I am setting up a LAMP app in a docker container hosted in ubuntu. I am a docker noob
I generated the CSR on the server that is hosting the docker container that has the public IP and domain i am using.
In my Docker file I have
COPY ./dev.key /etc/apache2/ssl/dev.key
COPY ./dev.combined /etc/apache2/ssl/dev.combined
Then in the apache.conf i have
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/dev.combined
SSLCertificateKeyFile /etc/apache2/ssl/dev.key
ServerAdmin admin#localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
The problem is when i try to start apache I get the error:
AH02565: Certificate and private key 127.0.0.1:443:0
from /etc/apache2/ssl/dev.combined and /etc/apache2/ssl/dev.key do not
match AH00016: Configuration Failed
There is something i am not understanding in configuring this docker image.
The Domain has a real public IP , so the CSR and Cert need to point to this IP.
Am I setting up something incorrectly in Docker so it thinks it is running 127.0.0.1 and not the IP i need?
Thanks for any help. I am in way over my head.
I found the solution.
I was close. I had to make a couple of changes
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/dev.crt
SSLCertificateKeyFile /etc/apache2/ssl/dev.key
SSLCertificateChainFile /etc/apache2/ssl/dev.ca-bundle
But the thing that fixed the 'Certificate and private' error..
I had to add my domain in my /etc/host on the server that hosted the docker
127.0.0.1 mydomain.dev localhost
Related
I have a Docker container running Apache that is currently listening to the port 80.
I am trying to run another website on the same server, using Apache natively this time, also listening to the port 80.
The problem is that I cannot have both applications listening to the same port (Docker and Apache).
Can I set up the server’s native Apache installation to redirect internally certain requests based on the domain name to my Docker container? For instance, Apache would listen to the port 80 and requests to mycontainer.com would be internally transferred to the port 9999 to which Docker would listen.
Yes, you can do that. The first time I wanted to test, this is the way I did and worked with no issue.
We have an Apache container running to port 80, and let us call another domain like mycontainer.com that we want to be accessible on port 80 too but we cannot.
No matter how do you run these containers, I mean by docker run or docker-compose, but the point is they should be in the same network.
Create a network called my_network:
docker network create my_network
I call the first Apache as main and the latter as the_name one.
So now let us run both in the same network:
docker run --name main --network my_network httpd
docker run --name the_name --network my_network another_image
Now you can exec into the the_name container and create a domain.conf file in Apache conf path with below contents:
<VirtualHost *:80>
ServerName mycontainer.com
ProxyPreserveHost On
ProxyPass "/" "http://the_name:9999/"
ProxyPassReverse "/" "http://the_name:9999/"
ProxyRequests Off
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
I Guess it is possible with Apache named virtual host and Proxy Pass.
You can try something like below. Just make sure you enabled apache mod_proxy.
NameVirtualHost *:80
<VirtualHost *:80>
ServerName app-running-in-docker-container.com
ErrorLog "var/log/container_error_log"
CustomLog "var/log/container_access_log" common
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:999
ProxyPassReverse / http://127.0.0.1:999
</VirtualHost>
<VirtualHost *:80>
ServerName app-running-natively.com
DocumentRoot /path/to/project/doc/root
ErrorLog "var/log/nativelyapp_error_log"
CustomLog "var/log/nativelyapp_access_log" common
</VirtualHost>
I have 2 docker containers, 1 running apache2 and 1 running a python api.
In non-https, I was able to make the connection such that requests on 80 are channeled to the docker container running the python api. When I enable HTTPS, requests come in as 400 (bad request).
Any help greatly appreciated. This is my virtual host file.
<VirtualHost *:443>
ServerName domain.com
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://172.17.0.1:8000/
ProxyPassReverse / http://172.17.0.1:8000/
SSLEngine on
SSLCertificateFile "/usr/local/apache2/conf/.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/.key"
</VirtualHost>
Apache logs should contain a more detailed error, however based on the configuration you posted, I would check if "/usr/local/apache2/conf/.crt" and "/usr/local/apache2/conf/.key" exists.
