SSL installation in AWS EC2 redhat linux - amazon-web-services

I have purchased .crt certificate file from ssls.com for enabling SSL and I tried some method to configuring it in AWS ec2.
Like i added this code in httpd.conf
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
# !important below!
NameVirtualHost *:443
Listen 443
<VirtualHost *:443>
ServerName mydomain.com/
#other configurations
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/mydomain.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/localhost.key
After that if i run this code its giving error.
please help me. do i need to do any other thing.

Related

Apache Reverse Proxy using mod_proxy

0 Introduction
I'm trying to setup a server with a main website hosted on ports 80 and 443 (let's call it example.com) and a section on this website that serves umami analytics hosted on port 3000 (let's call it umami.example.com) using a reverse proxy.
I'm using Django and Apache (with mod_wsgi as hinted from the django project) and I have to setup DNS using Cloudflare.
The main website works as intended, redirecting http traffic to https (more on that on the Apache section) and I'm tring to add this section under umami.example.com but every request ends up in a 404 error given by my main website.
Currently I'm trying to make the umami part work using a reverse proxy (as shown in the first section of the Apache Config)
####################################################################
1 DNS
DNS are configured using Cloudflare with 3 A records:
example.com -> server IP address
umami -> same server ip
www -> again same ip
and some MX and TXT ones.
####################################################################
2 Apache Config
<VirtualHost _default_:80>
ServerAdmin admin#example.com
ServerName umami.example.com
ProxyPass "/" "http://127.0.0.1:3000/"
ProxyPassReverse "/" "http://127.0.0.1:3000/"
</VirtualHost>
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerAdmin admin#example.com
ServerName example.com
ServerAlias www.example.com
Alias /static /mainfolder/static
DocumentRoot /mainfolder/django-folder
<Directory /mainfolder/django-folder/static>
Require all granted
</Directory>
<Directory /mainfolder/django-folder/django-app>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess django-folder python-path=/mainfolder/django-folder python-home=/usr/local/env
WSGIProcessGroup django-folder
WSGIScriptAlias / /mainfolder/django-folder/django-app/wsgi.py
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>
####################################################################
3 What I've tried
Connecting directly to the IP address bypassing the DNS (port 80) makes no difference.
Connecting directly to the IP address bypassing the DNS (port 3000) works as intended.
Swapping places on the Apache Config works like this:
When the reverse proxy comes first (the config is as posted) then connecting to the 80 port serves the analytics website.
When the redirect comes first (swapped) connecting to the 80 port redirects to the HTTPS website
Adding and removing ProxyPreserveHost makes no difference.

https showing error ERR_SSL_PROTOCOL_ERROR

I have setup ssl successfully
Im having trouble redirecting http requests to https
I tried : https://aws.amazon.com/premiumsupport/knowledge-center/redirect-http-https-elb/
from aws docs and didnt work.
i tried one of the SA answers and added
<VirtualHost *:80>
ServerName www.onepercent.club
Redirect / https://www.onepercent.club/
</VirtualHost>
<VirtualHost *:443>
ServerName www.onepercent.club
</VirtualHost>
I added this code in the httpd.conf file in /etc/httpd/conf
Now the requests to http are redirected to https but showing error saying ERR_SSL_PROTOCOL_ERROR
Please help me resolve this error
SSL Certificate is setup perfectly and used to work when i manually type in https. Im having trouble only with redirecting.
Im hosting it on AWS EC2 t2.micro and my SSL is from GoDaddy
EDIT
SSL.conf
<VirtualHost _default_:443>
ServerName www.onepercent.club
SSLEngine on
SSLCertificateFile SOMEPATH
SSLCertificateKeyFile SOMEPATH
SSLCertificateChainFile SOMEPATH
</VirtualHost>
httpd.conf
<VirtualHost *:80>
ServerName www.onepercent.club
Redirect / https://www.onepercent.club/
</VirtualHost>
The ERR_SSL_PROTOCOL_ERROR is because you are trying to connect on the HTTPS port (443) using HTTPS. However your host is listening on 443 as a standard HTTP request.
To fix this your vhost should be configured to run SSL.
This can be done by adding the minimum SSL configuration to the host a shown below.
<VirtualHost *:443>
ServerName www.onepercent.club
SSLEngine on
SSLCertificateFile "/path/to/www.example.com.cert"
SSLCertificateKeyFile "/path/to/www.example.com.key"
</VirtualHost>

Two domains in a single AWS ec2 instance

I have two domains domain1.com & domain2.com & want to run both domains on a single ec2 instance.
I have created 2 hosted zones for both domains and added nameserver in my domain provider.
domain1.com's code resides in - /var/www/html
domain2.com's code resides in - /var/www/domain2
Added virtual host for both respective domains in
/etc/httpd/conf/httpd.conf
virtual host looks like below:
<VirtualHost *:80>
ServerAdmin webmaster#yourdomain.com
DocumentRoot "/var/www/html"
ServerName domain1.com
</VirtualHost>
So when I run domain1.com that works perfectly fine, but when run domain2.com it show code from /var/www/html but it should show code from /var/www/domain2
So please help me to identify what I am doing wrong?
Give this a try:
# Ensure that Apache listens on port 80
Listen 80
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName www.domain1.com
# Other directives here
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/var/www/domain2"
ServerName www.domain2.com
# Other directives here
</VirtualHost>
This will set up two VirtualHosts that respond to domain1.com and domain2.com, respectively. Note that the first VirtualHost for domain1.com will be seen as the primary host and will be the default responder for all requests that don't match any ServerNames.
Other examples can be found here.

