olc's picture

How to disable SSL for port 80 on LAMP vm? I tried to modify apache settings but I just dont get it right. Any idea on how do that precisely?

Jeremy Davis's picture

SSL should not be available to port 80, for your custom websites it should only be available on 443 (default https port). If you wish to disable SSL on the default secure port then probably the easiest way to do that is to stop Apache from listening on port 443. Edit the ports.conf file (from memory should be):

nano /etc/apache2/ports.conf

and comment out the line that says Listen 443 (ie put a '#' in front of it, so it looks like '# Listen 443'). Then restart apache.

/etc/init.d/apache2 restart

Now https on port 443 (default https) should no longer be available. The advantage of doing it this way rather than disabling SSL altogether, is that  is that you will still be able to access Webmin, Shell-in-a-box and phpMyAdmin via secure connection.

Does that help? If not perhaps explain what you are trying to acheive or the problem you are having so I can give you more relevant help.

Adrian Moya's picture

That if you disable SSL access to apache you will still be able to connect via https to webmin and shell-in-a-box, as they are running on a different server than the system's apache. That's why on the Core appliance, even without apache/ssl-certs, you are able to run webmin/siab.

phpMyAdmin is surelly running under apache. 

My 2 cents.

Jeremy Davis's picture

Ah yes, good point. I hadn't considered that!

@olc - If you don't want/need access to phpMyAdmin then you could disable ssl altogether. Have a look in /etc/apache2/sites-enabled and see whats enabled (the folder contains symlinks to them). I haven't got it in front of me ATM but I would expect probably just default (often the symlink is called 000-default), and possibly default-ssl. If it has both you could just delete the symlink to default-ssl. If it only has default then edit that file in /etc/apache2/sites-available. You may need to do a little reading so you know exactly what to edit but it should be relatively straight forward. I suggest you either save a backup copy prior to editing or just comment out the default bits you don't want used (put a '#' in front). That way if it doesn't work you can go back and start again.

The other option, that I hadn't thought of either is to use Webmin. If your not that familiar with Linux (and want to take baby steps) then Webmin is a handy GUI tool for config. Look for Servers>>Apache on Webmin's top menu.

PS Remember to restart apache after tweaks to have them applied.

olc's picture

ok, thanks for your reply.

olc's picture

thanks for you reply. it doesnt help much though. what im trying to at the moment is disabling ssl on port 80. i have no idea why but it enabled there by default and there is no way i can get rid of it. when using http, it connects OK and gets back to https soon afterwards.

Jeremy Davis's picture

Are you sure SSL is on port 80? It shouldn't be (unless you've accidentally done something to make it like that). My TKL LAMP (2009.10) certainly doesn't do that.

AFAIK if you type http://<ip-address> in the address bar, then it will use port 80 (no ssl) or if you type https://<ip-address> then its using port 443. Some things such as Webmin are only available via https but they are on their own ports. The only way to use port 80 with SSL would be to use https and specify port 80, eg https://<ip-address>:80 (because without the ':80' https is always using port 443, just like http always uses 80 unless you specify a port). So is that whats happening?


Perhaps there is some content that you are serving (ie in the web page code) that is causing it to divert? Some web apps will try to force https for logins etc (for security). Perhaps if you give a bit more info about what changes you have made since clean install, and any other info that may be relevant?

olc's picture

what was i thinking! indeed, https over 80 can't work... maybe the content forces ssl or the host server... if one user connects to login page thru http, some content (images) is missing, then after login, it switches to https by itself.  acessing login page with https makes things look normal. i do believe that the platform we use doesnt require ssl so it is quite surprising, i gotta to doublecheck that. also, i have to try again to disable 443 fully since this seems to be the problem. why would https and http not on same page? weird.

i think we have several issues at play here and they make me confused. i'll keep you posted.

thanks for your help. your vm's are really excellent!

Add new comment