+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega International Area (/forum-22.html)
+--- Forum: German Corner (/forum-26.html)
+--- Thread: GNUTLS + Debian ??? (/thread-14775.html)
GNUTLS + Debian ??? - yakovlev - 07-14-2011 05:22 PM
Hallo,
habe folgendes Problem:
1. Zertifikat ordnungsgemäß installiert, der funktioniert auch: https://www.anroshop.de
2. Nur trift folgende Meldung bei ssl.log:
"GnuTLS: Handshake Failed (-9) 'A TLS packet with unexpected length was received.'"
3. Bei php Scripten - Error 403.
4. Ich komme nur bei config nicht so klar. Habe verschiedene vom Forum ausprobiert, keiner scheint zu funktionieren:
PHP Code:
<VirtualHost anroshop.de:443>
ServerName anroshop.de:443
ServerAlias http://www.anroshop.de anroshop.de *.anroshop.de
GnuTLSEnable on
GnuTLSExportCertificates on
GnuTLSCacheTimeout 300
GnuTLSCertificateFile /etc/ssl/certs/*****.crt
GnuTLSKeyFile /etc/ssl/certs/******.key
GnuTLSPriorities NORMAL
DocumentRoot /var/www/virtual/anroshop.de/htdocs
##Testing
ErrorLog /var/www/virtual/anroshop.de/logs/ssl_log
CustomLog /var/www/virtual/anroshop.de/logs/acces_log common
<IfModule suexec_module>
SuexecUserGroup vu2005 vu2005
</IfModule>
ServerAdmin admin@anroshop.de
Alias /errors /var/www/virtual/anroshop.de/errors/
ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html
ErrorDocument 503 /errors/503.html
<IfModule mod_cband.c>
CBandUser anroshop.de
</IfModule>
# httpd awstats support BEGIN.
Alias /awstatsicons "/usr/share/awstats/icon/"
Alias /stats "/var/www/virtual/anroshop.de/statistics/"
<Directory "/var/www/virtual/anroshop.de/statistics">
AllowOverride AuthConfig
DirectoryIndex awstats.anroshop.de.html
Order allow,deny
Allow from all
</Directory>
<Location /stats>
AuthType Basic
AuthName "Statistics for domain anroshop.de"
AuthUserFile /var/www/virtual/anroshop.de/.htpasswd
AuthGroupFile /var/www/virtual/anroshop.de/.htgroup
Require group statistics
</Location>
# httpd awstats support END.
# httpd dmn entry cgi support BEGIN.
ScriptAlias /cgi-bin/ /var/www/virtual/anroshop.de/cgi-bin/
<Directory /var/www/virtual/anroshop.de/cgi-bin>
AllowOverride AuthConfig
#Options ExecCGI
Order allow,deny
Allow from all
</Directory>
# httpd dmn entry cgi support END.
<Directory /var/www/virtual/anroshop.de/htdocs>
# httpd dmn entry PHP support BEGIN.
# httpd dmn entry PHP support END.
Options -Indexes Includes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
# httpd dmn entry PHP2 support BEGIN.
<IfModule mod_php5.c>
php_admin_value open_basedir "/var/www/virtual/anroshop.de/:/var/www/virtual/anroshop.de/phptmp/:/usr/share/php/"
php_admin_value upload_tmp_dir "/var/www/virtual/anroshop.de/phptmp/"
php_admin_value session.save_path "/var/www/virtual/anroshop.de/phptmp/"
php_admin_value sendmail_path '/usr/sbin/sendmail -f vu2005 -t -i'
</IfModule>
<IfModule mod_fcgid.c>
<Directory /var/www/virtual/anroshop.de/htdocs>
FCGIWrapper /var/www/fcgi/anroshop.de/php5-fcgi-starter .php
Options +ExecCGI
</Directory>
<Directory "/var/www/virtual/anroshop.de/htdocs">
AllowOverride None
Options +ExecCGI MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
# httpd dmn entry PHP2 support END.
Include /etc/apache2/ispcp/anroshop.de.conf
</VirtualHost>
Include /etc/apache2/mods-available/fcgid_ispcp.conf
PS: Wenn ich den "Include /etc/apache2/mods-available/fcgid_ispcp.conf" rausnehme komplett bleibt das gleice. Wenn ich den doch nach "<IfModule mod_fcgid.c>" reinsetze, kommt:
root@n112h108:~# /etc/init.d/apache2 restart
Syntax error on line 29 of /etc/apache2/mods-available/fcgid_ispcp.conf:
SocketPath cannot occur within <VirtualHost> section
Action 'configtest' failed.
