Turn off/disable Default SSL on server?

5 posts / 0 new
Last post
#1 Wed, 09/10/2014 - 10:57
DoubleSpeed

Turn off/disable Default SSL on server?

Due to traffic demands we need to add a load balancer in front of 2 front end web servers and as the port 443 traffic terminates at the load balancer we need to remove the SSL configuration from the 2 front end web servers to stop any conflicts.

httpd -S indicates...

wildcard NameVirtualHosts and default servers: default:443 2a00:1a48:7808:102:exxxxxx (/etc/httpd/conf.d /ssl.conf:81)

Where do I disable this as the ssl.conf file is not included in the httpd.conf file?

Wed, 09/10/2014 - 15:11
andreychek

Howdy,

On CentOS, the "ssl.conf" file in /etc/httpd/conf.d/ is included by this line in the httpd.conf file:

Include conf.d/*.conf

One way to prevent the ssl.conf file from being loaded then would just be to rename it so that it doesn't end in ".conf". For example, you could rename it to "ssl.conf.orig" and then restart Apache.

-Eric

Thu, 09/11/2014 - 09:56
DoubleSpeed

Thanks for the reply I tried renaming the ssl.conf however webserver wouldn't restart.

Got something really weird going on which I cannot work out I have the server operating behind a load balancer however since putting the load balancer in front the web server is now ignoring the Virtual Hosts which were working completely normally when there was no load balancer. Now the server will only operate using the default config in httpd.conf as said it ignores the VHosts.

Can anyone give me any guidance on what the issue is and how I can fix?

httpd -S [Thu Sep 11 15:29:10 2014] [warn] module version_module is already loaded, skipping httpd: Could not reliably determine the server's fully qualified domain name, using 2a00:1a48:7808:102:xxxxxx for ServerName [Thu Sep 11 15:29:10 2014] [warn] default VirtualHost overlap on port 80, the first has precedence [Thu Sep 11 15:29:10 2014] [warn] default VirtualHost overlap on port 443, the first has precedence VirtualHost configuration: wildcard NameVirtualHosts and default servers: default:443 2a00:1a48:7808:102:ed95:89bc:82b6:823c (/etc/httpd/conf.d/ssl.conf:81) *:80 www.domain.co.uk (/etc/httpd/conf/httpd.conf:1007) *:443 www.domain.co.uk (/etc/httpd/conf/httpd.conf:1043) *:80 sys.domain.co.uk (/etc/httpd/conf/httpd.conf:1085) Syntax OK

Thu, 09/11/2014 - 11:21
andreychek

Howdy,

While there are some warnings in the output you provided, none of those are fatal errors that would keep Apache from starting.

What error(s) do you receive when trying to start Apache and the ssl.conf is renamed?

Are there additional errors in the Apache logs, in /var/log/httpd/error_log?

-Eric

Thu, 09/11/2014 - 11:55
DoubleSpeed

OK just to update this ticket - the solution to the issues was to add/uncomment:

NameVirtualHost *:443 NameVirtualHost *:80

In httpd.conf

Again just to reiterate not sure the reasons why it all worked before the load balancer was added as NameVirtualHost was commented out originally and all worked OK however now behind the load balancer it needs NameVirtualHost in the conf.

This info might be useful to someone else.

Topic locked