[Systems] git.sugarlabs.org Secure Connection Failed
Bernie Innocenti
bernie at codewiz.org
Mon May 11 20:53:57 EDT 2015
And by the way, we should get updated SSL certificates from Gandi. These
still use SHA1 which makes all recent browsers barf (rightfully).
Also, Jita is still allowing SSLv3? Any idea why? It seemed deliberate
so I didn't change it. We should also look into upgrading Jita to Ubuntu
14.04 asap.
On 05/11/2015 08:46 PM, Bernie Innocenti wrote:
> FOUND! The solution was to move a virtualhost defined in
> conf.d/000-default.conf to sites-enabled/000-default and split it in two
> separate hosts, one for port 80 and one for port 443.
>
> I *think* I didn't break anything else, but please double check. The
> details of my change are in commit 6b78a6d4306 of etckeeper.
>
> This could be further improved by moving all the stuff in common between
> http and https to a shared include file.
>
> On 05/11/2015 08:14 PM, Bernie Innocenti wrote:
>> The Apache error.log is huge because debug logging was enabled in
>> sites-available/default-common.inc. I reduced it to 'warn'.
>>
>> On 05/11/2015 08:10 PM, Bernie Innocenti wrote:
>>> On 05/11/2015 08:08 PM, Bernie Innocenti wrote:
>>>> Jita is listening for plain HTTP connections on port 443 :-/
>>>>
>>>> On first inspection, the Apache virtualhost config seems correct:
>>>>
>>>> <VirtualHost *:443>
>>>> Include "/etc/apache2/sites-available/default-common.inc"
>>>> Include "/etc/apache2/sites-available/ssl-common.inc"
>>>>
>>>> ServerName src.sugarlabs.org
>>>> ServerAlias src.sugarlabs.*
>>>> DocumentRoot /srv/gitorious/repositories-mirror
>>>>
>>>> <Directory /srv/gitorious/repositories-mirror>
>>>> Options FollowSymLinks Indexes
>>>> AllowOverride Options Indexes FileInfo
>>>> </Directory>
>>>>
>>>> RedirectMatch permanent ^/(.*)\.git$ /$1
>>>> RedirectMatch permanent ^/(.*)\.git/(.*)$ /$1/$2
>>>>
>>>> CustomLog /var/log/apache2/src.sugarlabs.org.log combined
>>>> </VirtualHost>
>>>
>>> Pasted the wrong virtualhost. This is the git.sl.o one:
>>>
>>> <VirtualHost *:443>
>>> Include "/etc/apache2/sites-available/default-common.inc"
>>> Include "/etc/apache2/sites-available/ssl-common.inc"
>>> Include "/etc/apache2/sites-available/git.sugarlabs.org.inc"
>>>
>>> ServerName git.sugarlabs.org
>>> ServerAlias git.sugarlabs.*
>>> DocumentRoot /srv/gitorious/app/public
>>>
>>> RailsEnv production
>>> PassengerUser gitorious
>>> PassengerGroup gitorious
>>>
>>> <Directory /srv/gitorious/app/public>
>>> AllowOverride all
>>> Options -MultiViews
>>> </Directory>
>>>
>>> # Bots
>>> RewriteEngine On
>>> RewriteCond %{REQUEST_URI} /wp-login.php
>>> RewriteRule .* -
>>> [F,E=force-response-1.0,E=downgrade-1.0,E=nokeepalive]
>>>
>>> CustomLog /var/log/apache2/git.sugarlabs.org.log combined
>>> </VirtualHost>
>>>
>>>
>>
>>
>
>
--
_ // Bernie Innocenti
\X/ http://codewiz.org
More information about the Systems
mailing list