I have various version of apache server and IIS server , the ECDHE cipher is enabled , now I would like to disable it for some reason , would advise how to it ?
Thanks
For apache your should modify the following file:
/etc/apache2/sites-available/default-ssl.conf
For example we are not selecting two ECDHE suites (note ! before those) in TLS1.1:
SSLProtocol TLSv1.1
SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!ECDHE-RSA-AES256-SHA:!ECDHE-RSA-DES-CBC3-SHA:!ECDHE-RSA-AES128-SHA:!aNULL:!MD5
SSLHonorCipherOrder on
Then:
sudo /etc/init.d/apache2 reload
Related
I configured ssl on springboot correctly:
server.port=8443
server.ssl.key-store=classpath:springboot.p12
server.ssl.key-store-password=*****
server.ssl.key-store-type=PKCS12
It always says the same whatever port I try:The Tomcat connector configured to listen on port 8443 failed to start. The port may already be in use or the connector may be mis-configured. Action:Verify the connector's configuration, identify and stop any process that's listening on port 8443, or configure this application to listen on another port. Springboot will not start the application, it's so terrible as a framework with no way to debug it.
Any experienced developer could know such a bug that stuck me forever?!
Its apache2 use it:
SSLEngine On
SSLCertificateFile /abc.crt
SSLCertificateKeyFile /abc.key
SSLCertificateChainFile /abc.ca-bundle
It has to use this way exactly to make it work:
https://mkyong.com/spring-boot/spring-boot-ssl-https-examples/
I'm lost with all informations about ssl, https....
Here the story : I build a laravel website at my work hosted on our windows server with laragon. Every computer go to this site with ip of the serveur, i.e. http://192.17.10.168/aurora/public/login
It works only with local computer and we want to keep that privacy (no need outside access).
But now I want to use tools that use https : http/2, progressive app...
How can I use https with that config ?
I succefully add openssl certificat to my aurora.test on serveur but http2 doesn't work, my config :
<VirtualHost *:443>
Protocols h2 http/1.1
DocumentRoot "${DOCROOT}/aurora2/public"
ServerName aurora.test:443
SSLEngine on
SSLCertificateKeyFile C:/laragon/ssl/app.dev.key
SSLCertificateFile C:/laragon/ssl/app.dev.crt
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
I enable module on apache config.
How others local computers can access to my https site with aurora .test ?
Thank for your help !
I have an apache/2.4.18 ubuntu server and I want to host my spring application on it. I generated a JAR file and can run it on the server. It starts an embedded tomcat server on port 8090.
However when i navigate to 'my-site-ip:8090' the connection times out.
I have zero experience deploying web applications so any help would be appreciated.
I've created a TCP rule for port 8090 and still no joy.
The solution was adding a proxy to the Myapp.conf file as below:
ProxyRequests off
ProxyPreserveHost On
ProxyPass / http://localhost:8090/
ProxyPassReverse / http://localhost:8090/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
It´s very hard to explain all the steps in one answer but you can follow these steps to get into the full configuration by your own. I did the same on my 1&1 cloud server.
First of all you need root access to your server.
Normally, on your server the port 80 and 443 should already be open. Else you can define that in the 1&1 Admin Portal. If your Server already has the apache configuration you should be able to see the apache site if you go to your server address. You can find details and the full setup if you dont have an apache installed for this step here:
How To Install the Apache Web Server on Ubuntu
The second step would be to configure a virtual host on your apache webserver.
This is cool because you can define multiple domains and there applications on your server. So http://yourServer.com(port 80 or 443 from extern) goes to yourApp1. (port 8090 from intern).
In this step you will tell apache if your enter your url to go to your app with port 8090
How To Set Up Apache Virtual Hosts on Ubuntu
The last step would be to install your spring-boot app as a service on your machine. The docs of Spring describes it very well.
Installation as an init.d Service
If you install the app as a service you are able to start and stop the app with the service command.
service myapp start
And dont forget to add the plugin for maven or gradle to your pom.xml. This is necessary to run the app as a service.
If you follow these Steps you should be able to reach you app without specify a port and be ready to go with your app in production if necessary.
The best approach for this would be to use the apache proxy. This should get it done.
https://blog.marcnuri.com/running-apache-tomcat-and-apache-httpd-on-port-80-simultaneously/
Xcode Server that comes with Xcode 9 now automatically generates SSL certificates for communication between server and clients. It also uses this certificate when communicating with the Xcode Server REST API. Is there a way to specify or replace the autogenerated keys and use a certificate from a trusted third party (like LetsEncrypt)?
