0 Introduction
I'm trying to setup a server with a main website hosted on ports 80 and 443 (let's call it example.com) and a section on this website that serves umami analytics hosted on port 3000 (let's call it umami.example.com) using a reverse proxy.
I'm using Django and Apache (with mod_wsgi as hinted from the django project) and I have to setup DNS using Cloudflare.
The main website works as intended, redirecting http traffic to https (more on that on the Apache section) and I'm tring to add this section under umami.example.com but every request ends up in a 404 error given by my main website.
Currently I'm trying to make the umami part work using a reverse proxy (as shown in the first section of the Apache Config)
####################################################################
1 DNS
DNS are configured using Cloudflare with 3 A records:
example.com -> server IP address
umami -> same server ip
www -> again same ip
and some MX and TXT ones.
####################################################################
2 Apache Config
<VirtualHost _default_:80>
ServerAdmin admin#example.com
ServerName umami.example.com
ProxyPass "/" "http://127.0.0.1:3000/"
ProxyPassReverse "/" "http://127.0.0.1:3000/"
</VirtualHost>
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerAdmin admin#example.com
ServerName example.com
ServerAlias www.example.com
Alias /static /mainfolder/static
DocumentRoot /mainfolder/django-folder
<Directory /mainfolder/django-folder/static>
Require all granted
</Directory>
<Directory /mainfolder/django-folder/django-app>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess django-folder python-path=/mainfolder/django-folder python-home=/usr/local/env
WSGIProcessGroup django-folder
WSGIScriptAlias / /mainfolder/django-folder/django-app/wsgi.py
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>
####################################################################
3 What I've tried
Connecting directly to the IP address bypassing the DNS (port 80) makes no difference.
Connecting directly to the IP address bypassing the DNS (port 3000) works as intended.
Swapping places on the Apache Config works like this:
When the reverse proxy comes first (the config is as posted) then connecting to the 80 port serves the analytics website.
When the redirect comes first (swapped) connecting to the 80 port redirects to the HTTPS website
Adding and removing ProxyPreserveHost makes no difference.
Related
I have setup ssl successfully
Im having trouble redirecting http requests to https
I tried : https://aws.amazon.com/premiumsupport/knowledge-center/redirect-http-https-elb/
from aws docs and didnt work.
i tried one of the SA answers and added
<VirtualHost *:80>
ServerName www.onepercent.club
Redirect / https://www.onepercent.club/
</VirtualHost>
<VirtualHost *:443>
ServerName www.onepercent.club
</VirtualHost>
I added this code in the httpd.conf file in /etc/httpd/conf
Now the requests to http are redirected to https but showing error saying ERR_SSL_PROTOCOL_ERROR
Please help me resolve this error
SSL Certificate is setup perfectly and used to work when i manually type in https. Im having trouble only with redirecting.
Im hosting it on AWS EC2 t2.micro and my SSL is from GoDaddy
EDIT
SSL.conf
<VirtualHost _default_:443>
ServerName www.onepercent.club
SSLEngine on
SSLCertificateFile SOMEPATH
SSLCertificateKeyFile SOMEPATH
SSLCertificateChainFile SOMEPATH
</VirtualHost>
httpd.conf
<VirtualHost *:80>
ServerName www.onepercent.club
Redirect / https://www.onepercent.club/
</VirtualHost>
The ERR_SSL_PROTOCOL_ERROR is because you are trying to connect on the HTTPS port (443) using HTTPS. However your host is listening on 443 as a standard HTTP request.
To fix this your vhost should be configured to run SSL.
This can be done by adding the minimum SSL configuration to the host a shown below.
<VirtualHost *:443>
ServerName www.onepercent.club
SSLEngine on
SSLCertificateFile "/path/to/www.example.com.cert"
SSLCertificateKeyFile "/path/to/www.example.com.key"
</VirtualHost>
I have successfully installed SSL certificate with certbot and lets encrypt on my debian and apache linux virtual machine on google cloud.
the domain is successfully secure with HTTPS.
Although on directly accessing the external ip address i am still getting an unsecure version of the website.
How to redirect the ip directly to the HTTPS version set up with APACHE and just the "domain.com" towards -->> HTTPs:www.domain.com .
I have tried to re-route to port 80 and 443 towards the HTTPS version as in PHP without any luck as shown here :
How to redirect from www to https www with htacces?
in my 000-default.conf:
<VirtualHost *:80>
ServerName localhost
ServerAdmin webmaster#localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.bracketline.com [OR]
RewriteCond %{SERVER_NAME} =localhost
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
[END,NE,R=permanent]
</VirtualHost>
and on my 000-default-le-ssl.conf i have:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName localhost
ServerAdmin webmaster#localhost
Alias /static /var/www/static-root
<Directory /var/www/static-root>
Require all granted
</Directory>
Alias /media /var/www/media-root
<Directory /var/www/media-root>
Require all granted
</Directory>
<Directory /var/www/venv/src/cfehome>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess cfehome python-
path=/var/www/venv/src/:/var/www/venv/lib/python3.5/site-packages
WSGIProcessGroup cfehome
WSGIScriptAlias / /var/www/venv/src/cfehome/wsgi.py
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerAlias www.bracketline.com
SSLCertificateFile
/etc/letsencrypt/live/www.bracketline.com/fullchain.pem
SSLCertificateKeyFile
/etc/letsencrypt/live/www.bracketline.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
I am not sure how this thing works if a detailed blog or turorial could be given it would be of great help. thanx in advance!
