Odd HTTPS issue

  • Pretty sure I'm missing something or causing the problem in my .htaccess but not sure...


    have a few sites going through cloudlfare dns over https into the server without issue.


    this site: https://www.bcctournaments.com however won't load https remotely - through firewall (while the others sites go through https without issue) like https://beta.sclr.org


    inside the network I have my host file setup to redirect to the servers local IP address
    https loads fine for the site.


    however remotely https will not load the site -
    clear cache and reset the wordpress base urls to http vs https and the site works fine but manually doing https it will not load remotely.


    internally either works without issue.


    Firewall is passing https just fine as well or else the sclr.org sites wouldn't pass.


    bcctournaments though is using letsencrypt which is really the only difference.


    currently tweaked .htaccess to allow http but still allow letsencrypt to find the /.well-known folder.


    commented version below works internally fine - but not externally due to forcing https.
    firewall is fine and passing https - it appears the server https isn't working quite right - but then again locally its working fine... so I'm kinda lost on what the cause is...


    Server is on a completely different vlan from my machine internally so its not even on the same local network. (routing fine)


  • @viper_iii


    Firewall? If you're talking about Cloudflare, that is not a firewal. For the rest, we cannot really help without logs. If https is working when talking directly to Apache2 server (imscp server), there is surely something wrong on Cloudflare SSL configuration side. You don't give us relevant details anyway such as CloudFlare SSL mode in use for that specific site, HSTS enabled or not on Cloudflare side...

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • darn also forgot all other info..


    This site not using cloudflare
    Firewall in front of network...


    Will update shortly.


    Jessie
    1.4.1 current
    Panel current
    Phpswitcher current
    LE current


    ---
    Which logs would help best?
    Domain Access not showing much
    No errors at all in error log.


    I'll have to setup your key for SSH if access is needed at some point..
    Just need info for how to add the key...Then disable / delete when not needed (Been awhile).

  • Domain Access not showing much
    No errors at all in error log.

    If there are no logs when attempting to connect from the WAN, this probably means that the problem is on the firewall side ;)


    WAN <---> Firewall (the mess is probably there) <---> LAN (i-MSCP server)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • there are logs just no error logs...


    https passing fine through firewall for other sites... just not this one site...


    if passing for one then firewall is correct.


    if server https config in apache is messed up then there could be an issue..
    or config in .htaccess which I doubt but not sure.


    1.4.1 during upgrade I set the entire server to 7.0.13 (I think)
    which is good for me.


    Firewall verified again and is good.


    Access logs are good just no error logs or rather no errors since 3/31/17 - there are older error logs though
    going to check and look at apache logs and dig a little and report back.

    Edited once, last by viper_iii ().

  • Code
    1. lsof -i :443COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEapache2 989 root 6u IPv6 13849 0t0 TCP *:https (LISTEN)apache2 9510 www-data 6u IPv6 13849 0t0 TCP *:https (LISTEN)apache2 9511 www-data 6u IPv6 13849 0t0 TCP *:https (LISTEN)


    did see I had a bad hostname set on the host, but panel was set independently anyway.
    fixed that and rebooting...


    still not seeing https on IPv4 - but seems normal... so far...
    replaced panel domain with svr



    No 443 in TCP but is in TCP6 which I don't think I'm using... - just odd...

    Edited once, last by viper_iii ().

  • Don't believe its Firewall..


    beta.sclr.org - error 403 - is correct - have it offline currently - and aimed direct currently vs CF
    same IP - https traffic is passing -
    just a vhost (apache config) not setup or listening correctly?


    https is passing through FW ... just apache not wanting to listen from non-private IPs?!?


    - still wondering where it might be off / what i did to it!...;p

  • and now focusing back on firewall...
    will update - pretty sure you're right.. just not sure why its causing me issues... has to be a duplicate rule somewhere...


    UGH

  • Yup was firewall... ssl vpn on firewall was using that port so it was DEFINITELY firewall


    thx for pretty much agreeing with me that it was probably firewall - if local worked perfectly then firewall was the only possible issue.


    sry for odd updates!

  • @viper_iii


    You're welcome.


    Thread closed.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206