Napp-it w/ AMP, how to SSL?

  • Thread starter Deleted member 12106
  • Start date
D

Deleted member 12106

Guest
Recently moved my file server/san over to the napp-ti appliance on esxi. Working on a few bumps here and there, mainly with the shares/acl, but coming around. I saw there is AMP/Owncloud, I've gone through and configured it. Now I am looking to go https on it as I want to have owncloud internet facing. I do have a wildcard cert.

Is there a guide or something somewhere that will take me through the steps? Web servers are not in my current skillset.

EDIT: now with directions http://hardforum.com/showpost.php?p=1041516731&postcount=10

Please provide feedback.
 
Last edited by a moderator:
D

Deleted member 12106

Guest
Neat. How do I install nano? I cannot stand vi :(

:q to you!

Edit: Looks like I installed it, but it is not running from CLI. There must be something that needs to be added to specify the path in the environment? Not sure, more of a windows guy.
 
Last edited by a moderator:
D

Deleted member 12106

Guest
Well, now that is an idea. I setup ssh out of the box. I'll give 'er hell :)
 
D

Deleted member 12106

Guest
Ok, so generated a self-signed cert for now, dropped it in. Then enabled ssl. From napp-it page, it puked:

Code:
[ Mar 22 22:27:10 Disabled. ]
[ Mar 22 22:27:10 Rereading configuration. ]
[ Mar 22 22:27:10 Rereading configuration. ]
[ Mar 22 23:23:13 Enabled. ]
[ Mar 22 23:23:13 Executing start method ("/opt/local/sbin/httpd -k start"). ]
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
[ Mar 22 23:23:13 Method "start" exited with status 0. ]
[ Mar 23 00:52:29 Stopping because service disabled. ]
[ Mar 23 00:52:29 Executing stop method ("/opt/local/sbin/httpd -k stop"). ]
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
[ Mar 23 00:52:29 Method "stop" exited with status 0. ]
[ Mar 23 00:52:31 Enabled. ]
[ Mar 23 00:52:31 Executing start method ("/opt/local/sbin/httpd -k start"). ]
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
[ Mar 23 00:52:31 Method "start" exited with status 0. ]
[ Mar 23 01:03:30 Rereading configuration. ]
[ Mar 23 01:03:30 Executing refresh method ("/opt/local/sbin/httpd -k graceful"). ]
AH00526: Syntax error on line 48 of /opt/local/etc/httpd/httpd-ssl.conf:
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
[ Mar 23 01:03:30 Method "refresh" exited with status 1. ]
[ Mar 23 01:03:30 Executing refresh method ("/opt/local/sbin/httpd -k graceful"). ]
AH00526: Syntax error on line 48 of /opt/local/etc/httpd/httpd-ssl.conf:
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
[ Mar 23 01:03:30 Method "refresh" exited with status 1. ]
[ Mar 23 01:03:30 Executing refresh method ("/opt/local/sbin/httpd -k graceful"). ]
AH00526: Syntax error on line 48 of /opt/local/etc/httpd/httpd-ssl.conf:
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
[ Mar 23 01:03:30 Method "refresh" exited with status 1. ]
[ Mar 23 01:06:21 Rereading configuration. ]
[ Mar 23 19:50:20 Enabled. ]
[ Mar 23 19:50:55 Executing start method ("/opt/local/sbin/httpd -k start"). ]
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
[ Mar 23 19:50:57 Method "start" exited with status 0. ]
[ Mar 26 00:09:40 Rereading configuration. ]
[ Mar 26 00:09:40 Executing refresh method ("/opt/local/sbin/httpd -k graceful"). ]
AH00526: Syntax error on line 48 of /opt/local/etc/httpd/httpd-ssl.conf:
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
[ Mar 26 00:09:40 Method "refresh" exited with status 1. ]
[ Mar 26 00:09:40 Executing refresh method ("/opt/local/sbin/httpd -k graceful"). ]
AH00526: Syntax error on line 48 of /opt/local/etc/httpd/httpd-ssl.conf:
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
[ Mar 26 00:09:40 Method "refresh" exited with status 1. ]
[ Mar 26 00:09:40 Executing refresh method ("/opt/local/sbin/httpd -k graceful"). ]
AH00526: Syntax error on line 48 of /opt/local/etc/httpd/httpd-ssl.conf:
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
[ Mar 26 00:09:40 Method "refresh" exited with status 1. ]
[ Mar 26 00:18:01 Leaving maintenance because clear requested. ]
[ Mar 26 00:18:01 Enabled. ]
[ Mar 26 00:18:01 Executing start method ("/opt/local/sbin/httpd -k start"). ]
AH00526: Syntax error on line 73 of /opt/local/etc/httpd/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
[ Mar 26 00:18:01 Method "start" exited with status 1. ]

Not too worried about the first ones for now. Looking further down looks like it is chocking on line 48.

That is:
Code:
#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

Then focus in on this:

Code:
[ Mar 26 00:09:40 Executing refresh method ("/opt/local/sbin/httpd -k graceful"). ]
AH00526: Syntax error on line 48 of /opt/local/etc/httpd/httpd-ssl.conf:
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
[ Mar 26 00:09:40 Method "refresh" exited with status 1. ]

Per this: http://impradeep.com/invalid-comman...ule-not-included-in-the-server-configuration/ Suggests enabling ssl_module lib/httpd/mod_ssl.so, which was done(already).

Then issued a svcadm enable apache. rinse and repeat, same error. I'll take a gander at it again in a bit.:mad:
 
D

Deleted member 12106

Guest
Ok, generated my own cert, included another module 'mod_socache_shmcb' and looks like I am up and running on ssl with owncloud.
 

_Gea

2[H]4U
Joined
Dec 5, 2010
Messages
4,068
Can you please write down the steps you have done (Apache + SSL + Owncloud on OmniOS).
Maybe this is helpful for others as well.

If you would send my a pdf, I would place it on the Owncloud page at napp-it.org
 
D

Deleted member 12106

Guest
Yeah I can probably do that. I broke my appliance and am going back through the process again. Ran out of room on the appliance and attempted to mirror to a larger disk. Let's say that isn't smart, instead, put the owncloud storage onto the pool storage instead.
 
Top