Apache Ошибка 400 При запросе через https. Как найти причину?
Здравствуйте!
Физический сервер, Debian, ISPmanager, Apache, PHP как модуль Apache.
Недавно купил сертификат, установил его через ISPManager. При переходе через my.domain — сайт открывается и работает нормально. Но при переходе через my.domain — Chrome вообще не открывает сайт, а Mozilla, Safari и другие выводят ошибку 400.
MOD_SSL — включен. Содержимое ssl.conf:
SSLRandomSeed startup builtin SSLRandomSeed startup file:/dev/urandom 512 SSLRandomSeed connect builtin SSLRandomSeed connect file:/dev/urandom 512 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 SSLMutex file:${APACHE_RUN_DIR}/ssl_mutex SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 #SSLHonorCipherOrder on # enable only secure protocols: SSLv3 and TLSv1, but not SSLv2 SSLProtocol all -SSLv2 # Allow insecure renegotiation with clients which do not yet support the # secure renegotiation protocol. Default: Off SSLInsecureRenegotiation off # Whether to forbid non-SNI clients to access name based virtual hosts. # Default: Off SSLStrictSNIVHostCheck off
apache2.conf:
# It is split into several files forming the configuration hierarchy outlined # below, all located in the /etc/apache2/ directory: # # /etc/apache2/ # |-- apache2.conf # | `-- ports.conf # |-- mods-enabled # | |-- *.load # | `-- *.conf # |-- conf.d # | `-- * # `-- sites-enabled # `-- * #ServerRoot "/etc/apache2" LockFile ${APACHE_LOCK_DIR}/accept.lock PidFile ${APACHE_PID_FILE} Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 5 ## ## Server-Pool Size Regulation (MPM specific) ## # prefork MPM # StartServers: number of server processes to start # MinSpareServers: minimum number of server processes which are kept spare # MaxSpareServers: maximum number of server processes which are kept spare # MaxClients: maximum number of server processes allowed to start # MaxRequestsPerChild: maximum number of requests a server process serves StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxClients 150 MaxRequestsPerChild 0 # worker MPM # StartServers: initial number of server processes to start # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadLimit: ThreadsPerChild can be changed to this maximum value during a # graceful restart. ThreadLimit can only be changed by stopping # and starting Apache. # ThreadsPerChild: constant number of worker threads in each server process # MaxClients: maximum number of simultaneous client connections # MaxRequestsPerChild: maximum number of requests a server process serves StartServers 2 MinSpareThreads 25 MaxSpareThreads 75 ThreadLimit 64 ThreadsPerChild 25 MaxClients 150 MaxRequestsPerChild 0 StartServers 2 MinSpareThreads 25 MaxSpareThreads 75 ThreadLimit 64 ThreadsPerChild 25 MaxClients 150 MaxRequestsPerChild 0 # These need to be set in /etc/apache2/envvars User ${APACHE_RUN_USER} Group ${APACHE_RUN_GROUP} AccessFileName .htaccess # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # Order allow,deny Deny from all Satisfy all DefaultType None HostnameLookups Off ErrorLog ${APACHE_LOG_DIR}/error.log # # LogLevel: Control the number of messages logged to the error_log. # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. # LogLevel warn # Include module configuration: Include mods-enabled/*.load Include mods-enabled/*.conf # Include list of ports to listen on and which to use for name based vhosts Include ports.conf LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %O" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent # Include generic snippets of statements Include conf.d/ # Include the virtual host configurations: Include sites-enabled/ Include vhosts-default/ Include vhosts/
ports.conf:
NameVirtualHost *:80 Listen 80 # If you add NameVirtualHost *:443 here, you will also have to change # the VirtualHost statement in /etc/apache2/sites-available/default-ssl # to # Server Name Indication for SSL named virtual hosts is currently not # supported by MSIE on Windows XP. NameVirtualHost *:443 Listen 443 # Listen 443
Его и vhosts менял добавляя IP сервера, работает по http в любом случае.
