Jump to content
Froxlor Forum
  • 0

Oracle Cloud Server ssl not working


Question

All,

is anyone running froxlor on an Oracle Cloud Service Server and has ssl working on it?

Froxlor setup is working fine. LetsEncrypt enabled and Cert installed.

image.thumb.png.4c1aba2b409ade7401c76a16ef7fdf89.png

image.thumb.png.f59ede1bdbd41f2528fd37ea01422e62.png

image.thumb.png.773983a413002cf27ca51fce6064a201.png

The vhost container looks ok as well (AFAIK)

image.png.956754d42a47dc704e5e86c4c54cd2fc.png

Port 443 is open as well. Browsing 132.145.59.212:443 pulls up the Apache/Ubuntu Default page.

Nevertheless trying to https://server6.servo-tec.com comes back with Error code: SSL_ERROR_RX_RECORD_TOO_LONG

All that I can think of now is the Oracle Cloud environment somehow blocking the Cert.

openssl s_client -showcerts -connect server6.servo-tec.com:443

comes back with no peer certificate availabe.

Any hints are very welcome. Thank you.

Link to post
Share on other sites

9 answers to this question

Recommended Posts

  • 0

Thank you very much for this hint. The normal error log had nothing to offer. Switched SSL engine log level debug on.

The result is not of help to me. Suppose the problem is here: AH00566: request failed: malformed request line. Even google has no answer for this one but all the results from google point to some sort of proxy problem. After all it seems to be a problem with the Oracle Cloud Server environment. For reference sake log-file included.

