Ever have one of those days where after staring at the configuration for hours you don’t see what you are doing wrong? I am having that kind of day. I browse to the URLs https://evumail8prd01.ci.northwestern.edu/activate and https://evumail8prd01.ci.northwestern.edu/manage and all I get is a 404 error. Nothing usable in the logs. I know I am missing something simple but the issue is escaping me. The configuration is stolen from the existing RHEL 6 & Apache 2.2 instance combined with the Mozilla template from https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=modern&openssl=1.1.1k&ocsp=false&guideline=5.7 now on RHEL 8 & Apache 2.4
Please help! My configuration: # generated 2023-06-08, Mozilla Guideline v5.7, Apache 2.4.41, OpenSSL 1.1.1k, modern configuration # https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=modern&openssl=1.1.1k&guideline=5.7 # modern configuration SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2 SSLHonorCipherOrder off SSLSessionTickets off SSLUseStapling Off SSLStaplingCache "shmcb:logs/ssl_stapling(32768)" # this configuration requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers <VirtualHost *:80> RewriteEngine On RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/ RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] </VirtualHost> <VirtualHost *:443> ServerName evumail8prd01.ci.northwestern.edu ServerName evumail.northwestern.edu ServerName umail.northwestern.edu DocumentRoot /var/www/html ScriptAlias /cgi-bin /var/www/cgi-bi RewriteEngine on # RewriteRule ^/activate /umail3/netid.php?r=a [R] # RewriteRule ^/manage /umail3/netid.php?r=m [R] LogLevel alert rewrite:trace6 RedirectMatch permanent ^/activate$ "https://evumail8prd01.ci.northwestern.edu/umail3/netid.php?r=a"; RedirectMatch permanent ^/manage$ "https://evumail8prd01.ci.northwestern.edu/umail3/netid.php?r=m"; <Directory /var/www/html> Options -Indexes </Directory> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars Options -Indexes </Directory> DirectorySlash On <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> # Qualys Header always append X-Frame-Options SAMEORIGIN # Tenable Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure # enable HTTP/2, if available Protocols h2 http/1.1 # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) Header always set Strict-Transport-Security "max-age=63072000" ErrorLog logs/ssl_error_log #LogLevel debug CustomLog logs/ssl_agent_log agent CustomLog logs/ssl_referer_log referer TransferLog logs/ssl_access_log CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" SSLEngine on SSLCertificateFile /etc/httpd/certs/evumail8prd01_ci_northwestern_edu_cert.cer SSLCertificateKeyFile /etc/httpd/certs/evumail8prd01_ci_northwestern_edu.key </VirtualHost> <VirtualHost *:80> ServerName u.northwestern.edu ServerAlias www.u.northwestern.edu Redirect / https://mail.google.com/a/u.northwestern.edu/ </VirtualHost> <VirtualHost *:443> ServerName u.northwestern.edu ServerAlias www.u.northwestern.edu Redirect / https://mail.google.com/a/u.northwestern.edu/ </VirtualHost> Darryl Baker, GSEC, GCLD (he/him/his) Sr. System Administratorhttps://evumail8prd01.ci.northwestern.edu/activate Distributed Application Platform Services Northwestern University 4th Floor 2020 Ridge Avenue Evanston, IL 60208-0801 darryl.ba...@northwestern.edu<mailto:darryl.ba...@northwestern.edu> (847) 467-6674<tel:+18474676674>
