I’d like to provide service on port 443 so I can port forward a different server as the NextCloud server, and still port forward port 80 to my production server.
Does 443 REQUIRE SSL or can it be used without that.
I have Mint 18.2 with LAMP-SERVER (Apache2.4.18) and don’t understand how the Vhost file needs to be configured beyone <*:443> to make the SSL work…
Can’t seem to find a manual with configuration for SSL and Vhost files.
Dave
Technically, you don’t have to use SSL on this port. However, everybody does and probably most software expects it (if it doesn’t, there could be errors). If possible, I’d rather use a different port.
To make SSL work, there are a few additional entries in the vhost, especially SSLEngine on.
https://wiki.apache.org/httpd/NameBasedSSLVHosts
Desire to have compatibility with desktop/laptop & cell phones… going to another port complicates matters.
Either way you have to specify the port:
http://example.org:443/nextcloud
http://example.org:8080/nextcloud
you can only omit the port if it is standard.
neither of those links work at my location… are they local to you ?
Dave
Heh, they’re examples, not real, hence the domain!
What @tflidd meant was the domain the browser uses for unencrypted connections is port 80 (i.e. http) and the encrypted port is 443 (i.e. https). If you choose to use a different port it must be specified as per @tflidd’s example.
To specify a different port in your browser, add the port number after a colon at the end of the URL.
Also, the port used by Nextcloud is determined by the web server, it’s not a Nextcloud setting. With Apache you specify the port in in your Virtual Hosts config. My vhosts has lines like:
<VirtualHost *:80>
ServerName darksteve.tk
Redirect permanent / https://darksteve.tk/
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /sitelocation
ServerName darksteve.tk
Header always set Strict-Transport-Security "max-age=15768000"
SSLEngine on
SSLCertificateFile "/certlocation/cert.pem"
SSLCertificateKeyFile "/keylocation/key.pem"
</VirtualHost>
Notice the port at the top of each section?
You can choose pretty much whatever port you want, though you’re better off choosing one above 1024. Most ports below that are reserved for specific purposes, and it’ll cause you unexpected problems (that’s why @tflidd used “8080” in his example).
I hope that helps!
Mint-18.2 Hosting with SSL using (name) Vhosting on single IP
Dave_Henzler
12m
2
I’ve been searching for details on SSL setup for Nextcloud that may include the use of “name” Vhost configurations.
I have a successful instance of NextCloud running on a “name” Vhost, however have not been very successful with the SSL portion. I was able to get a configuration to work for me inside my LAN, but those outside complained that they had no response when using https://{NextCloud site.com}
VirtualHost *:443
** ServerName mysite.com.com*
** DocumentRoot /var/www/html/nextcloud**
** CustomLog ${APACHE_LOG_DIR}/access.log combined**
** ErrorLog ${APACHE_LOG_DIR}/error-0.log**
** <Directory /var/www/html/nextcloud>**
** AllowOverride All**
** Order Allow,Deny**
** Allow from all**
** Require all granted**
Example SSL configuration
** SSLEngine on**
** SSLProtocol all -SSLv2**
** SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5**
** SSLCertificateFile “/var/ssl/certs/mycertificate.crt”**
** SSLCertificateKeyFile “/var/ssl/private/nopassword.key”**
/VirtualHost
This Vhost file MUST be the FIRST one listed in /etc/apache2/sites-enabled folder.
Using WireShark I was able to confirm that the packets were indeed encapsulated within SSLv2 packets.
I think the reason my own computer saw these files was the keys were in it. However two family cell phones also worked inside the LAN. However outside the LAN in the Public Internet the phones and other users could not connect.
I sent the key to two of my friends… however could not get them working. Perhaps they did not install the key in the right location…
I captured certificate info and the “self signed” cert data was correct.
some HELP would be appreciated.