I followed these tutorials.
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04, without the step 5.
https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04, without the, "(Recommended) Modify the Unencrypted Virtual Host File to Redirect to HTTPS" part.
I put ServerName server_domain_or_IP with http://XXX.XXX.XXX.XXX:1234.
What I have now.
http://XXX.XXX.XXX.XXX:1234 goes to my web application. I need SSL to access webcam.
https://XXX.XXX.XXX.XXX goes to Apache default screen after warning, which is expected.
https://XXX.XXX.XXX.XXX:1234 goes Chrome error page of This site can’t provide a secure connection.
I need to have access to https://XXX.XXX.XXX.XXX:1234 what went wrong and what should I do?
EDIT, More details.
Fresh install with SSH attached into the droplet (Ubuntu LTS 16.04).
ssh root#xxx:xxx:xxx:xxx.
adduser notalentgeek.
usermod -aG sudo notalentgeek.
su notalentgeek.
Now I am on the newly created user notalentgeek.
Move into "How To Create a Self-Signed SSL Certificate for Apache in Ubuntu 16.04" tutorial.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt.
In the form I put everything as "asd" (any arbitrary thing in my mind, are these matters). Except for "Common Name (e.g. server FQDN or YOUR name) []:" is to ip of xxx:xxx:xxx:xxx.
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 and wait for a while.
sudo nano /etc/apache2/conf-available/ssl-params.conf.
Copy paste the settings from the tutorial (StackOverflow code formatting does not working here!).
from https://cipherli.st/
and https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Disable preloading HSTS for now. You can use the commented out header line that includes
the "preload" directive if you understand the implications.
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
Requires Apache >= 2.4
SSLCompression off
SSLSessionTickets Off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"
sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf.bak to create backup.
sudo nano /etc/apache2/sites-available/default-ssl.conf.
ServerAdmin asd#asd.com
ServerName xxx:xxx:xxx:xxx
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
sudo ufw app list, adjusting fire wall. I just put whatever codes they put there.
sudo ufw status.
sudo ufw allow 'Apache Full'.
sudo ufw delete allow 'Apache'.
sudo ufw status.
sudo a2enmod ssl.
sudo a2enmod headers.
sudo a2ensite default-ssl.
sudo a2enconf ssl-params.
sudo apache2ctl configtest, there is no warning appeared in my case. But, in the tutorial it may have warning. This command returns, Syntax OK.
Testing server as I mentioned before, https://xxx.xxx.xxx.xxx works, but https://xxx.xxx.xxx.xxx:5000 does not (5000 is my port for Flask.).
sudo nano /etc/apache2/sites-available/000-default.conf
Add Redirect permanent "/" "https://xxx.xxx.xxx.xxx:5000/".
sudo apache2ctl configtest results in Syntax OK.
sudo systemctl restart apache2.
This the launch from my Flask App.
WebSocket transport not available. Install eventlet or gevent and gevent-websocket for improved performance.
* Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
Going to http://xxx.xxx.xxx.xxx:5000/, where xxx.xxx.xxx.xxx is the IP of DigitalOcean Droplet refer to my web app successfully. But web app needs access to webcam and microphone.
Following other tutorial, https://www.digitalocean.com/community/tutorials/how-to-deploy-a-flask-application-on-an-ubuntu-vps.
sudo apt-get install libapache2-mod-wsgi python-dev.
sudo a2enmod wsgi.
cd /var/www.
sudo mkdir FlaskApp.
cd FlaskApp.
git clone https://github.com/notalentgeek/my_app --depth 1.
cd my_app.
Installing, pip3 and virtualenv. Running from http is still fine!
sudo nano /etc/apache2/sites-available/FlaskApp.conf (formatting also does not working!).
ServerName https://xxx.xxx.xxx.xxx:5000/
ServerAdmin asd#asd.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
Order allow,deny
Allow from all
Alias /static /var/www/FlaskApp/my_app/static
Order allow,deny
Allow from all
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
sudo a2ensite FlaskApp.
cd /var/www/FlaskApp.
sudo nano flaskapp.wsgi.
sudo service apache2 restart, the tutorial says that would be a warning message. but I did not get any.
sudo python3 -B my_app.py results in these.
WebSocket transport not available. Install eventlet or gevent and gevent-websocket for improved performance.
* Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
In http all work but not https.
Some of the codes has ## make the indent-to-code in StackOverflow does not working. Here is the raw from PasteBin, https://pastebin.com/iShsHjCX.
This thing solved me, can you add HTTPS functionality to a python flask web server?. It is more in the Flask side rather than anything else.
Related
My web server is set up like this:
AWS EC2 Linux AMI
Apache 2.4
PHP 7
MySQL
Certbot is giving me an error like this when I try to run it:
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
I've looked at other answers people posted on their blogs etc... but they were were not specifically for the EC2 Linux AMI or were made more complicated than they need be.
Most of them seem to have something to do with /sites-available or enabled... but the main .conf file already has a line in it that points to additional .conf files. No need to add a line there.
This all assumes that you have Apache 2.4 installed and are trying to install Certbot.
