Current time: 11-16-2024, 09:13 AM Hello There, Guest! (LoginRegister)


Post Reply 
GNUTLS + Debian ???
Author Message
yakovlev Offline
Newbie
*

Posts: 8
Joined: Jul 2011
Reputation: 0
Post: #1
GNUTLS + Debian ???
Hallo,

habe folgendes Problem:
1. Zertifikat ordnungsgemäß installiert, der funktioniert auch: https://www.anroshop.de
2. Nur trift folgende Meldung bei ssl.log:
"GnuTLS: Handshake Failed (-9) 'A TLS packet with unexpected length was received.'"
3. Bei php Scripten - Error 403.
4. Ich komme nur bei config nicht so klar. Habe verschiedene vom Forum ausprobiert, keiner scheint zu funktionieren:
PHP Code:
<VirtualHost anroshop.de:443>

ServerName anroshop.de:443

ServerAlias http
://www.anroshop.de anroshop.de *.anroshop.de
GnuTLSEnable on
GnuTLSExportCertificates on
GnuTLSCacheTimeout 300
GnuTLSCertificateFile 
/etc/ssl/certs/*****.crt
GnuTLSKeyFile /etc/ssl/certs/******.key
GnuTLSPriorities NORMAL

DocumentRoot /var/www/virtual/anroshop.de/htdocs
##Testing
ErrorLog /var/www/virtual/anroshop.de/logs/ssl_log
CustomLog /var/www/virtual/anroshop.de/logs/acces_log common

<IfModule suexec_module>
  SuexecUserGroup vu2005 vu2005
</IfModule>

ServerAdmin     admin@anroshop.de
Alias /errors    /var/www/virtual/anroshop.de/errors/

    ErrorDocument 401 /errors/401.html
    ErrorDocument 403 /errors/403.html
    ErrorDocument 404 /errors/404.html
    ErrorDocument 500 /errors/500.html
    ErrorDocument 503 /errors/503.html

<IfModule mod_cband.c>
CBandUser anroshop.de
</IfModule>

    # httpd awstats support BEGIN.

    Alias /awstatsicons     "/usr/share/awstats/icon/"
    Alias /stats            "/var/www/virtual/anroshop.de/statistics/"

    <Directory "/var/www/virtual/anroshop.de/statistics">
        AllowOverride AuthConfig
        DirectoryIndex awstats.anroshop.de.html
        Order allow,deny
        Allow from all
    </Directory>

    <Location /stats>
        AuthType Basic
        AuthName "Statistics for domain anroshop.de"
        AuthUserFile /var/www/virtual/anroshop.de/.htpasswd
        AuthGroupFile /var/www/virtual/anroshop.de/.htgroup
        Require group statistics
    </Location>

   # httpd awstats support END.
 # httpd dmn entry cgi support BEGIN.
    ScriptAlias /cgi-bin/ /var/www/virtual/anroshop.de/cgi-bin/
  <Directory /var/www/virtual/anroshop.de/cgi-bin>
        AllowOverride AuthConfig
        #Options ExecCGI
        Order allow,deny
        Allow from all
    </Directory>
    # httpd dmn entry cgi support END.

    <Directory /var/www/virtual/anroshop.de/htdocs>
        # httpd dmn entry PHP support BEGIN.
        # httpd dmn entry PHP support END.
        Options -Indexes Includes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    # httpd dmn entry PHP2 support BEGIN.
    <IfModule mod_php5.c>
        php_admin_value open_basedir "/var/www/virtual/anroshop.de/:/var/www/virtual/anroshop.de/phptmp/:/usr/share/php/"
        php_admin_value upload_tmp_dir "/var/www/virtual/anroshop.de/phptmp/"
        php_admin_value session.save_path "/var/www/virtual/anroshop.de/phptmp/"
        php_admin_value sendmail_path '/usr/sbin/sendmail -f vu2005 -t -i'
    </IfModule>

    <IfModule mod_fcgid.c>

        <Directory /var/www/virtual/anroshop.de/htdocs>
            FCGIWrapper /var/www/fcgi/anroshop.de/php5-fcgi-starter .php
            Options +ExecCGI
        </Directory>
        <Directory "/var/www/virtual/anroshop.de/htdocs">
            AllowOverride None
            Options +ExecCGI MultiViews -Indexes
            Order allow,deny
            Allow from all
        </Directory>
    </IfModule>
    # httpd dmn entry PHP2 support END.

    Include /etc/apache2/ispcp/anroshop.de.conf
</VirtualHost>
Include /etc/apache2/mods-available/fcgid_ispcp.conf 
Bitte um Rat, da ich schon 2 Tage damit verbracht habe dies selber zu beheben.
PS: Wenn ich den "Include /etc/apache2/mods-available/fcgid_ispcp.conf" rausnehme komplett bleibt das gleice. Wenn ich den doch nach "<IfModule mod_fcgid.c>" reinsetze, kommt:
root@n112h108:~# /etc/init.d/apache2 restart
Syntax error on line 29 of /etc/apache2/mods-available/fcgid_ispcp.conf:
SocketPath cannot occur within <VirtualHost> section
Action 'configtest' failed.
The Apache error log may have more information.
failed!
Danke im Voraus!

Wenn ich das ganze mit " checke, kommt raus:
apache2ctl -t -D DUMP_VHOSTS 2>&1 | less
PHP Code:
VirtualHost configuration:
127.0.0.1:80           is a NameVirtualHost
         
default server w3.dayz.eu.local (/etc/apache2/sites-enabled/01_awstats.conf:36)
         
port 80 namevhost w3.dayz.eu.local (/etc/apache2/sites-enabled/01_awstats.conf:36)
213.73.112.108:80      is a NameVirtualHost
         
default server w3.dayz.eu (/etc/apache2/sites-enabled/00_master.conf:31)
         
port 80 namevhost w3.dayz.eu (/etc/apache2/sites-enabled/00_master.conf:31)
         
port 80 namevhost anroshop.de (/etc/apache2/sites-enabled/ispcp.conf:73)
         
port 80 namevhost melcherimmobilien.de (/etc/apache2/sites-enabled/ispcp.conf:201)
         
port 80 namevhost dayz.eu (/etc/apache2/sites-enabled/ispcp.conf:329)
         
port 80 namevhost anrotrade.eu (/etc/apache2/sites-enabled/ispcp.conf:457)
         
port 80 namevhost shop.anrotrade.eu (/etc/apache2/sites-enabled/ispcp.conf:570)
213.73.112.108:443     anroshop.de (/etc/apache2/sites-enabled/02_ssl.conf:1)
Syntax OK 
(This post was last modified: 07-14-2011 05:29 PM by yakovlev.)
07-14-2011 05:22 PM
Find all posts by this user Quote this message in a reply
tomhb Offline
Member
***

Posts: 336
Joined: Apr 2010
Reputation: 4
Post: #2
RE: GNUTLS + Debian ???
(07-14-2011 05:22 PM)yakovlev Wrote:  Hallo,

habe folgendes Problem:
1. Zertifikat ordnungsgemäß installiert, der funktioniert auch: https://www.anroshop.de

Funktionieren wuerde ich das aber nicht nennen...

Quote:<VirtualHost anroshop.de:443>
ServerName anroshop.de:443
ServerAlias http://www.anroshop.de anroshop.de *.anroshop.de

Code:
<VirtualHost 1.2.3.4:443>
ServerName anroshop.de
ServerAlias www.anroshop.de anroshop.de *.anroshop.de


Quote:GnuTLSEnable on
GnuTLSExportCertificates on
GnuTLSCacheTimeout 300
GnuTLSCertificateFile /etc/ssl/certs/*****.crt
GnuTLSKeyFile /etc/ssl/certs/******.key
GnuTLSPriorities NORMAL

Code:
<IfModule mod_gnutls.c>
                GnuTLSEnable on
                GnuTLSPriorities SECURE:!MD5
                GnuTLSCertificateFile /etc/ssl/certs/*****.crt
                GnuTLSKeyFile /etc/ssl/certs/******.key
  </IfModule>

Versuche es erst einmal damit. Ansonsten waeren Eintraege vom LogFiles
hilfreich, denn da steht normaler drin, was nicht will.


