AWS EC2( Apache) cannot be configured for SSL with Cerbot - amazon-web-services

I have successfully deployed an application created in Laravel to AWS EC2 (Apache) and display it over HTTP.
However, I have configured it using Cerbot to display it over HTTPS, but it is not displaying.
The work I have done is as follows
$ sudo wget -r --no-parent -A 'epel-release-*.rpm' http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/
$ sudo rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-*.rpm
$ sudo yum-config-manager --enable epel*
$ sudo yum repolist all
I opened /etc/httpd/conf/httpd.conf and added the following information
Listen 80
<VirtualHost *:80>
DocumentRoot "/var/www/html/app_name/public"
ServerName "example.com"
ServerAlias "www.example.com"
</VirtualHost>
Include /etc/httpd/conf/httpd-le-ssl.conf
I then restarted Apache and installed Cerbot.
$ sudo systemctl restart httpd
$ sudo yum install -y certbot python2-certbot-apache
$ sudo certbot
You have answered Certbot's questions and received the message "Congratulations! You have successfully enabled https://example.com."
However, it is not actually displayed over https.
/etc/httpd/conf/httpd-le-ssl.conf is as follows.
<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot "/var/www/html/app_name/public"
ServerName "online-study-room.jp"
ServerAlias "www.online-study-room.jp"
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/online-study-room.jp/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/online-study-room.jp/privkey.pem
</VirtualHost>
</IfModule>
Any help would be greatly appreciated.
Thank you for reading.

Port 443 was not open in the EC2 inbound rules.

Related

SSL Certificate for WSGI application

I have a Django project that I deployed using only the WSGI server provided by Django(no webserver like apache, ngnix ...).
The problem is that I want to upload an SSL certificate for the HTTPS version of the website. How can I do it please ?
Thank you in advance for your answers.
You can use Let’s Encrypt and Certbot for the HTTPS version of your site.
I recommend you use web servers such as Nginx or Apache for practicing. Besides, your application runs better.
You can read this easy guide from medium.
If you are using Ubuntu or other Linux distributions:
# adding certbot repository
sudo add-apt-repository ppa:certbot/certbot
# do not forget to update your dependencies after adding some repo
sudo apt update
# installing certbot
sudo apt-get install python-certbot-nginx
# pointing certbot to your domain
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

AWS ECS: Not able to access via URL. Giving You don't have permission to access this resource

Dockerizing Drupal 8 on AWS ECS Error: Task failed ELB health checks in Target group for Drupal
Above thing is working fine now. Seems missing Apache or PHP configuration, so not able to access the website.
Forbidden
You don't have permission to access this resource.
Apache/2.4.25 (Debian) Server at 51.11.211.110 Port 80
DockerFile
FROM drupal:8.6-apache
RUN apt-get update && apt-get install -y \
curl \
git \
mysql-client \
vim \
wget
RUN php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" && \
php composer-setup.php && \
mv composer.phar /usr/local/bin/composer && \
php -r "unlink('composer-setup.php');"
RUN wget -O drush.phar https://github.com/drush-ops/drush-launcher/releases/download/0.4.2/drush.phar && \
chmod +x drush.phar && \
mv drush.phar /usr/local/bin/drush
COPY apache-drupal.conf /etc/apache2/sites-enabled/000-default.conf
WORKDIR /drupal/web
docker-compose.yml file
version: '3'
services:
drupal:
image: drupal:latest
container_name: drupal
build: .
ports:
- "8081:80"
volumes:
- ./:/drupal/web
restart: always
apache-drupal.conf file
<VirtualHost *:80>
DocumentRoot "/drupal/web/"
DirectoryIndex index.php
<Directory "/drupal/web/">
AllowOverride All
Require all granted
</Directory>
ErrorLog /drupal/web/error.log
CustomLog /drupal/web/access.log combined
</VirtualHost>
It gives above error. May be something I am missing in DockerFile?
Error in docker log
Cannot serve directory /var/www/web/: No matching DirectoryIndex
(index.php,index.html) found, and server-generated directory index
forbidden by Options directive
[UPDATE]
After adding apache.conf file it is giving below error
AH00014: Configuration check failed No such file or directory:
AH02291: Cannot access directory '/var/www/web/docker/logs/' for error
log of vhost defined at /etc/apache2/sites-enabled/000-default.conf:1
Now I am able to access via IP, but it is only showing error.log & access.log file. Not my Drupal project