First lacate which .conf file youre actually using by typing apachectl -S (this works on Debian based OS'es).
Next up edit the file, it should look simillar:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
Protocols h2 http/1.1
# SSL Configuration
# Other Apache Configuration
</VirtualHost>
In general there are several tutorials how to configure HTTP to HTTPS redirect:
Redirect HTTP to HTTPS in Apache
How to Redirect HTTP to HTTPS on Apache
Apache Redirect to HTTPS
And some interesting discusson Why is my Apache VirtualHost directing to the wrong VirtualHost?
Lastly - here's another SO discussion on that topic that has an accepted answer.
Those are just recent (up to 2 years old) examples that will help you and there are dozens more if they won't answer your questions.
I have two domains domain1.com & domain2.com & want to run both domains on a single ec2 instance.
I have created 2 hosted zones for both domains and added nameserver in my domain provider.
domain1.com's code resides in - /var/www/html
domain2.com's code resides in - /var/www/domain2
Added virtual host for both respective domains in
/etc/httpd/conf/httpd.conf
virtual host looks like below:
<VirtualHost *:80>
ServerAdmin webmaster#yourdomain.com
DocumentRoot "/var/www/html"
ServerName domain1.com
</VirtualHost>
So when I run domain1.com that works perfectly fine, but when run domain2.com it show code from /var/www/html but it should show code from /var/www/domain2
So please help me to identify what I am doing wrong?
Give this a try:
# Ensure that Apache listens on port 80
Listen 80
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName www.domain1.com
# Other directives here
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/var/www/domain2"
ServerName www.domain2.com
# Other directives here
</VirtualHost>
This will set up two VirtualHosts that respond to domain1.com and domain2.com, respectively. Note that the first VirtualHost for domain1.com will be seen as the primary host and will be the default responder for all requests that don't match any ServerNames.
Other examples can be found here.
I have a back-end application (Django) that requires its static content (assets like images, scripts, stylesheets, etc.) to be served by a web server.
At current, I have my Django application serving on localhost:5000. I have this sitting behind an Apache2 server virtual host that is using mod_proxy to send requests to the Django app in the back.
I need to configure my VHost so that all of the URI requests for domain.com/static/asset will serve the asset from /path/to/asset statically, while everything else gets proxied to the back-end app localhost:5000.
My VHost config looks like this at the moment, the commented bits don't work properly.
<VirtualHost *:80>
ServerName www.domain.com
ServerAlias domain.com
ServerAdmin info#domain.com
ErrorLog ${APACHE_LOG_DIR}/domain_error.log
CustomLog ${APACHE_LOG_DIR}/domain_access.log combined
ProxyRequests Off
ProxyVia Off
<Proxy *>
Require all granted
</Proxy>
# DocumentRoot /path/to/static
# <Directory /path/to/static/>
# Require all granted
# </Directory>
ProxyPass / http://localhost:5000/
ProxyPassReverse / http://localhost:5000/
</VirtualHost>
So I've been having an issue with Vagrant and Port Forwarding...
Currently, Vagrant is already forwarding ports 80 -> 8080 and 443 -> 8443. Issue is, I don't want a client to have to type ports 8443 and 8080 to access my web page. So now, the client has to type in 127.0.0.1:8080 or 127.0.0.1:8443 to access the webpages.
How would I go about changing this? My current stack is VM, Vagrant, Apache, Django.
I have 2 VHosts setup. Heres my sites-available/mysite.com file
<VirtualHost *:80>
ServerAdmin webmaster#example.com
#ServerName spritebots.com
#ServerAlias www.spritebots.com
ServerName 127.0.0.1
ServerAlias 127.0.0.1
ProxyRequests off
ProxyPreserveHost On
ProxyPass / https://127.0.0.1:8443
ProxyPassReverse / https://127.0.0.1:8443
#Redirect permanent / https://127.0.0.1:8443
</VirtualHost>
<VirtualHost *:443>
WSGIDaemonProcess spritebots
WSGIProcessGroup spritebots
WSGIScriptAlias / /var/www/spritebots/apps/wsgi.py
ServerAdmin webmaster#example.com
#ServerName spritebots.com
#ServerAlias www.spritebots.com
ServerName 127.0.0.1
ServerAlias 127.0.0.1
DocumentRoot /var/www/spritebots/
Alias /media/ /var/www/spritebots/static/media/
Alias /static/ /var/www/spritebots/static/
<Directory /var/www/spritebots/static>
Order deny,allow
Allow from all
</Directory>
<Directory /var/www/spritebots/static/media>
Order deny,allow
Allow from all
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/spritebots.crt
SSLCertificateKeyFile /etc/ssl/certs/spritebots.key
</VirtualHost>
So I bought a domain name, spritebots.com and I can't even get spritebots.com to point to 127.0.0.1:8443.
But for now, I would like for anyone visiting my site at 127.0.0.1, to be redirected 127.0.0.1:8443, then mask the port number. Basically like how every production web page is with HTTPS enabled.
Does a majority of developers/companies use vagrant or VMs for production web sites? Because I feel that Vagrant's port forwarding is messing this up. Or it's more possibly me just being ignorant of web development. :(
Any help would be greatly appreciated!
In your Vagrantfile, you can assign your VM a private network IP, by dropping in:
config.vm.network "private_network", ip: "192.168.50.5"
Then you don't have to mess with ports.