Однако ssl не использовалась никогда(модуль по умолчанию ставился с апачем).
Теперь надо задействовать ssl для апача. Поискал варианты решения вопроса. Вначале воспользовался вариантом с этого сайта - http://www.lissyara.su/articles/freebsd ... 2.2.0+ssl/.
Первое что не удалось это получить 4-е файла при генерации сертификата, а именно не появлялся файл *.pem. Ну далее пробовал без него.
В итоге апач не хотел стартовать при расскоментрованной строчке httpd-ssl.conf в основном конфиге апача.
В общем порылся в других вариантах...вот уже 3-ий день


http://freebsdguide.ru/_17/_7/, https://irinakostina.wordpress.com/tag/freebsd/ и другие поизучал. У всех все работает сразу, как они пишут.
Я же никак не могу заставить чтоб мой апач начал работать через ssl. Tcpdump показывает запросы на сервер по порту 443, а тот отвечает нулевым размером. Клиент-компьютер выдает, что имеется запрет на доступ. И не слова про запрос/проверку сертификата или что-то в этой теме....

В логах вижу записи типа
Код: Выделить всё
" client denied by server configuration: /usr/local/www/zps"
Ладно... в конфигах (httpd.conf и httpd-ssl.conf) прописано
Код: Выделить всё
Order Allow,Deny
Allow from all