The apache configuration file located at
/Library/Developer/XcodeServer/Configuration/httpd_os_xcs.conf
contains this information:
Listen 443
<VirtualHost *:443>
# Xcode Server uses its own self-signed certificates
# only if no other SSL configurations for Apache have been found
<IfModule !ssl_module>
LoadModule ssl_module libexec/apache2/mod_ssl.so
SSLEngine on
SSLCertificateFile /Library/Developer/XcodeServer/Certificates/apache.crt
SSLCertificateKeyFile /Library/Developer/XcodeServer/Certificates/apache.key
</IfModule>
[...]
<IfModule mod_proxy.c>
SSLProxyEngine On
SSLProxyCheckPeerCN Off
ProxyPass /xcode/internal/api https://127.0.0.1:20343/api retry=0 timeout=30
ProxyPassReverse /xcode/internal/api https://127.0.0.1:20343/api
ProxyPass /xcode/internal/socket.io https://127.0.0.1:20343/socket.io retry=0 timeout=30
ProxyPassReverse /xcode/internal/socket.io https://127.0.0.1:20343/socket.io
</IfModule>
[...]
</VirtualHost>
I believe the certificate is also part of the apache.keychain file found at
/Library/Developer/XcodeServer/Keychains/apache.keychain
but I haven't been able to verify that.
Every time the Xcode Server service is started in Xcode, the apache.{crt/key} files as well as the httpd_os_xcs.conf files are overwritten, so simple replacing/modifying these files does not appear to be an option.
The only way forward I can see is to implement some other SSL configuration as suggested in the http_os_xcs.conf file, but I can't seem to get that to work either.
Any suggestions or solutions are greatly appreciated.
This is what worked for me on macOS Mojave (10.14).
Installing the certificate via the Server app
Install the "Server" app from the App Store (version 5.8)
Generate a server certificate request from the Server app for your domain
Send the request file to certificate provider to obtain a certificate
From the Server app import the certificate and set it in the dropdown "Secure services using"
These steps could be done in some other way, but initially I wanted to use a "blessed" macOS way, and then the problems started :)
I wanted to use this certificate directly by the system Apache (which is what serves the https://example.com/xcode page), but the documentation is lacking, the only thing I've found is this migration guide
where they speak about mod_secure_transport, which should be used instead of mod_ssl.
This guide assumes that it is already configured, but mod_secure_transport is not present in the default Mojave Apache configs (those reside in /etc/apache2).
So let's do it manually the old-school way:
Preparing the Apache certificate files manually
Copy your certificate file to /etc/apache2/server.crt
Find your certificate in Keychain app, and export your certificate private key in p12 format from there.
Convert your private key to the format expected by Apache:
openssl pkcs12 -in exported_private_key.p12 -nodes -out server.key -nocerts
Copy server.key to /etc/apache2/server.key
Configuring Apache manually
In /etc/apache2/httpd.conf :
Uncomment these lines:
LoadModule ssl_module libexec/apache2/mod_ssl.so
...
LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so
Find "IfModule ssl_module" section and add:
SSLCertificateFile "/private/etc/apache2/server.crt"
SSLCertificateKeyFile "/private/etc/apache2/server.key"
Test the config:
sudo apachectl configtest
Restart:
sudo apachectl restart
If all is good, it is ready, and you can observe the result at https://example.com/xcode
I have just upgraded from Sonar 3.2.1 to Sonar 3.6. I was able to configure Sonar 3.2.1 to use https by placing a jetty.xml file in SONAR_HOME. The same approach does not seem to work for Sonar 3.6 and from looking at the source for org.sonar.application.JettyEmbedder I think the https port is hard-coded to 8443. FYI, The embedded jetty version is 7.6.11.
The relevant Sonar FAQ reads thus :
Can SonarQube run in HTTPS mode
No. But you can run SonarQube in a standard HTTPS infrastructure using reverse proxy (in this case the reverse proxy must be configured to set the value 'X_FORWARDED_PROTO: https' in each HTTP request header. Without this property, redirection initiated by the SonarQube server will fall back on HTTP).
If this is true then Sonar has taken a step backwards security-wise. Is there an alternative way to configure Sonar/Jetty to run on https ?
You can install Apache on the same machine and set reverse proxy.
Your http://your-sonar-host.com address needs to run on port 80. Apache will forward it to 9000 (sonar runs on port 9000)
After installing Apache, open the configuration and type the following:
<Location />
ProxyPass http://your-sonar-host.com:9000/
ProxyPassReverse http://your-sonar-host.com:9000/
RequestHeader set X_FORWARDED_PROTO 'https'
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
</Location>
There is nothing else you need to do.