Содержимое vhosts:
ServerName my.domain SSLEngine off RequestHeader set X-Forwarded-Proto 'http' DocumentRoot /var/www/www-root/data/www/my.domain ServerAdmin admin@my.domain AddDefaultCharset UTF-8 AssignUserID www-root www-root CustomLog /var/www/httpd-logs/my.domain.access.log combined ErrorLog /var/www/httpd-logs/my.domain.error.log SetHandler application/x-httpd-php ServerName my.domain ScriptAlias /cgi-bin/ /var/www/www-root/data/www/my.domain/cgi-bin/ ScriptAlias /php-bin/ /var/www/php-bin/www-root/ ServerAlias www.my.domain SetHandler application/x-httpd-php-source php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f admin@my.domain" php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp" php_admin_value session.save_path "/var/www/www-root/data/mod-tmp" php_admin_value open_basedir «none» php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f admin@my.domain" php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp" php_admin_value session.save_path "/var/www/www-root/data/mod-tmp" php_admin_value open_basedir «none» AllowOverride All Options +Includes +ExecCGI php_admin_flag engine on php_admin_flag engine on ServerName my.domain RequestHeader set X-Forwarded-Proto 'https' RequestHeader set X-Forwarded-Ssl on DocumentRoot /var/www/www-root/data/www/my.domain ServerAdmin admin@my.domain AddDefaultCharset UTF-8 SSLEngine on SSLCertificateFile "/var/www/httpd-cert/www-root/my.domain.crt" SSLCertificateKeyFile "/var/www/httpd-cert/www-root/my.domain.key" SSLCertificateChainFile "/var/www/httpd-cert/www-root/my.domain.ca" SSLHonorCipherOrder on SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH AssignUserID www-root www-root CustomLog /var/www/httpd-logs/my.domain443.access.log combined ErrorLog /var/www/httpd-logs/my.domain443.error.log SetHandler application/x-httpd-php ServerName my.domain ScriptAlias /cgi-bin/ /var/www/www-root/data/www/my.domain/cgi-bin/ CustomLog /var/www/httpd-logs/my.domain.access.log combined ErrorLog /var/www/httpd-logs/my.domain.error.log ScriptAlias /php-bin/ /var/www/php-bin/www-root/ ServerAlias www.my.domain SetHandler application/x-httpd-php-source php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f admin@my.domain" php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp" php_admin_value session.save_path "/var/www/www-root/data/mod-tmp" php_admin_value open_basedir «none» php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f admin@my.domain" php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp" php_admin_value session.save_path "/var/www/www-root/data/mod-tmp" php_admin_value open_basedir «none»
Запускал проверку SSL через сайты, все работает, сертификат работает при переходе в ISPmanager по адресу my.domain:1500. Но через my.domain — ошибка 400, my.domain:443 — тоже.
Порты 80 и 443 слушаются apache.
Настроено вроде верно, так что похоже в силу отстутствия опыта в этом вопросе, я что-то упускаю…
Буду рад любой помощи)
Физический сервер, Debian, ISPmanager, Apache, PHP как модуль Apache.
Недавно купил сертификат, установил его через ISPManager. При переходе через my.domain — сайт открывается и работает нормально. Но при переходе через my.domain — Chrome вообще не открывает сайт, а Mozilla, Safari и другие выводят ошибку 400.
MOD_SSL — включен. Содержимое ssl.conf:
SSLRandomSeed startup builtin SSLRandomSeed startup file:/dev/urandom 512 SSLRandomSeed connect builtin SSLRandomSeed connect file:/dev/urandom 512 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 SSLMutex file:${APACHE_RUN_DIR}/ssl_mutex SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 #SSLHonorCipherOrder on # enable only secure protocols: SSLv3 and TLSv1, but not SSLv2 SSLProtocol all -SSLv2 # Allow insecure renegotiation with clients which do not yet support the # secure renegotiation protocol. Default: Off SSLInsecureRenegotiation off # Whether to forbid non-SNI clients to access name based virtual hosts. # Default: Off SSLStrictSNIVHostCheck off
apache2.conf:
# It is split into several files forming the configuration hierarchy outlined # below, all located in the /etc/apache2/ directory: # # /etc/apache2/ # |-- apache2.conf # | `-- ports.conf # |-- mods-enabled # | |-- *.load # | `-- *.conf # |-- conf.d # | `-- * # `-- sites-enabled # `-- * #ServerRoot "/etc/apache2" LockFile ${APACHE_LOCK_DIR}/accept.lock PidFile ${APACHE_PID_FILE} Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 5 ## ## Server-Pool Size Regulation (MPM specific) ## # prefork MPM # StartServers: number of server processes to start # MinSpareServers: minimum number of server processes which are kept spare # MaxSpareServers: maximum number of server processes which are kept spare # MaxClients: maximum number of server processes allowed to start # MaxRequestsPerChild: maximum number of requests a server process serves StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxClients 150 MaxRequestsPerChild 0 # worker MPM # StartServers: initial number of server processes to start # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadLimit: ThreadsPerChild can be changed to this maximum value during a # graceful restart. ThreadLimit can only be changed by stopping # and starting Apache. # ThreadsPerChild: constant number of worker threads in each server process # MaxClients: maximum number of simultaneous client connections # MaxRequestsPerChild: maximum number of requests a server process serves StartServers 2 MinSpareThreads 25 MaxSpareThreads 75 ThreadLimit 64 ThreadsPerChild 25 MaxClients 150 MaxRequestsPerChild 0 StartServers 2 MinSpareThreads 25 MaxSpareThreads 75 ThreadLimit 64 ThreadsPerChild 25 MaxClients 150 MaxRequestsPerChild 0 # These need to be set in /etc/apache2/envvars User ${APACHE_RUN_USER} Group ${APACHE_RUN_GROUP} AccessFileName .htaccess # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # Order allow,deny Deny from all Satisfy all DefaultType None HostnameLookups Off ErrorLog ${APACHE_LOG_DIR}/error.log # # LogLevel: Control the number of messages logged to the error_log. # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. # LogLevel warn # Include module configuration: Include mods-enabled/*.load Include mods-enabled/*.conf # Include list of ports to listen on and which to use for name based vhosts Include ports.conf LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %O" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent # Include generic snippets of statements Include conf.d/ # Include the virtual host configurations: Include sites-enabled/ Include vhosts-default/ Include vhosts/
ports.conf:
NameVirtualHost *:80 Listen 80 # If you add NameVirtualHost *:443 here, you will also have to change # the VirtualHost statement in /etc/apache2/sites-available/default-ssl # to # Server Name Indication for SSL named virtual hosts is currently not # supported by MSIE on Windows XP. NameVirtualHost *:443 Listen 443 # Listen 443
Его и vhosts менял добавляя IP сервера, работает по http в любом случае.
