Problem setting up ssl

[Tom200000]

Please note we will close your issue without comment if you delete, do not read or do not fill out the issue checklist below and provide ALL the requested information. If you repeatedly fail to use the issue template, we will block you from ever submitting issues to Homebrew again.

• [ ] your issue is with the https://formulae.brew.sh website and not the (generated) contents of a given formula/cask page.

What you were trying to do (and why)

sett up a secure LAMP stack with SSL using a self-signed certificate

What happened (include screenshots)

Server can be reached via tomcloud.ddns.net:8080 from the computer it selv or via external devices

Server cannot be reached via https://tomcloud.ddns.net, tomcloud.ddns.net:443 or https://tomcloud.ddns.net:443 from the computer it selv or via external devices

What you expected to happen

Establish a secure connection with ssl to the server

Hi

I would like to host a nextcloud instance on my Mac, how ever I am stuck while setting up a secure LAMP stack. Everything works fine, until i try to set up ssl on the server. After setting up ssl, I am able to connect to the server via tomcloud.ddns.net:8080 on the computer it selv and via external devices, How ever, I can't reach the Server via https://tomcloud.ddns.net, tomcloud.ddns.net:443 or https://tomcloud.ddns.net:443. I couldn't solve the problem while reading the documentations, investigating the error codes from the command line or the log files. I think it doesn't work because I use the wrong type of certifikats, but I've no cloo how to create the apropriate certifikats. I've tryed to document my steps from start to the end as acurate as possible. Ive also listed all the configuration documents, the used certifikats, keys and the log files. The "ssl_request_log" and the "tomcloud.ddns.net-error_log" are emty.

To narrow down the problem, I don't have nextcloud in the DocumentRoot folder yet. I copied the index.html document from the www folder to the DocumentRoot folder (nextcloud).

I am very grateful for help, solutions and tips.

thank you

Tom

device informations

Computer: MacBook Pro 13 2020

Processor: 2 GHz Quad-Core Intel Core i5

Operating system: macOS Monterey 12.2.1

description of the steps

Stop and uninstall native apache

sudo apachectl stop

sudo launchctl unload -w /Systems/Library/LaunchDaemons/org.apache.httpd.plist

Install Homebrew

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

Customize homebrew settings

Brew analytics off

Install httpd (apache) with Homebrew

brew install httpd

Configure httpd

Path to httpd.conf document:

/usr/local/etc/httpd/httpd.conf

Configurations in the httpd.conf document

In section „Options Indexes FollowSymLinks“ of the httpd.conf document

AllowOverride None -> AllowOverride All

Modules in the httpd.conf document

LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so -> LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so

In section „# Dynamic Shared Object (DSO) Support“ hunter „LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so“ insert the following:

LoadModule php_module /usr/local/opt/php@8.0/lib/httpd/modules/libphp.so

<FilesMatch \.php$>
    SetHandler application/x-httpd-php
</FilesMatch>

Customize user and group in httpd.conf document

User _www -> User tomgoetz

Group _www -> Group staff

Enable php in the httpd.conf document

DirectoryIndex index.html -> DirectoryIndex index.php index.html

Enable virtual hosts in the httpd.conf dokument

Include /usr/local/etc/httpd/extra/httpd-vhosts.conf -> Include /usr/local/etc/httpd/extra/httpd-vhosts.conf

Change server name

ServerName www.example.com:8080 -> ServerName localhost

Install php with homebrew

Brew install php@8.0

Change php@8.0 settings

echo 'export PATH="/usr/local/opt/php@8.0/bin:$PATH"' >> ~/.zshrc

echo 'export PATH="/usr/local/opt/php@8.0/sbin:$PATH"' >> ~/.zshrc

export LDFLAGS="-L/usr/local/opt/php@8.0/lib"

export CPPFLAGS="-I/usr/local/opt/php@8.0/include"

Install mysql with homebrew

brew install mysql

Start mysql

brew services start mysql

Set up mysql

mysql_secure_installation to start configuring MySQL

Terminal output

tomgoetz@MacBook-Pro-von-Tom ~ % mysql_secure_installation to start configuring MySQL

Securing the MySQL server deployment.

Connecting to MySQL using a blank password.

VALIDATE PASSWORD COMPONENT can be used to test passwords and improve security. It checks the strength of password and allows the users to set only those passwords which are secure enough. Would you like to setup VALIDATE PASSWORD component?

Press y|Y for Yes, any other key for No: n Please set the password for root here.

New password:

Re-enter new password: By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y Success.

Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y Success.

By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment.

Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y

• Dropping test database... Success.

• Removing privileges on test database... Success.

Reloading the privilege tables will ensure that all changes made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y Success.

