+- TACTIC Open Source (http://forum.southpawtech.com)
+-- Forum: TACTIC Open Source (http://forum.southpawtech.com/forumdisplay.php?fid=3)
+--- Forum: TACTIC Discussion (http://forum.southpawtech.com/forumdisplay.php?fid=4)
+--- Thread: HTTPS implementation (/showthread.php?tid=241)
Pages:
1
2
HTTPS implementation - Nachogor - 08-16-2021
Hi guys!
I´m trying to install SSL, already have the cert bot working properly, but when I add
<security>
<protocol>https</protocol>
</security>
as stated in tactic-sys-admin.pdf page 76 to /etc/httpd/conf.d/tactic.conf tactic doesn´t start anymore.
Is there any special care for this?
BTW http://community.southpawtech.com/community/ seems to be down today.
Thanks!
Nacho
RE: HTTPS implementation - listy - 08-16-2021
(08-16-2021, 03:35 PM)Nachogor Wrote: as stated in tactic-sys-admin.pdf page 76 to /etc/httpd/conf.d/tactic.conf tactic doesn´t start anymore.Does it fail to stat tactic server?
RE: HTTPS implementation - Nachogor - 08-16-2021
Hi Listy!
Nope, APACHE HTTPD service fails to start with this error:
Job for httpd.service failed because the control process exited with error code.
Thanks!
Nacho
RE: HTTPS implementation - listy - 08-16-2021
Have you installed ssl for apache? And other stuff related to https
RE: HTTPS implementation - remkonoteboom - 08-16-2021
If apache doesn't start, you have to look at the apache error logs for more details.
> tail /var/log/httpd/error_log
(For Redhat like distros)
Otherwise you should look at the journalctl output which could give more information.
As for this:
<security>
<protocol>https</protocol>
</security>
I recently made https the default.
RE: HTTPS implementation - Nachogor - 08-16-2021
Thanks for your answer and sorry for the delay.
Yes, mod_ssl was installed. Anyway https is working, if I don't add the security and protocol directives to tactic.conf httpd works, i can access using https the site and chrome shows a valid certificate. As soon as I add:
<security>
<protocol>https</protocol>
</security>
in /etc/httpd/conf.d/tactic.conf when I try to restart httpd (service httpd restart) I get an error.
If I suppress those lines, everything works again.
@remkonoteboom, thanks for the reply.
I'm up to date but it seems to me https is not the default. At least if I navigate to the Tactic URL it doesn't redirect me to the SSL site, it navigates on the std port 80.
Regarding the error in the apache log: there's no new entry in the error_log, but when looking at the service status what I see is:
Aug 16 17:52:08 g450.nonstop.tv systemd[1]: Starting The Apache HTTP Server...
Aug 16 17:52:08 g450.nonstop.tv httpd[15336]: httpd: Syntax error on line 356 of /etc/httpd/conf/httpd.conf: Syntax error on line 21 >
Aug 16 17:52:08 g450.nonstop.tv systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
Aug 16 17:52:08 g450.nonstop.tv systemd[1]: httpd.service: Failed with result 'exit-code'.
And of course the line 21 is the line with: </security>
Questions: in the manual it mentions tactic_<OS>.conf, using the Fedora VM I found a tactic_win32.conf and a tactic.conf (no OS) I modified that one (in /etc/httpd/conf.d/) Also there're tactic.conf files in
/opt/tactic/tactic_data/config/tactic.conf
/opt/tactic/TACTIC/src/install/apache/tactic.conf
And where should I put those protocol and security directives? I've tried in many places in the file (at the same level of <Directory> inside <Directory>, etc. But none worked.
Thanks again for the help.
BTW, it may be a module missing, but I can't find which one would it be. mod_ssl is installed and working, but I get:
Aug 16 18:06:05 g450.nonstop.tv httpd[15934]: Invalid command '<security', perhaps misspelled or defined by a module not included in the server configuration
Also @remkonoteboom, I've realized after getting the last version from git I must copy the conf file to my /etc/httpd/conf.d/ and yes sceurity->protocol->https was indeed in the tactic.conf in the last version, but I cen't get apache to start with it.
Thanks
RE: HTTPS implementation - remkonoteboom - 08-17-2021
"At least if I navigate to the Tactic URL it doesn't redirect me to the SSL site, it navigates on the std port 80."
This is usually done with apache (or nginx) configuration rather than relying on TACTIC
https://linuxize.com/post/redirect-http-to-https-in-apache/
RE: HTTPS implementation - Nachogor - 08-17-2021
Thanks for the reply, I'm not used to the way in which tactic does the load balancing and I don't fully understand the meaning of the security and protocol directives, I know how to make a redirrect and now that you tell me that's the way forward I'll implement it, thanks!
On the other hand, if I leave the section:
<security>
<protocol>https</protocol>
</security>
Apache doesn't start and the error message is:
Aug 16 18:06:05 g450.nonstop.tv httpd[15934]: Invalid command '<security', perhaps misspelled or defined by a module not included in the server configuration
Am I missing a module? which one? I've googled it a lot but can't find it.
Thanks again!
RE: HTTPS implementation - listy - 08-18-2021
(08-17-2021, 10:59 PM)Nachogor Wrote: <security>Where do you add this strings?
<protocol>https</protocol>
</security>
RE: HTTPS implementation - remkonoteboom - 08-18-2021
Listy's question is valid. Are you adding this to the apache conf file? These would have belonged in the tactic conf file (of course, this is not required for https anymore as this is the default).
If you put these lines in the apache conf file, apache will not start.