The Apache error log may have more information.
failed!
Danke im Voraus!
Wenn ich das ganze mit " checke, kommt raus:
apache2ctl -t -D DUMP_VHOSTS 2>&1 | less
PHP Code:
VirtualHost configuration:
127.0.0.1:80 is a NameVirtualHost
default server w3.dayz.eu.local (/etc/apache2/sites-enabled/01_awstats.conf:36)
port 80 namevhost w3.dayz.eu.local (/etc/apache2/sites-enabled/01_awstats.conf:36)
213.73.112.108:80 is a NameVirtualHost
default server w3.dayz.eu (/etc/apache2/sites-enabled/00_master.conf:31)
port 80 namevhost w3.dayz.eu (/etc/apache2/sites-enabled/00_master.conf:31)
port 80 namevhost anroshop.de (/etc/apache2/sites-enabled/ispcp.conf:73)
port 80 namevhost melcherimmobilien.de (/etc/apache2/sites-enabled/ispcp.conf:201)
port 80 namevhost dayz.eu (/etc/apache2/sites-enabled/ispcp.conf:329)
port 80 namevhost anrotrade.eu (/etc/apache2/sites-enabled/ispcp.conf:457)
port 80 namevhost shop.anrotrade.eu (/etc/apache2/sites-enabled/ispcp.conf:570)
213.73.112.108:443 anroshop.de (/etc/apache2/sites-enabled/02_ssl.conf:1)
Syntax OK
RE: GNUTLS + Debian ??? - tomhb - 07-15-2011 01:05 AM
(07-14-2011 05:22 PM)yakovlev Wrote: Hallo,
habe folgendes Problem:
1. Zertifikat ordnungsgemäß installiert, der funktioniert auch: https://www.anroshop.de
Funktionieren wuerde ich das aber nicht nennen...
Quote:<VirtualHost anroshop.de:443>
ServerName anroshop.de:443
ServerAlias http://www.anroshop.de anroshop.de *.anroshop.de
Code:
<VirtualHost 1.2.3.4:443>
ServerName anroshop.de
ServerAlias www.anroshop.de anroshop.de *.anroshop.deQuote:GnuTLSEnable on
GnuTLSExportCertificates on
GnuTLSCacheTimeout 300
GnuTLSCertificateFile /etc/ssl/certs/*****.crt
GnuTLSKeyFile /etc/ssl/certs/******.key
GnuTLSPriorities NORMAL
Code:
<IfModule mod_gnutls.c>
GnuTLSEnable on
GnuTLSPriorities SECURE:!MD5
GnuTLSCertificateFile /etc/ssl/certs/*****.crt
GnuTLSKeyFile /etc/ssl/certs/******.key
</IfModule>Versuche es erst einmal damit. Ansonsten waeren Eintraege vom LogFiles
hilfreich, denn da steht normaler drin, was nicht will.
Gruss Tom
RE: GNUTLS + Debian ??? - yakovlev - 07-15-2011 04:12 AM
Vielen Dank für die Antwort!
Habe deine Korrekturen ausprobiert. nix.
Noch mal Config:
PHP Code:
<VirtualHost 213.73.112.108:443>
ServerName anroshop.de:443
ServerAlias www.anroshop.de anroshop.de *.anroshop.de
<IfModule mod_gnutls.c>
GnuTLSEnable on
GnuTLSPriorities SECURE:!MD5
GnuTLSCertificateFile /etc/ssl/certs/********.crt
GnuTLSKeyFile /etc/ssl/certs/********.key
</IfModule>
DocumentRoot /var/www/virtual/anroshop.de/htdocs
##Testing
ErrorLog /var/www/virtual/anroshop.de/logs/ssl_log
CustomLog /var/www/virtual/anroshop.de/logs/acces_log common
<IfModule suexec_module>
SuexecUserGroup vu2005 vu2005
</IfModule>
ServerAdmin admin@anroshop.de
Alias /errors /var/www/virtual/anroshop.de/errors/
ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html
ErrorDocument 503 /errors/503.html
<IfModule mod_cband.c>
CBandUser anroshop.de
</IfModule>
# httpd awstats support BEGIN.
Alias /awstatsicons "/usr/share/awstats/icon/"
Alias /stats "/var/www/virtual/anroshop.de/statistics/"
<Directory "/var/www/virtual/anroshop.de/statistics">
AllowOverride AuthConfig
DirectoryIndex awstats.anroshop.de.html
Order allow,deny
Allow from all
</Directory>
<Location /stats>
AuthType Basic
AuthName "Statistics for domain anroshop.de"
AuthUserFile /var/www/virtual/anroshop.de/.htpasswd
AuthGroupFile /var/www/virtual/anroshop.de/.htgroup
Require group statistics
</Location>
# httpd awstats support END.
# httpd dmn entry cgi support BEGIN.
ScriptAlias /cgi-bin/ /var/www/virtual/anroshop.de/cgi-bin/
<Directory /var/www/virtual/anroshop.de/cgi-bin>
AllowOverride AuthConfig
#Options ExecCGI
Order allow,deny
Allow from all
</Directory>
# httpd dmn entry cgi support END.
<Directory /var/www/virtual/anroshop.de/htdocs>
# httpd dmn entry PHP support BEGIN.
# httpd dmn entry PHP support END.
Options -Indexes Includes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
# httpd dmn entry PHP2 support BEGIN.
<IfModule mod_php5.c>
php_admin_value open_basedir "/var/www/virtual/anroshop.de/:/var/www/virtual/anroshop.de/phptmp/:/usr/share/php/"
php_admin_value upload_tmp_dir "/var/www/virtual/anroshop.de/phptmp/"
php_admin_value session.save_path "/var/www/virtual/anroshop.de/phptmp/"
php_admin_value sendmail_path '/usr/sbin/sendmail -f vu2005 -t -i'
</IfModule>
<IfModule mod_fcgid.c>
<Directory /var/www/virtual/anroshop.de/htdocs>
FCGIWrapper /var/www/fcgi/anroshop.de/php5-fcgi-starter .php
Options +ExecCGI
</Directory>
<Directory "/var/www/virtual/anroshop.de/htdocs">
AllowOverride None
Options +ExecCGI MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
# httpd dmn entry PHP2 support END.
Include /etc/apache2/ispcp/anroshop.de.conf
</VirtualHost>
hier sind logs, von dieser Konfiguration!
Quote:[Thu Jul 14 20:08:06 2011] [error] [client 85.180.62.62] GnuTLS: Handshake Failed (-9) 'A TLS packet with unexpected length was received.'
[Thu Jul 14 20:08:06 2011] [error] [client 85.180.62.62] GnuTLS: Handshake Failed (-9) 'A TLS packet with unexpected length was received.'
[Thu Jul 14 20:09:42 2011] [error] [client 85.180.62.62] GnuTLS: Handshake Failed (-9) 'A TLS packet with unexpected length was received.'
[Thu Jul 14 20:09:42 2011] [error] [client 85.180.62.62] GnuTLS: Handshake Failed (-9) 'A TLS packet with unexpected length was received.'
Andere Ideen?
