{"id":2856,"date":"2016-10-12T07:38:43","date_gmt":"2016-10-12T12:38:43","guid":{"rendered":"http:\/\/itsoftware.com.co\/content\/?p=2856"},"modified":"2019-05-18T12:08:04","modified_gmt":"2019-05-18T17:08:04","slug":"puerto-https-adicional-apache","status":"publish","type":"post","link":"https:\/\/itsoftware.com.co\/content\/puerto-https-adicional-apache\/","title":{"rendered":"Puerto https adicional al tradicional 443 en Apache sobre Linux"},"content":{"rendered":"<div>Este procedimiento detalla c\u00f3mo poner un puerto https adicional en Apache (sobre Linux), considerando que originalmente estamos usando el puerto 443 para este fin, y queremos usar el puerto 4443 apuntando a otro directorio root, con el mismo certificado ssl.<\/div>\n<div><\/div>\n<div>\u00a0<img decoding=\"async\" src=\"https:\/\/www.hostcaribe.com\/wp-content\/uploads\/2016\/02\/SSL-Certificate-Secrity-H01CB360EBAB420000000000000004713.jpg\" alt=\"Puerto https adicional\" width=\"366\" height=\"116\" \/><\/div>\n<div>\n<p>Certificado SSL<\/p>\n<\/div>\n<p><!--more--><\/p>\n<div><\/div>\n<div>\n<div><b>1) Se crea la carpeta root del nuevo puerto https adicional. Por ejemplo \/var\/www2, y se le dan los premisos de acceso<\/b><\/div>\n<div><i>\u00a0 \u00a0 \u00a0mkdir \/var\/www2<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0chown -R ubuntu:ubuntu \/var\/www2<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0chmod -R 777 \/var\/www2<\/i><\/div>\n<div><\/div>\n<div><b>2) Se agrega el puerto el puerto https adicional \/etc\/apaches\/ports.conf, por ejemplo el puerto 4443<\/b><\/div>\n<div><\/div>\n<div><i>Listen 80<\/i><\/div>\n<div><i>Listen 443<\/i><\/div>\n<div><u><i>Listen 4443<\/i><\/u><\/div>\n<div><i>\u00a0<\/i><\/div>\n<div><i>&lt;IfModule ssl_module&gt;<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 Listen 443<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 <u>Listen 4443<\/u><\/i><\/div>\n<div><i>&lt;\/IfModule&gt;<\/i><\/div>\n<div><i>\u00a0<\/i><\/div>\n<div><i>&lt;IfModule mod_gnutls.c&gt;<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 Listen 443<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 <u>Listen 4443<\/u><\/i><\/div>\n<div><i>&lt;\/IfModule&gt;<\/i><\/div>\n<div><\/div>\n<div><b>3) En\u00a0\/etc\/apache2\/sites-enabled\/000-default.conf se agrega el virtual host al puerto https adicional, con el nuevo root<\/b><\/div>\n<div><\/div>\n<div><i>&lt;VirtualHost *:4443&gt;<\/i><\/div>\n<div><i>\u00a0<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 ServerName dominio.com.co<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 ServerAdmin webmaster@localhost<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 DocumentRoot \/var\/www2\/<\/i><\/div>\n<div><i>\u00a0<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 ErrorLog ${APACHE_LOG_DIR}\/error_sms.log<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 CustomLog ${APACHE_LOG_DIR}\/access_sms.log combined<\/i><\/div>\n<div><i>\u00a0<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 #SSL configuration:<\/i><\/div>\n<div><i>\u00a0<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 SSLEngine on<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 SSLCertificateKeyFile \/etc\/ssl\/ssl.key\/dominio_com_co.key<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 SSLCertificateFile \/etc\/ssl\/ssl.crt\/www_dominio_com_co.crt<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 SSLCertificateChainFile \/etc\/ssl\/ssl.crt\/www_dominio_com_co.ca-bundle<\/i><\/div>\n<div><i>\u00a0<\/i><\/div>\n<div><i>\u00a0\u00a0<\/i><\/div>\n<div><i>&lt;\/VirtualHost&gt;<\/i><\/div>\n<div><\/div>\n<div><b>4) En el archivo\u00a0\/etc\/apache2\/sites-available\/default-ssl.conf<\/b><\/div>\n<div><\/div>\n<div>Dentro de \u00a0<i>&lt;IfModule mod_ssl.c&gt;<\/i> se agrega el default para el nuevo puerto<\/div>\n<div><\/div>\n<div><i>\u00a0&lt;VirtualHost _default_:4443&gt;<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 ServerAdmin webmaster@localhost<\/i><\/div>\n<div><i>\u00a0<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 DocumentRoot \/var\/www2<\/i><\/div>\n<div><i>\u00a0<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 ErrorLog ${APACHE_LOG_DIR}\/error.log<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 CustomLog ${APACHE_LOG_DIR}\/access.log combined<\/i><\/div>\n<div><i>\u00a0<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 SSLEngine on<\/i><\/div>\n<div><i>\u00a0<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 SSLCertificateFile\u00a0 \u00a0 \u00a0 \/etc\/ssl\/certs\/ssl-cert-snakeoil.pem<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 SSLCertificateKeyFile \/etc\/ssl\/private\/ssl-cert-snakeoil.key<\/i><\/div>\n<div><i>\u00a0<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 &lt;FilesMatch \u00ab\\.