rolo2912 Posted April 13, 2020 Share Posted April 13, 2020 All, is anyone running froxlor on an Oracle Cloud Service Server and has ssl working on it? Froxlor setup is working fine. LetsEncrypt enabled and Cert installed. The vhost container looks ok as well (AFAIK) Port 443 is open as well. Browsing 132.145.59.212:443 pulls up the Apache/Ubuntu Default page. Nevertheless trying to https://server6.servo-tec.com comes back with Error code: SSL_ERROR_RX_RECORD_TOO_LONG All that I can think of now is the Oracle Cloud environment somehow blocking the Cert. openssl s_client -showcerts -connect server6.servo-tec.com:443 comes back with no peer certificate availabe. Any hints are very welcome. Thank you. Link to comment Share on other sites More sharing options...
0 d00p Posted April 15, 2020 Share Posted April 15, 2020 Anything in the apache error log? I get ERR_SSL_PROTOCOL_ERROR Link to comment Share on other sites More sharing options...
0 rolo2912 Posted April 15, 2020 Author Share Posted April 15, 2020 Thank you very much for this hint. The normal error log had nothing to offer. Switched SSL engine log level debug on. The result is not of help to me. Suppose the problem is here: AH00566: request failed: malformed request line. Even google has no answer for this one but all the results from google point to some sort of proxy problem. After all it seems to be a problem with the Oracle Cloud Server environment. For reference sake log-file included. [Wed Apr 15 08:54:56.429622 2020] [ssl:info] [pid 1761] AH01876: mod_ssl/2.4.29 compiled against Server: Apache/2.4.29, Library: OpenSSL/1.1.1 [Wed Apr 15 08:54:56.484136 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(401): AH00821: shmcb_init allocated 131072 bytes of shared memory [Wed Apr 15 08:54:56.484152 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(417): AH00822: for 130984 bytes (131072 including header), recommending 4 subcaches, 21 indexes each [Wed Apr 15 08:54:56.484155 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(450): AH00824: shmcb_init_memory choices follow [Wed Apr 15 08:54:56.484157 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(452): AH00825: subcache_num = 4 [Wed Apr 15 08:54:56.484160 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(454): AH00826: subcache_size = 32744 [Wed Apr 15 08:54:56.484162 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(456): AH00827: subcache_data_offset = 520 [Wed Apr 15 08:54:56.484164 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(458): AH00828: subcache_data_size = 32224 [Wed Apr 15 08:54:56.484166 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(460): AH00829: index_num = 21 [Wed Apr 15 08:54:56.484179 2020] [socache_shmcb:info] [pid 1772] AH00830: Shared memory socache initialised [Wed Apr 15 08:54:56.484191 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(401): AH00821: shmcb_init allocated 512000 bytes of shared memory [Wed Apr 15 08:54:56.484206 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(417): AH00822: for 511912 bytes (512000 including header), recommending 32 subcaches, 88 indexes each [Wed Apr 15 08:54:56.484209 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(450): AH00824: shmcb_init_memory choices follow [Wed Apr 15 08:54:56.484211 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(452): AH00825: subcache_num = 32 [Wed Apr 15 08:54:56.484213 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(454): AH00826: subcache_size = 15992 [Wed Apr 15 08:54:56.484215 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(456): AH00827: subcache_data_offset = 2128 [Wed Apr 15 08:54:56.484217 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(458): AH00828: subcache_data_size = 13864 [Wed Apr 15 08:54:56.484220 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(460): AH00829: index_num = 88 [Wed Apr 15 08:54:56.484292 2020] [socache_shmcb:info] [pid 1772] AH00830: Shared memory socache initialised [Wed Apr 15 08:54:56.484315 2020] [ssl:info] [pid 1772] AH01887: Init: Initializing (virtual) servers for SSL [Wed Apr 15 08:54:56.484345 2020] [ssl:info] [pid 1772] AH01914: Configuring server server6.servo-tec.com:443 for SSL protocol [Wed Apr 15 08:54:56.484350 2020] [ssl:debug] [pid 1772] ssl_engine_init.c(1705): AH: Init: (server6.servo-tec.com:443) mod_md support is unavailable. [Wed Apr 15 08:54:56.484769 2020] [ssl:debug] [pid 1772] ssl_engine_init.c(1989): AH02209: CA certificate: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US [Wed Apr 15 08:54:56.484978 2020] [ssl:debug] [pid 1772] ssl_engine_init.c(1118): AH01904: Configuring server certificate chain (1 CA certificate) [Wed Apr 15 08:54:56.484985 2020] [ssl:debug] [pid 1772] ssl_engine_init.c(492): AH01893: Configuring TLS extension handling [Wed Apr 15 08:54:56.485199 2020] [ssl:debug] [pid 1772] ssl_util_ssl.c(470): AH02412: [server6.servo-tec.com:443] Cert matches for name 'server6.servo-tec.com' [subject: CN=server6.servo-tec.