Django rest API deploy on apache

I have created a django application and deployed it on the server.I have run the application through :-
python manage.py runserver 8000 &
and handle the requests on the apache server through proxy
ProxyPass "/" "http://www.example.com/"
ProxyPassReverse "/" "http://www.example.com/".
But there is a issue that I am facing while testing the api through JMeter, when i am running a test case for 10 users my python service over the server gets killed automatically.
What i am doing wrong or what i have to do more to resolve the above test scenario,please suggest?
First of all you need to deploy it on other server like apache. Below I am sharing how as usual configuration of apache2 to deploy a python django project.
Considering virtual environment is created else see how to create
virtual environment
Apache installation:
You need to install apache if not installed yet. Here I am showing the apache2 installation and some other installation which we need.
sudo apt-get update
sudo apt-get install apache2
sudo a2enmod wsgi
sudo apt-get install python3-pip apache2 libapache2-mod-wsgi-py3
configuration of 000-default.conf file : Generally the apache2 is located on linux m at path /etc/apache2/sites-available/000-default.conf. And the configuration file may like that.
<VirtualHost *:80>
ServerName www.something.com
# this is the document root of your project
DocumentRoot /path/to/my-project
# The directory which you can access with base path EX: www.something.com/static/images/image.png
Alias /static /path/to/my-project/static
<Directory /path/to/my-project/static>
Require all granted
</Directory>
<Directory /path/to/my-project/my-project>
<Files wsgi.py>
Header set Access-Control-Allow-Origin "*"
Require all granted
</Files>
</Directory>
WSGIDaemonProcess my-project python-home=/path/to/my_env python-path=/path/to/my-project
WSGIProcessGroup my-project
WSGIScriptAlias / /path/to/my-project/my-project/wsgi.py
ErrorLog /path/to/my-project/logs/error.log
CustomLog /path/to/my-project/logs/access.log combined3
</VirtualHost>
Django project wsgi.py : The django project you created there have a wsgy.py and this file may look like.
python_home = '/path/to/my_env'
import sys
import site
sys.path.append('/path/to/my-project')
sys.path.append('/path/to/my_env/bin')
sys.path.append('/path/to/my_env/lib/python3.6/site-packages')
# Calculate path to site-packages directory.
python_version = '.'.join(map(str, sys.version_info[:2]))
site_packages = python_home + '/lib/python%s/site-packages' % python_version
# Add the site-packages directory.
site.addsitedir(site_packages)
import os
from django.core.wsgi import get_wsgi_application
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "my-project.settings")
application = get_wsgi_application()
After that you can start you apache2 sever sudo service apache2 start
Also you need to give the permission of you project directory sudo chmod -R 777 /path/to/my-project
This is the basic configuration of apache2 with python django project. Hope this will help to configure any linux machine with your python django project
You cannot using python manage.py runserver 8000 on a server, it's for development ONLY.
You can see the documentation here https://docs.djangoproject.com/en/2.1/howto/deployment/wsgi/
A basic conf for Apache would be :
<VirtualHost *:80>
ServerName yoursite.com
ServerAdmin your#site.com
Alias /media/ /path/to/django-app/media/
<Directory /path/to/django-app/media/>
Require all granted
</Directory>
WSGIScriptAlias / /path/to/django-app/conf/wsgi.py
<Directory /path/to/django-app/conf/>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
</VirtualHost>
You need to adapt this for your project.
If you need to install mod_wsgi : https://modwsgi.readthedocs.io/en/develop/user-guides/quick-installation-guide.html
For me i would use https://docs.djangoproject.com/en/2.1/howto/deployment/wsgi/uwsgi/ it's more convenient (pip install uwsgi)