Make sure A record is set to your IP address in DNS.
cd /etc/httpd/conf.d
sudo nano yourDomainName.conf
Paste, edit, and save the following:
<VirtualHost *:80>
ServerName yourDomainName.com
DocumentRoot /var/www/html
ServerAlias www.yourDomainName.com
ErrorLog /var/www/error.log
CustomLog /var/www/requests.log combined
</VirtualHost>
.
sudo service httpd restart
And with this you should see the virtual host:
httpd -D DUMP_VHOSTS
To install certbot:
cd ~/downloads
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
sudo certbot-auto --apache --debug
Try option 1, "spin up a temporary web server"
I had running nginx on port 80, even setup xamp on port 80, curl on port 80 worked, but it could not find server at localhost
A probable issue with certbot trying to setup and authenticate host with existing servers.
Use of temporary webserver (option 1) worked, ensure no service is running on port 80
I have no httpd service, so I have know such directory and file.
But thanks for the advice before I found the file mydomain.conf in the directory
(in your case you should replace mydomain
/etc/apache2/sites-available and I modified it as it was advised above
sudo nano /etc/apache2/sites-available/mydomain.conf
<VirtualHost *:80> DocumentRoot /var/www/mydomain ServerName mydomain </VirtualHost>
then check for correct
sudo apache2ctl configtest
then restart apache
systemctl reload apache2
and then run certbot
certbot --apache -d mydomain
I have generated my app using Jhipster. Configured it to run on amazon ec2 with Ubuntu 16.x and apache with following configuration and godaddy a record. When I hit the website url it maps and renders the site without any issues.
apache2 configuration
<VirtualHost *:80>
ServerName 111.22.33.444
ProxyPreserveHost On
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://111.22.33.444:8080/
ProxyPassReverse / http://111.22.33.444:8080/
</VirtualHost>
Nest step, trying to configure SSL. I have bought the SSL from godaddy for my domain, configured it and uploaded the *.crt files into /etc/apache2/ssl. I quickly realized just by adding another virtual host configuration for port 443 will not work because JHipster app is running on 8080. I went back and looked at https://www.jhipster.tech/production/ and they have instructions for configuring SSL with HTTPS configuration with a front-end proxy and this where I got lost and am unable to configure SSL and serve up my domain on https.
What is not clear is can I still run the app on 8080 and simply follow the instructions under HTTPS configuration with a front-end proxy? First, I configured apache using "lets encrypt" using the following command
sudo certbot --apache -d doamin.com --agree-tos -m info#domain.com --redirect
it failed saying
Failed redirect for domain.com
Unable to set enhancement redirect for domain.com
It didn't work.
What are the changes for Jhipster application that I need to do? Should it run on 443 or continue to run 8080 and update virtual host configuration? How should i configure virtual host?
I have searched high and low with no instructions. Any direction is much appreciated.
Assuming your app is available at http://127.0.0.1:8080/, you can successfully configure Apache for HTTPS with Certbot by following the below steps.
Setup server with:
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache apache2
Start with the config:
<VirtualHost *:80>
ServerName example.com
ServerAlias example.com
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
ProxyPreserveHost On
ProxyRequests Off
</VirtualHost>
Enable plugins and restart Apache2, making the app accessible at the domain configured above:
a2enmod headers proxy proxy_http
service apache2 restart
Then run certbot with the instructions in the docs:
sudo certbot --apache -d example.com
After that, your app will be accessible at the domain you configured and served via HTTPS.
Xcode Server that comes with Xcode 9 now automatically generates SSL certificates for communication between server and clients. It also uses this certificate when communicating with the Xcode Server REST API. Is there a way to specify or replace the autogenerated keys and use a certificate from a trusted third party (like LetsEncrypt)?
The apache configuration file located at
/Library/Developer/XcodeServer/Configuration/httpd_os_xcs.conf
contains this information:
Listen 443
<VirtualHost *:443>
# Xcode Server uses its own self-signed certificates
# only if no other SSL configurations for Apache have been found
<IfModule !ssl_module>
LoadModule ssl_module libexec/apache2/mod_ssl.so
SSLEngine on
SSLCertificateFile /Library/Developer/XcodeServer/Certificates/apache.crt
SSLCertificateKeyFile /Library/Developer/XcodeServer/Certificates/apache.key
</IfModule>
[...]
<IfModule mod_proxy.c>
SSLProxyEngine On
SSLProxyCheckPeerCN Off
ProxyPass /xcode/internal/api https://127.0.0.1:20343/api retry=0 timeout=30
ProxyPassReverse /xcode/internal/api https://127.0.0.1:20343/api
ProxyPass /xcode/internal/socket.io https://127.0.0.1:20343/socket.io retry=0 timeout=30
ProxyPassReverse /xcode/internal/socket.io https://127.0.0.1:20343/socket.io
</IfModule>
[...]
</VirtualHost>
I believe the certificate is also part of the apache.keychain file found at
/Library/Developer/XcodeServer/Keychains/apache.keychain
but I haven't been able to verify that.
Every time the Xcode Server service is started in Xcode, the apache.{crt/key} files as well as the httpd_os_xcs.conf files are overwritten, so simple replacing/modifying these files does not appear to be an option.
