I am using the bitnami django on Google Cloud platform stack.
Goal: I want SSL configured on my bitnami stack hosted on Google Cloud. But their toolsudo ./bncert-tool complains "The domain resolves to a different IP address than the one detected for this machine. Please fix its DNS entries or remove it.
I have purchased a domain using google domains.
I have set up google dns to point to the IP address as I see in the bitnami stack. I have enabled mydomain.com and www.mydomain.com to forward to the cloud server ipaddress/home in Google domain name settings
I then tried to run the tool /opt/bitnami/bncert-tool:
sudo /opt/bitnami/bncert-tool
Welcome to the Bitnami HTTPS Configuration tool.
Domains
Please provide a valid space-separated list of domains for which you wish to
configure your web server.
Domain list []: mydomain.com
The following domains were not included: www.mydomain.com. Do you want to add them? [Y/n]: n
Warning: No www domains (e.g. www.example.com) or non-www domains (e.g.
www.example.com) have been provided, so the following redirections will be
disabled: non-www to www, www to non-www.
Press [Enter] to continue:
Warning: The domain 'mydomain.com' resolves to a different IP address than the
one detected for this machine, which is 'aa.bb.ccc.dddd'. Please fix its DNS
entries or remove it. For more info see:
https://docs.bitnami.com/general/faq/configuration/configure-custom-domain/
Press [Enter] to continue:
MY QUESTION:
How do I resolve this? I even tried adding both domains
mydomain.com www.mydomain.com
I want SSL enabled for mydomain.com and www.mydomain.com and not sure where I am going wrong?
Secondy, after the link forwards, how to associate my domain name so that the static IP doesn't keep displaying instead it shows the mapped domain mydomain.com/home
thanks
Suds
$nslookup mydomain
Server: 192.168.0.1
Address: 192.168.0.1#53
Non-authoritative answer:
Name: mydomain.com
Address: 216.239.32.21
Name: mydomain.com
Address: 216.239.34.21
Name: mydomain.com
Address: 216.239.36.21
Name: mydomain.com
Address: 216.239.38.21
$ nslookup www.mydomain.com
Server: 192.168.0.1
Address: 192.168.0.1#53
Non-authoritative answer:
www.mydomain.com canonical name = ghs.googlehosted.com.
Name: ghs.googlehosted.com
Address: 172.217.26.179
$ dig +short NS mydomain.com ns-cloud-b1.googledomains.com.
ns-cloud-b2.googledomains.com. ns-cloud-b3.googledomains.com.
ns-cloud-b4.googledomains.com.
$ dig +short NS www.mydomain.com ghs.googlehosted.com.
You may need to change certain settings such as the domain name settings. If using Google Domains, the forwards actually don't integrate the A + Cname to one static IP. I had to physically create A and CName records.
This solved the first issue: What is interesting is one of my domains: mydomain.com is pointing multiple IP address whereas the other is point to different IP depending upon the DNS Server. This was also the one contributing to the error I used to get
when I ran sudo ./bncert-tool "The domain 'mydomain.com' resolves to a different IP address than the one detected for this machine, which is 'aa.bb.ccc.ddd'. Please fix its DNS entries or remove it.
I think physically forced the HTTPS redirection in web server settings. using this rule
/opt/bitnami/apache2/conf/bitnami/bitnami.conf,
Changed RewriteRule ^/(.*) https://example.com/$1 [R,L]
Then I still had some problems where the first hit the URLs will load, the next hit I would 404 errors.
I realized this was an issue with project level settings
opt/bitnami/apps/django/django_projects/Project/conf
sudo vi httpd-app.conf
WSGIScriptAlias /PROJECT '/opt/bitnami/apps/django/django_projects/PROJECT/PROJECT/wsgi.py'
to
WSGIScriptAlias / '/opt/bitnami/apps/django/django_projects/myproject/myproject/wsgi.py'
Then was the issue with ALLOWED HOSTS in settings.py:
Ensure the right ALLOWED HOSTS is updated, the project root or your application root, depending upon where you serve from.
/opt/bitnami/apps/django/django_projects/Project/Project
updated the settings in py here...
