How to Configure Apache SSL on Non-Standard Port While Maintaining Existing dotCMS HTTPS Services


4 views

Here's a detailed solution for running Apache alongside dotCMS with separate SSL ports:

When both dotCMS and Apache try to bind to port 443 (default HTTPS), only one service can successfully bind at a time. The solution involves configuring Apache to use an alternative SSL port while keeping dotCMS on 443.

Edit your Apache SSL configuration file (typically /etc/apache2/sites-available/default-ssl.conf or similar):

Listen 8443
<VirtualHost *:8443>
    ServerName yourdomain.com
    SSLEngine on
    SSLCertificateFile /path/to/cert.pem
    SSLCertificateKeyFile /path/to/privkey.pem
    SSLCertificateChainFile /path/to/chain.pem
    
    # Rest of your configuration
</VirtualHost>

Ensure your firewall allows traffic on the new port:

sudo ufw allow 8443/tcp
sudo ufw reload

If using a load balancer, forward traffic from the new port:

# Nginx example
server {
    listen 443;
    server_name apache.yourdomain.com;
    
    location / {
        proxy_pass https://localhost:8443;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

After restarting Apache (sudo systemctl restart apache2), verify both services are running:

sudo netstat -tulnp | grep -E '443|8443'
# Should show both ports in use by different processes

You can use the same SSL certificate for both services or generate separate ones. If using Let's Encrypt:

sudo certbot certonly --standalone -d apache.yourdomain.com --preferred-challenges http --http-01-port 9080

When you need to run multiple web services on the same server, port conflicts become inevitable. In this scenario, we have:

  1. DotCMS running on HTTP (80) and HTTPS (443)
  2. Apache needing to run parallel services

We'll configure Apache to use:

  • Non-standard HTTP port (e.g., 90)
  • Alternative SSL port (e.g., 8443)
  • Same OpenSSL installation as DotCMS

1. Edit Apache SSL configuration:


# In /etc/apache2/ports.conf or your equivalent
Listen 90
Listen 8443
<IfModule ssl_module>
    Listen 8443
</IfModule>

2. Virtual Host Configuration:


<VirtualHost *:8443>
    ServerName yourdomain.com
    SSLEngine on
    SSLCertificateFile /path/to/your/cert.pem
    SSLCertificateKeyFile /path/to/your/key.pem
    SSLCertificateChainFile /path/to/chain.pem
    
    # Other configurations...
</VirtualHost>

Don't forget to open the new ports:


sudo ufw allow 90/tcp
sudo ufw allow 8443/tcp
sudo ufw reload

After restarting Apache, verify both services are running:


sudo netstat -tulnp | grep -E '80|443|90|8443'

Here's a complete working configuration for a development environment:


# /etc/apache2/sites-available/alt-ssl.conf
<VirtualHost *:8443>
    DocumentRoot /var/www/html
    ServerName dev.example.com
    
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/dev_example_com.crt
    SSLCertificateKeyFile /etc/ssl/private/dev_example_com.key
    
    ErrorLog ${APACHE_LOG_DIR}/error_8443.log
    CustomLog ${APACHE_LOG_DIR}/access_8443.log combined
    
    <Directory /var/www/html>
        Options -Indexes +FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

Remember to enable the site and restart Apache:


sudo a2ensite alt-ssl
sudo systemctl restart apache2