Содержимое vhosts:
ServerName my.domain SSLEngine off RequestHeader set X-Forwarded-Proto 'http' DocumentRoot /var/www/www-root/data/www/my.domain ServerAdmin admin@my.domain AddDefaultCharset UTF-8 AssignUserID www-root www-root CustomLog /var/www/httpd-logs/my.domain.access.log combined ErrorLog /var/www/httpd-logs/my.domain.error.log SetHandler application/x-httpd-php ServerName my.domain ScriptAlias /cgi-bin/ /var/www/www-root/data/www/my.domain/cgi-bin/ ScriptAlias /php-bin/ /var/www/php-bin/www-root/ ServerAlias www.my.domain SetHandler application/x-httpd-php-source php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f admin@my.domain" php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp" php_admin_value session.save_path "/var/www/www-root/data/mod-tmp" php_admin_value open_basedir «none» php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f admin@my.domain" php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp" php_admin_value session.save_path "/var/www/www-root/data/mod-tmp" php_admin_value open_basedir «none» AllowOverride All Options +Includes +ExecCGI php_admin_flag engine on php_admin_flag engine on ServerName my.domain RequestHeader set X-Forwarded-Proto 'https' RequestHeader set X-Forwarded-Ssl on DocumentRoot /var/www/www-root/data/www/my.domain ServerAdmin admin@my.domain AddDefaultCharset UTF-8 SSLEngine on SSLCertificateFile "/var/www/httpd-cert/www-root/my.domain.crt" SSLCertificateKeyFile "/var/www/httpd-cert/www-root/my.domain.key" SSLCertificateChainFile "/var/www/httpd-cert/www-root/my.domain.ca" SSLHonorCipherOrder on SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH AssignUserID www-root www-root CustomLog /var/www/httpd-logs/my.domain443.access.log combined ErrorLog /var/www/httpd-logs/my.domain443.error.log SetHandler application/x-httpd-php ServerName my.domain ScriptAlias /cgi-bin/ /var/www/www-root/data/www/my.domain/cgi-bin/ CustomLog /var/www/httpd-logs/my.domain.access.log combined ErrorLog /var/www/httpd-logs/my.domain.error.log ScriptAlias /php-bin/ /var/www/php-bin/www-root/ ServerAlias www.my.domain SetHandler application/x-httpd-php-source php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f admin@my.domain" php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp" php_admin_value session.save_path "/var/www/www-root/data/mod-tmp" php_admin_value open_basedir «none» php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f admin@my.domain" php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp" php_admin_value session.save_path "/var/www/www-root/data/mod-tmp" php_admin_value open_basedir «none»
Запускал проверку SSL через сайты, все работает, сертификат работает при переходе в ISPmanager по адресу my.domain:1500. Но через my.domain — ошибка 400, my.domain:443 — тоже.
Порты 80 и 443 слушаются apache.
Настроено вроде верно, так что похоже в силу отстутствия опыта в этом вопросе, я что-то упускаю…
Буду рад любой помощи)
Похожие публикации
DDOS вызвает нагрузку на процессор даже при deny from all в htaccess на сайте!
ПОМОГИТЕ! DLE
Сайты иногда очень медленно загружаются
На одном хостинге или на нескольких
Высокая нагрузка запросами без Header Host. Как защититься?
Нет комментариев