me216474
By:
me216474

How do I have openvpn and ssl(https for domain) installed on the same droplet?

August 21, 2014 4.6k views

Hello,

I own a ubuntu 14.04 (x64) droplet, I have a problem with setting up openvpn and https (for my domain name)both on a same droplet. However one of them at a time works fine. But both doesn't seem to run.

If I tried installing both, my apache2 stops running. While the openvpn works good, when the apache2 is not running.

I have gotten a ssl certificate from startssl.com [FREE VERSION]

I have these files on my /etc/apache2/ssl/

  • ssl.crt
  • ssl.key
  • ca.pem
  • sub.class1.server.ca.pem

I have also written a private key.

My 000-default.conf at /etc/apache2/sites-enabled/ looks like below:

<VirtualHost *:80>
    ServerAdmin webmaster@localhost

    DocumentRoot /var/www/html
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /var/www/html>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>

<VirtualHost *:443>
    SSLEngine on                                                                
    SSLProtocol all -SSLv2                                                      
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM                

    SSLCertificateFile /etc/apache2/ssl/ssl.crt                           
    SSLCertificateKeyFile /etc/apache2/ssl/private.key                        
    SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem 
    ServerAdmin webmaster@localhost

    DocumentRoot /var/www/html
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /var/www/html>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>

Let me know if the information provided is not sufficient enough.
Any help would be greatly appreciated.

Thanks.

1 Answer

Both Apache and OpenVPN are attempting to use TCP port 443. As that is the port that normal HTTPS traffic uses, you'll want to change the port that OpenVPN listens on so you can continue to serve HTTPS with Apache.

In your OpenVPN server.conf change the protocol and port to:

proto udp
port 1194

If you need to use port 443 for your OpenVPN connection due to firewalling or other resaons, there is also a way to "share" the port. In your OpenVPN server.conf set:

proto tcp
port 443
port-share 127.0.0.1 4545

Then, in your Apache configuration change: <VirtualHost *:443> to <VirtualHost *:4545> Also change 443 to 4545 in /etc/apache2/ports.conf

  • Hey,

    I can't seem to find the server.conf anywhere on my droplet. I'm running Ubuntu and I've followed this guide.

    Any suggestions? https://www.digitalocean.com/community/tutorials/how-to-install-openvpn-access-server-on-ubuntu-12-04

    OpenVPN Access Server is a "full featured SSL VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, and Linux OS environments." Install OpenVPN Access Server on your Ubuntu 12.04 VPS.
    • You are running "OpenVPN Access Server" which is different than "OpenVPN". You can find the installation folder for OpenVPN Access Server here:

      /usr/local/openvpn_as/
      

      But that still won't help you because there is no "server.conf" file. You need to use the admin web interface which should look like:

      http://xx.xx.xx.xx:943/admin/
      

      After logging in, navigate to the section under "Configuration" labeled "Advanced VPN". From there, scroll to the bottom of the page and find the section "Additional OpenVPN Config Directives" and within the text area called "Server Config Directives" you can paste:

      port-share 127.0.0.1 4545
      

      The protocol and port can be configured elsewhere with the web based admin interface.

Have another answer? Share your knowledge.