1

I recently upgraded from Apache 2.2 to 2.4 (I know, I'm slow to upgrade, don't hate me). I have the following virtual host:

<VirtualHost _default_:30000> DocumentRoot /opt/phpmyadmin ErrorLog ${APACHE_LOG_DIR}/error.log <Directory /opt/phpmyadmin> Options -Indexes +IncludesNOEXEC +FollowSymLinks Require all granted </Directory> SSLEngine on SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem LogLevel warn </VirtualHost>

This was working previously using the Allow from all syntax, and HTTPS is working perfectly for other virtual hosts on port 443. However, when I go to https://localhost:30000, it serves HTTP content instead of HTTPS. This is also the only virtual host that uses port 30000, so I'm assuming it can't be due to conflicts with other virtual hosts taking precedence.

HTTPS request:

$ curl -v https://localhost:30000 * Rebuilt URL to: https://localhost:30000/ * Hostname was NOT found in DNS cache * Trying ::1... * Connected to localhost (::1) port 30000 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol * Closing connection 0 curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

This then produces the following in the Apache access log:

127.0.0.1:80 XXX.XXX.XXX.149 - - [04/Oct/2021:13:14:37 -0400] "\x16\x03\x01\x02" 400 0 "-" "-"

HTTP request

$ curl -v http://localhost:30000 * Rebuilt URL to: http://localhost:30000/ * Hostname was NOT found in DNS cache * Trying ::1... * Connected to localhost (::1) port 30000 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.38.0 > Host: localhost:30000 > Accept: */* > < HTTP/1.1 200 OK < Date: Mon, 04 Oct 2021 16:47:46 GMT * Server Apache is not blacklisted < Server: Apache < Vary: Accept-Encoding < Content-Length: 481 < Content-Type: text/html;charset=UTF-8 < <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html> <head> <title>Index of /</title> </head> <body> <h1>Index of /</h1> <table> <tr><th valign="top"><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a></th></tr> <tr><th colspan="5"><hr></th></tr> <tr><th colspan="5"><hr></th></tr> </table> </body></html>

Edit:

I just noticed one thing. I have -Indexes set, but the HTTP content returned is a directory index. So I'm thinking that maybe somehow another virtual host is being used. I still don't know how that's possible since this is the only one using port 30000.

Improve this question
5
  • Please check the error log of the server for any clues. Also, try to disable this complete VirtualHost and see what happens - the connection should completely fail unless there is some other thing at this port running. Commented Oct 4, 2021 at 17:47
  • @SteffenUllrich Nothing relevant is in the error log. Commented Oct 4, 2021 at 17:50
  • Also, SSLCertificateChainFile is obsolete with 2.4 Commented Oct 4, 2021 at 17:50
  • "Nothing relevant is in the error log." - Maybe you consider log information irrelevant even if they are not? Please isolate the specific configuration so that port 30000 is the only thing in the config. Then everything which shows up in the log files should be relevant. Also, is this the only error log file for the whole Apache? Maybe you need to look into other logs too. Commented Oct 4, 2021 at 17:54
  • @SteffenUllrich The only thing in the error log was server restart messages. And no, it's not the only error log file. Almost all virtual hosts have their own dedicated log file. Anyway, I figured out my problem. Answer posted. Commented Oct 4, 2021 at 18:03

2 Answers 2

Reset to default
2

Ok, I figured out my problem. I was previously using /etc/apache2/sites-enabled/domain, but I needed to change it to /etc/apache2/sites-enabled/domain.conf.

Improve this answer
3
  • That explanation is strange for me, at least considering what you wrote in the question. If the configuration for this VirtualHost is not loaded at all then there should be nothing answering on port 30000 at all - given that you claimed that this is the only VirtualHost using this port. Commented Oct 4, 2021 at 18:02
  • I have Listen 30000 in ports.conf, so I'm guessing that there must be a default VirtualHost that listens on all ports without actually specifying them individually. Doing a grep -HR 30000 /etc/apache2/ only returns the ports.conf file and the single virtual host I have set up on that port. Commented Oct 4, 2021 at 18:06
  • Right, I forgot that with Apache one need to predeclare the ports used. Commented Oct 4, 2021 at 18:08
0

In my case the virtualhost for the default <VirtualHost _default_:443> was missing a certificate, so I enabled the certificate with certbot, then the error \x16\x03\x01\x02 was resolved.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.