ALLOWED_HOSTS in settings.py
Related
Setup
Route 53 Domain example.com has A record to id.cloudfront.net and AAAA record to random-id.cloudfront.net.
Cloudfront has origin domain as EC2 public DNS ec.xxxxxx.amazonaws.com and alternate domain as example.com. Also, it has a AWS certificate for SSL/TLS (for now it accepts both HTTP & HTTPS requests)
EC2 is an Ubuntu-20.04 AMI with apache2, php7.4 and phpmyadmin, all installed using apt-get.
Issue is whenever I put in example.com/* the site is automatically redirected to ec.xxxxxx.amazonaws.com/*.
Example:
example.com/phpmyadmin gets redirected to ec.xxxxxx.amazonaws.com/phpmyadmin/.
I tried to setup wordpress and example.com redirects to http://ec2-xxxxxx.amazonaws.com/wp-admin/setup-config.php`
These are the things I have tried.
Added ServerName example.com in /etc/apache2/apache2.conf
This command sudo ufw allow in "Apache Full"
I do not have .htaccess in my /var/www/html folder.
Is it a Cloudfront or an Apache issue? This is my first rodeo with AWS and Apache and trying to learn how it works.
Solutions that seem out of scope:
https://serverfault.com/questions/685654/apache-server-config-redirect-from-ip-to-domain-name-ec2
Or anything that includes creating .htaccess at the root directory as I feel that would create an endless loop.
I can provide more information, if required.
Update:
Removed A and AAAA record from route53. Doesn't work.
Also, added ServerName example.com to /etc/apache2/sites-enabled/000-default.conf
Also, visiting random-id.cloudfront.net does the same redirection.
However, visiting elastic-IP does not do any redirection.
If I correctly understand your setup, probably you need CNAME instead of A record in Route53
Traced the issue to HTTP_HOST being the ec2 public DNS received by the server. So, if I visited example.com/index.php and the code were supposed to redirect to example.com/index2.php it would instead redirect to ec.xxxxxx.amazonaws.com/index2.php because HTTP_HOST = ec.xxxxxx.amazonaws.com.
Fixed by updating CloudFront Distribution's behavior to forward Host value.
So, if I visit example.com the host value would be example.com
And if I visit id.cloudfront.net then host value would be id.cloudfront.net.
https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.23
I currently have a domain from domain.com. I have a heroku domain name and a dns target. I have also enabled the free ssl on domain.com.
Example:
Heroku: domain: www.test.com DNS Target: crazytarget.herokudns.com
Domain.com: Record: CNAME, Name: WWW, Content: crazytarget.herokudns.com
Note: This works for non-https.
I uploded a .htaccess file onto heroku so now the heroku domain is served at https://path.herokuapp.com.
This domain name cname does NOT pick up the https version of the site.
My question is: How do I get my domain to use https? I dont see how to do this anywhere.
I had to setup SSL on the Heroku end. :(
I've problems creating letsencrypt certs with the certbot.
Because I don't know where the problem is, I will just write everything down which can be the root cause:
I do have a domain and one subdomain. There is a Nginx which redirects the subdomain to the domain on a specific port.
Now I run the certbot for my domain without the subdomain at first.
sudo certbot --nginx -d domain.de -d www.domain.de
This leads to the following error:
Domain: domain.de Type: unauthorized Detail: Invalid
response from
http://domain.de/.well-known/acme-challenge/Y_Ka6V9JlHjBqjqanHLthoVL9F2yju_2TczRPwkBD0s:
"\n\n300 Multiple Choices\n\nMultiple C"
Domain: www.domain.de Type: unauthorized Detail: Invalid
response from
http://www.domain.de/.well-known/acme-challenge/Vf234FTDH7zH5TUBbBwVGfPVLK3m5rllc1s3Cu9KK3I:
"\n\n300 Multiple Choices\n\nMultiple C"
I couldn't find much except this thread. Letsencrypt Community
So I guess it is realted to my DNS Settings. I rent the domain via 1&1 and created a subdomain as well. Because I was playing around with Nginx redirects and the DNS settings, I configured the subdomain to have the same IPv4 & IPv6 as the domain. Could this be the problem or do I have to look somewhere else?
