RedHat 8.0 - Could use some help with an SSL problem

[wlwoman]

The upgrade is done. The changes made to this version threw me for a while as I struggled to get my server reconnected to the net! I still have anunresolved issue if anyone can help:

1. I had to shut down the secure server (SSL); I haven't figured out quite how to meld the old config (which was part of httpd.conf) to the new ssl.conf file. When I specified the name and port (443) for the secure server, it turned the whole box into a secure server. Only part of the server is secure, and these files are on my second server.

The main server (server #1) connects to the secure server (and mydomainecom) via the /mnt/server#2 route. This was set up in the old httpd.conf file under the SSL VirtualHost directives:

<VirtualHost *:443>

# General setup for the virtual host
DocumentRoot &quot;/var/

http://www/mydomainecom/html&quot;

ServerName mydomain-ecommerce.com
ServerAlias

http://www.mydomain-ecommerce.com

ServerAdmin webmaster@mydomain-ecommerce.com


In the new ssl.conf file, I had the following:
<VirtualHost *:443>

# General setup for the virtual host
DocumentRoot &quot;/var/

http://www/mydomainecom/html&quot;

ServerName mydomain-ecommerce.com
ServerAlias

http://www.mydomain-ecommerce.com

ServerAdmin webmaster@mydomain-ecommerce.com



The domain was set up as a regular vhost in a vhost container on both the old (7.3) and new (8.0) versions of RedHat.

This allowed the files related to credit card processing, etc. to be put on server#2, and run under the SSL protocol without having the whole server run as SSL.

If anyone has installed 8.0 and experienced a similar issue, please let me know how it was resolved. I would like to get my secure server up and running as soon as possible.

If this post is indecipherable (as mine often are) please tell me so I can just post the whole bunch of mess!

 

[wlwoman]

more problems:

* System will boot (LILO) but will not connect to internet unless I use the boot disk.

* sendmail works fine from my POP3 mail account for receiving mail but won't send anything from the POP3 account.

I will likely keep a running log of problems here and if any of them look familiar, let me know

 

[kaioo]

Hi there.

I have a problem that looks like yours. I have 2 websites on my box, and I used to put them both as virtual domains in the old httpd.conf file (RH 7.3)

Now, in RH 8.0, I had to turn off the SSL because it wouldn't let me have virtual hosts and warned me with something like &quot;unpredictable behaviour&quot; thing when starting httpd.

Without ssl it works fine, but now I can't make PHP work with Apache together, and Apache is just parsing the *.php files to the browser, so instead of collecting the data from de DB, I get a screen full of sh*t that I don't want anybody to see.

Has anybody solved this ?

I guess that, as usual, we all will have to wait until RH *.3 distro to get things going.

Also, ADSL support in rh 8.0 sucks.

 

[wlwoman]

From the modssl.org website:

How can I authenticate my clients for a particular URL based on certificates but still allow arbitrary clients to access the remaining parts of the server?
For this we again use the per-directory reconfiguration feature of mod_ssl:

(httpd.conf)



SSLVerifyClient none
SSLCACertificateFile conf/ssl.crt/ca.crt
<Location /secure/area>
SSLVerifyClient require
SSLVerifyDepth 1
</Location>



Now, since the SSL directives are no longer part of httpd.conf, but instead are listed in ssl.conf, it may be possible to configure the ssl.conf file the same way as shown above.

Due to the number of problems I'm having with this upgrade, I'm considering moving all the sites from my web server to my secure server and doing a fresh install of 8.0 - and if that fails to resolve all these issues, I'm going to do a fresh install of 7.3 ! Unfortunately, this will have to be a weekend project.

If you haven't looked yet, go to

http://bugzilla.redhat.com

and do a general search on RedHat Linux 8.0; the list of problems for this new release is extremely long! I did, however, find the answer to the e-mail problem from my second post above.

I switched bootloaders to GRUB and it worked fine (for booting) but still won't connect to the net without using the boot disk.

 

[wlwoman]

I called the local computer store (the one with the great prices) to get a quote on upgrading my board/processor. Since he made me an offer I can't refuse, I'm going to wait 'til next weekend, then load up my new box with RedHat 7.3, transfer my website and old config files over there, and go back to 'normal'.

RedHat 8.0 may be okay when it gets to 8.3 or 8.4, but for now I think I'll go back to the way we were! Everything worked, at least....