Gruss Tom


(This post was last modified: 07-15-2011 01:12 AM by tomhb.)
07-15-2011 01:05 AM
Find all posts by this user Quote this message in a reply
yakovlev Offline
Newbie
*

Posts: 8
Joined: Jul 2011
Reputation: 0
Post: #3
RE: GNUTLS + Debian ???
Vielen Dank für die Antwort!

Habe deine Korrekturen ausprobiert. nix.
Noch mal Config:
PHP Code:
<VirtualHost 213.73.112.108:443>

ServerName anroshop.de:443

ServerAlias www
.anroshop.de anroshop.de *.anroshop.de

<IfModule mod_gnutls.c>
                
GnuTLSEnable on
                GnuTLSPriorities SECURE
:!MD5
                GnuTLSCertificateFile 
/etc/ssl/certs/********.crt
                GnuTLSKeyFile /etc/ssl/certs/********.key
  </IfModule>

DocumentRoot /var/www/virtual/anroshop.de/htdocs
##Testing
ErrorLog /var/www/virtual/anroshop.de/logs/ssl_log
CustomLog /var/www/virtual/anroshop.de/logs/acces_log common

<IfModule suexec_module>
  SuexecUserGroup vu2005 vu2005
</IfModule>

ServerAdmin     admin@anroshop.de
Alias /errors    /var/www/virtual/anroshop.de/errors/

    ErrorDocument 401 /errors/401.html
    ErrorDocument 403 /errors/403.html
    ErrorDocument 404 /errors/404.html
    ErrorDocument 500 /errors/500.html
    ErrorDocument 503 /errors/503.html

<IfModule mod_cband.c>
CBandUser anroshop.de
</IfModule>

    # httpd awstats support BEGIN.

    Alias /awstatsicons     "/usr/share/awstats/icon/"
    Alias /stats            "/var/www/virtual/anroshop.de/statistics/"

    <Directory "/var/www/virtual/anroshop.de/statistics">
        AllowOverride AuthConfig
        DirectoryIndex awstats.anroshop.de.html
        Order allow,deny
        Allow from all
    </Directory>

    <Location /stats>
        AuthType Basic
        AuthName "Statistics for domain anroshop.de"
        AuthUserFile /var/www/virtual/anroshop.de/.htpasswd
        AuthGroupFile /var/www/virtual/anroshop.de/.htgroup
        Require group statistics
    </Location>

   # httpd awstats support END.
 # httpd dmn entry cgi support BEGIN.

    ScriptAlias /cgi-bin/ /var/www/virtual/anroshop.de/cgi-bin/
  <Directory /var/www/virtual/anroshop.de/cgi-bin>
        AllowOverride AuthConfig
        #Options ExecCGI
        Order allow,deny
        Allow from all
    </Directory>
    # httpd dmn entry cgi support END.

    <Directory /var/www/virtual/anroshop.de/htdocs>
        # httpd dmn entry PHP support BEGIN.
        # httpd dmn entry PHP support END.
        Options -Indexes Includes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    # httpd dmn entry PHP2 support BEGIN.
    <IfModule mod_php5.c>
        php_admin_value open_basedir "/var/www/virtual/anroshop.de/:/var/www/virtual/anroshop.de/phptmp/:/usr/share/php/"
        php_admin_value upload_tmp_dir "/var/www/virtual/anroshop.de/phptmp/"
        php_admin_value session.save_path "/var/www/virtual/anroshop.de/phptmp/"
        php_admin_value sendmail_path '/usr/sbin/sendmail -f vu2005 -t -i'
    </IfModule>

