I have generated my app using Jhipster. Configured it to run on amazon ec2 with Ubuntu 16.x and apache with following configuration and godaddy a record. When I hit the website url it maps and renders the site without any issues.
apache2 configuration
<VirtualHost *:80>
ServerName 111.22.33.444
ProxyPreserveHost On
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://111.22.33.444:8080/
ProxyPassReverse / http://111.22.33.444:8080/
</VirtualHost>
Nest step, trying to configure SSL. I have bought the SSL from godaddy for my domain, configured it and uploaded the *.crt files into /etc/apache2/ssl. I quickly realized just by adding another virtual host configuration for port 443 will not work because JHipster app is running on 8080. I went back and looked at https://www.jhipster.tech/production/ and they have instructions for configuring SSL with HTTPS configuration with a front-end proxy and this where I got lost and am unable to configure SSL and serve up my domain on https.
What is not clear is can I still run the app on 8080 and simply follow the instructions under HTTPS configuration with a front-end proxy? First, I configured apache using "lets encrypt" using the following command
sudo certbot --apache -d doamin.com --agree-tos -m info#domain.com --redirect
it failed saying
Failed redirect for domain.com
Unable to set enhancement redirect for domain.com
It didn't work.
What are the changes for Jhipster application that I need to do? Should it run on 443 or continue to run 8080 and update virtual host configuration? How should i configure virtual host?
I have searched high and low with no instructions. Any direction is much appreciated.
Assuming your app is available at http://127.0.0.1:8080/, you can successfully configure Apache for HTTPS with Certbot by following the below steps.
Setup server with:
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache apache2
Start with the config:
<VirtualHost *:80>
ServerName example.com
ServerAlias example.com
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
ProxyPreserveHost On
ProxyRequests Off
</VirtualHost>
Enable plugins and restart Apache2, making the app accessible at the domain configured above:
a2enmod headers proxy proxy_http
service apache2 restart
Then run certbot with the instructions in the docs:
sudo certbot --apache -d example.com
After that, your app will be accessible at the domain you configured and served via HTTPS.
Related
Keycloak is running on Docker image jboss/keycloak and environment variable PROXY_ADDRESS_FORWARDING is set to true. I would like to setup Keycloak behind Apache2 webserver as subresource. When I my Apache configuration is:
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
I have access to KeyCloak, however I'm loosing access to another resources on the server, for example /panel or /wordpress. I've tried to do the following:
ProxyPass /keycloak/ http://127.0.0.1:8080/
ProxyPassReverse /keycloak/ http://127.0.0.1:8080/
But with above configuration I'm redirected to /auth on a server instead of Keycloak's auth.
Could you help me to configure Keycloak as a subresource on Apache2 webserver?
I found a way to make it work. I created the following Dockerfile:
FROM jboss/keycloak
RUN sed -i -e 's/<web-context>auth<\/web-context>/<web-context>keycloak\/auth<\/web-context>/' $JBOSS_HOME/standalone/configuration/standalone-ha.xml
after rebuilding an image I've changed my Apache2 configuration as follows:
ProxyPass /keycloak/ http://127.0.0.1:8080/keycloak/
ProxyPassReverse /keycloak/ http://127.0.0.1:8080/keycloak/
Now KeyCloak works from the same domain as a subresource.
My web server is set up like this:
AWS EC2 Linux AMI
Apache 2.4
PHP 7
MySQL
Certbot is giving me an error like this when I try to run it:
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
I've looked at other answers people posted on their blogs etc... but they were were not specifically for the EC2 Linux AMI or were made more complicated than they need be.
Most of them seem to have something to do with /sites-available or enabled... but the main .conf file already has a line in it that points to additional .conf files. No need to add a line there.
This all assumes that you have Apache 2.4 installed and are trying to install Certbot.
