HTTPS redirection not working in CentOS 7, Apache 2.4.6, PHP 5.6

anon16537250 · January 10, 2017, 8:47pm

Nextcloud version: 11.0.0
Operating system and version:CentOS 7
Apache or nginx version: Apache 2.4.6
PHP version :5.6

Is this the first time you’ve seen this error and can you replicate it?:
I have had this issue since it was an ownCloud.

The issue you are facing:
I cannot seem to get redirection to https to work. my server is set to a static ip address(replaced by x’s below)/cloud_directory.

I added the following to my httpd.conf file:

<VirtualHost *:80>
    ServerName xxx.xxx.xxx.xx/cloud
    Redirect permanent / https://xxx.xxx.xxx.xx/cloud
</VirtualHost>

When this is saved and httpd restarted the browser redirects to https, but the page report:

Firefox can’t establish a connection to the server at xxx.xxx.xxx.xx.

The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

Here is everything that is not commented out of my httpd.conf file:

ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory />
    AllowOverride none
    Require all denied
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
    AllowOverride None
    Require all granted
</Directory>
<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>
<Files ".ht*">
    Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
CustomLog "logs/access_log" combined
</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

</IfModule>
<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule mime_module>
    TypesConfig /etc/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8

<IfModule mime_magic_module>
    MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on

<VirtualHost *:80>
    ServerName xxx.xxx.xxx.xx/
    Redirect permanent / https://xxx.xxx.xxx.xx/
</VirtualHost>

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php $CONFIG = array ( 'updatechecker' => false, 'instanceid' => 'ockvy2pj08j8', 'passwordsalt' => '8BU2YOw0gGhQXKo4qjcN5MArVDfVim', 'secret' => 'dvq2Z3tSyTBDlGhI3oqn0pa5guJjcqaS5N63l4uC/IA9XwYS', 'trusted_domains' => array ( 0 => 'localhost', 1 => 'xxx.xxx.xxx.xx', ), 'datadirectory' => '/mnt/d44dc1c5-f542-47da-b03d-a310e67ffadb/cloud/data/', 'overwrite.cli.url' => 'http://localhost/cloud', 'dbtype' => 'mysql', 'version' => '11.0.0.10', 'dbname' => 'vestibularcloud', 'dbhost' => 'localhost', 'dbtableprefix' => 'oc_', 'dbuser' => 'oc_admin', 'dbpassword' => 'o16nf6d33nrzGsTZum3URqFVRMCnYF', 'logtimezone' => 'UTC', 'installed' => true, 'loglevel' => 0, 'maintenance' => false, 'theme' => '', 'memcache.local' => '\OC\Memcache\APCu', ); The output of your Apache/nginx/system log in `/var/log/____`: [Tue Jan 10 15:23:13.194372 2017] [:error] [pid 18426] Misconfiguration of certificate's CN and virtual name. The certificate CN has localhost4.localdomain4. We expected dhcp206220057.medicine.mcgill.ca as virtual name. ---

tflidd · January 11, 2017, 2:26pm

The server name does not contain any elements of an URL:
ServerName xxx.xxx.xxx.xx

anon16537250 · January 11, 2017, 2:53pm

Right. It is an ip address and the nextxloud directory. I do not have a domain name for the server. Is it not possible to do with just the ip address?
Thanks

tflidd · January 11, 2017, 9:22pm

You can use default vhosts for port 80 that just redirect everything on port 80 (https://httpd.apache.org/docs/2.4/vhosts/examples.html#default)

<VirtualHost _default_:80>
  Redirect permanent / https://xxx.xxx.xxx.xx/cloud
</VirtualHost>

anon16537250 · January 12, 2017, 11:53am

thanks,
i tried that and the browser redirects to https but i still get this message in firefox:

Firefox can’t establish a connection to the server at 132.206.220.57.

The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

i am on a university network (running the cloud so that lab members and collaborators can save and share files). off network connections require to be logged on to the vpn. could this be a network security issue? i get the firefox message both on and off campus. i get no problems (on or off campus through vpn) with the http connection,

thanks again for your help

tflidd · January 13, 2017, 8:16am

Yes, it’s very likely that the network block external connections via port 80. Computers on university networks have good internet connections and would be good targets to be used distributing malware. You can check with an external port scan, it should show you if the port is opened, closed, or filtered (firewall).

Vincent_Stans · January 13, 2017, 4:49pm

You are redirecting but do you have a vhost config for the ssl port in your httpd.conf

example

<VirtualHost _default_:443>
		DocumentRoot /var/www/html
		ServerName xxx.xxx.xxx.xxx

SSLEngine on

# Intermediate configuration, tweak to your needs
SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder     on
SSLCompression          off

SSLOptions +StrictRequire
</VirtualHost>

You would also need valid certificates. but I don’t know if that’s possible with ip adresses.