Problem Description
Freedombox 19.1 running on fresh debian buster. I was configuring matrix synapse chat server following this guide: https://www.youtube.com/watch?v=37uoEbVsbNQ. I have configured Dynamic DNS Client and obtained domain name as it was shown in guide. My problem is when I enter the domain name in web browser, without explicitly writing https://, it shows:
Bad Request
Your browser sent a request that this server could not understand.
Reason: You’re speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Apache/2.4.38 (Debian) Server at serv.serv Port 443
but when I explicitly add https:// it works as expected. However I couldn’t get Let’s Encrypt certificate:
Thanks for reporting your issue. A couple follow-up questions:
What browser are you using?
Have you opened ports 80 and 443 on your router? If you want your FreedomBox to be accessible on the public internet, please go into your router settings and open port 80 and port 443 for the local IP address of your FreedomBox.
In particular, here is what @njoseph said in that thread:
Please check if .freedombox.rocks is actually mapped to your IP address, both in GnuDIP and manually.
Login to GnuDIP and verify your IP address. You can also update your IP address there if it’s wrong.
Run ping .freedombox.rocks in a terminal and see what IP address it shows.
Hi!
Thanks for the quick response!
I’ve tried firefox, chrome, and also tried chrome on windows. Ports are opened, I can access https://bikamatrix.freedombox.rocks without any troubles, but the error appears when I try bikamatrix.freedombox.rocks (without https://). IP is static and pinging bikamatrix.freedombox.rocks shows the correct one.
Accessing with IP address works properly. (I assume you mean that http://<ipaddress> is working properly). So this means that browser was able to send a request to port 80 of FreedomBox and got a valid response with a redirect to https://<ipaddress>/plinth/. FreedomBox has port 80 open and has Apache running on it.
Could you provide the output of running curl -v http://localhost/ on you FreedomBox? Mine looks something like this:
curl -v http://localhost/
* Trying ::1:80...
* TCP_NODELAY set
* Connected to localhost (::1) port 80 (#0)
> GET / HTTP/1.1
> Host: localhost
> User-Agent: curl/7.65.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Found
< Date: Tue, 06 Aug 2019 05:32:06 GMT
< Server: Apache/2.4.38 (Debian)
< Location: http://localhost/plinth/
< Content-Length: 283
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://localhost/plinth/">here</a>.</p>
<hr>
<address>Apache/2.4.38 (Debian) Server at localhost Port 80</address>
</body></html>
* Connection #0 to host localhost left intact
Also what happens if you run the same command from outside FreedomBox using the domain name instead of localhost? I am currently unable to access your domain from the Internet.
Also could you explain how you opened the ports? Do you have router before FreedomBox? Did you redirect ports 80 and 443 to the static private address of FreedomBox? Or did you use DMZ feature?
Hi!
running curl command with localhost prints this:
curl -v http://localhost/
* Expire in 0 ms for 6 (transfer 0x559331c56dd0)
* Expire in 1 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 1 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 1 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 1 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 1 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 1 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 1 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 1 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 1 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 1 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 1 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 1 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Expire in 0 ms for 1 (transfer 0x559331c56dd0)
* Trying ::1...
* TCP_NODELAY set
* Expire in 150000 ms for 3 (transfer 0x559331c56dd0)
* Expire in 200 ms for 4 (transfer 0x559331c56dd0)
* Connected to localhost (::1) port 80 (#0)
> GET / HTTP/1.1
> Host: localhost
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Date: Sat, 10 Aug 2019 10:16:53 GMT
< Server: Apache/2.4.38 (Debian)
< Location: http://localhost/plinth
< Content-Length: 282
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://localhost/plinth">here</a>.</p>
<hr>
<address>Apache/2.4.38 (Debian) Server at localhost Port 80</address>
</body></html>
* Connection #0 to host localhost left intact
and running it with domain name:
curl -v http://bikamatrix.freedombox.rocks/
* Trying 212.42.107.132...
* TCP_NODELAY set
* Connected to bikamatrix.freedombox.rocks (212.42.107.132) port 80 (#0)
> GET / HTTP/1.1
> Host: bikamatrix.freedombox.rocks
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< Date: Sat, 10 Aug 2019 10:23:09 GMT
< Server: Apache/2.4.38 (Debian)
< Content-Length: 456
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
</p>
<hr>
<address>Apache/2.4.38 (Debian) Server at bikamatrix.freedombox.rocks Port 443</address>
</body></html>
* Closing connection 0
There is a router behind freedombox and I am using DMZ.
This indicates is Plinth is running properly on port 80.
The request has been sent to port 80 but was received by Apache running on port 443. I can only think of one reason why this would happen and that is router doing this. Please double check that you don’t have any other port forwarding rules in the router, especially ones that look like 80 → 433 other than your DMZ configuration. If all else fails, carefully consider and reset your router and configure it again. If nothing works, post the router model number here.
Here is a tip to help with easy debugging of the router without FreedomBox in the equation. Stop apache and then run the netcat command and tell it to listen on port 80. Then on another machine, send a message to the listening netcat command.
On FreedomBox
sudo systemctl stop apache2
sudo nc -l 80
On another host:
echo "hello" | nc <domain> 80
On FreedomBox, the listening netcat command should print
