I’ve used the following configurations : /opt/otobo/scripts/apache2-httpd-vhost-443.include.conf , /opt/otobo/scripts/apache2-httpd-vhost-80.include.conf
I’ve been fiddling with the apache conf to make sure every website is accessible on the machine using https, without sucess :(.
Here is what my apache conf looks like right now :
<VirtualHost *:80> Header always set Referrer-Policy "unsafe-url" Header set Access-Control-Allow-Origin "*" ServerName <my.domain>
<VirtualHost *:443> TraceEnable off RewriteEngine On RewriteCond %{HTTP_HOST} !^<my.domain>$ [NC,OR] ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) <my.domain>/$1 [NC,L] ProxyPass /e-SIToul_WS_interface http://<my.domain>:8080/[REDACTED] ProxyPassReverse /e-SIToul_WS_interface http://<my.domain>:8080/[REDACTED] Header set Access-Control-Allow-Origin "*" Header set Access-Control-Allow-Headers "Origin,Content-Type,X-Requested-With,Accept,Authorization" Header set Access-Control-Allow-Methods "GET, POST, DELETE, PUT, OPTIONS" Header always set Strict-Transport-Security "max-age=63072000" SSLEngine On Protocols h2 h2c http/1.1
SSLUseStapling on SSLCertificateFile /etc/pki/tls/certs/httpd.crt SSLCertificateKeyFile /etc/pki/tls/private/httpd.key SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSLHonorCipherOrder off
DocumentRoot [REDACTED] ServerName <my.domain>
ErrorLog logs/error_log LogFormat "%h %l %u %t \"%r\" %>s %b" common CustomLog logs/SSL-access_log common
# Preload otobo.psgi so that that the app doesn't have to be loaded again for every process. # This also sets @INC. PerlPostConfigRequire /opt/otobo/scripts/apache2-perl-preload_otobo_psgi.pl
# RT : OTOBO conf, first part
ScriptAlias /otobo/ "/opt/otobo/bin/cgi-bin/" Alias /otobo-web/ "/opt/otobo/var/httpd/htdocs/"
<IfModule mpm_event_module> Error "The Multi-Processing Module mpm_event is active but it isn' supported by OTOBO. Please switch to mpm_prefork." </IfModule>
<IfModule mpm_worker_module> Error "The Multi-Processing Module mpm_worker is active but it isn't supported by OTOBO. Please switch to mpm_prefork." </IfModule> # Use a dedicated Perl interpreter for the current virtual host, in this case the virtual host serving port 443 PerlOptions +Parent
# Preload otobo.psgi so that that the app doesn't have to be loaded again for every process. # This also sets @INC. #PerlPostConfigRequire /opt/otobo/scripts/apache2-perl-preload_otobo_psgi.pl
# everything is handled by the PSGI app #<Location /otobo> <Location />
# handle all requests, including the static content, with otobo.psgi SetHandler perl-script PerlResponseHandler Plack::Handler::Apache2 PerlSetVar psgi_app /opt/otobo/bin/psgi-bin/otobo.psgi
# Require is supported starting with Apache 2.4. # No authentication and all requests are allowed. Require all granted
now I understand what you’re trying to achive :) can you try this config, have you tried to generate open ssl certificate and add it to your apache config file if not you can do it very easily via https://certbot.eff.org/ for free and after that just upload the certificate and change the path