Posts: 129
Threads: 21
Joined: Nov 2014
Reputation:
0
Sex: Male
Thanks: 40
Given 11 thank(s) in 9 post(s)
Weird .htaccess behavior
05-04-2017, 12:47 PM
OK, I have sites with just a landing page on them and they are setup with Let's Encrypt certs.
If I type https://suspect.site.com ---> works fine
If I type http://suspect.site.com ----? Fails to redirect to the https and gives me a "This site cannot be reached" error.
Here is the .htaccess I am trying to use and never recall it being an issue before...
Code: RewriteEngine On
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
Am I missing something simple? Everything as far as virtual hosts and stuff in Sentora is set up right. This is something I never noticed as my browser was used to changing the address to https: without the redirect even due to address caching. I am stumped. Any ideas? BTW, the sites are live in Sentora, not parked or anything. And there is a single "index.html" file with the .htaccess file in each site's root folder.
Everyone makes mistakes, but to truly screw up it takes the root password!
Posts: 3 ,663
Threads: 241
Joined: May 2014
Reputation:
85
Sex: Male
Thanks: 408
Given 599 thank(s) in 464 post(s)
RE: Weird .htaccess behavior
05-05-2017, 02:53 AM
It won't work since there is no virtual host for the domain/sub domain for port 80.
As explained in the Docs and in the How-To forum:
Quote:On Sentora Panel go to Admin -> Module Admin -> Apache Config > Override a Virtualhost [Select domain] ->
Tick Port Override.
Forward Port 80 to Overriden Port: 443
Wait for the daemon to run (~5 minutes).
-TGates - Project Council
SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE
Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Posts: 129
Threads: 21
Joined: Nov 2014
Reputation:
0
Sex: Male
Thanks: 40
Given 11 thank(s) in 9 post(s)
RE: Weird .htaccess behavior
05-05-2017, 06:53 AM
(05-05-2017, 02:53 AM)TGates Wrote: It won't work since there is no virtual host for the domain/sub domain for port 80.
As explained in the Docs and in the How-To forum:
Wait for the daemon to run (~5 minutes).
Sorry, but there is. I set up the domains just like the ones that work that have a full site on them.
Best description is they are tiny sites with just an .htacess and an index.html.
The Virtual Host and overrides are set in SENTORA, checkbox ticked and the data for the Let's Encrypt cert entered.
Essentially, I have followed the Let's Encrypt for domains tutorial and cannot understand that a redirect and virtual host override does not work. Port 80 is dead.
If I enter https// before the site names, they behave as expected. The .htaccess just has no affect in redirecting from http to https. And I always run the daemon after I set up the virtual host override.
Maybe I am not understanding what you are trying to tell me...???
Everyone makes mistakes, but to truly screw up it takes the root password!
Posts: 3 ,663
Threads: 241
Joined: May 2014
Reputation:
85
Sex: Male
Thanks: 408
Given 599 thank(s) in 464 post(s)
RE: Weird .htaccess behavior
05-05-2017, 02:07 PM
Hmm, well, if you port-forward from 80 to 443 using the custom vhost check box, you do not need a redirect in the .htaccess file.
If you do not use the port-forward feature, you need to have a vhost entry for the web site on port 80 and a custom vhost entry for the website on port 443 with the SSL configuration.
Can you PM me your httpd-vhosts.conf? Including the main sentora entry also.
-TGates - Project Council
SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE
Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Posts: 129
Threads: 21
Joined: Nov 2014
Reputation:
0
Sex: Male
Thanks: 40
Given 11 thank(s) in 9 post(s)
RE: Weird .htaccess behavior
05-05-2017, 02:23 PM
Sure, let me get that together.
Everyone makes mistakes, but to truly screw up it takes the root password!
Posts: 3 ,663
Threads: 241
Joined: May 2014
Reputation:
85
Sex: Male
Thanks: 408
Given 599 thank(s) in 464 post(s)
RE: Weird .htaccess behavior
05-05-2017, 04:06 PM
That part didn't help me any LOL.
