I am trying to deploy a web application which is deployed in port 80 and I am able to access the website from www.ajaykalkoti.space and http://ajaykalkoti.space .
If I try to access the https://ajaykalkoti.space It returns 403 Error.The Request could not be satisfied.What should be my entry in Route 53.I have attached a screenshot of the below entries.
I am not using Load Balancer as I guess it gets charged.
Please guide me.
Route 53 Table
A Record
Use this AWS guide:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html
And you should configure 443 port in /etc/httpd/conf.d/ssl.conf:
Listen 443
<VirtualHost *:443>
ServerName ajaykalkoti.space
ErrorLog /var/log/httpd/ssl.error.log
CustomLog /var/log/httpd/ssl.log combined
SSLEngine on
SSLCertificateFile PATH_TO_CERT.crt
SSLCertificateKeyFile PATH_TO_KEY.key
SSLCertificateChainFile PATH_TO_CHAIN.ca-bundle
SSLProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2
SSLProxyProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLProxyCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
as example
And enable 443 port in instance security group
Related
I’ll just briefly explain what I have and what I’d like.
On same server I have a service which has also a web gui on http port 9091 for example. The service does not have a option to change the config to https within the app.
I also have apache on that server for snmp traps graphs. So I’d like to use that apache as a https proxy, so communication to apache is https, from apache to that mentioned web plain http.
Client <-> https proxy <-> http web ui
I don’t want just redirect.
Can you advise me a simple solution. Not lucky yet with search.
Thank you!
Mario
Worked with
<VirtualHost *:8843>
ServerName xxx
ServerAdmin webmaster#localhost
# DocumentRoot /var/www/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine On
# Set the path to SSL certificate
# Usage: SSLCertificateFile /path/to/cert.pem
SSLCertificateFile /xxx.crt
SSLCertificateKeyFile /XXX.key
ProxyPreserveHost On
ProxyPass /transmission http://localhost:9091/transmission
ProxyPassReverse /transmission http://localhost:9091/transmission
I'm trying to connect to my websockets server from outside the local network. I deployed a web app based on Laravel, everything works fine when developing locally, but deploying the app to my Raspberry Pi won't let my websockets server work. The problem might be with my Apache config, but I'm not sure. I'm using a Let's Encrypt certificate, so everything is configured as it should in Laravel and in Apache.
The browser can reach the websockets server, but at websocket's console messages it says this: Error during WebSocket handshake: Invalid status line.
It looks like the Websocket server is not returning a 101 code, but I don't know how to debug or fix this. I'm using the 443 port for websockets, so this is my Apache config:
<VirtualHost *:443>
ServerName drink.myhost.org
ServerAlias www.drink.myhost.org
# WEBSOCKETS CONFIG
ProxyRequests off
ProxyPass "/app/ABCFEDG" "ws://127.0.0.1:6001"
ProxyPass "/app/ABCFEDG" "wss://127.0.0.1:6001"
ProxyPassReverse "/app/ABCFEDG" "ws://127.0.0.1:6001/app/ABCFEDG"
ProxyPassReverse "/app/ABCFEDG" "wss://127.0.0.1:6001/app/ABCFEDG"
ServerAdmin webmaster#drink.myhost.org
DocumentRoot /var/www/html/drink/public
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/drink.myhost.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/drink.myhost.org/privkey.pem
</VirtualHost>
I am running a Node.JS HTTP server on an Amazon EC2 instance.
My IP address and port are 54.169.62.98:7001. How do I point my Godaddy domain to this IP and port?
Is it possible to use a port other than 80?
Yes, simple.
Go to godady DNS manager and add a type A record pointing to your ip address like bellow.
Then go to your aws-ec2 console and add a custom inbound TCP rule under your AWS security group like bellow.
Open firewall for 7001/tcp on your server sudo ufw allow 7001/tcp
Run the node.js app on your server and then type 54.169.62.98:7001 on your browser
Good luck!
Some protocols such as XMPP can use SRV records, which does allow you to publish the port used. However, in the general case, especially web traffic, you can't point an A record to a TCP port.
It sounds like you would want to either get Node to listen on port 80, or install a reverse proxy (such as Nginx) on your EC2 instance to forward traffic on port 80 to 127.0.0.1:7001. There's a simple guide here.
Yes, you can point any instance of AWS via GoDaddy domain. You have to save A record for hit your instance via host # and point to your IP(54.169.62.98), after this you can hit you IP but not port 7001, for port distribution you will have to some config some file.
for Virtual host
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName www.example.org
ServerAlias example.org
Redirect permanent / https://example.org/
</VirtualHost>
For ssl config
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName example.org
DocumentRoot /var/www/html
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:7001/
ProxyPassReverse / http://localhost:7001/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /home/ubuntu/today.crt
SSLCertificateKeyFile /home/ubuntu/today.key
SSLCertificateChainFile /home/ubuntu/intermediate.crt
SSLCACertificateFile /home/ubuntu/intermediate.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
I am trying to use Apache as a reverse proxy to my Jetty server running cometd.
My setup is working like this:
Apache(HTTPS) --> Jetty(HTTP)
Here is the Apache conf file
<VirtualHost *:443>
ServerAdmin xxx#domain.com
ServerName y.domain.com
ProxyPass / http://localhost:8888/
ProxyPassReverse / http://localhost:8888/
ProxyPass /ws/ ws://localhost:8888/
ProxyPass /wss/ wss://localhost:8888/
ProxyRequests Off
ProxyVia On
Timeout 1500
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<Proxy *>
Order deny,allow
Deny from all
Allow from all
</Proxy>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/localhost.crt
SSLCertificateKeyFile /etc/apache2/ssl/localhost.key
SSLCertificateChainFile /etc/apache2/ssl/ca.crt
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
</VirtualHost>
On the client I'm using cometd.js.
However I'm getting this error on the client during handshake
Error during WebSocket handshake: Unexpected response code: 400
The address is wss://y.domain.com
After that the client is trying again and site is up - but I'm afraid the handshake is with long polling...
What am I missing?
Ordering of ProxyPass directive matters
The configured ProxyPass and ProxyPassMatch rules are checked in the order of configuration. The first rule that matches wins.
http://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass
I've just installed Jenkins on an EC2 machine. Jenkins is served via Apache with SSL on port 443. I haven't bought a certificate yet, so the https connection is insecure.
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName my_host_name
ServerAlias ci
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
ProxyRequests Off
ProxyPreserveHost off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
<Proxy http://localhost:8080/*>
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>
Jenkins refused to update my plugins. I've checked the URL at Manage Jenkins → Manage Plugins → advanced, and it was http://updates.jenkins-ci.org/update-center.json. I've tried downloading the file from curl at the server and it was downloaded without problems.
Why can't Jenkins download the json file for the updates?
This was fixed by using the secure coutnerpart for the url
https://updates.jenkins-ci.org/update-center.json
Instead of:
http://updates.jenkins-ci.org/update-center.json