It is a security best practice to disable TLS Renegotiation in production.
What is the best way to do this in an Apache2-based Elastic Beanstalk Deployment (Python/Django)?
To disable TLS Renegotiation in Amazon Elastic Beanstalk for Linux AMI, you can modify the Apache configuration file. Here's the steps:
Step 1 : Connect to your EC2 instance using SSH.
Step 2 : Open the Apache configuration file using a text editor:
sudo nano /etc/httpd/conf.d/ssl.conf
Step 3 : Add the following line to the end of the file:
SSLInsecureRenegotiation off
Step 4 : Save and close the file.
Step 5 : Restart Apache to apply the changes by typing:
sudo service httpd restart
Related
I am following the these instructions for enabling HTTPS on the EC2 instance managed by Elastic Beanstalk. I can see that Elastic Beanstalk creates the /etc/pki/tls/certs/server.crt & /etc/pki/tls/certs/server.key files. However, Elastic Beanstalk is not creating the /etc/httpd/conf.d/ssl.conf file. Manually creating the /etc/httpd/conf.d/ssl.conf file, post environment creation, does enable HTTPS though. I am using Apache server.
P.S. I had to change line 3 to mod_ssl : [] (original was mod24_ssl : [])
You are following instruction for EB platform based on Amazon Linux 1 (AL1). However, it seems that you are using platform based on AL2, where proxy (httpd or nginx) are setup differently then on AL1. Specifically, they should be in .plaftorm folder, not .ebextentions. From docs:
Configuration file location – You should place proxy configuration files in the .platform/nginx and .platform/httpd directories on all Amazon Linux 2 platform versions.
Further details how to setup httpd on AL2 platforms are in Configuring Apache HTTPD.
i have setup bitnami wordpress on my ubuntu 64 bit server and now want to add ssl provided by amazon. i have followed following tutorial by bitnami
i am on last step:
/opt/bitnami/apps/APPNAME/conf/httpd-prefix.conf
but when i enter this command in ssh . it says permission denied.
and wen i open my web it says : service temporary unavailable "
but i can visit my web with public ip of instance its working.
You don't enter the file into ssh. You edit the file with a text editor such as "nano" or "vi". Then follow the instructions.
vi opt/bitnami/apps/APPNAME/conf/httpd-prefix.conf
I have deployed my war file on AWS ElasticBeanstalk (setup with glassfish4.1 java 1.8). I want to open glassfish admin UI in browser.
Thanks in advance!
I am not sure its possible to access the glassfish console UI (at least I never went to this point so far, but might be possible using docker forward port ...)
what I do is the following:
SSH into the ec2 instance elastic beanstalk has provisioned
run sudo docker ps -a to find out about the container running on the instance
ssh into the container sudo docker exec -it <container id here> bash
this will log you on the container running glassfish, from there you can run the asadmin command
I need to put sonatype nexus3 up on AWS. Following an old tutorial for nexus 2, I was led to try this on EC2. What I'm currently trying is an instance with a security group that allows inbound requests from anywhere on ports 80,8080,22,4000,443, and 8081. I'm using a Amazon Linux AMI 2016.09.0 (HVM), SSD Volume Type instance. I install docker using the instructions from here http://docs.aws.amazon.com/AmazonECS/latest/developerguide/docker-basics.html#install_docker. I then simply use the official docker image from here https://hub.docker.com/r/sonatype/nexus3/ with the following command.
docker run -d -p 8081:8081 --name nexus sonatype/nexus3
Using docker ps I can confirm that this seems to be running. When I try to connect to the provided public DNS url ending with amazonaws.com on port 8081, I simply get connection refused. Same thing on port 80 or any of the other ports and the same thing when I add /nexus to the end of the URL.
Attempting the quick test that documentation for this image suggests:
>curl -u admin:admin123 http://localhost:8081/service/metrics/ping
curl: (56) Recv failure: Connection reset by peer
Using the exact same docker command on my local machine (OS X) I am able to access nexus on localhost. Why can't I get this working?
The issue appears to have been with Sonatype's official image. This image which works the exact same way, works perfectly with the exact same process.
Using the Jenkins EC2 plugin, I cannot get my Jenkins master to SSH to my Jenkins slave. The slave spins up and provisions properly, but:
INFO: Connecting to 10.99.3.6 on port 22, with timeout 10000.
Feb 24, 2016 5:13:27 PM hudson.plugins.ec2.EC2Cloud log
INFO: Failed to connect via ssh: There was a problem while connecting to 10.99.3.6:22
Though the Jenkins host claims to be failing when attempting to ssh to the slave node, I am able to ssh from a shell on the Jenkins host without error, and using the same authentication keys as specified in my configuration.
I have additionally attempted to add and id_rsa file containing the same key inputted in the EC2 configuration in a .ssh directory in the Jenkins home dir, and the ec2-user home dir, which also did not work (which wasn't entirely unexpected).
Jenkins - v1.649
Amazon EC2 Plugin - v1.31
Using in-house Centos7.1 AMIs
Additional information: The slave instance ID is listed in the build executor box, but says "offline" next to it, even after I observe the instance in the EC2 console as running and available, and am able to SSH to it manually from the master.
As it turned out, this was an issue using Centos7 and JDK1.8. When using the same configurations with Centos6.5 and JDK1.7, the slaves spun up and connected properly.
Please add id_rsa.pub key from the master host's .ssh folder to authorized_keys on the slave host.
You can debug by some steps below:
Check security group of EC2, to be certain that port 22 was opened.
Use file *.pem to authenticate your EC2 on Jenkins server.