Anyways, just to make sure, the file has: - Listen 80 and Listen 443 at the top
- shows correct <virtualhost 80:*></virtualhost> entries for the port-forward
I do notice that these 2 lines are entered twice:
Code: SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Not 100% sure on this, but these should be combined into one:
Code: SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
Code: SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
But that should not affect the redirect in anyway.
From testing the URL both http and https, there seems to be no entry for it on port 80.
Example of what your httpd-vhosts.conf should look like:
Code: ################################################################
# Apache VHOST configuration file
# Automatically generated by Sentora 1.0.3
# Generated on: 00:05 1st May 2017 EDT
#==== YOU MUST NOT EDIT THIS FILE : IT WILL BE OVERWRITTEN ====
# Use Sentora Menu -> Admin -> Module Admin -> Apache config
################################################################
Listen 443
Listen 80
# Configuration for Sentora control panel.
---[snip]---
################################################################
# Sentora generated VHOST configurations below.....
################################################################
# DOMAIN: domain.com
<virtualhost *:443>
ServerName domain.com
ServerAlias www.domain.com
ServerAdmin webmaster@domain.com
DocumentRoot "/var/sentora/hostdata/[username]/public_html/domain_com"
php_admin_value open_basedir "/var/sentora/hostdata/[username]/public_html/domain_com:/var/sentora/temp/"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"
ErrorLog "/var/sentora/logs/domains/[username]/domain.com-error.log"
CustomLog "/var/sentora/logs/domains/[username]/domain.com-access.log" combined
CustomLog "/var/sentora/logs/domains/[username]/domain.com-bandwidth.log" common
<Directory "/var/sentora/hostdata/[username]/public_html/domain_com">
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory>
AddType application/x-httpd-php .php3 .php
ErrorDocument 415 /_errorpages/415.html
ErrorDocument 413 /_errorpages/413.html
ErrorDocument 400 /_errorpages/400.html
ErrorDocument 404 /_errorpages/404.html
ErrorDocument 403 /_errorpages/403.html
ErrorDocument 500 /_errorpages/500.html
ErrorDocument 408 /_errorpages/408.html
ErrorDocument 510 /_errorpages/510.html
DirectoryIndex index.php index.html index.htm index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
# Custom Global Settings (if any exist)
# Custom VH settings (if any exist)
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.com/chain.pem
# Keeping below for future upgrades.
# Requires Apache >= 2.4
# SSLCompression off
</virtualhost>
# END DOMAIN: domain.com
################################################################
# DOMAIN: domain.com
# PORT FORWARD FROM 80 TO: 443
<virtualhost *:80>
ServerName domain.com
ServerAlias www.domain.com
ServerAdmin webmaster@domain.com
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</virtualhost>
# END DOMAIN: domain.com
-TGates - Project Council
SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE
Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Posts: 129
Threads: 21
Joined: Nov 2014
Reputation:
0
Sex: Male
Thanks: 40
Given 11 thank(s) in 9 post(s)
RE: Weird .htaccess behavior
05-05-2017, 04:29 PM
You found it Tom - I should have looked into the httpd-vhosts.conf - it was missing the listen 80. I suspected this reason (not getting the info from port 80 to use port 443) but surely not in that file - but why would it not be there?
Wouldn't that have to be something that is missing in the virtualhost overrides or global SENTORA files??? In the SENTORA UI itself?
I mean I can add the "Listen 80" to the httpd-vhosts.conf file but the daemon should undo that every five minutes, no? - To answer my own question, no the daemon does not change that listen 80 at the top. How in the World did it go missing anyway? I likely did it but surely never meant to - and I don't edit the httpd-vhosts.conf file "by hand..." Running the daemon removes the Listen 80 dang it. - What do I change inside SENTORA to make it retain the Listen 80???
As far as combining the hardening stuff, that is a bit above my pay grade I think, I will have to study how that works. For now they don't hurt anything, but likely slow the server down some.
