Hi all. Managed to solve the issue :)
Initially, I had been loading ssl-module manually in "/etc/apache2/sites-available/default". As a result, the condition check "<IfModule mod_ssl.c>" was not passing in "/etc/apache2/ports.conf". Now, I loaded the module via "a2enmod ssl"; thus causing the "<IfModule mod_ssl.c>" condition to be true throughout; which ultimately solved the issue - it opened port 443 for listening (which was embedded in the "<IfModule mod_ssl.c>" condition in "/etc/apache2/ports.conf"). Thanks and Regards, Ajay On Wed, Sep 5, 2012 at 5:14 PM, Ajay Garg <[email protected]> wrote: > Hi all. > > I have been able to setup WebDAV sharing on a server hosted on Fedora-14 > and Fedora-17. > However, when I try to do the same on a Debian Squeeze, I am unsuccessful. > > > Here is the relevant info that I think is important :: > > > === SETUP === > > * > Debian Squeeze is installed as a VM, on a Fedora-14 Virtualbox. > > * > Thus, Debian is the "Guest", while Fedora-14 is the "Host". > > > > > > > > > === CONFIG FILE ON DEBIAN VM === > > Following are the contents of "/etc/apache2/sites-available/default" :: > > > > ######################################################################################################### > <VirtualHost *:80> > ServerAdmin webmaster@localhost > ServerName ceibal.uy:80 > DocumentRoot /var/www/apache2-default/ > <Directory /> > Options FollowSymLinks > AllowOverride None > </Directory> > <Directory /var/www/apache2-default/> > Options Indexes FollowSymLinks MultiViews > AllowOverride None > Order allow,deny > Allow from 192.168.4.0/22 > </Directory> > > ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ > <Directory "/usr/lib/cgi-bin"> > AllowOverride None > Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch > Order allow,deny > Allow from 192.168.4.0/22 > </Directory> > > ErrorLog ${APACHE_LOG_DIR}/error.log > > # Possible values include: debug, info, notice, warn, error, crit, > # alert, emerg. > LogLevel warn > > CustomLog ${APACHE_LOG_DIR}/access.log combined > > Alias /doc/ "/usr/share/doc/" > <Directory "/usr/share/doc/"> > Options Indexes MultiViews FollowSymLinks > AllowOverride None > Order deny,allow > Allow from 192.168.4.0/22 > Deny from all > Allow from 127.0.0.0/255.0.0.0 ::1/128 > </Directory> > > </VirtualHost> > > > LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so > LoadModule dav_module /usr/lib/apache2/modules/mod_dav.so > > <VirtualHost *:443> > SSLEngine on > > DocumentRoot /var/www > <Directory /> > Options FollowSymLinks > AllowOverride None > </Directory> > <Directory /var/www/> > Options Indexes FollowSymLinks MultiViews > AllowOverride None > Order allow,deny > allow from all > </Directory> > > ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ > <Directory "/usr/lib/cgi-bin"> > AllowOverride None > Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch > Order allow,deny > Allow from all > </Directory> > > ErrorLog ${APACHE_LOG_DIR}/error.log > > # Possible values include: debug, info, notice, warn, error, crit, > # alert, emerg. > LogLevel warn > > CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined > > Alias /doc/ "/usr/share/doc/" > <Directory "/usr/share/doc/"> > Options Indexes MultiViews FollowSymLinks > AllowOverride None > Order deny,allow > Deny from all > Allow from 127.0.0.0/255.0.0.0 ::1/128 > </Directory> > > # SSL Engine Switch: > # Enable/Disable SSL for this virtual host. > SSLEngine on > > # A self-signed (snakeoil) certificate can be created by installing > # the ssl-cert package. See > # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. > # If both key and certificate are stored in the same file, only the > # SSLCertificateFile directive is needed. > SSLCertificateFile /root/ssl.crt > SSLCertificateKeyFile /root/ssl.key > > # Server Certificate Chain: > # Point SSLCertificateChainFile at a file containing the > # concatenation of PEM encoded CA certificates which form the > # certificate chain for the server certificate. Alternatively > # the referenced file can be the same as SSLCertificateFile > # when the CA certificates are directly appended to the server > # certificate for convinience. > #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt > > # Certificate Authority (CA): > # Set the CA certificate verification path where to find CA > # certificates for client authentication or alternatively one > # huge file containing all of them (file must be PEM encoded) > # Note: Inside SSLCACertificatePath you need hash symlinks > # to point to the certificate files. Use the provided > # Makefile to update the hash symlinks after changes. > #SSLCACertificatePath /etc/ssl/certs/ > #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt > > # Certificate Revocation Lists (CRL): > # Set the CA revocation path where to find CA CRLs for client > # authentication or alternatively one huge file containing all > # of them (file must be PEM encoded) > # Note: Inside SSLCARevocationPath you need hash symlinks > # to point to the certificate files. Use the provided > # Makefile to update the hash symlinks after changes. > #SSLCARevocationPath /etc/apache2/ssl.crl/ > #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl > > # Client Authentication (Type): > # Client certificate verification type and depth. Types are > # none, optional, require and optional_no_ca. Depth is a > # number which specifies how deeply to verify the certificate > # issuer chain before deciding the certificate is not valid. > #SSLVerifyClient require > #SSLVerifyDepth 10 > > # Access Control: > # With SSLRequire you can do per-directory access control based > # on arbitrary complex boolean expressions containing server > # variable checks and other lookup directives. The syntax is a > # mixture between C and Perl. See the mod_ssl documentation > # for more details. > #<Location /> > #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ > # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ > # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ > # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ > # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ > # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ > #</Location> > > # SSL Engine Options: > # Set various options for the SSL engine. > # o FakeBasicAuth: > # Translate the client X.509 into a Basic Authorisation. This > means that > # the standard Auth/DBMAuth methods can be used for access > control. The > # user name is the `one line' version of the client's X.509 > certificate. > # Note that no password is obtained from the user. Every entry in > the user > # file needs this password: `xxj31ZMTZzkVA'. > # o ExportCertData: > # This exports two additional environment variables: > SSL_CLIENT_CERT and > # SSL_SERVER_CERT. These contain the PEM-encoded certificates of > the > # server (always existing) and the client (only existing when > client > # authentication is used). This can be used to import the > certificates > # into CGI scripts. > # o StdEnvVars: > # This exports the standard SSL/TLS related `SSL_*' environment > variables. > # Per default this exportation is switched off for performance > reasons, > # because the extraction step is an expensive operation and is > usually > # useless for serving static content. So one usually enables the > # exportation for CGI and SSI requests only. > # o StrictRequire: > # This denies access when "SSLRequireSSL" or "SSLRequire" applied > even > # under a "Satisfy any" situation, i.e. when it applies access is > denied > # and no other module can change it. > # o OptRenegotiate: > # This enables optimized SSL connection renegotiation handling > when SSL > # directives are used in per-directory context. > #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire > <FilesMatch "\.(cgi|shtml|phtml|php)$"> > SSLOptions +StdEnvVars > </FilesMatch> > <Directory /usr/lib/cgi-bin> > SSLOptions +StdEnvVars > </Directory> > > # SSL Protocol Adjustments: > # The safe and default but still SSL/TLS standard compliant shutdown > # approach is that mod_ssl sends the close notify alert but doesn't > wait for > # the close notify alert from client. When you need a different > shutdown > # approach you can use one of the following variables: > # o ssl-unclean-shutdown: > # This forces an unclean shutdown when the connection is closed, > i.e. no > # SSL close notify alert is send or allowed to received. This > violates > # the SSL/TLS standard but is needed for some brain-dead browsers. > Use > # this when you receive I/O errors because of the standard > approach where > # mod_ssl sends the close notify alert. > # o ssl-accurate-shutdown: > # This forces an accurate shutdown when the connection is closed, > i.e. a > # SSL close notify alert is send and mod_ssl waits for the close > notify > # alert of the client. This is 100% SSL/TLS standard compliant, > but in > # practice often causes hanging connections with brain-dead > browsers. Use > # this only for browsers where you know that their SSL > implementation > # works correctly. > # Notice: Most problems of broken clients are also related to the > HTTP > # keep-alive facility, so you usually additionally want to disable > # keep-alive for those clients, too. Use variable "nokeepalive" for > this. > # Similarly, one has to force some clients to use HTTP/1.0 to > workaround > # their broken HTTP/1.1 implementation. Use variables > "downgrade-1.0" and > # "force-response-1.0" for this. > BrowserMatch "MSIE [2-6]" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > # MSIE 7 and newer should be able to use keepalive > BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown > > > > # DocumentRoot /var/www/web1/web > <Directory /var/www/web1/web/> > Options Indexes MultiViews > AllowOverride None > Order allow,deny > allow from all > </Directory> > > Alias /webdav /var/www/web1/web > > <Location /webdav> > DAV On > AuthType Basic > AuthName "webdav" > AuthUserFile /var/www/web1/passwd.dav > Require valid-user > </Location> > > </VirtualHost> > > ######################################################################################################### > > > > > > > > === OUTPUT, WHEN I RESTART APACHE2 ON DEBIAN VM === > > Command Run ==> "/etc/init.d/apache2 restart" > > > > ######################################################################################################### > Restarting web server: apache2[Wed Sep 05 08:29:09 2012] [warn] module > dav_module is already loaded, skipping > [Wed Sep 05 08:29:09 2012] [warn] module wsgi_module is already loaded, > skipping > apache2: Could not reliably determine the server's fully qualified domain > name, using 127.0.1.1 for ServerName > ... waiting [Wed Sep 05 08:29:10 2012] [warn] module dav_module is > already loaded, skipping > [Wed Sep 05 08:29:10 2012] [warn] module wsgi_module is already loaded, > skipping > apache2: Could not reliably determine the server's fully qualified domain > name, using 127.0.1.1 for ServerName. > > ######################################################################################################### > > > > > > > === OUTPUT OF NETSTAT, TO SEE WHAT PORTS ARE BEING LISTENED ON === > > Command Run ==> "netstat -plunt | fgrep 443" > > > > > ######################################################################################################### > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< EMPTY > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> > > ######################################################################################################### > > > > > > > === TELNET OBSERVATIONS === > > On the VM, > > * > telnet open 127.0.0.1 80 ==> successful (although I later get the > "Permission Denied" message, due to only specific IPs being allowed). > > > * > telnet open 127.0.0.1 443 ==> Connection Refused (right away). > > > > > ===================================================================================== > > > > Please let me know if any other info is required, that may help isolate > the issue. > > Looking forward to a reply. > > > > Thanks and Regards, > Ajay >
