I'm trying to configure SSL on EC2onrails with no luck. At present I am unable to even telnet into my server at port 443, it simply says trying MY.IP.ADDRESS... and stays there indefinitely. Telnet into 80 works fine.
This was my starting point. I followed the instructions exactly, and because I have a go daddy cert I created this custom default-ssl file so I could add the SSLCertificateChainFile directive:
NameVirtualHost *:443
<VirtualHost *:443>
Include /etc/apache2/sites-available/app.custom
Include /etc/apache2/sites-available/app.common
ErrorLog /mnt/log/apache2/error.log
LogLevel warn
CustomLog /mnt/log/apache2/access.log combined
# see http://httpd.apache.org/docs/2.2/ssl/ssl_intro.html and http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
SSLEngine On
SSLCertificateFile /etc/ec2onrails/ssl/cert/ec2onrails-default.crt
SSLCertificateKeyFile /etc/ec2onrails/ssl/private/ec2onrails-default.key
SSLCertificateChainFile /etc/ec2onrails/ssl/cert/ec2onrails-chain.crt
RequestHeader set X_FORWARDED_PROTO 'https'
ServerName MY_SERVER_NAME
</VirtualHost>
Note that I had to add
ServerName MY_SERVER_NAME
Or else I saw the following warning at apache startup in the error.log file:
[Wed May 27 19:46:20 2009] [warn] RSA server certificate CommonName (CN) ` MY_SERVER_NAME' does NOT match server name!?
I have run cap ec2onrails:server:enable_ssl, apache boots up cleanly, regular access over port 80 works, and apache access logs indicate no request activity to port 443. I know apache is loading my default-ssl config files because if I type gobbledygook in them it complains at startup.
Has anyone else successfully gotten SSL working with EC2onRails? What else can I do to debug this issue? Right now I am using ec2onRails version 0.9.9.1 which is based on a version of Ubuntu.
OK I figured it out. Amazon's EC2 has it's own firewall as part of its "security group" concept. This firewall was blocking port 443.
Related
I am setting up a LAMP app in a docker container hosted in ubuntu. I am a docker noob
I generated the CSR on the server that is hosting the docker container that has the public IP and domain i am using.
In my Docker file I have
COPY ./dev.key /etc/apache2/ssl/dev.key
COPY ./dev.combined /etc/apache2/ssl/dev.combined
Then in the apache.conf i have
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/dev.combined
SSLCertificateKeyFile /etc/apache2/ssl/dev.key
ServerAdmin admin#localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
The problem is when i try to start apache I get the error:
AH02565: Certificate and private key 127.0.0.1:443:0
from /etc/apache2/ssl/dev.combined and /etc/apache2/ssl/dev.key do not
match AH00016: Configuration Failed
There is something i am not understanding in configuring this docker image.
The Domain has a real public IP , so the CSR and Cert need to point to this IP.
Am I setting up something incorrectly in Docker so it thinks it is running 127.0.0.1 and not the IP i need?
Thanks for any help. I am in way over my head.
I found the solution.
I was close. I had to make a couple of changes
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/dev.crt
SSLCertificateKeyFile /etc/apache2/ssl/dev.key
SSLCertificateChainFile /etc/apache2/ssl/dev.ca-bundle
But the thing that fixed the 'Certificate and private' error..
I had to add my domain in my /etc/host on the server that hosted the docker
127.0.0.1 mydomain.dev localhost
I have 2 docker containers, 1 running apache2 and 1 running a python api.
In non-https, I was able to make the connection such that requests on 80 are channeled to the docker container running the python api. When I enable HTTPS, requests come in as 400 (bad request).
Any help greatly appreciated. This is my virtual host file.
<VirtualHost *:443>
ServerName domain.com
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://172.17.0.1:8000/
ProxyPassReverse / http://172.17.0.1:8000/
SSLEngine on
SSLCertificateFile "/usr/local/apache2/conf/.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/.key"
</VirtualHost>
Apache logs should contain a more detailed error, however based on the configuration you posted, I would check if "/usr/local/apache2/conf/.crt" and "/usr/local/apache2/conf/.key" exists.
I have a server running a rails 3.2 application. It has thin server running on port 3000, apache(proxy) server running on 443.
Is it possible that if I try to host another rails application on the same server by creating a folder under /www and make it run on port 3002 or any other and then another apache for proxy on some other port ?
The new rails app that I have created is in Rails 4 with Ruby 2.0
Please guide.