Подскажите что надо мне проверить в конфигах...
Да, конфиги нижу::
httpd.conf
Код: Выделить всё
#
#ServerRoot "/usr/local"
Listen 80
Listen 443
# LoadModule foo_module modules/mod_foo.so
#
LoadModule authn_file_module libexec/apache22/mod_authn_file.so
LoadModule authn_dbm_module libexec/apache22/mod_authn_dbm.so
LoadModule authn_anon_module libexec/apache22/mod_authn_anon.so
LoadModule authn_default_module libexec/apache22/mod_authn_default.so
LoadModule authn_alias_module libexec/apache22/mod_authn_alias.so
LoadModule authz_host_module libexec/apache22/mod_authz_host.so
LoadModule authz_groupfile_module libexec/apache22/mod_authz_groupfile.so
LoadModule authz_user_module libexec/apache22/mod_authz_user.so
LoadModule authz_dbm_module libexec/apache22/mod_authz_dbm.so
LoadModule authz_owner_module libexec/apache22/mod_authz_owner.so
LoadModule authz_default_module libexec/apache22/mod_authz_default.so
LoadModule auth_basic_module libexec/apache22/mod_auth_basic.so
LoadModule auth_digest_module libexec/apache22/mod_auth_digest.so
LoadModule file_cache_module libexec/apache22/mod_file_cache.so
LoadModule cache_module libexec/apache22/mod_cache.so
LoadModule disk_cache_module libexec/apache22/mod_disk_cache.so
LoadModule dumpio_module libexec/apache22/mod_dumpio.so
LoadModule reqtimeout_module libexec/apache22/mod_reqtimeout.so
LoadModule include_module libexec/apache22/mod_include.so
LoadModule filter_module libexec/apache22/mod_filter.so
LoadModule charset_lite_module libexec/apache22/mod_charset_lite.so
LoadModule deflate_module libexec/apache22/mod_deflate.so
LoadModule log_config_module libexec/apache22/mod_log_config.so
LoadModule logio_module libexec/apache22/mod_logio.so
LoadModule env_module libexec/apache22/mod_env.so
LoadModule mime_magic_module libexec/apache22/mod_mime_magic.so
LoadModule cern_meta_module libexec/apache22/mod_cern_meta.so
LoadModule expires_module libexec/apache22/mod_expires.so
LoadModule headers_module libexec/apache22/mod_headers.so
LoadModule usertrack_module libexec/apache22/mod_usertrack.so
#LoadModule unique_id_module libexec/apache22/mod_unique_id.so
LoadModule setenvif_module libexec/apache22/mod_setenvif.so
LoadModule version_module libexec/apache22/mod_version.so
LoadModule ssl_module libexec/apache22/mod_ssl.so
LoadModule mime_module libexec/apache22/mod_mime.so
LoadModule dav_module libexec/apache22/mod_dav.so
LoadModule status_module libexec/apache22/mod_status.so
LoadModule autoindex_module libexec/apache22/mod_autoindex.so
LoadModule asis_module libexec/apache22/mod_asis.so
LoadModule info_module libexec/apache22/mod_info.so
LoadModule cgi_module libexec/apache22/mod_cgi.so
LoadModule dav_fs_module libexec/apache22/mod_dav_fs.so
LoadModule vhost_alias_module libexec/apache22/mod_vhost_alias.so
LoadModule negotiation_module libexec/apache22/mod_negotiation.so
LoadModule dir_module libexec/apache22/mod_dir.so
LoadModule imagemap_module libexec/apache22/mod_imagemap.so
LoadModule actions_module libexec/apache22/mod_actions.so
LoadModule speling_module libexec/apache22/mod_speling.so
LoadModule userdir_module libexec/apache22/mod_userdir.so
LoadModule alias_module libexec/apache22/mod_alias.so
LoadModule rewrite_module libexec/apache22/mod_rewrite.so
LoadModule php5_module libexec/apache22/libphp5.so
#LoadModule php5_module libexec/libphp5.so
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User www
Group www
</IfModule>
</IfModule>
# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin vlad@mail.vzarinske.ru
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
ServerName vzarinske.ru
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/usr/local/www/apache22/data"
<Directory />
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory "/usr/local/www/apache22/data">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html index.htm index.php index.sntml
</IfModule>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "/var/log/httpd-error.log"
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "/var/log/httpd-access.log" combined
</IfModule>
<IfModule alias_module>
Alias /phpmyadmin/ "/usr/local/www/phpMyAdmin/"
<Directory "/usr/local/www/phpMyAdmin/">
AllowOverride Limit
Options None
Order deny,allow
Deny from all
Allow from 10.50.50.0/24
</Directory>
ScriptAlias /cgi-bin/ "/usr/local/www/apache22/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/usr/local/www/apache22/cgi-bin">
AllowOverride None
Options ExecCGI
Order Allow,Deny
Allow from all
</Directory>
#
DefaultType text/plain
<IfModule mime_module>
TypesConfig etc/apache22/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php
</IfModule>
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall is used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
#
#EnableMMAP off
#EnableSendfile off
# Supplemental configuration
#
# The configuration files in the etc/apache22/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.
# Server-pool management (MPM specific)
#Include etc/apache22/extra/httpd-mpm.conf
# Multi-language error messages
#Include etc/apache22/extra/httpd-multilang-errordoc.conf
# Fancy directory listings
#Include etc/apache22/extra/httpd-autoindex.conf
# Language settings
#Include etc/apache22/extra/httpd-languages.conf
# User home directories
#Include etc/apache22/extra/httpd-userdir.conf
# Real-time info on requests and configuration
#Include etc/apache22/extra/httpd-info.conf
########## Virtual hosts
#Include etc/apache22/extra/httpd-vhosts.conf
# Local access to the Apache HTTP Server Manual
#Include etc/apache22/extra/httpd-manual.conf
# Distributed authoring and versioning (WebDAV)
#Include etc/apache22/extra/httpd-dav.conf
# Various default settings
#Include etc/apache22/extra/httpd-default.conf
########## Secure (SSL/TLS) connections
#Include /usr/local/etc/apache22/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
Include etc/apache22/Includes/*.conf
<IfDefine !NOHTTPACCEPT>
AcceptFilter http httpready
AcceptFilter https dataready
</IfDefine>
Код: Выделить всё
#
Listen 443
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog |/usr/local/etc/apache22/echo
SSLSessionCache "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex "file:/var/run/ssl_mutex"
NameVirtualHost *:443
<VirtualHost *:443>
DocumentRoot "/usr/local/www/zps"
ServerName zps.mysite.ru:443
ServerAdmin vlad@mail.mysite.ru
CustomLog "/var/log/httpd-ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/usr/local/etc/apache22/server.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/server.key"
<Directory "/usr/local/www/zps">
AllowOverride All
Order allow,deny
Allow from all
</Directory>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/www/zps/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
Код: Выделить всё
#
NameVirtualHost *:80
#
<VirtualHost *:80>
ServerAdmin vlad@mail.mysite.ru
DocumentRoot "/usr/local/www/apache22/data"
ServerName mysite.ru
ServerAlias www.mysite.ru
<Directory /usr/local/www/apache22/data>
AllowOverride All
</Directory>
ErrorLog "/var/log/mysite.ru-error_log"
CustomLog "/var/log/mysite.ru-access_log" common
</VirtualHost>
<VirtualHost *:443>
ServerAdmin vlad@mail.mysite.ru
DocumentRoot "/usr/local/www/zps"
ServerName zps.mysite.ru
SSLEngine on
SSLCertificateFile "/usr/local/etc/apache22/server.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/server.key"
<Directory /usr/local/www/zps>
AllowOverride All
Order allow,deny
Allow from all
</Directory>
ErrorLog "/var/log/zps-error_log"
CustomLog "/var/log/zps-access_log" common
</VirtualHost>