Apache not listening on port 443
Posted by: cliffb (---.res.spectrum.com)
Date: September 11, 2024 01:21PM

[EDIT] The root cause was the firewall behavior and rule. To skip tl;dr, read first few paragraphs down to Environment here and then skip to my last post on this thread . [end edit]

I can't get Apache to listen to port 443! I've been trying everything I could find online but can't identify the specific problem. I know this has been asked before and I've pored through the posts looking for a solution. They either don't change anything or break what is working. It's certainly possible that I've missed something.

I set up wamp64 3.3.5 on a Windows 10 box successfully (all green), including the default localhost and a virtual host called "test" with a basic hello world index.html file and nothing more. Then, I enabled ssl / https access, semi-successfully, meaning it works locally but not across the local net.

The problem is that I can't access the https: installs of either the localhost via IP or the virtual host "test" from an external computer! On the wamp server, I can successfully access [localhost], [localhost], [test] and [test] without issue. Same applies to [192.168.1.10] as well as http from the SAME machine.

From another computer, I can only access [192.168.1.10] (localhost) and [test]. If I try to access the https versions, I get a timeout.

On the server, netstat shows the following:

netstat -aof | findstr 443
TCP 0.0.0.0:443 RF:0 LISTENING 11220
TCP [::]:443 RF:0 LISTENING 11220

Never does it show 192.168.1.10 listening on 443.

I believe that the certificate and key files are ok, since https works locally.


I don't know if I'm overlooking something, if something is competing with apache for 443, or what's happening. I assume that since nothing other than the 0 IPs are listening on 443, that nothing is competing for the port.


Environment and relevant config files follow. If I need to add, please let me know.

Windows 10
WAMP64 3.3.5 complete install using defaults except install dir.
Static IP address: 192.168.1.10
Firewall is off, also has rule to allow listen on 443.
WAMP64 status - all green, no errors showing on dashboard or in logs.
Skype is NOT installed, never has been.

WAMP64 install dir: d:\wamp64
localhost home dir: d:\wamp64\www (default dir)
localhost contents: default wampserver dashboard

test virtual host home dir: d:\www\test
"test" contents: index.html file only - a simple "hello world" html file.


httpd.conf
default file, with these required changes:
LoadModulessl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
LoadModulesocache_shmcb_module modules/mod_socache_shmcb.so

php.ini
default. Note: Instructions say to uncomment extension=php_openssl.dll. However, extension=openssl exists in the file already and is uncommented. Replacing the latter with the former changes nothing.




httpd-vhosts.conf


# Virtual Hosts
#
<VirtualHost _default_:80>
ServerName localhost
ServerAlias localhost
DocumentRoot "${INSTALL_DIR}/www"
<Directory "${INSTALL_DIR}/www/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
# Require local
Require all granted
</Directory>
</VirtualHost>
#
<VirtualHost *:80>
ServerName test
DocumentRoot "d:/www/test"
<Directory "d:/www/test/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
# Require local
Require all granted
</Directory>
</VirtualHost>
#







httpd-ssl.conf (comments removed for clarity.)


Listen 0.0.0.0:443 https
Listen [::0]:443 https
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:${SRVROOT}/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost _default_:443>
DocumentRoot "d:/wamp64/www"
ServerName localhost:443
ServerAdmin admin@example.com
ErrorLog "${SRVROOT}/logs/error.log"
TransferLog "${SRVROOT}/logs/access.log"
SSLCertificateFile "${SRVROOT}/conf/key/certificate.crt"
SSLCertificateKeyFile "${SRVROOT}/conf/key/private.key"

SSLEngine on

SSLCertificateFile "${SRVROOT}/conf/key/certificate.crt"
SSLCertificateKeyFile "${SRVROOT}/conf/key/private.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "${SRVROOT}/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "${SRVROOT}/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
<VirtualHost _default_:443>

DocumentRoot "d:/www/test"
ServerName test:443
ServerAlias test
ServerAdmin admin@example.com
ErrorLog "${SRVROOT}/logs/error.log"
TransferLog "${SRVROOT}/logs/access.log"

SSLEngine on
SSLCertificateFile "${SRVROOT}/conf/key/certificate.crt"
SSLCertificateKeyFile "${SRVROOT}/conf/key/private.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "d:/www/test">
SSLOptions +StdEnvVars
Options +Indexes +Includes +FollowSymLinks +MultiViews
Require all granted
AllowOverride All
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "${SRVROOT}/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>



Edited 1 time(s). Last edit at 09/12/2024 11:26AM by cliffb.

Options: ReplyQuote
Re: Apache not listening on port 443
Posted by: Otomatic (Moderator)
Date: September 11, 2024 03:12PM

Hi,

> netstat -aof | findstr 443
> TCP 0.0.0.0:443 RF:0 LISTENING 11220
> TCP [::]:443 RF:0 LISTENING 11220
> Never does it show 192.168.1.10 listening on 443.