I will get rid of the dupe, but all of that I had copied from a post here that gets your cert rating to an A+ (Remember the Sentastico fail I had? it was that line "# Header always set X-Frame-Options DENY") ---> woops. lol
Everyone makes mistakes, but to truly screw up it takes the root password!
Posts: 3 ,663
Threads: 241
Joined: May 2014
Reputation:
85
Sex: Male
Thanks: 408
Given 599 thank(s) in 464 post(s)
RE: Weird .htaccess behavior
05-06-2017, 02:41 AM
Are all your sites https? If so this would be a bug. Although there is no reason I can figure why somebody would code it to remove the listen 80 for any reason as that is the core port for any web server. I'll look into the code and check it out.
This is the relevant code to the Listen 80/Listen anything:
Code: $VHostDefaultPort = ctrl_options::GetSystemOption('apache_port');
$customPorts = array(ctrl_options::GetSystemOption('sentora_port'));
$portQuery = $zdbh->prepare("SELECT vh_custom_port_in FROM x_vhosts WHERE vh_deleted_ts IS NULL");
$portQuery->execute();
while ($rowport = $portQuery->fetch()) {
$customPorts[] = (empty($rowport['vh_custom_port_in'])) ? $VHostDefaultPort : $rowport['vh_custom_port_in'];
}
$customPortList = array_unique($customPorts);
--[snip]--
# NameVirtualHost is still needed for Apache 2.2 but must be removed for apache 2.3
if ((double) sys_versions::ShowApacheVersion() < 2.3) {
foreach ($customPortList as $port) {
$line .= "NameVirtualHost *:" . $port . fs_filehandler::NewLine();
}
}
# Listen is mandatory for each port <> 80 (80 is defined in system config)
foreach ($customPortList as $port) {
$line .= "Listen " . $port . fs_filehandler::NewLine();
}
So, if you changed the default Apache Service Port (row 80 in DB x_settings) from 80 to anything else (443?), that would cause it to not re-create a Listen 80. This must stay at port 80 and use custom vhost entry port-forwards to use any other ports.
That is the only way I can see it not reproducing the Listen 80.
After even further review, if I am reading this right, this would remove port 80 from the list if any custom ports exist:
Code: while ($rowport = $portQuery->fetch()) {
$customPorts[] = (empty($rowport['vh_custom_port_in'])) ? $VHostDefaultPort : $rowport['vh_custom_port_in'];
}
$customPortList = array_unique($customPorts);
I think it should be something like:
Code: while ($rowport = $portQuery->fetch()) {
$customPorts[] = (empty($rowport['vh_custom_port_in'])) ? $VHostDefaultPort : $rowport['vh_custom_port_in'];
}
$customPorts = array_push($customPorts, $VHostDefaultPort); // Adds the default Apache Port
$customPortList = array_unique($customPorts);
Not yet tested.
-TGates - Project Council
SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE
Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Posts: 129
Threads: 21
Joined: Nov 2014
Reputation:
0
Sex: Male
Thanks: 40
Given 11 thank(s) in 9 post(s)
RE: Weird .htaccess behavior
05-06-2017, 09:01 AM
Well I cannot get it to break any further. It did once pull the listen 80 out again on its own, but no matter what I do I cannot get it to repeat that behavior, so for now I guess I just chalk it up as a mystery.
Thanks for pushing me to the httpd-vhosts.conf file as I never would have thought of that since I know better than to edit it unless you have made a mistake that kills apache in the gui, then it is only a temporary edit until you can get your setting correct in the SENTORA proper GUI..
Everyone makes mistakes, but to truly screw up it takes the root password!
Posts: 3 ,663
Threads: 241
Joined: May 2014
Reputation:
85
Sex: Male
Thanks: 408
Given 599 thank(s) in 464 post(s)
RE: Weird .htaccess behavior
05-06-2017, 11:55 AM
Ok, keep an eye on it and let us know. I'll change the github issue to 'on hold'
-TGates - Project Council
SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE
Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
|