(cgi|shtml|phtml|php)$\u00bb&gt;<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 SSLOptions +StdEnvVars<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 &lt;\/FilesMatch&gt;<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 &lt;Directory \/usr\/lib\/cgi-bin&gt;<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 SSLOptions +StdEnvVars<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 &lt;\/Directory&gt;<\/i><\/div>\n<div><i>\u00a0<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 BrowserMatch \u00abMSIE [2-6]\u00bb \\<\/i><\/div>\n<div><i>\u00a0<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 nokeepalive ssl-unclean-shutdown \\<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 downgrade-1.0 force-response-1.0<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 # MSIE 7 and newer should be able to use keepalive<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 BrowserMatch \u00abMSIE [17-9]\u00bb ssl-unclean-shutdown<\/i><\/div>\n<div><i>\u00a0<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 &lt;\/VirtualHost&gt;<\/i><\/div>\n<div><\/div>\n<div><strong>5) Se agrega en\u00a0\/etc\/apache2\/apache2.conf\u00a0 los permisos para la carpeta nueva<\/strong><\/div>\n<div><\/div>\n<div><i>&lt;Directory \/var\/www2\/&gt;<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 Options Indexes FollowSymLinks<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 AllowOverride All<\/i><\/div>\n<div><i>\u00a0 \u00a0 \u00a0 \u00a0 Require all granted<\/i><\/div>\n<div><i>&lt;\/Directory&gt;<\/i><\/div>\n<div><\/div>\n<\/div>\n<div><strong>6) En el firewall del servidor se debe dar acceso al puerto 4443 (iptables, firewall de Windows o Security Group de Amazon EC2)<\/strong><\/div>\n<div><\/div>\n<div><strong>7) El nuevo puerto se llama desde el navegador con\u00a0<a href=\"https:\/\/vendiendo.com.co:4443\">https:\/\/dominio.com.co:4443<\/a>\u00a0<\/strong><\/div>\n<div><\/div>\n<div>Para verificar si el puerto est\u00e1 debidamente abierto, debe mostrarse este comando:<\/div>\n<div><\/div>\n<div>\n<div>\n<div><code># ss\u00a0-lnt<\/code><\/div>\n<div><\/div>\n<div>LISTEN\u00a0 \u00a0 \u00a00\u00a0 \u00a0 \u00a0 128\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0:::4443\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0:::*<\/div>\n<\/div>\n<\/div>\n<div><\/div>\n<div>Esto puede ser \u00fatil cuando no queremos que ciertos procesos sean vistos desde el puerto https de producci\u00f3n, o se estos procesos se est\u00e1n afectando por reglas de direccionamiento del sitio principal.<\/div>\n<div><\/div>\n<div>Este es un servicio de divulgaci\u00f3n de conocimiento de <a href=\"http:\/\/itsoftware.com.co\">ITSoftware SAS<\/a>.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Este procedimiento detalla c\u00f3mo poner un puerto https adicional en Apache (sobre Linux), considerando que originalmente estamos usando el puerto 443 para este fin, y queremos usar el puerto 4443[&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[257,6],"tags":[909,913,908,911,910,907,912],"class_list":["post-2856","post","type-post","status-publish","format-standard","hentry","category-lenguajes-de-programacion","category-programacion","tag-certificado-ssl","tag-certificado-ssl-sobre-apache","tag-https","tag-puerto-adicional-https","tag-puerto-adicional-ssl","tag-puerto-ssl","tag-ssl-sobre-apache"],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/itsoftware.com.co\/content\/wp-json\/wp\/v2\/posts\/2856","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/itsoftware.com.co\/content\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/itsoftware.com.co\/content\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/itsoftware.com.co\/content\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/itsoftware.com.co\/content\/wp-json\/wp\/v2\/comments?post=2856"}],"version-history":[{"count":0,"href":"https:\/\/itsoftware.com.co\/content\/wp-json\/wp\/v2\/posts\/2856\/revisions"}],"wp:attachment":[{"href":"https:\/\/itsoftware.com.co\/content\/wp-json\/wp\/v2\/media?parent=2856"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itsoftware.com.co\/content\/wp-json\/wp\/v2\/categories?post=2856"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itsoftware.com.co\/content\/wp-json\/wp\/v2\/tags?post=2856"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}