It just so happens that my PC containing Wampserver also has the fixed IP 192.168.1.10
C:\Windows\System32>netstat -aof | findstr :443
  TCP    0.0.0.0:443            MOUNI:0                LISTENING       2544
  TCP    [::]:443               MOUNI:0                LISTENING       2544
It's exactly the same if you do it for port 80!
C:\Windows\System32>netstat -aof | findstr :80
  TCP    0.0.0.0:80             MOUNI:0                LISTENING       2544
  TCP    [::]:80                MOUNI:0                LISTENING       2544
And yet 'http://test/' works from another machine!

IPv4 192.168.1.10 is the IP of the PC on which the server is located, and is only seen as such by the network. It is transformed into internal IPv4 0.0.0.0 or 127.0.0.1 loopback addresses.

I can't do any more tests, as I don't have a networked PC.

---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons

Options: ReplyQuote
Re: Apache not listening on port 443
Posted by: cliffb (---.res.spectrum.com)
Date: September 11, 2024 03:43PM

I have the same results, except for 9596 (process ID?)

TCP 0.0.0.0:80 RF:0 LISTENING 9596
TCP 0.0.0.0:443 RF:0 LISTENING 9596
TCP [::]:80 RF:0 LISTENING 9596
TCP [::]:443 RF:0 LISTENING 9596

To be clear, http, ie, port 80 works fine everywhere. https ie port 443 doesn't answer requests from other computers.

If this means that the port is open and being listened to, then what's the issue? Why isn't the server answering https requests from other computers???



Edited 2 time(s). Last edit at 09/11/2024 03:58PM by cliffb.

Options: ReplyQuote
Re: Apache not listening on port 443
Posted by: Otomatic (Moderator)
Date: September 11, 2024 04:05PM

> Why isn't the server answering https requests from other computers???

On these other PCs, is the hosts file (local DNS) set to 192.168.1.10 if the ServerName test is requested?

If it works in http, it means that port 80 redirection is effective!

Is port 443 redirection effective?

I repeat:
I can't do any more tests, as I don't have networked PC's.

---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons

Options: ReplyQuote
Re: Apache not listening on port 443
Posted by: cliffb (---.res.spectrum.com)
Date: September 11, 2024 05:48PM

Otomatic, I get that you can't test, but I appreciate any help you can give. Also, maybe someone else will have an idea or two.

Yes, the local DNS hosts file is edited as follows:

192.168.1.10 test

If it weren't, http wouldn't work at all for test. I also tried accessing it via command line to see if I could get a response:
telnet 192.168.1.10 443 Could not open connection to the host, on port 443: Connect failed.
Same result with telnet test 443

On port 80, it replied that it couldn't understand the request, which is as expected for an open port.

To be clear, port 80 works fine under all conditions. Port 443 access from remote computers doesn't.

Options: ReplyQuote
Re: Apache not listening on port 443
Posted by: cliffb (---.res.spectrum.com)
Date: September 11, 2024 08:09PM

SUCCESS!!!!! EVERYTHING WORKS AS EXPECTED!

I finally got to the root of the problem! And now, I feel stupid for looking in the wrong place. I thought I had properly configured the firewall. Unfortunately, the rule was misconfigured and the port was blocked, even when the firewall was disabled. (Figure that one out. It appears that the 443 port must be configured to be allowed, even if the firewall is disabled.)

Anyways, I followed the instructions at [www.ssldragon.com] on how to CORRECTLY configure the port. Since it explains for multiple platforms, I'll copy the Windows instructions here. Note that an outbound rule wasn't needed:

How to Open Port 443 in Windows?

To enable Port 443 on Windows, you need to add it to Firewall.

Here’s how to allow port 443 in Windows Firewall:

Open the Firewall Control Panel by accessing “Start” > “Run“.
Type:

firewall.cpl

On the left pane, select “Advanced Settings“, then click on “Inbound Rules” in the top-left corner.
Next, click on “New Rule” on the right-side panel in the “Action” column.
A new window will open. Select “TCP” and “Specific local ports” where you need to type “443” next to it.
In the “Action” window, select “Allow the connection” and click “Next“.
In the “Profile” window, choose “Domain” and “Private“, then click “Next“.
In the “Name” window, type “WCF-WF 4.0 Samples” name and click on “Finish“.

Please note, to set up the Outbound Rules, you need to repeat the septs 2 to 8.


Thanks for trying to help, even though I was convinced that the problem was in WAMPserver and not with the loose nut behind the keyboard! ;-)

Options: ReplyQuote


Sorry, only registered users may post in this forum.