[Wed Apr 15 08:54:56.429622 2020] [ssl:info] [pid 1761] AH01876: mod_ssl/2.4.29 compiled against Server: Apache/2.4.29, Library: OpenSSL/1.1.1
[Wed Apr 15 08:54:56.484136 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(401): AH00821: shmcb_init allocated 131072 bytes of shared memory
[Wed Apr 15 08:54:56.484152 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(417): AH00822: for 130984 bytes (131072 including header), recommending 4 subcaches, 21 indexes each
[Wed Apr 15 08:54:56.484155 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(450): AH00824: shmcb_init_memory choices follow
[Wed Apr 15 08:54:56.484157 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(452): AH00825: subcache_num = 4
[Wed Apr 15 08:54:56.484160 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(454): AH00826: subcache_size = 32744
[Wed Apr 15 08:54:56.484162 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(456): AH00827: subcache_data_offset = 520
[Wed Apr 15 08:54:56.484164 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(458): AH00828: subcache_data_size = 32224
[Wed Apr 15 08:54:56.484166 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(460): AH00829: index_num = 21
[Wed Apr 15 08:54:56.484179 2020] [socache_shmcb:info] [pid 1772] AH00830: Shared memory socache initialised
[Wed Apr 15 08:54:56.484191 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(401): AH00821: shmcb_init allocated 512000 bytes of shared memory
[Wed Apr 15 08:54:56.484206 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(417): AH00822: for 511912 bytes (512000 including header), recommending 32 subcaches, 88 indexes each
[Wed Apr 15 08:54:56.484209 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(450): AH00824: shmcb_init_memory choices follow
[Wed Apr 15 08:54:56.484211 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(452): AH00825: subcache_num = 32
[Wed Apr 15 08:54:56.484213 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(454): AH00826: subcache_size = 15992
[Wed Apr 15 08:54:56.484215 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(456): AH00827: subcache_data_offset = 2128
[Wed Apr 15 08:54:56.484217 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(458): AH00828: subcache_data_size = 13864
[Wed Apr 15 08:54:56.484220 2020] [socache_shmcb:debug] [pid 1772] mod_socache_shmcb.c(460): AH00829: index_num = 88
[Wed Apr 15 08:54:56.484292 2020] [socache_shmcb:info] [pid 1772] AH00830: Shared memory socache initialised
[Wed Apr 15 08:54:56.484315 2020] [ssl:info] [pid 1772] AH01887: Init: Initializing (virtual) servers for SSL
[Wed Apr 15 08:54:56.484345 2020] [ssl:info] [pid 1772] AH01914: Configuring server server6.servo-tec.com:443 for SSL protocol
[Wed Apr 15 08:54:56.484350 2020] [ssl:debug] [pid 1772] ssl_engine_init.c(1705): AH: Init: (server6.servo-tec.com:443) mod_md support is unavailable.
[Wed Apr 15 08:54:56.484769 2020] [ssl:debug] [pid 1772] ssl_engine_init.c(1989): AH02209: CA certificate: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
[Wed Apr 15 08:54:56.484978 2020] [ssl:debug] [pid 1772] ssl_engine_init.c(1118): AH01904: Configuring server certificate chain (1 CA certificate)
[Wed Apr 15 08:54:56.484985 2020] [ssl:debug] [pid 1772] ssl_engine_init.c(492): AH01893: Configuring TLS extension handling
[Wed Apr 15 08:54:56.485199 2020] [ssl:debug] [pid 1772] ssl_util_ssl.c(470): AH02412: [server6.servo-tec.com:443] Cert matches for name 'server6.servo-tec.com' [subject: CN=server6.servo-tec.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 04BBD791C75F48379F495B5E4DC6C68DFA5A / notbefore: Apr 13 05:31:45 2020 GMT / notafter: Jul 12 05:31:45 2020 GMT]
[Wed Apr 15 08:54:56.485226 2020] [ssl:info] [pid 1772] AH02568: Certificate and private key server6.servo-tec.com:443:0 configured from /etc/ssl/froxlor-custom/server6.servo-tec.com.crt and /etc/ssl/froxlor-custom/server6.servo-tec.com.key
[Wed Apr 15 08:54:56.485321 2020] [ssl:info] [pid 1772] AH01876: mod_ssl/2.4.29 compiled against Server: Apache/2.4.29, Library: OpenSSL/1.1.1
[Wed Apr 15 08:54:56.485347 2020] [watchdog:debug] [pid 1772] mod_watchdog.c(454): AH010033: Watchdog: Running with WatchdogInterval 1000ms
[Wed Apr 15 08:54:56.485352 2020] [watchdog:debug] [pid 1772] mod_watchdog.c(462): AH02974: Watchdog: found parent providers.
[Wed Apr 15 08:54:56.485356 2020] [watchdog:debug] [pid 1772] mod_watchdog.c(508): AH02977: Watchdog: found child providers.
[Wed Apr 15 08:54:56.485358 2020] [watchdog:debug] [pid 1772] mod_watchdog.c(516): AH02978: Watchdog: Looking for child (_singleton_).
[Wed Apr 15 08:54:56.485362 2020] [watchdog:debug] [pid 1772] mod_watchdog.c(516): AH02978: Watchdog: Looking for child (_default_).
[Wed Apr 15 08:54:56.488694 2020] [mpm_prefork:notice] [pid 1772] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1 configured -- resuming normal operations
[Wed Apr 15 08:54:56.488710 2020] [mpm_prefork:info] [pid 1772] AH00164: Server built: 2020-03-13T12:26:16
[Wed Apr 15 08:54:56.488717 2020] [core:notice] [pid 1772] AH00094: Command line: '/usr/sbin/apache2'
[Wed Apr 15 08:54:56.488720 2020] [core:debug] [pid 1772] log.c(1570): AH02639: Using SO_REUSEPORT: yes (1)
[Wed Apr 15 08:54:56.488723 2020] [mpm_prefork:debug] [pid 1772] prefork.c(919): AH00165: Accept mutex: sysvsem (default: sysvsem)
[Wed Apr 15 08:54:56.525530 2020] [watchdog:debug] [pid 1778] mod_watchdog.c(565): AH02980: Watchdog: nothing configured?
[Wed Apr 15 08:54:56.525641 2020] [watchdog:debug] [pid 1777] mod_watchdog.c(565): AH02980: Watchdog: nothing configured?
[Wed Apr 15 08:54:56.526269 2020] [watchdog:debug] [pid 1775] mod_watchdog.c(565): AH02980: Watchdog: nothing configured?
[Wed Apr 15 08:54:56.526771 2020] [watchdog:debug] [pid 1776] mod_watchdog.c(565): AH02980: Watchdog: nothing configured?
[Wed Apr 15 08:54:56.527876 2020] [watchdog:debug] [pid 1774] mod_watchdog.c(565): AH02980: Watchdog: nothing configured?
[Wed Apr 15 08:59:29.772117 2020] [watchdog:debug] [pid 1825] mod_watchdog.c(565): AH02980: Watchdog: nothing configured?
[Wed Apr 15 09:04:39.906478 2020] [core:debug] [pid 1777] protocol.c(1278): [client 162.xxx.128.xxx:49410] AH00566: request failed: malformed request line
[Wed Apr 15 09:10:39.891356 2020] [core:debug] [pid 1774] protocol.c(1278): [client 107.xxx.23.xxx:47495] AH00566: request failed: malformed request line
[Wed Apr 15 09:12:32.955657 2020] [core:debug] [pid 1825] protocol.c(1278): [client 45.xxx.108.xx:534] AH00566: request failed: malformed request line
[Wed Apr 15 09:15:39.793681 2020] [core:debug] [pid 1778] protocol.c(1278): [client 130.xxx.xxx.xxx:48720] AH00566: request failed: malformed request line
[Wed Apr 15 09:15:45.464095 2020] [core:debug] [pid 1777] protocol.c(1278): [client 130.xxx.xxx.xxx:48742] AH00566: request failed: malformed request line
[Wed Apr 15 09:15:47.819096 2020] [core:debug] [pid 1775] protocol.c(1278): [client 130.xxx.xxx.xxx:48744] AH00566: request failed: malformed request line
[Wed Apr 15 09:15:49.463358 2020] [core:debug] [pid 1776] protocol.c(1278): [client 130.xxx.xxx.xxx:48746] AH00566: request failed: malformed request line