Make sure A record is set to your IP address in DNS.
cd /etc/httpd/conf.d
sudo nano yourDomainName.conf
Paste, edit, and save the following:
<VirtualHost *:80>
ServerName yourDomainName.com
DocumentRoot /var/www/html
ServerAlias www.yourDomainName.com
ErrorLog /var/www/error.log
CustomLog /var/www/requests.log combined
</VirtualHost>
.
sudo service httpd restart
And with this you should see the virtual host:
httpd -D DUMP_VHOSTS
To install certbot:
cd ~/downloads
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
sudo certbot-auto --apache --debug
Try option 1, "spin up a temporary web server"
I had running nginx on port 80, even setup xamp on port 80, curl on port 80 worked, but it could not find server at localhost
A probable issue with certbot trying to setup and authenticate host with existing servers.
Use of temporary webserver (option 1) worked, ensure no service is running on port 80
I have no httpd service, so I have know such directory and file.
But thanks for the advice before I found the file mydomain.conf in the directory
(in your case you should replace mydomain
/etc/apache2/sites-available and I modified it as it was advised above
sudo nano /etc/apache2/sites-available/mydomain.conf
<VirtualHost *:80> DocumentRoot /var/www/mydomain ServerName mydomain </VirtualHost>
then check for correct
sudo apache2ctl configtest
then restart apache
systemctl reload apache2
and then run certbot
certbot --apache -d mydomain
I followed these tutorials.
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04, without the step 5.
https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04, without the, "(Recommended) Modify the Unencrypted Virtual Host File to Redirect to HTTPS" part.
I put ServerName server_domain_or_IP with http://XXX.XXX.XXX.XXX:1234.
What I have now.
http://XXX.XXX.XXX.XXX:1234 goes to my web application. I need SSL to access webcam.
https://XXX.XXX.XXX.XXX goes to Apache default screen after warning, which is expected.
https://XXX.XXX.XXX.XXX:1234 goes Chrome error page of This site can’t provide a secure connection.
I need to have access to https://XXX.XXX.XXX.XXX:1234 what went wrong and what should I do?
EDIT, More details.
Fresh install with SSH attached into the droplet (Ubuntu LTS 16.04).
ssh root#xxx:xxx:xxx:xxx.
adduser notalentgeek.
usermod -aG sudo notalentgeek.
su notalentgeek.
Now I am on the newly created user notalentgeek.
Move into "How To Create a Self-Signed SSL Certificate for Apache in Ubuntu 16.04" tutorial.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt.
In the form I put everything as "asd" (any arbitrary thing in my mind, are these matters). Except for "Common Name (e.g. server FQDN or YOUR name) []:" is to ip of xxx:xxx:xxx:xxx.
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 and wait for a while.
sudo nano /etc/apache2/conf-available/ssl-params.conf.
Copy paste the settings from the tutorial (StackOverflow code formatting does not working here!).
from https://cipherli.st/
and https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Disable preloading HSTS for now. You can use the commented out header line that includes
the "preload" directive if you understand the implications.
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
Requires Apache >= 2.4
SSLCompression off
SSLSessionTickets Off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"
sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf.bak to create backup.
sudo nano /etc/apache2/sites-available/default-ssl.conf.
ServerAdmin asd#asd.com
ServerName xxx:xxx:xxx:xxx
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
sudo ufw app list, adjusting fire wall. I just put whatever codes they put there.
sudo ufw status.
sudo ufw allow 'Apache Full'.
sudo ufw delete allow 'Apache'.
sudo ufw status.
sudo a2enmod ssl.
sudo a2enmod headers.
sudo a2ensite default-ssl.
sudo a2enconf ssl-params.
sudo apache2ctl configtest, there is no warning appeared in my case. But, in the tutorial it may have warning. This command returns, Syntax OK.
Testing server as I mentioned before, https://xxx.xxx.xxx.xxx works, but https://xxx.xxx.xxx.xxx:5000 does not (5000 is my port for Flask.).
sudo nano /etc/apache2/sites-available/000-default.conf
Add Redirect permanent "/" "https://xxx.xxx.xxx.xxx:5000/".
sudo apache2ctl configtest results in Syntax OK.
sudo systemctl restart apache2.
This the launch from my Flask App.
WebSocket transport not available. Install eventlet or gevent and gevent-websocket for improved performance.
* Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
Going to http://xxx.xxx.xxx.xxx:5000/, where xxx.xxx.xxx.xxx is the IP of DigitalOcean Droplet refer to my web app successfully. But web app needs access to webcam and microphone.
Following other tutorial, https://www.digitalocean.com/community/tutorials/how-to-deploy-a-flask-application-on-an-ubuntu-vps.
sudo apt-get install libapache2-mod-wsgi python-dev.
sudo a2enmod wsgi.
cd /var/www.
sudo mkdir FlaskApp.
cd FlaskApp.
git clone https://github.com/notalentgeek/my_app --depth 1.
cd my_app.
Installing, pip3 and virtualenv. Running from http is still fine!
sudo nano /etc/apache2/sites-available/FlaskApp.conf (formatting also does not working!).
ServerName https://xxx.xxx.xxx.xxx:5000/
ServerAdmin asd#asd.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
Order allow,deny
Allow from all
Alias /static /var/www/FlaskApp/my_app/static
Order allow,deny
Allow from all
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
sudo a2ensite FlaskApp.
cd /var/www/FlaskApp.
sudo nano flaskapp.wsgi.
sudo service apache2 restart, the tutorial says that would be a warning message. but I did not get any.
sudo python3 -B my_app.py results in these.
WebSocket transport not available. Install eventlet or gevent and gevent-websocket for improved performance.
* Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
In http all work but not https.
Some of the codes has ## make the indent-to-code in StackOverflow does not working. Here is the raw from PasteBin, https://pastebin.com/iShsHjCX.
This thing solved me, can you add HTTPS functionality to a python flask web server?. It is more in the Flask side rather than anything else.
I installed Apache2 and Tomcat7 on Amazon EC2 Ubuntu12.04 using command:
sudo apt-get install apache2
sudo apt-get install tomcat7
Now for tomcat
CATALINA_HOME is /usr/share/tomcat7 (bin and lib folders of tomcat)
CATALINA_BASE is /var/lib/tomcat7 (webapps folder is in there)
For Apache
Apache modules : /etc/apache2/mods-enabled
virtual hosts : /etc/apache2/sites-enabled
configuration file : /etc/apache2/apache2.conf
Apache configuration file httpd.conf is empty.
How can I redirect all request from Apache2 to Tomcat7?
Means for Example if I enter 10.121.143.116:80 in browser, it will hit 10.121.143.116:8080
Kindly suggest as I am finding on google since last 2 months and found too many solutions all mix up and not able to understand single best working solution.
Hope this will help.
First, create sampleweb file in /etc/apache2/sites-available
sudo touch /etc/apache2/sites-available/proxy_your_sampleweb
Second, add the following in above sampleweb host file.
sudo vi /etc/apache2/sites-available/proxy_your_sampleweb
#For forwarding everything
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
Third, enable sampleweb site
sudo a2ensite proxy_your_sampleweb
Forth, reload apache2 configuration
sudo service apache2 reload
Fifth, access your tomcat app using 80 port.
http://<>/
if you want to redirect only specific context like sampleweb, you can customise the above to limit only your sampleweb request to tomcat.
sudo vi /etc/apache2/sites-available/proxy_your_sampleweb
#For forwarding only required contexts
ProxyRequests Off
ProxyPass /sampleweb http://localhost:8080/sampleweb
ProxyPassReverse /sampleweb http://localhost:8080/sampleweb
Using Ruby and Thin as a web service. Apache is also loaded. Can't access the web service because listing ports, such as :3000 or :6600, in the GET url is not allowed. How is the port requirement removed?
Use Apache ProxyPass.
cd /etc/apache2/sites-enabled/
sudo vi 000-default
Edit Lines:
ServerAdmin webmaster#localhost
ProxyPass /breakfast http://localhost:4567/breakfast
DocumentRoot /var/www
sudo /etc/init.d/apache2 restart
If you're talking about Apache HTTPD, either leave off the port, or specify "80" for the port.
If you're talking about Apache Tomcat, you'll need to set up an HTTP Connector with port=80, but Tomcat will need to be launched as root.