Pages : 1
#1 Le 06/07/2015, à 11:50
- GhostSpirit
(resintallation compléte réussi)ownclud en externe
Bonjour
j'ai créer deux sites web
un en http : mon site web
le deuxième en https : mon cloud en https
j'ai mon nom de domaine sur ovh
mon certificat sur sartsll
Le problème c'est qu'il est très difficile de tester un site en web en https
j'ai bien trouvé ce site, mais cela ne m'aide pas vraiement
car il reste une erreur et je ne trouve pas la solution
les infos :
kubuntu 14.04
Linux version 3.13.0-55-generic (buildd@brownie) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #94-Ubuntu SMP Thu Jun 18 00:27:10 UTC 2015
Server version: Apache/2.4.7 (Ubuntu)
contenus des fichiers
fichier hosts
127.0.0.1 localhost
127.0.1.1 spirit-kubuntu-PC
#127.0.0.1 sphere-creative.fr
#127.0.0.1 monowncloud.sphere-creative.fr
192.168.1.2 sphere-creative.fr
192.168.1.18 monowncloud.sphere-creative.fr
192.168.1.20 zm
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allroutersport.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen *:80
#Listen *:443
#<IfModule ssl_module>
# Listen 443
#</IfModule>
#<IfModule mod_gnutls.c>
# Listen 443
#</IfModule>
#rajout des lignes ci-dessous
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 192.168.1.18:443
</IfModule>
#fin rajout ligne
# vim: syntax=apache ts=4 sw=4 sts=4 sr noetdefaut-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCertificateFile /etc/apache2/ssl/ssl-unified.crt
SSLCertificateKeyFile /etc/apache2/ssl/ssl.key
SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noetmonowncloud.sphere-creative.conf
<VirtualHost 192.168.1.18:80>
#--- rajout 3 lignes ---
# Optionally load the headers module:
#LoadModule headers_module modules/mod_headers.so
#Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
ServerAdmin webmaster@sphere-creative.fr
ServerName monowncloud.sphere-creative.fr
ServerAlias monowncloud.sphere-creative.fr
DocumentRoot /var/www/monowncloud.sphere-creative.fr
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/monowncloud.sphere-creative.fr>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride All
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
<VirtualHost 192.168.1.18:443>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /etc/apache2/ssl/ssl-unified.crt
SSLCertificateKeyFile /etc/apache2/ssl/ssl.key
SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem
ServerAdmin webmaster@sphere-creative.fr
ServerName monowncloud.sphere-creative.fr
ServerAlias monowncloud.sphere-creative.fr
DocumentRoot /var/www/monowncloud.sphere-creative.fr
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/monowncloud.sphere-creative.fr>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride All
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>sphere-creative.conf
<VirtualHost 192.168.1.2:80>
ServerAdmin webmaster@sphere-creative.fr
ServerName sphere-creative.fr
ServerAlias sphere-creative.fr
DocumentRoot /var/www/sphere-creative.fr
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/sphere-creative.fr>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
#redirectmatch temp /* https://monowncloud.sphere-creative.fr
</VirtualHost>Si vous avez besoin de plus de renseignement n'hésitez pas !!
point important je suis obliger de retaper cette commande pour avoir accès à mon cloud en local
sudo ip addr add dev eth0 broadcast 192.168.1.18 local 192.168.1.18apachectl configtest
syntax okj'ai accès à mon could en local en tapant l'adresse du site ou l'ip,
uniquement avec l'adresse ip en lan
je tombe sur ma box quand je tape l'adresse du site en lan
Merci d'avance pour l'aide apporté
http://tools.pingdom.com/fpt/#!/deN7sA/ … reative.fr
Dernière modification par GhostSpirit (Le 10/07/2015, à 13:09)
Apprendre, comprendre, progresser, et apprendre aux autres, telle est ma devise
http://forum.ubuntu-fr.org/viewforum.php?id=171
Hors ligne
#2 Le 06/07/2015, à 17:40
- bruno
Re : (resintallation compléte réussi)ownclud en externe
Tes sites ne doivent-ils être accessibles qu'en local ?
Pourquoi as-tu des directives ServerName et ServerAlias identiques ?
À quoi sert l'hôte default-ssl ?
À quoi servent les blocs :
<Directory />
<Directory "/usr/lib/cgi-bin">
et <Directory "/usr/lib/cgi-bin"> ?
Question subsidiaire :
- pourquoi tous les hôtes utilisent-ils les mêmes fichiers de log ?
Dernière modification par bruno (Le 06/07/2015, à 17:43)
Hors ligne
#3 Le 06/07/2015, à 17:57
- GhostSpirit
Re : (resintallation compléte réussi)ownclud en externe
bonsoir bruno
Tes sites ne doivent-ils être accessibles qu'en local ?
NON !
Pourquoi as-tu des directives ServerName et ServerAlias identiques ?
Je ne savais qu'il devait être nommer différemment
À quoi sert l'hôte default-ssl ?
J'imagine qu'il s'est installer quand j'ai essayé tout d'abord avec un certificat autosigné avec openssl 
À quoi servent les blocs :
<Directory />
<Directory "/usr/lib/cgi-bin">
et <Directory "/usr/lib/cgi-bin"> ?
J'en ai pas la moindre idée et toi 
Question subsidiaire :
- pourquoi tous les hôtes utilisent-ils les mêmes fichiers de log ?
pas idiot ça
Apprendre, comprendre, progresser, et apprendre aux autres, telle est ma devise
http://forum.ubuntu-fr.org/viewforum.php?id=171
Hors ligne
#4 Le 06/07/2015, à 18:23
- bruno
Re : (resintallation compléte réussi)ownclud en externe
Premier point.
Alors pourquoi tes hôtes virtuels sont-t-ils définis par IP avec des IP locales et que le fichier ports.conf a été bricolé pour que le serveur soit en écoute sur le port 443 pour la seule l'adresse IP locale 192.168.1.18
Je t'invite à relire : http://httpd.apache.org/docs/2.4/vhosts/
Soit tu as plusieurs IP publiques et tu fais des hôtes virtuels par IP, soit tu fais des hôtes virtuels par nom.
Deuxième point
Donc tu utilises des directives de configuration un peu au hasard, sans même avoir eu la curiosité d'aller jeter un coup d'œil à la doc : http://httpd.apache.org/docs/current/fr … erveralias. Et cela ne te semble pas bizarre de mettre la même valeur pour deux directives différents…
Troisième point
Quand tu installes un service, il y a une configuration minimale par défaut. Cette configuration est là pour servir de base ou d'exemple à sa propre configuration. Dans ton cas bien entendu les hôtes virtuels installés par défaut doivent être désactivés (000-default.conf et default-ssl.conf).
Quatrième point
Moi je sais que cela vient de copier/coller de fichiers de configuration par défaut fournis avec la précédente version d'Apache (2.2). Là encore tu ne te poses pas de questions sur l'utilité de ces blocs…
N.B.: C'est le premier point qui est bloquant. Si tu veux que tes sites soient accessibles depuis n'importe quel machine sur l'Internet il faut d'abord corriger cela. Il faut aussi que monowncloud.sphere-creative.fr soit résolu avec ton adresse IP publique (pas le cas pour l'instant)
Dernière modification par bruno (Le 06/07/2015, à 18:24)
Hors ligne
Pages : 1