Estou tendo alguns problemas com a configuração do Apache 2.4. Acessar o link sempre retorna este http 400.
Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please.
Estou acessando meu site por meio de https diretamente, para que não haja redirecionamento de http para https envolvido. Abaixo da minha configuração do apache. Estou ciente de que não verifico os certificados quanto à validade. No momento, eles apenas assinaram, mas isso vai mudar no futuro.
##################################################################
### ###
### Global Settings ###
### ###
##################################################################
DocumentRoot /var/ebc/apache2/www/htdocs
<Location /fwcheck.html>
<RequireAll>
Require all granted
</RequireAll>
</Location>
##################################################################
### ###
### Global SSL Settings ###
### ###
##################################################################
SSLProtocol ALL -SSLv2 -SSLv3
SSLProxyProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!aNULL:!EDH
SSLCompression off
SSLSessionTickets off
# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/ebc/apache2/sslstaplingcache(128000)
##################################################################
### ###
### Virtual Hosts ###
### ###
##################################################################
<VirtualHost 10.173.144.43:80>
ErrorLog /var/ebc/apache2/log/error.log
CustomLog /var/ebc/apache2/log/access.log vhost_combined
##################################################################
### ###
### Send everything to https except firewall check ###
### vhost config only for port 443 necessary. ###
### No further config for port 80. ###
### ###
##################################################################
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !fwcheck.html
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
##################################################################
</VirtualHost>
<VirtualHost 10.173.144.43:443>
ServerName subdomain.my-domain.com
ErrorLog /var/ebc/apache2/log/error.log
CustomLog /var/ebc/apache2/log/access.log vhost_combined
##################################################################
### ###
### SSL Settings ###
### ###
##################################################################
RequestHeader set ClientProtocol HTTPS
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /var/ebc/apache2/ssl/subdomain.my-domain.com.crt
SSLCertificateKeyFile /var/ebc/apache2/ssl/subdomain.my-domain.com.key
SSLCACertificateFile /var/ebc/apache2/ssl/subdomain.my-domain.com.crt
ProxyRequests off
ProxyPreserveHost on
# Disable certificate checks
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
# HSTS (15768000 seconds = 6 months)
Header always set Strict-Transport-Security "max-age=15768000"
##################################################################
### ###
### Locations ###
### ###
##################################################################
DocumentRoot /var/ebc/apache2/www/htdocs/prod
<Location />
Options None
<RequireAll>
Require all granted
</RequireAll>
</Location>
<Location /web-status>
<RequireAll>
Require all denied
</RequireAll>
</Location>
<Location /balancer-manager>
<RequireAll>
Require all denied
</RequireAll>
</Location>
##################################################################
</VirtualHost>
Eu realmente não tenho idéia do porque isso não funciona. Alguém pode me dar uma dica?
O problema está resolvido. Minha configuração do apache, conforme postada acima, está correta. O problema era uma configuração falsa de firewall. Como eu mesmo não alterei as configurações do firewall, não posso postar a solução real, mas como disse, a configuração do apache acima funciona.
Sua conexão não chega na interface 10.173.144.43:443, por isso não é tratada pelo seu VirtualHost. Ele atinge a configuração principal do servidor que não tem SSL ativado.
Se você não se importa com a interface local, use um * no VirtualHost.
Talvez sua alteração de firewall tenha sido feita para que algum pedido de entrada agora use a interface / IP nomeada, mas ela será interrompida assim que você testar a partir da linha de comando com localhost.
Você está tentando acessar seu servidor via telnet ? Em caso afirmativo, isso não funcionará corretamente para páginas seguras (por exemplo, https).
Você precisa usar ferramentas projetadas para isso; por exemplo. o conjunto de ferramentas OpenSSL.
Experimente o seguinte conjunto de comandos:
openssl s_client -connect <server>:<port> GET / HTTP/1.1 Tags ssl openssl apache-httpd