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 04BBD791C75F48379F495B5E4DC6C68DFA5A / notbefore: Apr 13 05:31:45 2020 GMT / notafter: Jul 12 05:31:45 2020 GMT] [Wed Apr 15 08:54:56.485226 2020] [ssl:info] [pid 1772] AH02568: Certificate and private key server6.servo-tec.com:443:0 configured from /etc/ssl/froxlor-custom/server6.servo-tec.com.crt and /etc/ssl/froxlor-custom/server6.servo-tec.com.key [Wed Apr 15 08:54:56.485321 2020] [ssl:info] [pid 1772] AH01876: mod_ssl/2.4.29 compiled against Server: Apache/2.4.29, Library: OpenSSL/1.1.1 [Wed Apr 15 08:54:56.485347 2020] [watchdog:debug] [pid 1772] mod_watchdog.c(454): AH010033: Watchdog: Running with WatchdogInterval 1000ms [Wed Apr 15 08:54:56.485352 2020] [watchdog:debug] [pid 1772] mod_watchdog.c(462): AH02974: Watchdog: found parent providers. [Wed Apr 15 08:54:56.485356 2020] [watchdog:debug] [pid 1772] mod_watchdog.c(508): AH02977: Watchdog: found child providers. [Wed Apr 15 08:54:56.485358 2020] [watchdog:debug] [pid 1772] mod_watchdog.c(516): AH02978: Watchdog: Looking for child (_singleton_). [Wed Apr 15 08:54:56.485362 2020] [watchdog:debug] [pid 1772] mod_watchdog.c(516): AH02978: Watchdog: Looking for child (_default_). [Wed Apr 15 08:54:56.488694 2020] [mpm_prefork:notice] [pid 1772] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1 configured -- resuming normal operations [Wed Apr 15 08:54:56.488710 2020] [mpm_prefork:info] [pid 1772] AH00164: Server built: 2020-03-13T12:26:16 [Wed Apr 15 08:54:56.488717 2020] [core:notice] [pid 1772] AH00094: Command line: '/usr/sbin/apache2' [Wed Apr 15 08:54:56.488720 2020] [core:debug] [pid 1772] log.c(1570): AH02639: Using SO_REUSEPORT: yes (1) [Wed Apr 15 08:54:56.488723 2020] [mpm_prefork:debug] [pid 1772] prefork.c(919): AH00165: Accept mutex: sysvsem (default: sysvsem) [Wed Apr 15 08:54:56.525530 2020] [watchdog:debug] [pid 1778] mod_watchdog.c(565): AH02980: Watchdog: nothing configured? [Wed Apr 15 08:54:56.525641 2020] [watchdog:debug] [pid 1777] mod_watchdog.c(565): AH02980: Watchdog: nothing configured? [Wed Apr 15 08:54:56.526269 2020] [watchdog:debug] [pid 1775] mod_watchdog.c(565): AH02980: Watchdog: nothing configured? [Wed Apr 15 08:54:56.526771 2020] [watchdog:debug] [pid 1776] mod_watchdog.c(565): AH02980: Watchdog: nothing configured? [Wed Apr 15 08:54:56.527876 2020] [watchdog:debug] [pid 1774] mod_watchdog.c(565): AH02980: Watchdog: nothing configured? [Wed Apr 15 08:59:29.772117 2020] [watchdog:debug] [pid 1825] mod_watchdog.c(565): AH02980: Watchdog: nothing configured? [Wed Apr 15 09:04:39.906478 2020] [core:debug] [pid 1777] protocol.c(1278): [client 162.xxx.128.xxx:49410] AH00566: request failed: malformed request line [Wed Apr 15 09:10:39.891356 2020] [core:debug] [pid 1774] protocol.c(1278): [client 107.xxx.23.xxx:47495] AH00566: request failed: malformed request line [Wed Apr 15 09:12:32.955657 2020] [core:debug] [pid 1825] protocol.c(1278): [client 45.xxx.108.xx:534] AH00566: request failed: malformed request line [Wed Apr 15 09:15:39.793681 2020] [core:debug] [pid 1778] protocol.c(1278): [client 130.xxx.xxx.xxx:48720] AH00566: request failed: malformed request line [Wed Apr 15 09:15:45.464095 2020] [core:debug] [pid 1777] protocol.c(1278): [client 130.xxx.xxx.xxx:48742] AH00566: request failed: malformed request line [Wed Apr 15 09:15:47.819096 2020] [core:debug] [pid 1775] protocol.c(1278): [client 130.xxx.xxx.xxx:48744] AH00566: request failed: malformed request line [Wed Apr 15 09:15:49.463358 2020] [core:debug] [pid 1776] protocol.c(1278): [client 130.xxx.xxx.xxx:48746] AH00566: request failed: malformed request line Link to comment Share on other sites More sharing options...
