AWS ubuntu SSL installed but not loading https or http - amazon-web-services

I've followed exactly this youtube video tutorial to install SSL at my AWS Ubuntu Apache2 server. Youtube URL: https://www.youtube.com/watch?v=m06TttS2ZAM
Ubuntu version: Ubuntu 16.04.5 LTS
Apache version: Apache/2.4.18 (Ubuntu)
My domain name: pilefo.com
Here is the sites-enabled: 000-default.conf details:
<VirtualHost *:443>
ServerAdmin admin#pilefo.com
DocumentRoot /var/www/html
ServerName pilefo.com
ServerAlias www.pilefo.com
SSLEngine on
SSLCertificateFile /etc/ssl/certs/pilefo_com.crt
SSLCertificateKeyFile /etc/ssl/certs/pilefo.com.key
SSLCertificateChainFile /etc/ssl/certs/pilefo_com.ca-bundle
<Directory /var/www/html>
Options FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
#Redirect all http traffic to https
<VirtualHost *:80>
ServerName pilefo.com
ServerAlias www.pilefo.com
Redirect permanent / https://www.pilefo.com
</VirtualHost>
/etc/apache2/apache2.conf file details
link: https://textuploader.com/1avcv
Apache error log
https://textuploader.com/1avcn
https://textuploader.com/1avcn
Thanks in advance.

Related

Apache, mod-wsgi: Any URL is served by project, ServerName is ignored

I am setting up a Django project and Apache on Ubuntu 20. The below setup correctly displays the Django project, however ANY URL that points to the server's IP address is served this project. I obviously need to limit this to my particular website mysite.com. ServerName is ignored.
I have looked at other question/answers. However, they usually mention httpd.conf, which is no longer used in Apache. Or, there is no accepted answer. Or, it just isn't relevant to my setup. Also, I've been told not to touch apache2.conf. This is a brand-new installation instance so no weird stuff hanging around.
I will eventually need to have multiple sites served on the same server.
Install Apache mod-wsgi:
sudo apt install apache2 apache2-utils ssl-cert libapache2-mod-wsgi
sudo a2enmod rewrite
sudo systemctl restart apache2
Set up .conf file and activate it:
Copy mysite.com.conf to /etc/apache2/sites-available
sudo a2ensite mysite.com.conf
sudo a2dissite 000-default.conf
sudo systemctl reload apache2
sudo systemctl restart apache2
mysite.com.conf:
<VirtualHost *:80>
WSGIApplicationGroup %{GLOBAL}
WSGIDaemonProcess test_project_ns processes=1 threads=10 python-path=/home/ubuntu/test_project python-home=/home/ubuntu/test_project/test_env
WSGIProcessGroup test_project_ns
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ServerName mysite.com
ServerAlias www.mysite.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /home/ubuntu/test_project/test_ui>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIScriptAlias / /home/ubuntu/test_project/test_ui/wsgi.py
</VirtualHost>
Result:
mysite.com correctly serves up the Django project, but so does ANY other website that points to the server.
Output of apache2ctl -S:
VirtualHost configuration:
*:80 mysite.com (/etc/apache2/sites-enabled/mysite.com.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33 not_used
Group: name="www-data" id=33 not_used
So if apache doesn't find a match for the URL, it uses the first virtual host, regardless of ServerName. I therefore added a blocking virtual host before the real one. Now all sites that don't match ServerName or ServerAlias are shown a standard forbidden message.
This also works with multiple site.com.conf files. I add the blocking virtual host to the top of each file so I don't have to worry about which virtual host is "first" when there are multiple files.
<VirtualHost *:80>
<Location />
Deny from all
</Location>
</VirtualHost>
<VirtualHost *:80>
ServerName mysite.com
.....
</VirtualHost>

https showing error ERR_SSL_PROTOCOL_ERROR

I have setup ssl successfully
Im having trouble redirecting http requests to https
I tried : https://aws.amazon.com/premiumsupport/knowledge-center/redirect-http-https-elb/
from aws docs and didnt work.
i tried one of the SA answers and added
<VirtualHost *:80>
ServerName www.onepercent.club
Redirect / https://www.onepercent.club/
</VirtualHost>
<VirtualHost *:443>
ServerName www.onepercent.club
</VirtualHost>
I added this code in the httpd.conf file in /etc/httpd/conf
Now the requests to http are redirected to https but showing error saying ERR_SSL_PROTOCOL_ERROR
Please help me resolve this error
SSL Certificate is setup perfectly and used to work when i manually type in https. Im having trouble only with redirecting.
Im hosting it on AWS EC2 t2.micro and my SSL is from GoDaddy
EDIT
SSL.conf
<VirtualHost _default_:443>
ServerName www.onepercent.club
SSLEngine on
SSLCertificateFile SOMEPATH
SSLCertificateKeyFile SOMEPATH
SSLCertificateChainFile SOMEPATH
</VirtualHost>
httpd.conf
<VirtualHost *:80>
ServerName www.onepercent.club
Redirect / https://www.onepercent.club/
</VirtualHost>
The ERR_SSL_PROTOCOL_ERROR is because you are trying to connect on the HTTPS port (443) using HTTPS. However your host is listening on 443 as a standard HTTP request.
To fix this your vhost should be configured to run SSL.
This can be done by adding the minimum SSL configuration to the host a shown below.
<VirtualHost *:443>
ServerName www.onepercent.club
SSLEngine on
SSLCertificateFile "/path/to/www.example.com.cert"
SSLCertificateKeyFile "/path/to/www.example.com.key"
</VirtualHost>

How to redirect google VM external ip address to HTTPS in django with Debial and Apache?