Best regards from Berlin!
I checked the IPv6 address with nslookup and this pointed to somewhere else. I do not understand how this can happen because I never touched the IPv6 (AAAA) record. I guess Certbot is checking A and AAAA and because they did not match the authentication failed.
I deleted the AAAA records for the domain and was able to get a cert without a problem.
In my project i need to check the subdomains against a white list of allowed subdomains, and redirect them to the correct page, if the subdomain is not in the white list i need to redirect them to a 'account not found' page
currently im writing 127.0.0.1 sub.example.com and 127.0.0.1 sub1.example.com in the etc/hosts file
how do i use the * (wild card) parameter here, the /etc/apach2/sites-available folder is able to change the root directory but i'm unable to use * wild card entry here
how do i use wild card parameter in localhost
in production environment what is the best practice
Thank you.
Wild card subdomains are implemented by DNS hosting provider, the setup would depend on your hosting provider, what you are looking for is Name-Based virtual host . on your local machine you could try this xip.io it redirects all your subdomains to one single IP address
I have a WAMP home web server up and running on a static IP and registered a domain with Namecheap, but I'm a bit shaky with DNS. At first I used URL Redirect and pointed it to my IP. This meant that when you typed in the domain (like example.com) it just redirected you right to my IP, replacing the domain name with it in the address bar. Now I'm trying to get the domain to show instead of the IP in the address bar, which I'm struggling to understand exactly how to do.
The latest thing I've tried which many people say to do is instead of using URL Redirect to use the A (Address) record type and point it to my IP, which I thought would finally fix my problems. Of course after 15 min or so when it all got updated I'm getting a 400 Bad Request with nginx under it in Firefox, and a blank page in Chrome. Now I'm getting blank pages in both. Did I do something wrong here? Do I need to edit something on the web server such as httpd.conf? Am I going at this completely wrong?
Yes you should do away with the redirect and instead create an "A record". The sub-domain entry would typically be, but is not restricted to "www". The record type "A" and destination/target would be your external IP address. Once you update this record it may take several hours before you notice it taking effecting, upon where on people typing your URL would be directed to your web server.
You will need to forward port 80 on your router to the server hosting WAMP.
Finally the WAMP server should be provided with your domain name so it knows which site to load. If use the VirtualHost file this will allow you to host multiple domains on your web server. To do this...
Uncomment the following line so it appears like below in your Apache httpd.conf, to allow Apache to use virutal hosts
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
Then locate the httpd-vhosts.conf file, should be found in your WAMP installation location, such as C:\wamp\bin\apache\apache*version_number*\conf\extra\
Add an entry for your site, altering the details to your own domain name and website location.
<VirtualHost *:80>
ServerName www.stackoverflow.com
ServerAlias stackoverflow.com
DocumentRoot "C:/websites/stackoverflow/"
ErrorLog "C:/websites/stackoverflow/logs/error.log"
CustomLog "C:/websites/stackoverflow/logs/access.log" common
</VirtualHost>
Now restart your WAMP server and give it a whirl.
Tip: If your server won't start after these changes, check that you have created the folder structure for the log files!
Solution described here could resolve this issue.
Most of the free dynamic dns providers, allow acquiring more than one free host name. If allowed you can solve the problem by getting a second name, e.g., mysite2.somefree.org.
Now, go and configure your free domain names in the dashboard of free provider in the following way (assume your IP is 188.165.15.29 and your server's listening to port 8085).
redirect mysite1.somefree.org to mysite2.somefree.org:8085
redirect mysite2.somefree.org to your dynamic IP, say, to 188.165.15.29
This also works when you are using Apache httpd server alone, not being part of WAMP. You do not need to tweak virtual host or any part of your server. You only configure inbound direction.
Use Forward with masking where you registered your domain. mine is GoDaddy.
in the forward settings, you will see this at bottom of the page. click Forward with masking and add the title you want them to see in the address bar of the browser when they go to your site. instead of showing your IP address