HTTPS Issues – Why HTTPS Is Not Working on Apache 2.2

apache-2.2httpdhttpsmod-rewritessl

I am trying to redirect just the root of my site to https. Although the rewrite happens,
https does not yield anything. The browser says. connecting to thinkingmonkey.me... and stagnates.

  • Listen 80 & Listen 443 are present in the conf file.
  • I have restarted httpd.
  • I am using the proper certificate file & private key file.
  • No errors are present in the httpd logs, SSL logs (Ihave a separate log for SSl).
  • Literally nothing has been logged into SSL-access log even if I try to access the https://thinkingmonkey.me directly.

A netstat -pant | grep httpd has this:

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name  
tcp        0      0 :::443                      :::*                        LISTEN      1334/httpd          
tcp        0      0 :::80                       :::*                        LISTEN      1334/httpd

.htaccess:

RewriteEngine on
RewriteBase /

RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} ^/$
RewriteRule ^(.*)$ https://thinkingmonkey.me [L,R=302]

rewritelog data:

my-ip – – [24/Jan/2012:19:01:14 +0000] [thinkingmonkey.me/sid#7fa2335ceb18][rid#7fa2339336d8/initial] (2) init rewrite engine with requested uri /

my-ip – – [24/Jan/2012:19:01:14 +0000] [thinkingmonkey.me/sid#7fa2335ceb18][rid#7fa2339336d8/initial] (1) pass through /

my-ip – – [24/Jan/2012:19:01:14 +0000] [thinkingmonkey.me/sid#7fa2335ceb18][rid#7fa2339336d8/initial] (3) [perdir /mysite/] strip per-dir prefix: /mysite/ ->

my-ip – – [24/Jan/2012:19:01:14 +0000] [thinkingmonkey.me/sid#7fa2335ceb18][rid#7fa2339336d8/initial] (3) [perdir /mysite/] applying pattern '^(.*)$' to uri ''

my-ip – – [24/Jan/2012:19:01:14 +0000] [thinkingmonkey.me/sid#7fa2335ceb18][rid#7fa2339336d8/initial] (4) [perdir /mysite/] RewriteCond: input='80' pattern='80' => matched

my-ip – – [24/Jan/2012:19:01:14 +0000] [thinkingmonkey.me/sid#7fa2335ceb18][rid#7fa2339336d8/initial] (4) [perdir /mysite/] RewriteCond: input='/' pattern='^/$' => matched

my-ip – – [24/Jan/2012:19:01:14 +0000] [thinkingmonkey.me/sid#7fa2335ceb18][rid#7fa2339336d8/initial] (2) [perdir /mysite/] rewrite '' -> 'https://thinkingmonkey.me'

my-ip – – [24/Jan/2012:19:01:14 +0000] [thinkingmonkey.me/sid#7fa2335ceb18][rid#7fa2339336d8/initial] (2) [perdir /mysite/] explicitly forcing redirect with https://thinkingmonkey.me

my-ip – – [24/Jan/2012:19:01:14 +0000] [thinkingmonkey.me/sid#7fa2335ceb18][rid#7fa2339336d8/initial] (1) [perdir /mysite/] escaping https://thinkingmonkey.me for redirect

my-ip – – [24/Jan/2012:19:01:14 +0000] [thinkingmonkey.me/sid#7fa2335ceb18][rid#7fa2339336d8/initial] (1) [perdir /mysite/] redirect to https://thinkingmonkey.me [REDIRECT/302]

Here are my Virtual Hosts. 

<VirtualHost *:80>
     ServerName thinkingmonkey.com
     ServerAlias www.thinkingmonkey.com  www.thinkingmonkey.me

     RewriteEngine on
     RewriteCond %{HTTP_HOST} ^(www\.)?thinkingmonkey\.(com|me)$ [NC]
     RewriteRule ^ http://thinkingmonkey.me%{REQUEST_URI} [L,R=301]
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot /mysite/
    ServerName thinkingmonkey.me
    ErrorLog logs/site-error_log
    CustomLog logs/site-access_log common
    RewriteEngine On
    RewriteLog "/var/log/rewrite.log"
    RewriteLogLevel 3
</VirtualHost>

<VirtualHost *:443>

ServerName thinkingmonkey.me

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

SSLEngine on

SSLProtocol all -SSLv2

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW


SSLCertificateFile /path/to/my.crt
SSLCertificateKeyFile /path/to/my.key
SSLCertificateChainFile /path/to/my.ca-bundle


<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
     nokeepalive ssl-unclean-shutdown \
     downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

lsof -i -P | grep 443
httpd    1334     root    6u  IPv6   3297      0t0  TCP *:443 (LISTEN)
httpd    1335   apache    6u  IPv6   3297      0t0  TCP *:443 (LISTEN)
httpd    1336   apache    6u  IPv6   3297      0t0  TCP *:443 (LISTEN)
httpd    1337   apache    6u  IPv6   3297      0t0  TCP *:443 (LISTEN)
httpd    1338   apache    6u  IPv6   3297      0t0  TCP *:443 (LISTEN)
httpd    1339   apache    6u  IPv6   3297      0t0  TCP *:443 (LISTEN)
httpd    1340   apache    6u  IPv6   3297      0t0  TCP *:443 (LISTEN)
httpd    1341   apache    6u  IPv6   3297      0t0  TCP *:443 (LISTEN)
httpd    1342   apache    6u  IPv6   3297      0t0  TCP *:443 (LISTEN)

What is going wrong here?

Best Answer

OK, try this:

telnet localhost 443

Does that give a response, or does it hang? If it's responding, you should get something that looks like:

$ telnet localhost 443
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.

(if telnet is not installed, then install it; you can exit the telnet session by hitting control-] and then typing "q" to quit)

If you're able to connect to the web server on the local interface (and the web server is running, given your logs), then there is a firewall issue (I know you said you haven't set the firewall, but this will confirm). In that case, run:

iptables -L -n

and post the results.

Update

From comments, this is an EC2 instance, so look at the Security Groups associated with this instance. Make sure you're allowing tcp/443 in your Security Groups.

Something like this might help:

http://cloud-computing.learningtree.com/2010/09/24/understanding-amazon-ec2-security-groups-and-firewalls/

Related Topic