jenkins redirect from 80 to 443 in AWS

I just installed Jenkins EC2 instance in AWS. I tried to configure the redirection from http to https (i.e. http://myjenkins.com to https://myjenkins.com). Do I configure in AWS or in Jenkins? I only found https://aws.amazon.com/premiumsupport/knowledge-center/redirect-http-https-elb/ but does not help much. Please advise. Thanks
If you are trying to get to the jenkins web UI on port 443, i would suggest using a web server like nginx to proxy requests to your jenkins installation. That way, you can have a fairly vanilla jenkins installation and handle all of the SSL configuration and port redirection in nginx (which is much easier to do).
Here's an example outline of how you might accomplish what are you asking:
Set up your server and install Jenkins normally, serving on port 8080.
Install nginx and configure it to proxy "/" to port 8080 on localhost.
Install your SSL certs. Using certbot with Let's Encrypt makes this step pretty easy as it handles all of the SSL config for you. (Note that for the install to work, your Security Group will have to allow all traffic to access your instance while you're doing the install. You can make it more restrictive once everything is configured. You also need a URL that is publicly accessible for your SSL certs to be valid).
Access your site using the bare domain and look for it to be forwarded to https.
And here are the actual steps I used to get mine working on a Ubuntu EC2 VM (you might have to hum along to the tune of the install but you will get the idea):
apt-get update
apt-get upgrade -y
apt-get install nginx -y
cd /etc/nginx/sites-enabled/
vim default (see config below)
systemctl restart nginx
wget -q -O - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | apt-key add -
echo "deb http://pkg.jenkins-ci.org/debian binary/" | tee -a /etc/apt/sources.list
add-apt-repository ppa:webupd8team/java -y
apt-get update
apt-get install oracle-java8-installer -y
apt-get install jenkins –y
systemctl status jenkins
cd /var/lib/jenkins/secrets/
cat initialAdminPassword
ufw enable
sudo add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-nginx
ufw allow 'Nginx Full'
ufw allow OpenSSH
ufw status
certbot --nginx -d jenkins.example.com
Your default nginx config will look something like this:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name jenkins.example.com;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
When you run the certbot --nginx -d jenkins.example.com step, it will also insert some lines into your nginx config to set up the SLL and cert specifics.
After that, you should be good!
You need to configure Jenkins settings to HTTPS inside your EC2;
And if you are using Load Balance in front of the EC2, you also need to configure ELB to forward port to HTTPS.

Deploying multiple django sites with mod_wsgi apache linux

I wish to deploy multiple Django sites (say 2 for now - www.example.com, www.example2.com) using apache2 mod_wsgi. Here are the steps I followed in a fresh Ubuntu 16.04 installations.
I've set alias python=python3 in my .bashrc as I am working in python3
packages installed:
apache2 - sudo apt-get install apache2
mod_wsgi - sudo apt-get install libapache2-mod-wsgi-py3
Django(V1.11) - sudo apt-get install python3-django
Then I've created two projects inside
/var/www/
django-admin startproject example
django-admin startproject example2
then I did the followings for both the projects (I've mentioned only one, the other one is exactly the same except replacing example with example2)
/var/www/example/example/settings.py
ALLOWED_HOSTS = ['example.com', 'www.example.com']
/var/www/example/example/wsgi.py
#os.environ.setdefault("DJANGO_SETTINGS_MODULE", "example.settings")
os.environ["DJANGO_SETTINGS_MODULE"] = "example.settings"
/etc/apache2/sites-available/example.conf
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
ServerAdmin admin#example.com
DocumentRoot /var/www/example
WSGIScriptAlias / /var/www/example/example/wsgi.py
ErrorLog /var/www/example/error.log
</VirtualHost>
Also, I've added
/etc/apache2/apache2.conf
WSGIPythonPath /var/www/example
I've called a2ensite for both example.conf and example2.conf
Once I restart apache I could now access www.example.com successfully, but www.example2.com gives an internal server error(500). I thought that's because I've only included one path for WSGIPythonPath in apache2.conf and changed it as
/etc/apache2/apache2.conf
WSGIPythonPath /var/www/example:/var/www/example2
But however, I now get an internal server error(500) for both.
in both cases, the error message is ImportError: No module named example
This is my first deployment by the way. Hense I have no prior experience.
Please direct me what I should do to get both sites up and running.