Configuração SSL do Apache Conexão recusada connect: errno = 111

0

Estou tentando configurar o SSL em um antigo servidor opensuse:

openSUSE 11.4 (x86_64)
VERSION = 11.4
CODENAME = Celadon

Eu ativei o módulo SSL do apache:

apache2ctl -M
Loaded Modules:
 core_module (static)
 mpm_prefork_module (static)
 http_module (static)
 so_module (static)
 actions_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authn_file_module (shared)
 authz_host_module (shared)
 authz_groupfile_module (shared)
 authz_default_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 cgi_module (shared)
 dir_module (shared)
 env_module (shared)
 expires_module (shared)
 include_module (shared)
 log_config_module (shared)
 mime_module (shared)
 negotiation_module (shared)
 setenvif_module (shared)
 ssl_module (shared)
 userdir_module (shared)
 php5_module (shared)
 reqtimeout_module (shared)
 deflate_module (shared)
 headers_module (shared)
 rewrite_module (shared)
Syntax OK

E configurei o host virtual fornecendo os certificados SSL (copiando e editando o vhost-ssl.template e renomeando-o https.xxxxxxxx.conf) e reiniciei o apache.

Quando tento conectar, recebo este erro:

openssl s_client -connect localhost:443
connect: Connection refused
connect:errno=111

Esta é a versão do openssl instalada:

OpenSSL 1.0.1p 9 Jul 2015 (Library: OpenSSL 1.0.0c 2 Dec 2010)

Se puder ajudar esta é a minha configuração do iptables:

iptables -L -vn
Chain INPUT (policy ACCEPT 4641 packets, 815K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1691 packets, 4745K bytes)
 pkts bytes target     prot opt in     out     source               destination   

Você pode me ajudar a entender por que não consigo me conectar no localhost à porta 443?

EDITAR:

Acredito que seja um problema com o apache e com o arquivo adicional https.xxxxxxx.conf:

httpd2 -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:80                   is a NameVirtualHost
         default server xxxxxxxx.it (/etc/apache2/vhosts.d/xxxxxxxx.conf:3)
         port 80 namevhost xxxxxxxx.it (/etc/apache2/vhosts.d/xxxxxxxx.it.conf:3)
         port 80 namevhost XXX.XXX.XXX.XXX (/etc/apache2/vhosts.d/xxxxxxxx.it.conf:9)

No meu listen.conf, parece que se o módulo SSL estiver habilitado, deve-se ouvir 443:

Listen 80


<IfDefine SSL>
    <IfDefine !NOSSL>
        <IfModule mod_ssl.c>

            Listen 443

        </IfModule>
    </IfDefine>
</IfDefine>

Esta é a saída do netstat:

netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      8105/mysqld         
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1847/sshd           
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2179/master         
tcp        0      0 :::80                   :::*                    LISTEN      13330/httpd2-prefor 
tcp        0      0 :::21                   :::*                    LISTEN      1930/vsftpd         
tcp        0      0 :::22                   :::*                    LISTEN      1847/sshd           
tcp        0      0 ::1:25                  :::*                    LISTEN      2179/master   

Eu modifiquei o arquivo / etc / sysconfig / apache2 para ativar o módulo SSL

APACHE_SERVER_FLAGS="SSL"

Agora parece responder corretamente bot localmente e remotamente:

openssl s_client -connect localhost:443
CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1

Ainda tenho problemas desde que recebo do navegador:

This site can’t be reached
xxxxxxxx.it unexpectedly closed the connection.
Try:

Checking the connection
Checking the proxy and the firewall
Running Network Diagnostics
ERR_CONNECTION_CLOSED

No entanto, acredito que o problema não esteja relacionado

    
por Niko Zarzani 30.05.2018 / 12:33

0 respostas