Tsotne Kekelia Tsotne Kekelia - 4 months ago 20
Apache Configuration Question

Ubuntu 14.04 server can't open port

My case is quite specific.
My client uses one of my services (https://example.com/service.php) and I generated for them SSL client certificate, which they use for http requests. but they have requirement that they can only use 1024 bit certificates (I had no problem generating it). but since my CA root certificate is 2048 bit requests fail. Now they want me to open port 4000 for them and require access via SSL cleint certificate. (If that makes any sense).

I run Ubuntu 14.04 on DigitalOcean VPS
I opened port 4000 with

sudo iptables -A INPUT -p tcp --dport 4000 -j ACCEPT


I also allowed that port in ufw with

sudo ufw allow 4000


I also added record to

/etc/apache2/sites-available/default-ssl.conf


I added it to default-ssl.conf because I want port 4000 to be accessible via https (https://example.com:4000/service.php)

<VirtualHost *:4000>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /home/admin/conf/web/client.pem
SSLCertificateKeyFile /home/admin/conf/web/client.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>


What Immediate problem I have is that when i try to telnet example.com:4000 it says that 4000 is closed. I need advice on trouble shooting.

Answer

You need to add

Listen 4000

somewhere in your apache configuration. Otherwise, apache will not open a socket for that port.

Usually, these settings are apart from the sites-enabled or sites-available directories found on Ubuntu derivatives, for example in the main httpd.conf. A good place would probably be a separate file in conf-available and symlinking that into conf-enabled.