I have successfully installed SSL certificate with certbot and lets encrypt on my debian and apache linux virtual machine on google cloud.
the domain is successfully secure with HTTPS.
Although on directly accessing the external ip address i am still getting an unsecure version of the website.
How to redirect the ip directly to the HTTPS version set up with APACHE and just the "domain.com" towards -->> HTTPs:www.domain.com .
I have tried to re-route to port 80 and 443 towards the HTTPS version as in PHP without any luck as shown here :
How to redirect from www to https www with htacces?
in my 000-default.conf:
<VirtualHost *:80>
ServerName localhost
ServerAdmin webmaster#localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.bracketline.com [OR]
RewriteCond %{SERVER_NAME} =localhost
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
[END,NE,R=permanent]
</VirtualHost>
and on my 000-default-le-ssl.conf i have:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName localhost
ServerAdmin webmaster#localhost
Alias /static /var/www/static-root
<Directory /var/www/static-root>
Require all granted
</Directory>
Alias /media /var/www/media-root
<Directory /var/www/media-root>
Require all granted
</Directory>
<Directory /var/www/venv/src/cfehome>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess cfehome python-
path=/var/www/venv/src/:/var/www/venv/lib/python3.5/site-packages
WSGIProcessGroup cfehome
WSGIScriptAlias / /var/www/venv/src/cfehome/wsgi.py
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerAlias www.bracketline.com
SSLCertificateFile
/etc/letsencrypt/live/www.bracketline.com/fullchain.pem
SSLCertificateKeyFile
/etc/letsencrypt/live/www.bracketline.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
I am not sure how this thing works if a detailed blog or turorial could be given it would be of great help. thanx in advance!
First lacate which .conf file youre actually using by typing apachectl -S (this works on Debian based OS'es).
Next up edit the file, it should look simillar:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
Protocols h2 http/1.1
# SSL Configuration
# Other Apache Configuration
</VirtualHost>
In general there are several tutorials how to configure HTTP to HTTPS redirect:
Redirect HTTP to HTTPS in Apache
How to Redirect HTTP to HTTPS on Apache
Apache Redirect to HTTPS
And some interesting discusson Why is my Apache VirtualHost directing to the wrong VirtualHost?
Lastly - here's another SO discussion on that topic that has an accepted answer.
Those are just recent (up to 2 years old) examples that will help you and there are dozens more if they won't answer your questions.

How to configure subdomain to specific port

I have two projects 1: is wordpress running on apache (main website thespatio.com/45.33.10.149)
2: A Django Application running on Nginx using same IP with 81 port. (45.33.10.149:81). I want to configure above two apps so that when some one hit http://thespatio.com it should show main website and if some hit http://or.thespatio.com it should show my django application. I have seen many fix but none work for me. I tried virtual host like proxypass and proxy_reverse but apache stopped working. below are the two virtual hosts conf file
Main Website settings (conf)
<VirtualHost *:80>
ServerAdmin admin#example.com
ServerName thespatio.com
ServerAlias www.thespatio.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Django App (conf)
<VirtualHost *:80>
ServerAdmin admin#test.com
ServerName or.thespatio.com
ServerAlias www.thespatio.com
ProxyPass / http://or.thespatio.com:81/
ProxyPassReverse / http://or.thespatio.com:81/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Any help would be appreciated. Thanks in advance
mod_proxy was not installed. I follow Install mod_proxy tutorial and my both apps working fine.

HTTP to HTTPS redirect Vagrant

So I've been having an issue with Vagrant and Port Forwarding...
Currently, Vagrant is already forwarding ports 80 -> 8080 and 443 -> 8443. Issue is, I don't want a client to have to type ports 8443 and 8080 to access my web page. So now, the client has to type in 127.0.0.1:8080 or 127.0.0.1:8443 to access the webpages.
How would I go about changing this? My current stack is VM, Vagrant, Apache, Django.
I have 2 VHosts setup. Heres my sites-available/mysite.com file
<VirtualHost *:80>
ServerAdmin webmaster#example.com
#ServerName spritebots.com
#ServerAlias www.spritebots.com
ServerName 127.0.0.1
ServerAlias 127.0.0.1
ProxyRequests off
ProxyPreserveHost On
ProxyPass / https://127.0.0.1:8443
ProxyPassReverse / https://127.0.0.1:8443
#Redirect permanent / https://127.0.0.1:8443
</VirtualHost>
<VirtualHost *:443>
WSGIDaemonProcess spritebots
WSGIProcessGroup spritebots
WSGIScriptAlias / /var/www/spritebots/apps/wsgi.py
ServerAdmin webmaster#example.com
#ServerName spritebots.com
#ServerAlias www.spritebots.com
ServerName 127.0.0.1
ServerAlias 127.0.0.1
DocumentRoot /var/www/spritebots/
Alias /media/ /var/www/spritebots/static/media/
Alias /static/ /var/www/spritebots/static/
<Directory /var/www/spritebots/static>
Order deny,allow
Allow from all
</Directory>
<Directory /var/www/spritebots/static/media>
Order deny,allow
Allow from all
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/spritebots.crt
SSLCertificateKeyFile /etc/ssl/certs/spritebots.key
</VirtualHost>
So I bought a domain name, spritebots.com and I can't even get spritebots.com to point to 127.0.0.1:8443.
But for now, I would like for anyone visiting my site at 127.0.0.1, to be redirected 127.0.0.1:8443, then mask the port number. Basically like how every production web page is with HTTPS enabled.
Does a majority of developers/companies use vagrant or VMs for production web sites? Because I feel that Vagrant's port forwarding is messing this up. Or it's more possibly me just being ignorant of web development. :(
Any help would be greatly appreciated!
In your Vagrantfile, you can assign your VM a private network IP, by dropping in:
config.vm.network "private_network", ip: "192.168.50.5"
Then you don't have to mess with ports.