I have a Rails server (Apache/CentOS-backed) that's accessible at mydomain.com:3000, but I'd like it to be exposed at :80 so I can access it at just mydomain.com. As best I can tell, this should be done through Apache's httpd.conf file. Mine contains the following:
<VirtualHost *:80>
ServerAdmin my-email#gmail.com
#RailsEnv development
DocumentRoot /var/www/webapps/railsSite/public
ServerName mydomain.com
ErrorLog logs/mydomain.com-error_log
CustomLog logs/mydomain.com-access_log common
<directory /var/www/webapps/railsSite/public>
AllowOverride all
Options -MultiViews
</directory>
</VirtualHost>
Am I missing anything from this block?
I'm starting my server via the standard rails server command. I looked up starting it directly to :80 via rvmsudo rails server -p 80, but I get an error saying sudo: rails: command not found. Somehow, sudo's not able to find rails?
Thanks for any help!
I have a server running a rails 3.2 application. It has thin server running on port 3000, apache(proxy) server running on 443.
Is it possible that if I try to host another rails application on the same server by creating a folder under /www and make it run on port 3002 or any other and then another apache for proxy on some other port ?
The new rails app that I have created is in Rails 4 with Ruby 2.0
Please guide.
Add another VirtualHost for port 3002
<VirtualHost *:3002>
ServerName your-server-name
DocumentRoot /www/your-second-app-public-folder-path
<Directory /www/your-second-app-public-folder-path>
AllowOverride all
Options -MultiViews
</Directory>
</VirtualHost>
use host virtual host configuration specifying different ports for the same ip
You have multiple domains going to the same IP and also want to serve multiple ports. By defining the ports in the "NameVirtualHost" tag, you can allow this to work. If you try using <VirtualHost name:port> without the NameVirtualHost name:port or you try to use the Listen directive, your configuration will not work.
Refer Running different sites on different ports.
Server configuration
Listen 80
Listen 8080
NameVirtualHost 172.20.30.40:80
NameVirtualHost 172.20.30.40:8080
<VirtualHost 172.20.30.40:80>
ServerName www.example.com
DocumentRoot /www/domain-80
</VirtualHost>
<VirtualHost 172.20.30.40:8080>
ServerName www.example.com
DocumentRoot /www/domain-8080
</VirtualHost>
I'm trying to configure SSL on EC2onrails with no luck. At present I am unable to even telnet into my server at port 443, it simply says trying MY.IP.ADDRESS... and stays there indefinitely. Telnet into 80 works fine.
This was my starting point. I followed the instructions exactly, and because I have a go daddy cert I created this custom default-ssl file so I could add the SSLCertificateChainFile directive:
NameVirtualHost *:443
<VirtualHost *:443>
Include /etc/apache2/sites-available/app.custom
Include /etc/apache2/sites-available/app.common
ErrorLog /mnt/log/apache2/error.log
LogLevel warn
CustomLog /mnt/log/apache2/access.log combined
# see http://httpd.apache.org/docs/2.2/ssl/ssl_intro.html and http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
SSLEngine On
SSLCertificateFile /etc/ec2onrails/ssl/cert/ec2onrails-default.crt
SSLCertificateKeyFile /etc/ec2onrails/ssl/private/ec2onrails-default.key
SSLCertificateChainFile /etc/ec2onrails/ssl/cert/ec2onrails-chain.crt
RequestHeader set X_FORWARDED_PROTO 'https'
ServerName MY_SERVER_NAME
</VirtualHost>
Note that I had to add
ServerName MY_SERVER_NAME
Or else I saw the following warning at apache startup in the error.log file:
[Wed May 27 19:46:20 2009] [warn] RSA server certificate CommonName (CN) ` MY_SERVER_NAME' does NOT match server name!?
I have run cap ec2onrails:server:enable_ssl, apache boots up cleanly, regular access over port 80 works, and apache access logs indicate no request activity to port 443. I know apache is loading my default-ssl config files because if I type gobbledygook in them it complains at startup.
Has anyone else successfully gotten SSL working with EC2onRails? What else can I do to debug this issue? Right now I am using ec2onRails version 0.9.9.1 which is based on a version of Ubuntu.
OK I figured it out. Amazon's EC2 has it's own firewall as part of its "security group" concept. This firewall was blocking port 443.