I'm lost with all informations about ssl, https....
Here the story : I build a laravel website at my work hosted on our windows server with laragon. Every computer go to this site with ip of the serveur, i.e. http://192.17.10.168/aurora/public/login
It works only with local computer and we want to keep that privacy (no need outside access).
But now I want to use tools that use https : http/2, progressive app...
How can I use https with that config ?
I succefully add openssl certificat to my aurora.test on serveur but http2 doesn't work, my config :
<VirtualHost *:443>
Protocols h2 http/1.1
DocumentRoot "${DOCROOT}/aurora2/public"
ServerName aurora.test:443
SSLEngine on
SSLCertificateKeyFile C:/laragon/ssl/app.dev.key
SSLCertificateFile C:/laragon/ssl/app.dev.crt
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
I enable module on apache config.
How others local computers can access to my https site with aurora .test ?
Thank for your help !
Related
I did followed this site to created an unvalidated cert. Now what happened here is that cert is issued to "elliot.dev" and I tried to go to "mmc.exe" and "Disabled all purposed for this cert", and restarted my machine but it is still not work.
When I install that cert, I imported into
Local Machine >> Trusted Root Certification Authorities
and it caused my customized XAMPP local domain "elliot.dev" not working and no longer accessible to http://elliot.dev . Browser redirected me to https://elliot.dev and it is inaccessible as well because of untrust cert SSL error.
How should I completely remove it? Thanks.
After few hours of searching, found that this is because of the .dev domain is force redirected to https by default for most browser Chrome and Firefox. It is legit .dev gTLD and preloaded HSTS for most browsers.
Source:
https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/
https://stackoverflow.com/a/47726962/5802100
To remove a installed certificate, open MMC.exe and find your imported certificate(should be in Certificates/Trusted Root Certification Authorities/Certificates), right click on it, and select Delete.
You are redirected to https://* because you enabled it in your virtual host configurations:
<VirtualHost *:443>
DocumentRoot "C:/xampp/htdocs"
ServerName site.test
ServerAlias *.site.test
SSLEngine on # <--- This line.
SSLCertificateFile "crt/site.test/server.crt"
SSLCertificateKeyFile "crt/site.test/server.key"
</VirtualHost>
I have generated my app using Jhipster. Configured it to run on amazon ec2 with Ubuntu 16.x and apache with following configuration and godaddy a record. When I hit the website url it maps and renders the site without any issues.
apache2 configuration
<VirtualHost *:80>
ServerName 111.22.33.444
ProxyPreserveHost On
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://111.22.33.444:8080/
ProxyPassReverse / http://111.22.33.444:8080/
</VirtualHost>
Nest step, trying to configure SSL. I have bought the SSL from godaddy for my domain, configured it and uploaded the *.crt files into /etc/apache2/ssl. I quickly realized just by adding another virtual host configuration for port 443 will not work because JHipster app is running on 8080. I went back and looked at https://www.jhipster.tech/production/ and they have instructions for configuring SSL with HTTPS configuration with a front-end proxy and this where I got lost and am unable to configure SSL and serve up my domain on https.
What is not clear is can I still run the app on 8080 and simply follow the instructions under HTTPS configuration with a front-end proxy? First, I configured apache using "lets encrypt" using the following command
sudo certbot --apache -d doamin.com --agree-tos -m info#domain.com --redirect
it failed saying
Failed redirect for domain.com
Unable to set enhancement redirect for domain.com
It didn't work.
What are the changes for Jhipster application that I need to do? Should it run on 443 or continue to run 8080 and update virtual host configuration? How should i configure virtual host?
I have searched high and low with no instructions. Any direction is much appreciated.
Assuming your app is available at http://127.0.0.1:8080/, you can successfully configure Apache for HTTPS with Certbot by following the below steps.
Setup server with:
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache apache2
Start with the config:
<VirtualHost *:80>
ServerName example.com
ServerAlias example.com
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
ProxyPreserveHost On
ProxyRequests Off
</VirtualHost>
Enable plugins and restart Apache2, making the app accessible at the domain configured above:
a2enmod headers proxy proxy_http
service apache2 restart
Then run certbot with the instructions in the docs:
sudo certbot --apache -d example.com
After that, your app will be accessible at the domain you configured and served via HTTPS.
