Apache2 Failure after Installing ocserv
ChenZhijin
.com

Apache2 Failure after Installing ocserv

Apache2 Failure after Installing ocserv

What Happened:

Apache2 failed to monitor port 80 and 443 after installing ocserv.

When trying to access sites hosted on the same server, the browser says certificate is not valid.

This is because ocserv monitors port 443 by default, and apache2 fails to monitor port 443, and all access is handled by ocserv. Therefore the server returns the certificate for domain name of ocserv, rather than the right one.

How to Solve

  • Make sure the port settings in /etc/ocserv/ocserv.conf is not 80 or 443.
1 2
tcp-port = 12345 udp-port = 12345
  • However the upper port settings will be overwritten by another file, which in my case is /lib/systemd/system/ocserv.socket
1 2
ListenStream=12345 ListenDatagram=12345
  • Now this would make ocserv listen to 12345. If there isn't the file, check the socket file showed in ocserv.socket by
1
sudo systemctl status ocserv.socket
1
Loaded: loaded (/lib/systemd/system/ocserv.socket; enabled; vendor preset: enabled)
  • Then restarting ocserv.socket will solve the problem.

In my case I couldn't just restart that service. Instead I restarted the whole server since there are not many accesses.

References

https://jm33.me/using-ocserv-on-an-https-server.html

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837944

Tagged with: