Can't connect to server on 443 ... no log information being generated

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Can't connect to server on 443 ... no log information being generated

Geoff Russell
Hi ...

My apache2 server was working perfectly and then it stopped.  I can connect on port 80
but not on port 443.  

Server version: Apache/2.4.18 (Ubuntu)
Server built:   2019-04-03T13:34:47

--------------------------Good
$  telnet ajp.geoffrussell.com.au 80
Trying 203.122.232.225...
Connected to geoffrussell.com.au.

---------------------------------Good
$ telnet localhost 443  
Trying 127.0.0.1...
Connected to teddy.geoffrussell.com.au.

---------------------------Bad
$  telnet ajp.geoffrussell.com.au 443
Trying 203.122.232.225...

Nothing happens. I've turned on "debug" LogLevel in the ajp-policy-ssl.conf virtual host
file. No log messages of any kind. 

How do I get logging of the actual connection process?  I've turned on debug LogLevel in
every conf file I can find and I'm still getting nothing.

I have ufw set to allow https. But it doesn't matter if I turn it off. No difference.

My virtual host file:

<IfModule mod_ssl.c>
        <VirtualHost *:443>
                ServerName ajp.geoffrussell.com.au
                ServerAdmin webmaster@localhost
                ...



Cheers,
Geoff Russell


Reply | Threaded
Open this post in threaded view
|

Re: Can't connect to server on 443 ... no log information being generated

Douglas W. Goodall-2
You can’t usde telnet to check port 443 because it doesn’t do SSL handshaking.
Use your browser instead

--
Douglas Wade Goodall
Multiware Engineer
Copyright (C) 2019 Douglas Goodall. All Rights Reserved.
(ask me about Multiware Engineering)
(805) 598-9099  | [hidden email]
Skype: douglas.w.goodall
425 San Juanico, Santa Maria, CA 93455 USA

GitHub.Com:
https://github.com/ichibrosan

LinkedIn.Com:
https://linkedin.com/in/douglasgoodall

> On Jun 3, 2019, at 7:02 PM, Geoff Russell <[hidden email]> wrote:
>
> Hi ...
>
> My apache2 server was working perfectly and then it stopped.  I can connect on port 80
> but not on port 443.  
>
> Server version: Apache/2.4.18 (Ubuntu)
> Server built:   2019-04-03T13:34:47
>
> --------------------------Good
> $  telnet ajp.geoffrussell.com.au 80
> Trying 203.122.232.225...
> Connected to geoffrussell.com.au.
>
> ---------------------------------Good
> $ telnet localhost 443  
> Trying 127.0.0.1...
> Connected to teddy.geoffrussell.com.au.
>
> ---------------------------Bad
> $  telnet ajp.geoffrussell.com.au 443
> Trying 203.122.232.225...
>
> Nothing happens. I've turned on "debug" LogLevel in the ajp-policy-ssl.conf virtual host
> file. No log messages of any kind.
>
> How do I get logging of the actual connection process?  I've turned on debug LogLevel in
> every conf file I can find and I'm still getting nothing.
>
> I have ufw set to allow https. But it doesn't matter if I turn it off. No difference.
>
> My virtual host file:
>
> <IfModule mod_ssl.c>
>         <VirtualHost *:443>
>                 ServerName ajp.geoffrussell.com.au
>                 ServerAdmin webmaster@localhost
>                 ...
>
>
>
> Cheers,
> Geoff Russell
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Can't connect to server on 443 ... no log information being generated

Douglas W. Goodall-2
Did your server get an update of the apache server?

Your http.conf might have gotten overwritten.


--
Douglas Wade Goodall
Multiware Engineer
Copyright (C) 2019 Douglas Goodall. All Rights Reserved.
(ask me about Multiware Engineering)
(805) 598-9099  | [hidden email]
Skype: douglas.w.goodall
425 San Juanico, Santa Maria, CA 93455 USA

GitHub.Com:
https://github.com/ichibrosan

LinkedIn.Com:
https://linkedin.com/in/douglasgoodall

> On Jun 3, 2019, at 7:16 PM, Douglas W. Goodall <[hidden email]> wrote:
>
> You can’t usde telnet to check port 443 because it doesn’t do SSL handshaking.
> Use your browser instead
>
> --
> Douglas Wade Goodall
> Multiware Engineer
> Copyright (C) 2019 Douglas Goodall. All Rights Reserved.
> (ask me about Multiware Engineering)
> (805) 598-9099  | [hidden email]
> Skype: douglas.w.goodall
> 425 San Juanico, Santa Maria, CA 93455 USA
>
> GitHub.Com:
> https://github.com/ichibrosan
>
> LinkedIn.Com:
> https://linkedin.com/in/douglasgoodall
>
>> On Jun 3, 2019, at 7:02 PM, Geoff Russell <[hidden email]> wrote:
>>
>> Hi ...
>>
>> My apache2 server was working perfectly and then it stopped.  I can connect on port 80
>> but not on port 443.  
>>
>> Server version: Apache/2.4.18 (Ubuntu)
>> Server built:   2019-04-03T13:34:47
>>
>> --------------------------Good
>> $  telnet ajp.geoffrussell.com.au 80
>> Trying 203.122.232.225...
>> Connected to geoffrussell.com.au.
>>
>> ---------------------------------Good
>> $ telnet localhost 443  
>> Trying 127.0.0.1...
>> Connected to teddy.geoffrussell.com.au.
>>
>> ---------------------------Bad
>> $  telnet ajp.geoffrussell.com.au 443
>> Trying 203.122.232.225...
>>
>> Nothing happens. I've turned on "debug" LogLevel in the ajp-policy-ssl.conf virtual host
>> file. No log messages of any kind.
>>
>> How do I get logging of the actual connection process?  I've turned on debug LogLevel in
>> every conf file I can find and I'm still getting nothing.
>>
>> I have ufw set to allow https. But it doesn't matter if I turn it off. No difference.
>>
>> My virtual host file:
>>
>> <IfModule mod_ssl.c>
>>        <VirtualHost *:443>
>>                ServerName ajp.geoffrussell.com.au
>>                ServerAdmin webmaster@localhost
>>                ...
>>
>>
>>
>> Cheers,
>> Geoff Russell
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Can't connect to server on 443 ... no log information being generated

Geoff Russell
Hi Douglas,

Thanks for your help.   I've spent about 6 hours on this problem and it has just vanished ...  

