Napp-it w/ AMP, how to SSL?

Discussion in 'SSDs & Data Storage' started by scobar, Mar 23, 2015.

  1. scobar

    scobar .

    Messages:
    33,504
    Joined:
    Jan 2, 2001
    Recently moved my file server/san over to the napp-ti appliance on esxi. Working on a few bumps here and there, mainly with the shares/acl, but coming around. I saw there is AMP/Owncloud, I've gone through and configured it. Now I am looking to go https on it as I want to have owncloud internet facing. I do have a wildcard cert.

    Is there a guide or something somewhere that will take me through the steps? Web servers are not in my current skillset.

    EDIT: now with directions http://hardforum.com/showpost.php?p=1041516731&postcount=10

    Please provide feedback.
     
    Last edited: Mar 30, 2015
  2. _Gea

    _Gea 2[H]4U

    Messages:
    3,646
    Joined:
    Dec 5, 2010
  3. scobar

    scobar .

    Messages:
    33,504
    Joined:
    Jan 2, 2001
    Neat. How do I install nano? I cannot stand vi :(

    :q to you!

    Edit: Looks like I installed it, but it is not running from CLI. There must be something that needs to be added to specify the path in the environment? Not sure, more of a windows guy.
     
    Last edited: Mar 24, 2015
  4. _Gea

    _Gea 2[H]4U

    Messages:
    3,646
    Joined:
    Dec 5, 2010
  5. scobar

    scobar .

    Messages:
    33,504
    Joined:
    Jan 2, 2001
    Well, now that is an idea. I setup ssh out of the box. I'll give 'er hell :)
     
  6. scobar

    scobar .

    Messages:
    33,504
    Joined:
    Jan 2, 2001
    Ok, so generated a self-signed cert for now, dropped it in. Then enabled ssl. From napp-it page, it puked:

    Code:
    [ Mar 22 22:27:10 Disabled. ]
    [ Mar 22 22:27:10 Rereading configuration. ]
    [ Mar 22 22:27:10 Rereading configuration. ]
    [ Mar 22 23:23:13 Enabled. ]
    [ Mar 22 23:23:13 Executing start method ("/opt/local/sbin/httpd -k start"). ]
    AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
    [ Mar 22 23:23:13 Method "start" exited with status 0. ]
    [ Mar 23 00:52:29 Stopping because service disabled. ]
    [ Mar 23 00:52:29 Executing stop method ("/opt/local/sbin/httpd -k stop"). ]
    AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
    [ Mar 23 00:52:29 Method "stop" exited with status 0. ]
    [ Mar 23 00:52:31 Enabled. ]
    [ Mar 23 00:52:31 Executing start method ("/opt/local/sbin/httpd -k start"). ]
    AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
    [ Mar 23 00:52:31 Method "start" exited with status 0. ]
    [ Mar 23 01:03:30 Rereading configuration. ]
    [ Mar 23 01:03:30 Executing refresh method ("/opt/local/sbin/httpd -k graceful"). ]
    AH00526: Syntax error on line 48 of /opt/local/etc/httpd/httpd-ssl.conf:
    Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
    [ Mar 23 01:03:30 Method "refresh" exited with status 1. ]
    [ Mar 23 01:03:30 Executing refresh method ("/opt/local/sbin/httpd -k graceful"). ]
    AH00526: Syntax error on line 48 of /opt/local/etc/httpd/httpd-ssl.conf:
    Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
    [ Mar 23 01:03:30 Method "refresh" exited with status 1. ]
    [ Mar 23 01:03:30 Executing refresh method ("/opt/local/sbin/httpd -k graceful"). ]
    AH00526: Syntax error on line 48 of /opt/local/etc/httpd/httpd-ssl.conf:
    Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
    [ Mar 23 01:03:30 Method "refresh" exited with status 1. ]
    [ Mar 23 01:06:21 Rereading configuration. ]
    [ Mar 23 19:50:20 Enabled. ]
    [ Mar 23 19:50:55 Executing start method ("/opt/local/sbin/httpd -k start"). ]
    AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
    [ Mar 23 19:50:57 Method "start" exited with status 0. ]
    [ Mar 26 00:09:40 Rereading configuration. ]
    [ Mar 26 00:09:40 Executing refresh method ("/opt/local/sbin/httpd -k graceful"). ]
    AH00526: Syntax error on line 48 of /opt/local/etc/httpd/httpd-ssl.conf:
    Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
    [ Mar 26 00:09:40 Method "refresh" exited with status 1. ]
    [ Mar 26 00:09:40 Executing refresh method ("/opt/local/sbin/httpd -k graceful"). ]
    AH00526: Syntax error on line 48 of /opt/local/etc/httpd/httpd-ssl.conf:
    Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
    [ Mar 26 00:09:40 Method "refresh" exited with status 1. ]
    [ Mar 26 00:09:40 Executing refresh method ("/opt/local/sbin/httpd -k graceful"). ]
    AH00526: Syntax error on line 48 of /opt/local/etc/httpd/httpd-ssl.conf:
    Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
    [ Mar 26 00:09:40 Method "refresh" exited with status 1. ]
    [ Mar 26 00:18:01 Leaving maintenance because clear requested. ]
    [ Mar 26 00:18:01 Enabled. ]
    [ Mar 26 00:18:01 Executing start method ("/opt/local/sbin/httpd -k start"). ]
    AH00526: Syntax error on line 73 of /opt/local/etc/httpd/httpd-ssl.conf:
    SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
    [ Mar 26 00:18:01 Method "start" exited with status 1. ]
    
    
    Not too worried about the first ones for now. Looking further down looks like it is chocking on line 48.

    That is:
    Code:
    #   SSL Cipher Suite:
    #   List the ciphers that the client is permitted to negotiate.
    #   See the mod_ssl documentation for a complete list.
    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
    
    
    Then focus in on this:

    Code:
    [ Mar 26 00:09:40 Executing refresh method ("/opt/local/sbin/httpd -k graceful"). ]
    AH00526: Syntax error on line 48 of /opt/local/etc/httpd/httpd-ssl.conf:
    Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
    [ Mar 26 00:09:40 Method "refresh" exited with status 1. ]
    
    Per this: http://impradeep.com/invalid-comman...ule-not-included-in-the-server-configuration/ Suggests enabling ssl_module lib/httpd/mod_ssl.so, which was done(already).

    Then issued a svcadm enable apache. rinse and repeat, same error. I'll take a gander at it again in a bit.:mad:
     
  7. scobar

    scobar .

    Messages:
    33,504
    Joined:
    Jan 2, 2001
    Ok, generated my own cert, included another module 'mod_socache_shmcb' and looks like I am up and running on ssl with owncloud.
     
  8. _Gea

    _Gea 2[H]4U

    Messages:
    3,646
    Joined:
    Dec 5, 2010
    Can you please write down the steps you have done (Apache + SSL + Owncloud on OmniOS).
    Maybe this is helpful for others as well.

    If you would send my a pdf, I would place it on the Owncloud page at napp-it.org
     
  9. scobar

    scobar .

    Messages:
    33,504
    Joined:
    Jan 2, 2001
    Yeah I can probably do that. I broke my appliance and am going back through the process again. Ran out of room on the appliance and attempted to mirror to a larger disk. Let's say that isn't smart, instead, put the owncloud storage onto the pool storage instead.
     
  10. scobar

    scobar .

    Messages:
    33,504
    Joined:
    Jan 2, 2001