Late-Night Configuration Problems

Previously:

  • Install Fedora Core 3. Turn off a bunch of services. done
  • Setup Samba and move a bunch of stuff off of other boxes. done
  • Turn on and configure Apache. done
  • Configure the router to port forward HTTP and SSH to the new box. Test. done
  • Setup a skeleton “nothing to see here” web page and test. done
  • Setup some other random web stuff and test. done
  • Get dynamic DNS set up through dyndns.org, and teach the router about it. Test. done

Picking up the story again last night at 1 AM:

  • Setup and configure MySQL. done
  • Migrate databases off of the old box. done
  • Generate SSL cert for Apache, restart, and test locally. done
  • Setup a virtual domain for dynamic DNS. Test locally. done
  • Configure the router to also port forward HTTPS. Test… Connection refused. Hm… Double-check the router to make sure I didn’t get dyslexic with the HTTPS port number. Nope. Check the httpd logs. Nothing. Restart Apache and try again. HTTP works; HTTPS doesn’t. Triple check everything. Nada. wtf?

The punchline, found at 2 AM after much flailing, was in the firewall rules file, /etc/sysconfig/iptables, which I’d touched once to get Samba working, and then forgot about. The FC3 install had ports unblocked for HTTP and SSH, but not HTTPS. Go figure. Add a line to support tcp on port 443, restart iptables, and test. Ah. Much better. Now I can sleep the sleep of those who can securely serve up a “nothing to see here” page from a home linux box.