I tried elinks as a substitute for telnet ... telnet does succeed in the socket handshake, to is useful for quick test of that part of the connection.

Everything pointed to my router because of the success in local connections ... so I removed some redundant settings on the router and bingo 
the problem vanished. Not for any reason that makes any sense. But at least I'm operational again!

Cheers,
Geoff

On Tue, Jun 4, 2019 at 1:05 PM Douglas W. Goodall <[hidden email]> wrote:
Did your server get an update of the apache server?

Your http.conf might have gotten overwritten.


--
Douglas Wade Goodall
Multiware Engineer
Copyright (C) 2019 Douglas Goodall. All Rights Reserved.
(ask me about Multiware Engineering)
(805) 598-9099  | [hidden email]
Skype: douglas.w.goodall
425 San Juanico, Santa Maria, CA 93455 USA             

GitHub.Com:
https://github.com/ichibrosan

LinkedIn.Com:
https://linkedin.com/in/douglasgoodall

> On Jun 3, 2019, at 7:16 PM, Douglas W. Goodall <[hidden email].INVALID> wrote:
>
> You can’t usde telnet to check port 443 because it doesn’t do SSL handshaking.
> Use your browser instead
>
> --
> Douglas Wade Goodall
> Multiware Engineer
> Copyright (C) 2019 Douglas Goodall. All Rights Reserved.
> (ask me about Multiware Engineering)
> (805) 598-9099  | [hidden email]
> Skype: douglas.w.goodall
> 425 San Juanico, Santa Maria, CA 93455 USA           
>
> GitHub.Com:
> https://github.com/ichibrosan
>
> LinkedIn.Com:
> https://linkedin.com/in/douglasgoodall
>
>> On Jun 3, 2019, at 7:02 PM, Geoff Russell <[hidden email]> wrote:
>>
>> Hi ...
>>
>> My apache2 server was working perfectly and then it stopped.  I can connect on port 80
>> but not on port 443. 
>>
>> Server version: Apache/2.4.18 (Ubuntu)
>> Server built:   2019-04-03T13:34:47
>>
>> --------------------------Good
>> $  telnet ajp.geoffrussell.com.au 80
>> Trying 203.122.232.225...
>> Connected to geoffrussell.com.au.
>>
>> ---------------------------------Good
>> $ telnet localhost 443 
>> Trying 127.0.0.1...
>> Connected to teddy.geoffrussell.com.au.
>>
>> ---------------------------Bad
>> $  telnet ajp.geoffrussell.com.au 443
>> Trying 203.122.232.225...
>>
>> Nothing happens. I've turned on "debug" LogLevel in the ajp-policy-ssl.conf virtual host
>> file. No log messages of any kind.
>>
>> How do I get logging of the actual connection process?  I've turned on debug LogLevel in
>> every conf file I can find and I'm still getting nothing.
>>
>> I have ufw set to allow https. But it doesn't matter if I turn it off. No difference.
>>
>> My virtual host file:
>>
>> <IfModule mod_ssl.c>
>>        <VirtualHost *:443>
>>                ServerName ajp.geoffrussell.com.au
>>                ServerAdmin webmaster@localhost
>>                ...
>>
>>
>>
>> Cheers,
>> Geoff Russell
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]



--
6 Fifth Ave,
St Morris, S.A. 5068
Australia
Ph: 041 8805 184 / 08 8332 5069

http:perfidy.com.au
Reply | Threaded
Open this post in threaded view
|

Re: Can't connect to server on 443 ... no log information being generated

William A Rowe Jr
On Mon, Jun 3, 2019 at 11:08 PM Geoff Russell <[hidden email]> wrote:
Hi Douglas,

Thanks for your help.   I've spent about 6 hours on this problem and it has just vanished ...  

I tried elinks as a substitute for telnet ... telnet does succeed in the socket handshake, to is useful for quick test of that part of the connection.

Just for future reference, openssl s_client is the usual way to test the connection stack to the server, which gives you the options to force specific versions of tls, specific ciphers, etc.
Reply | Threaded
Open this post in threaded view
|

Re: Can't connect to server on 443 ... no log information being generated

Geoff Russell

On Wed, Jun 5, 2019 at 9:36 AM William A Rowe Jr <[hidden email]> wrote:
On Mon, Jun 3, 2019 at 11:08 PM Geoff Russell <[hidden email]> wrote:
Hi Douglas,

Thanks for your help.   I've spent about 6 hours on this problem and it has just vanished ...  

I tried elinks as a substitute for telnet ... telnet does succeed in the socket handshake, to is useful for quick test of that part of the connection.

Just for future reference, openssl s_client is the usual way to test the connection stack to the server, which gives you the options to force specific versions of tls, specific ciphers, etc.

Thanks for the tip. After about 6 hours of investigation ... the problem has vanished as mysteriously as it arrived. I cleaned up some irrelevant router port forwarding entries and everything started working.  

Cheers,
Geoff