SSL 403 Error with Me.B solution (Please help)
06-25-2015, 10:00 AM
(This post was last modified: 06-25-2015, 10:36 AM by stiuvert0007.
Edit Reason: Credits of an advice and new info (error logs)
)
First of all hello everyone. My name is Marcos
So far I love Sentora, it´s really simple and what I love the most is the low RAM usage.
I just have a big headache with SSL certs. The first thing I did was to read Sentora Docs SSL guide but that didn´t work for me.
After a long search in the forum I found Me.B solution. (I think that Sentora Docs should be updated)
When I use this solution I finally can use https://tilabmx.com but I get a 403 error.
I created a file under the name ssltilabmx.com.conf
With this inside:
Then I added
At the end of /etc/sentora/configs/apache/httpd.conf
When I saw the 403 error I tried to change the following (Thanks to elijahbate advice)
to
And when I acces https://tilabmx.com/ it redirects to http://tilabmx.com/ Why?
Then I searched in google the error "The web server is setup to disable directory listings." and found a solution using .htacces file for enabling directory listings. I added
at the end of my .htacces file but it´s not working.
This is the guide I followed.
And sorry for my bad english. I´ll appreciate your help. Please I´ve been trying to solve this problem since last saturday.
UPDATE:
This is my error domain log when I get 403:
And this is my apache error log with the 403:
So far I love Sentora, it´s really simple and what I love the most is the low RAM usage.
I just have a big headache with SSL certs. The first thing I did was to read Sentora Docs SSL guide but that didn´t work for me.
After a long search in the forum I found Me.B solution. (I think that Sentora Docs should be updated)
When I use this solution I finally can use https://tilabmx.com but I get a 403 error.
I created a file under the name ssltilabmx.com.conf
With this inside:
Code:
Listen 443
<VirtualHost *:443>
ServerName tilabmx.com
ServerAlias www.tilabmx.com
ServerAdmin hcmarcos@tilabmx.com
DocumentRoot "/var/sentora/hostdata/zadmin/public_html/tilabmx_com"
php_admin_value open_basedir "/var/sentora/hostdata/zadmin/public_html/tilabmx_com:/var/sentora/temp/"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid$
SSLEngine on
SSLCertificateKeyFile /etc/apache2/ssl/tilabmx.com.key
SSLCertificateFile /etc/apache2/ssl/tilabmx_com.crt
SSLCertificateChainFile /etc/apache2/ssl/bundle.crt
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!A$
SSLHonorCipherOrder on
ErrorLog "/var/sentora/logs/domains/zadmin/tilabmx.com-error.log"
CustomLog "/var/sentora/logs/domains/zadmin/tilabmx.com-access.log" combined
CustomLog "/var/sentora/logs/domains/zadmin/tilabmx.com-bandwidth.log" common
<Directory "/var/sentora/hostdata/zadmin/public_html/tilabmx_com">
Options FollowSymLinks Indexes
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
AddType application/x-httpd-php .php3 .php
ErrorDocument 500 /_errorpages/500.html
ErrorDocument 403 /_errorpages/403.html
ErrorDocument 404 /_errorpages/404.html
ErrorDocument 510 /_errorpages/510.html
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
</virtualHost>
Then I added
Code:
Include /etc/sentora/configs/apache/ssltilabmx.com.conf
When I saw the 403 error I tried to change the following (Thanks to elijahbate advice)
Code:
<Directory "/var/sentora/hostdata/zadmin/public_html/tilabmx_com">
Options FollowSymLinks Indexes
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
to
Code:
<Directory "/var/sentora/hostdata/zadmin/public_html/tilabmx_com">
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory
And when I acces https://tilabmx.com/ it redirects to http://tilabmx.com/ Why?
Then I searched in google the error "The web server is setup to disable directory listings." and found a solution using .htacces file for enabling directory listings. I added
Code:
Options +Indexes
at the end of my .htacces file but it´s not working.
This is the guide I followed.
(12-07-2014, 07:39 AM)Me.B Wrote: In few lines the best solution is:BTW what do you mean with
1. create a new conf file that contain your SSL host that will look like this
Quote:<virtualhost *:443>
ServerName ssl.domain.com
ServerAlias ssl.domain.com
ServerAdmin you@domain.com
DocumentRoot "/var/zpanel/hostdata/zadmin/public_html/ssl.domain.com"
php_admin_value open_basedir "/var/zpanel/hostdata/zadmin/public_html/ssl.domain.com:/var/zpanel/temp/"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"
ErrorLog "/var/zpanel/logs/domains/zadmin/ssl.domain.com-error.log"
CustomLog "/var/zpanel/logs/domains/zadmin/ssl.domain.com-access.log" combined
CustomLog "/var/zpanel/logs/domains/zadmin/ssl.domain.com-bandwidth.log" common
<Directory />
Options FollowSymLinks Indexes
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
AddType application/x-httpd-php .php3 .php
ErrorDocument 403 /_errorpages/403.html
ErrorDocument 510 /_errorpages/510.html
ErrorDocument 500 /_errorpages/500.html
ErrorDocument 404 /_errorpages/404.html
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
SSLEngine On
SSLCertificateFile /var/zpanel/logs/domains/zadmin/ssl/secure1.pem
SSLCertificateKeyFile /var/zpanel/logs/domains/zadmin/ssl/secure1.key
</virtualhost>
All zpanel path's should be replaced by sentora.
You will need first to create a normal ssl.domain.com ( sub domain) could a be domain so replace ssl.domain.com with the correct URL you will use.
Notice the path for the SSL certificates that you can change.
Once you create this config file as ssl.domain.com.conf place it in
/etc/zpanel/config/apache/ ( or /etc/sentora/ )
Then check your apache main config file & add include the new conf file you created.
Restart apache. If your SSL certficate is ok ( take care to remove the password or apache will request it after each restart), you should now have
http://ssl.domain.com working &
https://ssl.domain.com both pointing same root.
Then add a .htaccess to enforce https only if you need that or you can keep both working.
I think the old way in the wiki should not be used & hope in next release we auto generate the ssl host instead of having this manual setup. The wiki how to fail to explain the need for override. As once you enable ssl the default domain/subdomain with SSL will no longer work on HTTP & this is why you will be required to add a vhost port override to avoid nasty errors. My way will allow both SSL & non SSL working but require a lot more manual admin off panel.
This topic is FOR EXPERIENCED ADMIN.
M B
Quote:If your SSL certficate is ok ( take care to remove the password or apache will request it after each restart)What password?
And sorry for my bad english. I´ll appreciate your help. Please I´ve been trying to solve this problem since last saturday.
UPDATE:
This is my error domain log when I get 403:
Code:
[Wed Jun 24 19:32:22.700073 2015] [authz_core:error] [pid 7136] [client 177.245.212.76:50757] AH01630: client denied by server configuration: /var/sentora/hostdata/zadmin/public_html/tilabmx_com/
And this is my apache error log with the 403:
Code:
[Wed Jun 24 19:32:18.748596 2015] [mpm_prefork:notice] [pid 5947] AH00169: caught SIGTERM, shutting down
[Wed Jun 24 19:32:19.498147 2015] [:notice] [pid 7131] mod_bw : Memory Allocated 0 bytes (each conf takes 48 bytes)
[Wed Jun 24 19:32:19.498261 2015] [:notice] [pid 7131] mod_bw : Version 0.92 - Initialized [0 Confs]
[Wed Jun 24 19:32:19.533561 2015] [mpm_prefork:notice] [pid 7131] AH00163: Apache/2.4.7 (Ubuntu) OpenSSL/1.0.1f configured -- resuming normal operations
[Wed Jun 24 19:32:19.533629 2015] [core:notice] [pid 7131] AH00094: Command line: '/usr/sbin/apache2'