0 d00p Posted April 15, 2020 Share Posted April 15, 2020 Is your apache even listening on port 443? grep "Listen" /etc/apache2/ Link to comment Share on other sites More sharing options...
0 rolo2912 Posted April 15, 2020 Author Share Posted April 15, 2020 Thank you for your feedback. root@server6:/etc/apache2# netstat -anp | grep apache tcp6 0 0 :::80 :::* LISTEN 2507/2 tcp6 0 0 :::443 :::* LISTEN 2507/2 Browsing 132.145.59.212:443 pulls up the Apache/Ubuntu Default page. Link to comment Share on other sites More sharing options...
0 d00p Posted April 15, 2020 Share Posted April 15, 2020 Yeah but only :443 with http not https. And that's what leads to the procotol error On 4/13/2020 at 12:28 PM, rolo2912 said: The vhost container looks ok as well (AFAIK) This in fact does look correct so there must be something else, you sure run ran "a2enmod ssl"? Just curious, should be enabled or else apache won't even startup. Did you try a apache stop and start instead of reload/restart? maybe it does throw an error but apache keeps running due to "reload" (default)- it just won't do the reload....Last idea for now on this side. For more I'd need to take a look at the server and the configs myself... Link to comment Share on other sites More sharing options...
0 rolo2912 Posted April 15, 2020 Author Share Posted April 15, 2020 Really appreciate your feedback. a2enmod ssl, yes. root@server6:/home/ubuntu# a2enmod ssl Considering dependency setenvif for ssl: Module setenvif already enabled Considering dependency mime for ssl: Module mime already enabled Considering dependency socache_shmcb for ssl: Module socache_shmcb already enabled Module ssl already enabled root@server6:/home/ubuntu# I am pretty certain it has something to do with the Oracle Cloud server setup. Something with the Virtual Nentwork adapter, the proxies in between etc. Not an expert on this and only a novice froxlor user so a bit over my head. Maybe one day somebody will pass by this forum entry and might have the solution for it. For now, it seems like not a good idea to use oracle cloud service for a LAMPF stack. I really like to thank you, d00p. Amazed at the level of support that you are offering via this forum. Hope the new adventure froxlor.com works our for you and your partners. 1 Link to comment Share on other sites More sharing options...
0 d00p Posted April 16, 2020 Share Posted April 16, 2020 As said, I you want, send me the credentials and I can take a look, maybe we find whats wrong Link to comment Share on other sites More sharing options...
0 rolo2912 Posted April 27, 2020 Author Share Posted April 27, 2020 Ok, found the problem. Had made a mistake when setting up froxlor. Oracle assigns a public IP4 address, but the VM itself only has a private IP4 address. My wrong assumption was that to install froxlor I would need to use the public IP address. This was wrong. Added the private one under IP & Ports, changed this to the default, deleted the "public" IP4 addresses, run the master cronjob and https is working. Lesson: If ifconfig only has a private IP4, use this one for froxlor. Thank you once more d00p for the support offered. Link to comment Share on other sites More sharing options...
0 d00p Posted April 27, 2020 Share Posted April 27, 2020 Okay, so that's an Oracle Cloud special feature Nice you got it working, have fun using froxlor Link to comment Share on other sites More sharing options...
Question
rolo2912
All,
is anyone running froxlor on an Oracle Cloud Service Server and has ssl working on it?
Froxlor setup is working fine. LetsEncrypt enabled and Cert installed.
The vhost container looks ok as well (AFAIK)
Port 443 is open as well. Browsing 132.145.59.212:443 pulls up the Apache/Ubuntu Default page.
Nevertheless trying to https://server6.servo-tec.com comes back with Error code: SSL_ERROR_RX_RECORD_TOO_LONG
All that I can think of now is the Oracle Cloud environment somehow blocking the Cert.
comes back with no peer certificate availabe.
Any hints are very welcome. Thank you.
Link to comment
Share on other sites
9 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now