SSL not working

Hi. I’ve installed open ondemand on CentOS 8 using the GitHub - OSC/ood-ansible: An ansible playbook for Open Ondemand ansible role. I’m accessing the server just via IP.

I’m using OIDC for authentication and before I configured for SSL, Open Ondemand seemed to be “working” (as in it redirected me to the OIDC provider page, and then the redirect back failed because I’d given an https address to the provider as their redirect address in anticpation of getting SSL working, but that’s ok at this stage).

The critical bit in getting that far was setting:

servername: 

to avoid the ansible role configuring a ServerName in the <VirtualHost> config which seemed to break things.

I then started configuring for SSL, discovering that actually the mod_ssl package which gets installed generates keys, so I didn’t need to do that. But the global SSL config on the server didn’t appear to have any SSLProtocol configured, so I think a minimal ssl config is:

ssl:
  - SSLCertificateFile /etc/pki/tls/certs/localhost.crt
  - SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
  - SSLProtocol TLSv1.2 TLSv1.3

However, now if I go to https://<my.server.id> I get the default apache landing page (as shown here). Looking at the apache logs I can see this is using TLSv1.3.

Noting that the role configures an http → https redirect, I tried going to http://<my.server.id>. This does redirect to https://<my.server.id>:80/ but Chrome throws:

This site can’t provide a secure connection
<my.server.ip> sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

Any suggestions please, I am getting totally stuck!

Ok turns out you need to set httpd_port: 443, then https:// ... works. The redirect from http:// is still broken though. And it doesn’t look as though that takes a list.

Hi and welcome!

Can you confirm the VirtualHost for OOD is on 443?
I’d be this line in /etc/httpd/conf.d/ood-portal.conf

# The Open OnDemand portal VirtualHost
#
<VirtualHost *:443>

Also try going directly to https://<my.server.id>/pun/sys/dashboard. It could be just that you need to use_rewrites for redirects from the root url (or from using http & 80 port).

Specifying https with port 80 (https://<my.server.id>:80/) is expected behavior. It’s the wrong protocol for that port, I think you’d have to use http to get that redirect to work (along with use_rewrites).

If that doesn’t help feel free to share the ood_portal.yml with anything obsfucated.

Thank you - that was fast!

As per what someone suggested to me elsewhere I do now have that virtualhost line after adding httpd_port: 443 and https://... works.

It’d be nice to get the http:// redirect working too though. I have use_rewrites: true (as per defaults) and I’m getting the following on ood-portal.conf:

<VirtualHost *:80>
  RewriteEngine On
  RewriteRule ^(.*) https://%{SERVER_NAME}:443$1 [R=301,NE,L]
</VirtualHost>

But going to http://my.server.ip is redirecting to https://my.server.ip:80/, which seems odd.

I wonder if you’ve cached the redirect? Can you try without your cache (in a private window, clearing your cache or disabling it in dev tools).

Agh, you were right, in a private window http:// worked fine! I didn’t know redirects got cached… Thanks again.