HTTP to HTTPS redirect Vagrant

So I've been having an issue with Vagrant and Port Forwarding...
Currently, Vagrant is already forwarding ports 80 -> 8080 and 443 -> 8443. Issue is, I don't want a client to have to type ports 8443 and 8080 to access my web page. So now, the client has to type in 127.0.0.1:8080 or 127.0.0.1:8443 to access the webpages.
How would I go about changing this? My current stack is VM, Vagrant, Apache, Django.
I have 2 VHosts setup. Heres my sites-available/mysite.com file
<VirtualHost *:80>
ServerAdmin webmaster#example.com
#ServerName spritebots.com
#ServerAlias www.spritebots.com
ServerName 127.0.0.1
ServerAlias 127.0.0.1
ProxyRequests off
ProxyPreserveHost On
ProxyPass / https://127.0.0.1:8443
ProxyPassReverse / https://127.0.0.1:8443
#Redirect permanent / https://127.0.0.1:8443
</VirtualHost>
<VirtualHost *:443>
WSGIDaemonProcess spritebots
WSGIProcessGroup spritebots
WSGIScriptAlias / /var/www/spritebots/apps/wsgi.py
ServerAdmin webmaster#example.com
#ServerName spritebots.com
#ServerAlias www.spritebots.com
ServerName 127.0.0.1
ServerAlias 127.0.0.1
DocumentRoot /var/www/spritebots/
Alias /media/ /var/www/spritebots/static/media/
Alias /static/ /var/www/spritebots/static/
<Directory /var/www/spritebots/static>
Order deny,allow
Allow from all
</Directory>
<Directory /var/www/spritebots/static/media>
Order deny,allow
Allow from all
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/spritebots.crt
SSLCertificateKeyFile /etc/ssl/certs/spritebots.key
</VirtualHost>
So I bought a domain name, spritebots.com and I can't even get spritebots.com to point to 127.0.0.1:8443.
But for now, I would like for anyone visiting my site at 127.0.0.1, to be redirected 127.0.0.1:8443, then mask the port number. Basically like how every production web page is with HTTPS enabled.
Does a majority of developers/companies use vagrant or VMs for production web sites? Because I feel that Vagrant's port forwarding is messing this up. Or it's more possibly me just being ignorant of web development. :(
Any help would be greatly appreciated!
In your Vagrantfile, you can assign your VM a private network IP, by dropping in:
config.vm.network "private_network", ip: "192.168.50.5"
Then you don't have to mess with ports.

Aid in setting up a Virtual Host with Wamp in Windows Vista

I need some help in setting up this thing.
I followed a tutorial about setting up a virtual host in WAMP which included the following steps:
Opened file httpd.conf in folder C:\wamp\bin\apache\apache2.2.6\conf and uncommented the last # of the following statement:
# Virtual hosts
#Include conf/extra/httpd-vhosts.conf"
to look like this:
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
Opened the file httpd-vhosts.conf in folder C:\wamp\bin\apache\apache2.2.6\conf\extra, deleted everything in there and replaced with these codes below:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.jagerseow.servegame.com (WHICH IS A DOMAIN A REGISTERED IN NO-IP)
ServerAlias jagerseow.servegame.com domain
DocumentRoot C:/wamp/www/MP4Public
ErrorLog "C:/wamp/www/MP4Public/logs/error.log"
CustomLog "C:/wamp/www/MP4Public/logs/access.log" common
</VirtualHost>"
<VirtualHost *:80>
ServerName localhost
DocumentRoot C:/wamp/www
ErrorLog "C:/wamp/www/logs/error.log"
CustomLog "C:/wamp/www/logs/access.log" common
</VirtualHost>
Used Notepad to open file hosts in folder C:/Windows/System32/drivers/etc on server computer; then, deleted and replaced the default codes with these codes:
127.0.0.1 localhost
127.0.0.1 domain
Restarted WAMP and waited until it turned green, which it did ...
Try to connect to my server page by typing domain in the browser and my web page showed up normally. However when anyone, including myself, tries to open it by typing the address (http://www.jagerseow.servegame.com), no page is loaded.
I'm running Windows Vista 32-bit. Anyone can tell me what I'm doing wrong?
Change your Virtual Hosts definition to this:-
NameVirtualHost *:80
## must be first so the the wamp menu page loads
## and stray hacks get sent here and ignored because access
## is only allowed from local ips (127.0.0.1 localhost ::1 )
<VirtualHost *:80>
DocumentRoot "C:/wamp/www"
ServerName localhost
ServerAlias localhost
<Directory "C:/wamp/www">
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 localhost ::1
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName www.jagerseow.servegame.com
ServerAlias jagerseow.servegame.com
DocumentRoot "C:/wamp/www/MP4Public"
# changed, dont want your logs available under your docroot directory (security)
ErrorLog "C:/wamp/www/logs/MP4Public_error.log"
CustomLog "C:/wamp/www/logs/MP4Public_access.log" common
<Directory "D:/wamp/www/MP4Public">
Order Allow,Deny
Allow from all
</Directory>
</VirtualHost>"
Now you need to change your hosts file to :-
127.0.0.1 localhost
127.0.0.1 jagerseow.servegame.com
After changing this do the following, or reboot.
Run a command window Run as Administrator and do
net stop "DNS Client"
net start "DNS Client"
This will force a refresh of the DNS Cache and make the new domain name available on your PC.
The hosts file is loaded by windows into its DNS cache. It pre-loads urls and is a bit like a very low function DNS. So this tell the dns cache and therefore your browser etc that jagerseow.servegame.com is found on ip address 127.0.0.1 which is this PC
If you actually did want the universe to be able to see this site, I assume you do as you used Allow from all, you will then have to port forward port 80 on your router to the ip address of the PC running wamp. Also that PC will need a STATIC ip address so it does not change when you reboot. Help for that can be found here PortForward.com