The only way forward I can see is to implement some other SSL configuration as suggested in the http_os_xcs.conf file, but I can't seem to get that to work either.
Any suggestions or solutions are greatly appreciated.
This is what worked for me on macOS Mojave (10.14).
Installing the certificate via the Server app
Install the "Server" app from the App Store (version 5.8)
Generate a server certificate request from the Server app for your domain
Send the request file to certificate provider to obtain a certificate
From the Server app import the certificate and set it in the dropdown "Secure services using"
These steps could be done in some other way, but initially I wanted to use a "blessed" macOS way, and then the problems started :)
I wanted to use this certificate directly by the system Apache (which is what serves the https://example.com/xcode page), but the documentation is lacking, the only thing I've found is this migration guide
where they speak about mod_secure_transport, which should be used instead of mod_ssl.
This guide assumes that it is already configured, but mod_secure_transport is not present in the default Mojave Apache configs (those reside in /etc/apache2).
So let's do it manually the old-school way:
Preparing the Apache certificate files manually
Copy your certificate file to /etc/apache2/server.crt
Find your certificate in Keychain app, and export your certificate private key in p12 format from there.
Convert your private key to the format expected by Apache:
openssl pkcs12 -in exported_private_key.p12 -nodes -out server.key -nocerts
Copy server.key to /etc/apache2/server.key
Configuring Apache manually
In /etc/apache2/httpd.conf :
Uncomment these lines:
LoadModule ssl_module libexec/apache2/mod_ssl.so
...
LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so
Find "IfModule ssl_module" section and add:
SSLCertificateFile "/private/etc/apache2/server.crt"
SSLCertificateKeyFile "/private/etc/apache2/server.key"
Test the config:
sudo apachectl configtest
Restart:
sudo apachectl restart
If all is good, it is ready, and you can observe the result at https://example.com/xcode
I Installed Laravel 4 on Ubuntu 12.04, I follow these steps from -
http://www.dev-metal.com/install-laravel-4-ubuntu-12-04-lts/
www.dev-metal.com/install-laravel-4-ubuntu-12-04-lts/
Activate mod_rewrite
Install the mod_rewrite module (or extension or whatever it is) and restart the Apache:
sudo a2enmod rewrite
sudo service apache2 restart
Open the default vhost config file:
sudo nano /etc/apache2/sites-available/default
DocumentRoot /var/www
<Directory /var/www>
and change them to
DocumentRoot /var/www/public
<Directory /var/www/public>
than Install Laravel 4
cd /var/www
wget https://github.com/laravel/laravel/archive/master.zip
unzip master.zip && cd laravel-master/ && mv * ../ && cd ..
rm -r laravel-master && rm master.zip
Run the installation with Composer by
composer install
and restart the server:
sudo service apache2 restart
than successfully installed and message :
but when I'm trying to run another web project for example
http://localhost/demo
than error comes like :
Not Found
The requested URL /demo was not found on this server.
Apache/2.2.22 (Ubuntu) Server at localhost Port 80
Add the following to your apache directory configuration.
AllowOverride All
go to the httpd.conf file of the server and remove hash (comment tag) from line showing below
LoadModule rewrite_module modules/mod_rewrite.so
it may be created from server side.
That is because your DocumentRoot is now set to /var/www/public which, i think where your problem is. Try putting your demo project folder inside the public folder then, try again. If it is a route, add it to /app/routes.php
I installed Apache2 and Tomcat7 on Amazon EC2 Ubuntu12.04 using command:
sudo apt-get install apache2
sudo apt-get install tomcat7
Now for tomcat
CATALINA_HOME is /usr/share/tomcat7 (bin and lib folders of tomcat)
CATALINA_BASE is /var/lib/tomcat7 (webapps folder is in there)
For Apache
Apache modules : /etc/apache2/mods-enabled
virtual hosts : /etc/apache2/sites-enabled
configuration file : /etc/apache2/apache2.conf
Apache configuration file httpd.conf is empty.
How can I redirect all request from Apache2 to Tomcat7?
Means for Example if I enter 10.121.143.116:80 in browser, it will hit 10.121.143.116:8080
Kindly suggest as I am finding on google since last 2 months and found too many solutions all mix up and not able to understand single best working solution.
Hope this will help.
First, create sampleweb file in /etc/apache2/sites-available
sudo touch /etc/apache2/sites-available/proxy_your_sampleweb
Second, add the following in above sampleweb host file.
sudo vi /etc/apache2/sites-available/proxy_your_sampleweb
#For forwarding everything
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
Third, enable sampleweb site
sudo a2ensite proxy_your_sampleweb
Forth, reload apache2 configuration
sudo service apache2 reload
Fifth, access your tomcat app using 80 port.
http://<>/
if you want to redirect only specific context like sampleweb, you can customise the above to limit only your sampleweb request to tomcat.
sudo vi /etc/apache2/sites-available/proxy_your_sampleweb
#For forwarding only required contexts
ProxyRequests Off
ProxyPass /sampleweb http://localhost:8080/sampleweb
ProxyPassReverse /sampleweb http://localhost:8080/sampleweb