I'm not sure if it's possible what I'm trying to do but I have a few applications on multiple servers. I have one server for gitlab, one for jenkins and one for sonarqube. I want to be able to navigate to them by using my domain as follows:
gitlab > https:// git.mydomain.com
jenkins > https:// jenkins.mydomain.com
sonarqube > http:// sonar.mydomain.com
What I'm trying to do is setup a reverse proxy with apache2 on a 4th server that runs independent from the applications. Here is what I tried to do:
<VirtualHost *:80>
ServerName http:// mydomain.com
ProxyPass http:// sonar.mydomain.com/ http:// sonar.mydomain.com:9000/
ProxyPassReverse http:// sonar.mydomain.com http:// sonar.mydomain.com:9000/
ProxyPass http:// jenkins.mydomain.com/ https:// jenkins.mydomain.com:8081/
ProxyPassReverse http:// jenkins.mydomain.com/ https:// jenkins.mydomain.com:8081/
</VirtualHost>
When I do it this way it won't work it will just go to the apache default page. What I did try is doing it with / and I noticed that it won't work with https:// extentions no matter in what way I try to set it. Is there a way to get this working?
and is it possible to set the proxy up the way I want?
Just create three name-based virtualhosts and use "/" as the first parameter for ProxyPass. Each vhost proxies to the corrsponding app.
We have an existing domain name
(ex. webdev.com)
located in hostgator and we have a server in AWS. We wanted to use the domain name that we bought from hostgator
(webdev.com)
in our AWS server.
What we did was, in hostgator we created a DNS (project1.webdev.com) and the address is pointing to our AWS server(ex 150.12.1.0). In our AWS, we deploy the project1 under port 4000.
Now if we access the
project1.webdev.com
we end up to the default apache page. How could we route it to our port 4000 so that everytime we access project1.webdev.com it pointed to our
150.12.1.0:4000
project.
here is our virtual host config:
<VirtualHost *:4000>
ServerName project1.webdev.com
ServerAdmin webmaster#dummy-host.example.com
DocumentRoot "/var/www/html/project1/web"
<Directory "/var/www/html/project1/web">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/4000-error_log
CustomLog ${APACHE_LOG_DIR}/4000-access_log common
We have looked for several information but we did not find any possible solution. Looking forward for your help.
Thanks
You're confusing DNS, which has to do with IP addressing, with ports, which have nothing to do with DNS. DNS only deals with converting between human-readable names and IP addresses. DNS does not provide any sort of provision to perform a task like "when a user wants to make an HTTP request use port 4000 instead of port 80".
If your service is listening on port 4000 but you're using the HTTP protocol (which always uses port 80 by default) then you will need to deal with this in one of the following ways:
Require all URL's to explicitly specify port 4000, for example: http://project1.webdev.com:4000
Change your VirtualHost definition to listen on port 80 instead of 4000
Add a new VirtualHost definition in Apache for port 80 that proxies all requests to port 4000
Sharing you the solution we made. Thanks to #Bruce for helping us out. As what he suggested in the comments above, we will create a virtual host porting to 80(which is the default of apache). Then we will route the port 80 to our specific project.
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerName project1.webdev.com
ServerAdmin webmaster#localhost
DocumentRoot "/var/www/html/project1/web"
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/project1-error.log
CustomLog ${APACHE_LOG_DIR}/project1-access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
If you have multiple DNS just create another instance of port 80 and route to the project.
Make sure that the Domain name in HostGator matches with the ServerName you created in the virtual host.
I am trying to call my xampp localhost from another computer's browser, I have changed host file at C:\Windows\System32\Drivers\etc by appending (192.168.1.105 localhost) at the end this file and save it and then restart computer, but I could not call my localhost from another computer.
Thanks
You need to access port forwarding in your router and forward port 80 only as TCP. Also, the host file code should look something like YOUR IP YOUR IP and not YOUR IP localhost. Furthermore, you need to edit httpd-vhosts.conf from apache folder in xampp instalation with something like that
<VirtualHost *:80>
ServerAdmin whatever#whatever.com
DocumentRoot "PATH TO YOUR FOLDER"
ServerName YOUR IP
ServerAlias YOUR IP
</VirtualHost>
After that you must restart apache in XAMPP control panel (MySQL not necessary)
THE SOLUTION ABOVE WILL LET YOU SEE YOUR CONTENT FROM ANYWHERE AS LONG AS YOUR LOCAL PC IS TURNED ON AND HAVE INTERNET CONNECTION. THE SOLUTION BELOW (I DIDN'T TEST IT, BUT I GUESS IT WILL WORK) WILL LET YOU ACCESS YOUR CONTENT FROM LOCAL NETWORK ONLY.
edit your httpd-xampp.conf file as following and after that you should probably need to perform a browser cache cleaning
# New XAMPP security concept
#
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
#Deny from all
#Allow from 127.0.0.0/8
Allow from all
ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>
When you add 192.168.1.105 localhost on the other PC (the one you want to use to view your website), it will look for a website on the same machine. Delete the entry from the hosts file and enter the IP address in your browser and it should work if the webserver is running.