Problem with ssl and apache

r.sacconi · January 18, 2008, 6:59am

Greetings,

we are trying to deploy some installations of virtualmin GPL on machines with apache and ssl up and running

But when try to "rechek" virtualmin configuration we get this log:

Failed to save enabled features : The Apache configuration on your system appears to be missing the module mod_ssl, which is needed to host SSL websites. If you do not plan to host SSL sites, this feature should be disabled in Virtualmin’s module configuration page.

If we make webmin “aware” that ssl is enabled in apache, by adding SSL in webmin’s apache module -> global configuration -> edit defined parameters, we get:

Failed to save enabled features : The Apache configuration on your system does not appear to be listening on port 443, which is needed to host SSL websites. If you do not plan to host SSL sites, this feature should be disabled in Virtualmin’s module configuration page.

BUT, this is’nt true, because apache is listening (and answering) correctly on port 443.

Any clue to solve the problem?
Thanks

Specs of machine running virtualmin:
OS Gentoo
Virtualmin 3.49
Webmin 1.350

Joe · January 22, 2008, 9:13pm

Webmin doesn’t know where to find all of the Apache configuration. You’ll need to figure out where include files are coming from, and make the Apache module aware of that location in the Module Config for that module. Gentoo is still pretty newly supported by Webmin and Virtualmin, and there are very few users using it. We’d love to get some bug reports with correct configuration file information for Gentoo, so once you get the locations figured out, let us know and future revisions of Webmin will be smarter about Gentoo.

r.sacconi · January 25, 2008, 5:29pm

Hi Joe,

I’ll be happy to give u all information needed to make gentoo fully supported (or at least working) by webmin/virtualmin.

Main configuration file is in /etc/apache2/httpd.conf and I think that virtualmin can read it.
The ssl directives come from /etc/apache2/modules.d/40_mod_ssl.conf

here is the contenent:

[code:1]<IfDefine SSL>
<IfModule !mod_ssl.c>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>
</IfDefine>

This is the Apache server configuration file providing SSL support.

It contains the configuration directives to instruct the server how to

serve pages over an https connection. For detailing information about these

directives see <URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html>

Do NOT simply read the instructions in here without understanding

what they do. They’re here only as hints or reminders. If you are unsure

consult the online docs. You have been warned.

Pseudo Random Number Generator (PRNG):

Configure one or more sources to seed the PRNG of the SSL library.

The seed data should be of good random quality.

WARNING! On some platforms /dev/random blocks if not enough entropy

is available. This means you then cannot use the /dev/random device

because it would lead to very long connection times (as long as

it requires to make more entropy available). But usually those

platforms additionally provide a /dev/urandom device which doesn’t

block. So, if available, use this one instead. Read the mod_ssl User

Manual for more details.

Note: This must come before the <IfDefine SSL> container to support

starting without SSL on platforms with no /dev/random equivalent

but a statically compiled-in mod_ssl.

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512

When we also provide SSL we have to listen to the

standard HTTP port (see above) and to the HTTPS port

Listen 443

SSL Global Context

All SSL configuration in this context applies both to

the main server and all SSL-enabled virtual hosts.

Some MIME-types for downloading Certificates and CRLs

<IfModule mod_mime.c>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfModule>

Pass Phrase Dialog:

Configure the pass phrase gathering process.

The filtering dialog program (`builtin’ is a internal

terminal dialog) has to provide the pass phrase on stdout.

SSLPassPhraseDialog builtin

Inter-Process Session Cache:

Configure the SSL Session Cache: First the mechanism

to use and second the expiring timeout (in seconds).

#SSLSessionCache none
#SSLSessionCache shmht:logs/ssl_scache(512000)
#SSLSessionCache shmcb:logs/ssl_scache(512000)
#SSLSessionCache dbm:/var/cache/apache2/ssl_scache
SSLSessionCache shm:/var/cache/apache2/ssl_scache(512000)
SSLSessionCacheTimeout 300

Semaphore:

Configure the path to the mutual exclusion semaphore the

SSL engine uses internally for inter-process synchronization.

SSLMutex file:/var/cache/apache2/ssl_mutex
</IfModule>[/code:1]

Apache webmin’s module is aware of this file (at least I think so).

PLease let me know if any other information is needed.

r.sacconi · February 1, 2008, 8:16am

UP

r.sacconi · February 1, 2008, 8:18am

Hello,
Joe, pls consider that we can make available, test machines for u, to check what is wrong. Of course gentoo based

Thank u