Question

How do I have openvpn and ssl(https for domain) installed on the same droplet?

  • Posted on August 21, 2014
  • me216474Asked by me216474

Hello,

I own a ubuntu 14.04 (x64) droplet, I have a problem with setting up openvpn and https (for my domain name)both on a same droplet. However one of them at a time works fine. But both doesn’t seem to run.

If I tried installing both, my apache2 stops running. While the openvpn works good, when the apache2 is not running.

I have gotten a ssl certificate from startssl.com [FREE VERSION]

I have these files on my /etc/apache2/ssl/

  • ssl.crt
  • ssl.key
  • ca.pem
  • sub.class1.server.ca.pem

I have also written a private key.

My 000-default.conf at /etc/apache2/sites-enabled/ looks like below:

<VirtualHost *:80>
    ServerAdmin webmaster@localhost

    DocumentRoot /var/www/html
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /var/www/html>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>

<VirtualHost *:443>
    SSLEngine on                                                                
    SSLProtocol all -SSLv2                                                      
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM                

    SSLCertificateFile /etc/apache2/ssl/ssl.crt                           
    SSLCertificateKeyFile /etc/apache2/ssl/private.key                        
    SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem 
    ServerAdmin webmaster@localhost

    DocumentRoot /var/www/html
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /var/www/html>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>

Let me know if the information provided is not sufficient enough. Any help would be greatly appreciated.

Thanks.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Both Apache and OpenVPN are attempting to use TCP port 443. As that is the port that normal HTTPS traffic uses, you’ll want to change the port that OpenVPN listens on so you can continue to serve HTTPS with Apache.

In your OpenVPN server.conf change the protocol and port to:

proto udp
port 1194

If you need to use port 443 for your OpenVPN connection due to firewalling or other resaons, there is also a way to “share” the port. In your OpenVPN server.conf set:

proto tcp
port 443
port-share 127.0.0.1 4545

Then, in your Apache configuration change: <VirtualHost *:443> to <VirtualHost *:4545> Also change 443 to 4545 in /etc/apache2/ports.conf