noch dazu Combined Log:
Quote:85.180.62.62 - - [14/Jul/2011:20:09:40 +0200] "GET / HTTP/1.1" 403 368 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:41 +0200] "GET /errors/inc/errordocs.js HTTP/1.1" 304 - "https://anroshop.de/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:41 +0200] "GET / HTTP/1.1" 403 368 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:42 +0200] "GET / HTTP/1.1" 403 368 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:43 +0200] "GET /errors/inc/errordocs.js HTTP/1.1" 304 - "https://anroshop.de/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:45 +0200] "GET / HTTP/1.1" 403 368 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:45 +0200] "GET /errors/inc/errordocs.css HTTP/1.1" 200 910 "https://anroshop.de/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:46 +0200] "GET /errors/inc/error_top.jpg HTTP/1.1" 304 - "https://anroshop.de/errors/inc/errordocs.css" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefo
85.180.62.62 - - [14/Jul/2011:20:09:48 +0200] "GET /new/images/img01.jpg HTTP/1.1" 200 11030 "https://anroshop.de/new/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:49 +0200] "GET /new/images/bg04.jpg HTTP/1.1" 200 794 "https://anroshop.de/new/style.css" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:49 +0200] "GET /new/images/bg03.jpg HTTP/1.1" 200 23362 "https://anroshop.de/new/style.css" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:51 +0200] "GET /new/images/img03.gif HTTP/1.1" 200 1367 "https://anroshop.de/new/style.css" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:52 +0200] "GET /new/ HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:52 +0200] "GET /new/style.css HTTP/1.1" 304 - "https://anroshop.de/new/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:54 +0200] "GET /new/images/bg04.jpg HTTP/1.1" 304 - "https://anroshop.de/new/style.css" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:55 +0200] "GET /new/images/img02.gif HTTP/1.1" 304 - "https://anroshop.de/new/style.css" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:55 +0200] "GET /new/images/bg06.jpg HTTP/1.1" 200 5441 "https://anroshop.de/new/style.css" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:57 +0200] "GET /new/images/img03.gif HTTP/1.1" 304 - "https://anroshop.de/new/style.css" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:58 +0200] "GET / HTTP/1.1" 403 368 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:58 +0200] "GET /errors/inc/errordocs.css HTTP/1.1" 304 - "https://anroshop.de/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:10:00 +0200] "GET /errors/inc/error_top.jpg HTTP/1.1" 304 - "https://anroshop.de/errors/inc/errordocs.css" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefo
85.180.62.62 - - [14/Jul/2011:20:10:01 +0200] "GET / HTTP/1.1" 403 368 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:10:01 +0200] "GET /errors/inc/errordocs.js HTTP/1.1" 200 688 "https://anroshop.de/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:10:03 +0200] "GET / HTTP/1.1" 403 368 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:10:04 +0200] "GET /errors/inc/errordocs.css HTTP/1.1" 200 910 "https://anroshop.de/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:10:04 +0200] "GET /errors/inc/error_top.jpg HTTP/1.1" 304 - "https://anroshop.de/errors/inc/errordocs.css" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefo
php files werden in meinem Fall nicht ausgeführt und dazu noch html sehr langsam: https://www.anroshop.de/new
RE: GNUTLS + Debian ??? - tomhb - 07-18-2011 08:38 AM
(07-15-2011 04:12 AM)yakovlev Wrote: ServerName anroshop.de:443
Code:
ServerName anroshop.de
Also bitte ohne Portangabe, ist aber nur Kosmetik.Quote:Andere Ideen?
$ dpkg -l libapache2-mod-gnutls
Welche Version ist installiert?
Gruss Tom
RE: GNUTLS + Debian ??? - yakovlev - 07-18-2011 06:58 PM
(07-18-2011 08:38 AM)tomhb Wrote:(07-15-2011 04:12 AM)yakovlev Wrote: ServerName anroshop.de:443
Code:
ServerName anroshop.de
Also bitte ohne Portangabe, ist aber nur Kosmetik.
Quote:Andere Ideen?
$ dpkg -l libapache2-mod-gnutls
Welche Version ist installiert?
Gruss Tom
libapache2-mod 0.5.6-1
RE: GNUTLS + Debian ??? - tomhb - 07-18-2011 08:45 PM
[/quote]
libapache2-mod 0.5.6-1
[/quote]
Lenny oder Squeeze?
Gruss Tom
RE: GNUTLS + Debian ??? - yakovlev - 07-18-2011 08:50 PM
libapache2-mod 0.5.6-1
[/quote]
Lenny oder Squeeze?
Gruss Tom
[/quote]
Description: Debian GNU/Linux 6.0.2 (squeeze)
Release: 6.0.2
Codename: squeeze
RE: GNUTLS + Debian ??? - yakovlev - 07-19-2011 10:28 PM
Also, ich hab's hingekriegt!
Falls jemand, gleiche Fehler hat, dass Apache sehr langsam unter https scheint.
in meinem Fall mit Debian 6 squeeze:
1. Deinstallation von libapache2-mod-gnutls
2. Runterladen von z.B. https://www.in.kernel.org/linux/debian/pool/main/m/mod-gnutls/libapache2-mod-gnutls_0.5.6-1+squeeze1_i386.deb
Ínstallation aus dem Package
Wow - its work's
Ursache also war, dass Debian standartmäsig mod_gnults ohne support für Squeeze installiert hat.