[
https://issues.apache.org/jira/browse/AIRAVATA-3027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17052538#comment-17052538
]
Marcus Christie edited comment on AIRAVATA-3027 at 3/5/20, 9:37 PM:
--------------------------------------------------------------------
I used the following to create a self-signed cert on our pgadev.scigap.org
server:
{noformat}
openssl req -x509 -sha256 -newkey rsa:2048 -keyout certificate.key
-out certificate.crt -days 1024 -nodes -subj '/CN=149.165.156.46'
{noformat}
(courtesy of
https://ma.ttias.be/how-to-create-a-self-signed-ssl-certificate-with-openssl/)
Then this configuration is enough to catch any unknown ssl requests
{noformat:title=default.conf}
# Setup default virtual host as a catchall to prevent resolving to the first
defined virtual host
# This will show the welcome page when requesting on the ip address or server
default hostname
<VirtualHost _default_:80>
DocumentRoot "/www/default"
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/www/default"
SSLEngine on
SSLCertificateFile "/etc/httpd/certificate.crt"
SSLCertificateKeyFile "/etc/httpd/certificate.key"
</VirtualHost>
{noformat}
Next step is to get this into Ansible.
was (Author: marcuschristie):
I used the following to create a self-signed cert on our pgadev.scigap.org
server:
{noformat}
openssl req -x509 -sha256 -newkey rsa:2048 -keyout certificate.key
-out certificate.crt -days 1024 -nodes -subj '/CN=149.165.156.46'
{noformat}
Then this configuration is enough to catch any unknown ssl requests
{noformat:title=default.conf}
# Setup default virtual host as a catchall to prevent resolving to the first
defined virtual host
# This will show the welcome page when requesting on the ip address or server
default hostname
<VirtualHost _default_:80>
DocumentRoot "/www/default"
</VirtualHost>
<VirtualHost *:443>
ServerName 149.165.156.46
DocumentRoot "/www/default"
SSLEngine on
SSLCertificateFile "/etc/httpd/certificate.crt"
SSLCertificateKeyFile "/etc/httpd/certificate.key"
</VirtualHost>
{noformat}
> Invalid HTTP_HOST header: 'django.simccs.scigap.org'. You may need to add
> 'django.simccs.scigap.org' to ALLOWED_HOSTS.
> ----------------------------------------------------------------------------------------------------------------------
>
> Key: AIRAVATA-3027
> URL: https://issues.apache.org/jira/browse/AIRAVATA-3027
> Project: Airavata
> Issue Type: Project
> Reporter: Marcus Christie
> Assignee: Marcus Christie
> Priority: Major
>
> Getting lots of these error emails. I think the root cause is that HTTP
> requests on the portal server are matching some virtual host that isn't
> configured for that domain name. So for example, we might have a virtual host
> for django.example.com, another one for django.example2.org, etc. but then an
> HTTP request comes in for the servers IP address and Apache forwards the
> request to one of the Django servers.
> Ultimately what I want is to configure a default virtual host in Apache that
> rejects a request for a non-matching domain name.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