Add another VirtualHost for port 3002
<VirtualHost *:3002>
ServerName your-server-name
DocumentRoot /www/your-second-app-public-folder-path
<Directory /www/your-second-app-public-folder-path>
AllowOverride all
Options -MultiViews
</Directory>
</VirtualHost>
use host virtual host configuration specifying different ports for the same ip
You have multiple domains going to the same IP and also want to serve multiple ports. By defining the ports in the "NameVirtualHost" tag, you can allow this to work. If you try using <VirtualHost name:port> without the NameVirtualHost name:port or you try to use the Listen directive, your configuration will not work.
Refer Running different sites on different ports.
Server configuration
Listen 80
Listen 8080
NameVirtualHost 172.20.30.40:80
NameVirtualHost 172.20.30.40:8080
<VirtualHost 172.20.30.40:80>
ServerName www.example.com
DocumentRoot /www/domain-80
</VirtualHost>
<VirtualHost 172.20.30.40:8080>
ServerName www.example.com
DocumentRoot /www/domain-8080
</VirtualHost>
My hosting service is telling me to change my SSL port from 443 to 8443 since the OpenSSL tests are failing, even though they are working in production.
I changed my apache ports.conf file to:
NameVirtualHost *:80
#NameVirtualHost *:443
NameVirtualHost *:8443
Listen 80
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
#Listen 443
Listen 8443
</IfModule>
<IfModule mod_gnutls.c>
#Listen 443
Listen 8443
</IfModule>
I also changed my virtual hosts from <VirtualHost *:443> to <VirtualHost *:8443> and restarted apache, but when I try to access the site via https, the browser says: Firefox can't establish a connection to the server. Could it be a firewall issue?
at first the config looks good, I assume you have ssh enabled
ssh in the machine :
do wget --no-check-certificate https://127.0.0.1:8443 or curl -k https://127.0.0.1:443 (post the content)
watch open connections and see if it's an actual apache process behind it (sudo netstat -anp | grep 8443 or sudo lsof | grep ":8443")
is your config not overrided else where
check your config is valid (what's the output of the /etc/init.d/apache2 restart)
check the apache error/request logs if you see your traces or other errors
From your laptop :
try a nmap with this machine as target, and see if the port appear as filtered
are you sure the dns is ok (tried with the ip address ?)
Give this book a try, it's awesome to learn new troubleshooting technics.
Configuration seams to be right, how do you try to access your site now? should be
https://yourdomain.com:8443/
I'm trying to learn how to develop web application with Ruby On Rails but I've incurred in a silly error.
I'm trying to use Phusion Passenger aka mod_rails to use Apache instead of WEBrick; I've installed the module via gem and run the
sudo passenger-install-apache2-module
command to install passenger; then I edited the http.conf file adding
LoadModule passenger_module /Users/Stopped/.rvm/gems/ruby-1.9.3-p327/gems/passenger-3.0.19/ext/apache2/mod_passenger.so
PassengerRoot /Users/Stopped/.rvm/gems/ruby-1.9.3-p327/gems/passenger-3.0.19
PassengerRuby /Users/Stopped/.rvm/wrappers/ruby-1.9.3-p327/ruby
added the VirtualHost
<VirtualHost *:80>
ServerName rails.local
DocumentRoot "/Users/Stopped/RoR/prova/public"
<Directory /Users/Stopped/RoR/prova/public>
AllowOverride all
Options -MultiViews
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
restarted Apache with sudo apachectl restart but It's not working :( If I lookup in localhost I see the "It works!" page but if I go at rails.local there is not my Rails app :(
Passenger is loaded
Apache/2.2.22 (Unix) Phusion_Passenger/3.0.19 DAV/2 PHP/5.4.9 Server at localhost Port 80
Any ideas?
PS: This is "apachectl -S" output
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:80 is a NameVirtualHost
default server rails.local (/private/etc/apache2/extra/httpd-vhosts.conf:53)
port 80 namevhost rails.local (/private/etc/apache2/extra/httpd-vhosts.conf:53)
Syntax OK
SOLUTION
Uhm... I solved it, adding 127.0.0.1 rails.local to my hosts file but I can't understand why; can someone explain this to me? ._.
you can't use a wildcard with localhost in your hosts file. you have to explicitly specify each subdomain for localhost in your hosts file. if you're looking for an alternative, you could buy a domain name and point that domain name to 127.0.0.1 with a wildcard. you could even go a step further and have a skeleton app which points different subdomains to different applications by mapping the routes.