So.....here is a list of what I know I have to make copies of to reload from my old OS and what I'd like to know is if I've forgotten anything really important....

1. all files in /var/www
2. all files in /etc/httpd/conf
3. sendmail.cf and sendmail.mc
4. all files in etc/sysconfig/network-scripts

 

[kaioo]

Hi there.

Maybe you would find useful to backup the database files, for example, for mysql you should copy the directories that have the name of a database you created, located in /var/lib/mysql/

Unless there is major change within the installed and the soon-to-install versions it should work.

Anyway, about my problem with Apache, PHP and other things, RH8.0 has to many issues for keeping me from falliing back to RH7.3, so I did it. Now everything is in place.

Regards

Kaioo

 

[wlwoman]

Anyway, about my problem with Apache, PHP and other things, RH8.0 has to many issues for keeping me from falliing back to RH7.3, so I did it. Now everything is in place.

Are you saying you went back to 7.3? Or did you resolve the issues with 8.0?

 

[kaioo]

Hi again.

I went back to 7.3

I got tired of trying solving problems that are due to a badly built distro.

Anyway, whwat did you think about Bluecurve (tm) ?

I think that is just too XP-ish looking.

Regards.

Bye

 

[RhythmAce]

You guys kinda lost me. I didn't get anything that looks like Windows or XP. Mine kinda looks like KDE.

 

[marsd]

wlwoman,
I'm coming in on the end here so I will not criticize
anything too severely, but you seem to have the impression that your network problems are in some way tied to your
ssl problems with your webserver. You state that using the bootdisk allows you to restore network connectivity.
What is pretty apparent from all this is that you have
not an unconfigured or misconfigured network problem.
You nic driver is not being loaded.
If you do a lsmod after booting from floppy and then
when normally booting, what are the differences?

There is no reason to rebuild anything. All of your problems can be handled with the right information.

kaioo,
Some distro's are not to our taste, but a misconfiguration
is sometimes just as much the users fault. Don't be too
quick to blame a distribution for a user problem..

My .02

 

[kaioo]

Marsd:

Yup... you're right.

Maybe it's just me getting grumpier with age, and so many rainy days here are putting me very &quot;itchy&quot;: there has been about 2 months of almost continuous rain in my city.

Bye all.

 

[wlwoman]

Marsd: The problems resulted from upgrading a system that was working well to a system that has significant changes in the configuration; i.e. the migration is neither automatic nor simple. No network or SSL settings were changed, and the error messages were numerous. I simply turned off the SSL in order to give myself some time to investigate the documentation without knocking all of the client sites offline while I figured a workaround to the new formats.

Because I'm running a webserver with client websites, I can't do too much 'playing around' to see what will work here, what won't work there, what will this little change do, etc.......

My frustration comes from experiencing problems I haven't experienced heretofore with RH, and a lack of complete documentation to cover the changes that are causing those problems.

A comparison of successful vs. unsuccessful boot logs indicates that part of the problem is in some virtual IP addressing; this did not interfere with the 7.3 system but seems to have the 8.0 system too confused to connect.

This might work better as a clean install; that would at least eliminate conflicts between 7.3 config and 8.0 config requirements. I've had no problems with server #2, which I did a clean install on. Because I'm getting a new box next weekend, I will have something I can experiment with a la clean install without disrupting anyone's business.

In the meantime, I have to admit that I wasn't unhappy with 7.3 and had it pretty much configured to my liking.

I would agree with you that it's configuration problems at the root of my sorrows; however, these are the same configs that worked quite well in 7.3.... Now, if you know how to make 8.0 do a partial SSL the way 7.3 did, please let me in on the trick!!

Since I have a second server (the secure server) that's no longer secure, I may use it to test some config changes after I move the files around and change all the site links back to server #1. That way I can avoid the wrath of my clients while I see what 8.0's made of.

Kaioo:

BlueCurve is mighty purty It also seems to maintain 'true' colors better than 7.3 did with my oldie goldie monitor. My guess is a video upgrade of some type that's superior to whatever was in 7.3

RhythmAce:

There's a lot more of the windoze-type functionality in 8.0 that in previous versions of RH. From desktop to menu to mouse interface, it's definitely gunning for the PC user market instead of just the server crowd.