    <IfModule mod_fcgid.c>

        <Directory /var/www/virtual/anroshop.de/htdocs>
            FCGIWrapper /var/www/fcgi/anroshop.de/php5-fcgi-starter .php
            Options +ExecCGI
        </Directory>
        <Directory "/var/www/virtual/anroshop.de/htdocs">
            AllowOverride None
            Options +ExecCGI MultiViews -Indexes
            Order allow,deny
            Allow from all
        </Directory>
    </IfModule>
    # httpd dmn entry PHP2 support END.

    Include /etc/apache2/ispcp/anroshop.de.conf
</VirtualHost> 

hier sind logs, von dieser Konfiguration!
Quote:[Thu Jul 14 20:08:06 2011] [error] [client 85.180.62.62] GnuTLS: Handshake Failed (-9) 'A TLS packet with unexpected length was received.'
[Thu Jul 14 20:08:06 2011] [error] [client 85.180.62.62] GnuTLS: Handshake Failed (-9) 'A TLS packet with unexpected length was received.'
[Thu Jul 14 20:09:42 2011] [error] [client 85.180.62.62] GnuTLS: Handshake Failed (-9) 'A TLS packet with unexpected length was received.'
[Thu Jul 14 20:09:42 2011] [error] [client 85.180.62.62] GnuTLS: Handshake Failed (-9) 'A TLS packet with unexpected length was received.'

Andere Ideen?


noch dazu Combined Log:
Quote:85.180.62.62 - - [14/Jul/2011:20:09:40 +0200] "GET / HTTP/1.1" 403 368 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:41 +0200] "GET /errors/inc/errordocs.js HTTP/1.1" 304 - "https://anroshop.de/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:41 +0200] "GET / HTTP/1.1" 403 368 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:42 +0200] "GET / HTTP/1.1" 403 368 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:43 +0200] "GET /errors/inc/errordocs.js HTTP/1.1" 304 - "https://anroshop.de/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:45 +0200] "GET / HTTP/1.1" 403 368 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:45 +0200] "GET /errors/inc/errordocs.css HTTP/1.1" 200 910 "https://anroshop.de/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:46 +0200] "GET /errors/inc/error_top.jpg HTTP/1.1" 304 - "https://anroshop.de/errors/inc/errordocs.css" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefo
85.180.62.62 - - [14/Jul/2011:20:09:48 +0200] "GET /new/images/img01.jpg HTTP/1.1" 200 11030 "https://anroshop.de/new/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:49 +0200] "GET /new/images/bg04.jpg HTTP/1.1" 200 794 "https://anroshop.de/new/style.css" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:49 +0200] "GET /new/images/bg03.jpg HTTP/1.1" 200 23362 "https://anroshop.de/new/style.css" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:51 +0200] "GET /new/images/img03.gif HTTP/1.1" 200 1367 "https://anroshop.de/new/style.css" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:52 +0200] "GET /new/ HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:52 +0200] "GET /new/style.css HTTP/1.1" 304 - "https://anroshop.de/new/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:54 +0200] "GET /new/images/bg04.jpg HTTP/1.1" 304 - "https://anroshop.de/new/style.css" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:55 +0200] "GET /new/images/img02.gif HTTP/1.1" 304 - "https://anroshop.de/new/style.css" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:55 +0200] "GET /new/images/bg06.jpg HTTP/1.1" 200 5441 "https://anroshop.de/new/style.css" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:57 +0200] "GET /new/images/img03.gif HTTP/1.1" 304 - "https://anroshop.de/new/style.css" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:58 +0200] "GET / HTTP/1.1" 403 368 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:09:58 +0200] "GET /errors/inc/errordocs.css HTTP/1.1" 304 - "https://anroshop.de/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:10:00 +0200] "GET /errors/inc/error_top.jpg HTTP/1.1" 304 - "https://anroshop.de/errors/inc/errordocs.css" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefo
85.180.62.62 - - [14/Jul/2011:20:10:01 +0200] "GET / HTTP/1.1" 403 368 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:10:01 +0200] "GET /errors/inc/errordocs.js HTTP/1.1" 200 688 "https://anroshop.de/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:10:03 +0200] "GET / HTTP/1.1" 403 368 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:10:04 +0200] "GET /errors/inc/errordocs.css HTTP/1.1" 200 910 "https://anroshop.de/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
85.180.62.62 - - [14/Jul/2011:20:10:04 +0200] "GET /errors/inc/error_top.jpg HTTP/1.1" 304 - "https://anroshop.de/errors/inc/errordocs.css" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefo

php files werden in meinem Fall nicht ausgeführt und dazu noch html sehr langsam: https://www.anroshop.de/new
(This post was last modified: 07-15-2011 04:16 AM by yakovlev.)
07-15-2011 04:12 AM
Find all posts by this user Quote this message in a reply
tomhb Offline
Member
***

Posts: 336
Joined: Apr 2010
Reputation: 4
Post: #4
RE: GNUTLS + Debian ???
(07-15-2011 04:12 AM)yakovlev Wrote:  ServerName anroshop.de:443

Code:
ServerName anroshop.de
Also bitte ohne Portangabe, ist aber nur Kosmetik.

Quote:Andere Ideen?

$ dpkg -l libapache2-mod-gnutls
Welche Version ist installiert?


Gruss Tom

07-18-2011 08:38 AM
Find all posts by this user Quote this message in a reply
yakovlev Offline
Newbie
*

Posts: 8
Joined: Jul 2011
Reputation: 0
Post: #5
RE: GNUTLS + Debian ???
(07-18-2011 08:38 AM)tomhb Wrote:  
(07-15-2011 04:12 AM)yakovlev Wrote:  ServerName anroshop.de:443

Code:
ServerName anroshop.de
Also bitte ohne Portangabe, ist aber nur Kosmetik.

Quote:Andere Ideen?

$ dpkg -l libapache2-mod-gnutls
Welche Version ist installiert?


Gruss Tom

libapache2-mod 0.5.6-1
07-18-2011 06:58 PM
Find all posts by this user Quote this message in a reply
tomhb Offline
Member
***

Posts: 336
Joined: Apr 2010
Reputation: 4
Post: #6
RE: GNUTLS + Debian ???
[/quote]
libapache2-mod 0.5.6-1
[/quote]

Lenny oder Squeeze?


Gruss Tom
07-18-2011 08:45 PM
Find all posts by this user Quote this message in a reply
yakovlev Offline
Newbie
*

Posts: 8
Joined: Jul 2011
Reputation: 0
Post: #7
RE: GNUTLS + Debian ???
libapache2-mod 0.5.6-1
[/quote]

Lenny oder Squeeze?


Gruss Tom
[/quote]

Description: Debian GNU/Linux 6.0.2 (squeeze)
Release: 6.0.2
Codename: squeeze
07-18-2011 08:50 PM
Find all posts by this user Quote this message in a reply
yakovlev Offline
Newbie
*

Posts: 8
Joined: Jul 2011
Reputation: 0
Post: #8
RE: GNUTLS + Debian ???
Also, ich hab's hingekriegt!

Falls jemand, gleiche Fehler hat, dass Apache sehr langsam unter https scheint.
in meinem Fall mit Debian 6 squeeze:
1. Deinstallation von libapache2-mod-gnutls
2. Runterladen von z.B. https://www.in.kernel.org/linux/debian/p...ls_0.5.6-1+squeeze1_i386.deb
Ínstallation aus dem Package
Wow - its work's

Ursache also war, dass Debian standartmäsig mod_gnults ohne support für Squeeze installiert hat.
(This post was last modified: 07-19-2011 10:36 PM by yakovlev.)
07-19-2011 10:28 PM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)