous "\x16\x03\x01" 400 0 "-" "-" in my log file.

Could anyone point out what I might be doing wrong with my configuration to cause this error.

blackem
  • 3
  • 2

1 Answers1

1

I cannot see anything in your configuration that would cause this. The problem is that the client is speaking HTTP to your HTTPS vhost.

This can be caused by a redirect to `http://example.com:443/' in your config or app, but not much else. I do not see anything that would cause this in your configuration. From what you've shown us so far, it's more likely the issue is with the remote service.

EDIT: Correction, as pointed out by @dave_thompson_085 below, I had this the wrong way round. The client was speaking HTTPS to the HTTP vhost.

Unbeliever
  • 2,336
  • 1
  • 10
  • 19
  • 1
    Are you sure? I get the stated symptom for the opposite case: client tries to talk HTTPS to the HTTP listener on 80. – dave_thompson_085 Oct 05 '16 at 14:17
  • Sidenote: Also, try not to use the same name ServerName in two different virtualhosts or all requests will land on the first one and the second will never be used. ` port 443 namevhost APPSERVER.example.com (/etc/apache2/sites-enabled/000-default-ssl.conf:2) port 443 namevhost APPSERVER.example.com (/etc/apache2/sites- enabled/default-ssl.conf:2)` – Daniel Ferradal Oct 05 '16 at 15:58
  • @dave_thompson_085 is right, the client was sending https traffic to port 80. – blackem Oct 06 '16 at 11:50
  • Thanks, @dave_thompson_085 I did indeed get it the wrong way round. Corrected in an edit. – Unbeliever Oct 10 '16 at 06:42