SSL configured but still can not enable https

[Yi Chen]

Hi  everyone:

I was enabling https to my dataverse, I have received private key, cert file, chain file from my  authority, and I have configured it in ssl.confss like this:

````````````````````````````````````````````````````````````

  DocumentRoot "/var/www/html"                                                                                                    ServerName dataverse.shanghai.nyu.edu:443
  SSLCertificateFile /etc/pki/tls/certs/dataverse_shanghai_nyu_edu.crt
  SSLCertificateKeyFile /etc/pki/tls/certs/dataverse.shanghai.nyu.edu_Private.key
  SSLCertificateChainFile /etc/pki/tls/certs/dataverse_shanghai_nyu_edu.cer
  Listen 443 https

```````````````````````````````````````````````````````````````

Aslo I included ssl.conf in httpd.conf, and then I reatart apache, and then check its status: 

`````````````````````````````````````````````````````````````````````````````````````````````````

 httpd.service - The Apache HTTP Server
 Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
 Active: active (running) since Tue 2022-03-22 23:36:59 EDT; 5s ago
 Docs: man:httpd.service(8)
 Process: 1438596 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
 Main PID: 1475763 (httpd)
 Status: "Started, listening on: port 443, port 80"
 Tasks: 102 (limit: 49500)
 Memory: 25.9M
 CGroup: /system.slice/httpd.service
           ├─1475763 /usr/sbin/httpd -DFOREGROUND
           ├─1475765 /usr/sbin/httpd -DFOREGROUND
           ├─1475766 /usr/sbin/httpd -DFOREGROUND
           ├─1475767 /usr/sbin/httpd -DFOREGROUND
           └─1475768 /usr/sbin/httpd -DFOREGROUND

Mar 22 23:36:59 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
Mar 22 23:36:59 localhost.localdomain systemd[1]: Started The Apache HTTP Server.
Mar 22 23:36:59 localhost.localdomain httpd[1475763]: Server configured, listening on: port 443, port 80

`````````````````````````````````````````````````````````````````````````````

But when I tried to access my  website, it still can not go over https, I referenced 

Apache Doc but it didn't provide any useful information for me, I also referenced IBM's doc and still not work, I have tried my best look through my config file and still didn't find my problem, can you have a look at my config file? If I have any problems, please let me know:)

By the way: my ssl.conf is in "conf.d" directory

Thank you much all your kind heart!

[Don Sizemore]

Hello,

From here, your public DNS points to a non-routable address:

dls@~/Desktop:$ curl -v http://dataverse.shanghai.nyu.edu:443/
*   Trying 10.214.15.100:443...
^C
dls@~/Desktop:$ host dataverse.shanghai.nyu.edu
dataverse.shanghai.nyu.edu has address 10.214.15.100

If you're on your internal network and still not getting a response, you might be sure you've opened a firewall port for https, and from on-board the machine you might try something like this to see if you get a response:

$ curl -H "Host: dataverse.shanghai.nyu.edu" https://localhost:443

Don

--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-commu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/2a34d6c9-f1be-44bc-b1c5-186404a16525n%40googlegroups.com.

[Yi Chen]

Hi Don,

I checked my firewall and found it was not running,  And I found a a weird situation: when I misconfigured my httpd.conf so that httpd failed to start, but I can still access my website through the port specified in payara, so I wonder can I just remove Apache and enable ssl on payara? And what's the function of Apache here, just a proxy?

Yi

To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/CAPfMOaz%3DM8nWDHXvZaFaU3tr6ug5Z3dyKxuiy4F0jbBrRZiR8g%40mail.gmail.com.

[Don Sizemore]

Hello,

Yes, Apache is used as a proxy, but is only required if you're using Shibboleth for authentication.

If you like you may use nginx as a proxy instead, or you may configure Payara with SSL.

Don

To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/CAA7YJkmzbKtQcNMM1NMEAKU9nHVi0B%3DdBszvN71GOfQZMdF_hQ%40mail.gmail.com.

[Yi Chen]

Got it! 

Thank you very much for your quick response!

I will try to enable SSL on payara:)

Best regards

You received this message because you are subscribed to a topic in the Google Groups "Dataverse Users Community" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/dataverse-community/HOLv3BcZqR0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to dataverse-commu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/CAPfMOawVHG3F2XO%3DU-gBaW_gDjOYKU3t8Uga5pjSPToqAB6m1Q%40mail.gmail.com.