Re: [users@httpd] Problem setting up ssl

2018-08-12 Thread Elias Pereira 
In ports.conf have a 443 port listen configured? You enable mod_ssl with
a2enmod mod_ssl?

On Sun, Aug 12, 2018 at 2:52 PM Mahmood Naderan
 wrote:

> Hi,
>
> I am totally confused with the configuration of ssl via apache2. The
> server's page is reachable by an IP address. So, when I enter
> http://w.x.y.z I am able to see the web page and the content of
> /etc/apache2/sites-available/000-default.conf is
>
>
> DocumentRoot /var/www/html
> 
>  Options FollowSymLinks
>  AllowOverride All
>  Order allow,deny
>  allow from all
> 
>
>
>
> Now, what I do for the ssl is to first comment the above lines (because
> the virtualhost is on port 80). Then I paste the above lines in
> /etc/apache2/sites-available/default-ssl.conf and the content is shown
> below. Please note that the certificates were obtained by the network admin
> and are valid because the main website has FQDN.
>
>
> 
> 
> ServerAdmin webmaster@localhost
> DocumentRoot /var/www/html
> 
>  Options FollowSymLinks
>  AllowOverride All
>  Order allow,deny
>  allow from all
> 
> LogLevel debug ssl:warn
>
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
>
> SSLCertificateFile
> /home/mahmood/certi/certificate-standard_wildcard.SOMEWHERE.COM.crt
> SSLCertificateKeyFile
> /home/mahmood/certi/certificate-standard_wildcard. SOMEWHERE.COM.key
> SSLCertificateChainFile
> /home/mahmood/certi/intermediate.crt
> SSLEngine on
>
> 
> SSLOptions +StdEnvVars
> 
> 
> SSLOptions +StdEnvVars
> 
> 
> 
>
>
>
>
>
> I also paste the following entries in /var/www/html/.htaccess
>
>
> RewriteEngine onRewriteCond %{SERVER_PORT} 443
> RewriteCond %{HTTP_HOST} ^(subdomain\.)?SOMEWHERE\.COMRewriteRule
> ^(.*)$ https://subdomain.SOMEWHERE.COM/$1 [R,L]
>
>
> The firewall status also looks fine
>
>
> root@webshub:~# ufw status
> Status: active
> To Action  From
> -- --  
> Apache FullALLOW   Anywhere
> OpenSSHALLOW   Anywhere
> 20/tcp ALLOW   Anywhere
> 21/tcp ALLOW   Anywhere
> 990/tcpALLOW   Anywhere
> 4:5/tcpALLOW   Anywhere
> Apache Full (v6)   ALLOW   Anywhere (v6)
> OpenSSH (v6)   ALLOW   Anywhere (v6)
> 20/tcp (v6)ALLOW   Anywhere (v6)
> 21/tcp (v6)ALLOW   Anywhere (v6)
> 990/tcp (v6)   ALLOW   Anywhere (v6)
> 4:5/tcp (v6)   ALLOW   Anywhere (v6)
>
>
>
>
> After restarting apache2 service, still I see that http://w.x.y.z works
> but https://w.x.y.z is unreachable with the browser.
>
>
> Any thought is welcomed.
>
>
>
> Regards,
> Mahmood
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

-- 
Elias Pereira

Re: [users@httpd] ntml ath for non-ad users

2018-03-09 Thread Elias Pereira 
Thanks Daniel for your help!!!

Where can I get a complete user-agent list?

NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"

On Fri, Mar 9, 2018 at 6:06 AM, Daniel Ferradal <dferra...@apache.org>
wrote:

> Perhaps you can try checking for user-agent or something more
> sensitive for you to try to guess if for those cases you want to allow
> access, but from a security standpoint you will be defeating the
> purpose of having any kind of auth altogether in that path.
>
> Or perhaps you should try to base your auth in something all users can
> use, such as basic auth.
>
> 2018-03-08 12:01 GMT+01:00 Elias Pereira <empbi...@gmail.com>:
> > Hi folks,
> >
> > I configured a webservice with ntlm authentication through the
> > auth_ntlm_winbind module and it is working correctly. It happens that
> users
> > attempting to access the service without being in the domain can not
> access
> > it.
> >
> > Have any way to bypass the non-AD user auth in apache?
> >
> > Eg: Users (like me :D) that use linux as work machine
> >
> > --
> > Elias Pereira
>
>
>
> --
> Daniel Ferradal
> HTTPD Project
> #httpd help at Freenode
>
> -----
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>


-- 
Elias Pereira

[users@httpd] ntml ath for non-ad users

2018-03-08 Thread Elias Pereira 
Hi folks,

I configured a webservice with ntlm authentication through the
auth_ntlm_winbind module and it is working correctly. It happens that users
attempting to access the service without being in the domain can not access
it.

Have any way to bypass the non-AD user auth in apache?

Eg: Users (like me :D) that use linux as work machine

-- 
Elias Pereira