 

Link to post
Share on other sites
  • 0

Thank you for your feedback.

root@server6:/etc/apache2# netstat -anp | grep apache
tcp6       0      0 :::80                   :::*                    LISTEN      2507/2        
tcp6       0      0 :::443                  :::*                    LISTEN      2507/2     

Browsing 132.145.59.212:443 pulls up the Apache/Ubuntu Default page.

Link to post
Share on other sites
  • 0

Yeah but only :443 with http not https. And that's what leads to the procotol error

On 4/13/2020 at 12:28 PM, rolo2912 said:

The vhost container looks ok as well (AFAIK)

image.png.956754d42a47dc704e5e86c4c54cd2fc.png

This in fact does look correct so there must be something else, you sure run ran "a2enmod ssl"? Just curious, should be enabled or else apache won't even startup. Did you try a apache stop and start instead of reload/restart? maybe it does throw an error but apache keeps running due to "reload" (default)- it just won't do the reload....Last idea for now on this side. For more I'd need to take a look at the server and the configs myself...

Link to post
Share on other sites
  • 0

Really appreciate your feedback. a2enmod ssl, yes.

root@server6:/home/ubuntu# a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Module socache_shmcb already enabled
Module ssl already enabled
root@server6:/home/ubuntu# 

I am pretty certain it has something to do with the Oracle Cloud server setup. Something with the Virtual Nentwork adapter, the proxies in between etc. Not an expert on this and only a novice froxlor user so a bit over my head.

Maybe one day somebody will pass by this forum entry and might have the solution for it. For now, it seems like not a good idea to use oracle cloud service for a LAMPF stack.

I really like to thank you, d00p. Amazed at the level of support that you are offering via this forum. Hope the new adventure froxlor.com works our for you and your partners.

 

  • Like 1
Link to post
Share on other sites
  • 0

Ok, found the problem. Had made a mistake when setting up froxlor. Oracle assigns a public IP4 address, but the VM itself only has a private IP4 address. My wrong assumption was that to install froxlor I would need to use the public IP address.

This was wrong. Added the private one under IP & Ports, changed this to the default, deleted the "public" IP4 addresses, run the master cronjob and https is working.  Lesson: If ifconfig only has a private IP4, use this one for froxlor.

Thank you once more d00p for the support offered.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...