All done! tomgoetz@MacBook-Pro-von-Tom ~ %

Set up virtual hosts

Path to vhosts.conf document:

/usr/local/etc/httpd/extra/httpd-vhosts.conf

Content of the vhosts.conf document:

<VirtualHost *:8080> ServerAdmin DocumentRoot "/usr/local/var/www/nextcloud" ServerName tomcloud.ddns.net ServerAlias www.tomcloud.ddns.net ErrorLog "/usr/local/var/log/httpd/tomcloud.ddns.net-error_log" CustomLog "/usr/local/var/log/httpd/tomcloud.ddns.net-access_log" common

Create DocumentRoot folder

DocumentRoot folder path:

/usr/local/var/www/nextcloud

Set rights for DocumentRoot

Sudo chown -R tomgoetz:staff /usr/local/var/www

Sudo chown -R tomgoetz:staff /usr/local/var/www/nextcloud

Close httpd.conf and vhosts.conf document and save changes

Restart httpd, php and mysql

Sudo Brew services stop httpd

Sudo Brew services stop php@8.0

Brew services stop mysql

Brew services start httpd

Brew services start php@8.0

Brew services start mysql

Reboot computer

tomcloud.ddns.net:8080 is online but without ssl

Enable ssl

Configure httpd.conf document

Enable httpd-ssl.conf in the httpd.conf document

Include /usr/local/etc/httpd/extra/httpd-ssl.conf -> Include /usr/local/etc/httpd/extra/httpd-ssl.conf

Enable required modules in httpd.conf document

LoadModule ssl_module lib/httpd/modules/mod_ssl.so -> LoadModule ssl_module lib/httpd/modules/mod_ssl.so

LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so -> LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so

Create certs folder

Path of certs folder:

/usr/local/etc/httpd/certs

Create required documents

openssl genrsa -out key.pem 2048

openssl req -new -sha256 -key key.pem -out csr.csr

openssl req -x509 -sha256 -days 365 -key key.pem -in csr.csr -out certificate.pem

Terminal output

tomgoetz@MacBook-Pro-von-Tom ~ % openssl genrsa -out key.pem 2048 Generating RSA private key, 2048 bit long modulus ...................................................+++ .......................................+++ e is 65537 (0x10001) tomgoetz@MacBook-Pro-von-Tom ~ % openssl req -new -sha256 -key key.pem -out csr.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.

Country Name (2 letter code) []: State or Province Name (full name) []: Locality Name (eg, city) []: Organization Name (eg, company) []: Organizational Unit Name (eg, section) []: Common Name (eg, fully qualified host name) []:tomcloud.ddns.net Email Address []:

Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: tomgoetz@MacBook-Pro-von-Tom ~ % openssl req -x509 -sha256 -days 365 -key key.pem -in csr.csr -out certificate.pem tomgoetz@MacBook-Pro-von-Tom ~ %

Copy certificate.pem, key.pem and csr.csr documents to the certs folder

Configure httpd-ssl.conf document

Path of httpd-ssl.conf document:

/usr/local/etc/httpd/extra/httpd-ssl.conf

Changes in the httpd-ssl.conf document

Customize path to documents

SSLCertificateFile "/usr/local/etc/httpd/server.crt" -> SSLCertificateFile "/usr/local/etc/httpd/certs/certificate.pem"

SSLCertificateKeyFile "/usr/local/etc/httpd/server.key" -> SSLCertificateKeyFile "/usr/local/etc/httpd/certs/key.pem"

Configure httpd-vhosts.conf document

Content of the httpd-vhosts.conf document:

<VirtualHost *:8080> ServerAdmin x DocumentRoot "/usr/local/var/www/nextcloud" ServerName tomcloud.ddns.net ServerAlias www.tomcloud.ddns.net ErrorLog "/usr/local/var/log/httpd/tomcloud.ddns.net-error_log" CustomLog "/usr/local/var/log/httpd/tomcloud.ddns.net-access_log" common

<VirtualHost *:443> ServerAdmin x DocumentRoot "/usr/local/var/www/nextcloud" SSLEngine on SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES SSLCertificateFile "/usr/local/etc/httpd/certs/certificate.pem" SSLCertificateKeyFile "/usr/local/etc/httpd/certs/key.pem" ServerName tomcloud.ddns.net ServerAlias www.tomcloud.ddns.net ErrorLog "/usr/local/var/log/httpd/tomcloud.ddns.net-error_log" CustomLog "/usr/local/var/log/httpd/tomcloud.ddns.net-access_log" common

Close httpd.conf, httpd-ssl.conf and httpd-vhosts.conf documents and save changes

Reboot computer

Server can be reached via tomcloud.ddns.net:8080 from the computer it selv or via external devices

Server cannot be reached via https://tomcloud.ddns.net, tomcloud.ddns.net:443 or https://tomcloud.ddns.net:443 from the computer it selv or via external devices

Terminal output trying to find the error

Last login: Mon Feb 21 22:08:40 on ttys000 tomgoetz@MacBook-Pro-von-Tom ~ % brew services list Name Status User File httpd error 256 root ~/Library/LaunchAgents/homebrew.mxcl.httpd.plist mysql started tomgoetz ~/Library/LaunchAgents/homebrew.mxcl.mysql.plist php@8.0 started tomgoetz ~/Library/LaunchAgents/homebrew.mxcl.php@8.0.plist tomgoetz@MacBook-Pro-von-Tom ~ % httpd -t Syntax OK tomgoetz@MacBook-Pro-von-Tom ~ % /usr/local/opt/httpd/bin/httpd -D FOREGROUND (48)Address already in use: AH00072: make_sock: could not bind to address [::]:8080 (48)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:8080 no listening sockets available, shutting down AH00015: Unable to open logs tomgoetz@MacBook-Pro-von-Tom ~ %

Listed documents .zip

[SMillerDev]

None of this is related to formulae.brew.sh. Please make a new topic in Homebrew/discussions although it's even off topic over there since it's about using the software you installed with homebrew instead of homebrew itself.

[Tom200000]

Okay I will try this thank you anyway.