I am trying to connect my DNS(with .app TLD) to apache server running on EC-2 instance port 80. But it's not connecting, where as DNS(with .in or .com TLD) are connecting easily.Here is my Virtual host config
<VirtualHost *:80>
ServerName xyz.app
ServerAlias www.xyz.app
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
The .app top-level domain is included on the HSTS preload list, making HTTPS required on all connections to .app websites — no individual HSTS registration or configuration required. You have to configure apache virtual host to serve traffic over https (port 443)
Related
I am configuring a web server with:
Apache2
DDclient
UFW
Letsencrypt.com certification (SSL)
My issue is that the domain is only partly accessible? Everything works as it should, but when I try to access the domain from my phone (using 4G) and from my laptop (WIFI), the phone connection times out (ERR_CONNECTION_TIMED_OUT), and my laptop gets a blocked GET-request.
I can access the site perfectly through ethernet, though I suspect it is not a true connection that passes the request through my router - and my friends are able to visit the domain through an actual internet connection with my router. But why my phone connection doesn't work fumbles me.
Following are my VirtualHost settings, Router settings and UFW settings:
VirtualHost
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName website.com
ServerAlias www.website.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect permanent / https://website.com/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName website.com
ServerAlias www.website.com
DocumentRoot /var/www/as
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Router Settings
HTTPS 192.168.0.103 External Port 443 Internal Port
80
HTTP 192.168.0.103 External Port 80 Internal Port
80
UFW
Status: active
To Action From
-- ------ ----
Apache Full ALLOW Anywhere
Apache Full (v6) ALLOW Anywhere (v6)
Like, everything seems correct but somehow either the firewall is blocking certain entries; the website gets overloaded; or some settings are messed up. Is there anything I'm missing?
Your virtualhost is wrongly configured. You dont need the *:80 configuration for it to work. If you set your external port to 443 apache will skip directly to the HTTPS domain.
I have a web service which I access by typing the following URL exactly as is (character for character):
http://10.115.252.127:8980/opennms/login.jsp
The website files are served from /opt/opennms/jetty-webapps/opennms/
My objective is to use Apache (httpd.conf) to force any traffic to this URL to use SSL and no longer HTTP.
I have successfully installed the SSL certificates with no issues.
I have configured a VirtualHost directive to redirect port 80 to 443
Only sites under /var/www/html/* are being successfully redirected.
Example: http://10.115.252.127/numbers successfully redirects to https://10.115.252.127/numbers
http://10.115.252.127/charts successfully redirects to https://10.115.252.127/charts
But, when I type in the URL http://10.115.252.127:8980/opennms/login.jsp it is always served as HTTP...how do I make it served as HTTPS like the others? I have checked the forums and all the posts assume you will always be redirecting port 80 and dont say anything about how to use SSL in the scenario I explained. I have the same issue with another service running on port 3000 http://10.115.252.127:3000/login
===extract from my httpd.conf===
<VirtualHost *:80>
ServerName 10.115.252.127
Redirect permanent / https://10.115.252.127/
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/cert_mtocb2500lbscorp.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mtocb2500-lbscorp.key
ServerName 10.115.252.127
#Documentroot /var/www/html
</VirtualHost>
Based on your confirmation of my understanding, here is what you can do:
############################################################################
Listen 80
# All connections on port 80 are redirected to port 443
<VirtualHost *:80>
ServerName www.example.com
CustomLog "logs/80_access.log" combined
ErrorLog "logs/80_error.log"
Redirect permanent / https://www.example.com
# No documentRoot, no content
</VirtualHost>
############################################################################
Listen 443
# All URI are answered from the documentRoot directory
# EXCEPT /openms, which is proxied to :8980
<VirtualHost *:443>
ServerName www.example.com
# temporary, remove when tests done
LogLevel debug
CustomLog "logs/443_access.log" combined
Errorlog "logs/443_error.log"
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/cert_mtocb2500lbscorp.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mtocb2500-lbscorp.key
# For your redirection to 8980
ProxyPass /opennms "https://www.example.com:8980/"
ProxyPassReverse /opennms "https://www.example.com:8980/"
documentRoot "/yourdir/apache/htdocs"
DirectoryIndex index.html
</VirtualHost>
Prerequisites
you must load proxy modules
you must load rewrite module
port 8980 is linked to some other software. Apache does not handle 8980.
I have recently moved a website from my old web server with 123-reg.co.uk to a new Linode web server hosted with Linode.
I am running Apache with Debian 8.9.
123-reg provided me with an SSL certificate for my website which, of course, was deactivated when I moved the website to the new server. So I set to work manually reactivating the certificate on my new server.
I was able to get the necessary SSL files (CA Bundle, Key and Certificate) from 123-reg and I followed Linode's instructions to setup the SSL certificate on their servers using the following tutorials:
First tutorial and
second tutorial.
Here is the site's config file:
<VirtualHost *:80>
# All of the files here exist on the server
SSLEngine On
SSLCertificateFile /etc/ssl/certs/zetec-it.com.crt
SSLCertificateKeyFile /etc/ssl/private/zetec-it.com.key
SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt
ServerAdmin webmaster#zetec-it.com
ServerName zetec-it.com
ServerAlias www.zetec-it.com
DirectoryIndex index.html index.php
DocumentRoot /var/www/html/zetec-it.com/public_html
LogLevel warn
ErrorLog /var/www/html/zetec-it.com/log/error.log
CustomLog /var/www/html/zetec-it.com/log/access.log combined
</VirtualHost>
The setup seems legit, but when I attempt to access the website via https the browser states that the connection isn't secure.
I'm fairly new to server admin; does anyone have any suggestions or potential solutions?
You need a VirtualHost which is listening on port 443 in order to have working HTTPS. You configured your VirtualHost to listen on Port 80 while having SSLEngine On.
In order to get https working you would only need to change <VirtualHost *:80> to <VirtualHost *:443>.
Once you did that, you would not have a configuration that handles http connections to (there would not be any VirtualHost waiting for connections for ServerName zetec-it.com).
There are generally to ways to go to serve http connections requesting the same hostname:
You redirect them to https using something like this (uses mod_rewrite in order to redirect to the same path):
<VirtualHost *:80>
ServerName zetec-it.com
ServerAlias www.zetec-it.com
RewriteEngine on
RewriteRule ^ https://zetec-it.com%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
You deliver the same content through http as well
<VirtualHost *:80>
# All of the files here exist on the server
ServerAdmin webmaster#zetec-it.com
ServerName zetec-it.com
ServerAlias www.zetec-it.com
DirectoryIndex index.html index.php
DocumentRoot /var/www/html/zetec-it.com/public_html
LogLevel warn
ErrorLog /var/www/html/zetec-it.com/log/error.log
CustomLog /var/www/html/zetec-it.com/log/access.log combined
</VirtualHost>
Either way you need two config files, the https one (which is basically your example from above, remember to replace 80 with 443) and one for http which I gave you 2 examples for.
You can put them into separate files, remember to activate them in this case.
I have a server running Apache 2.4 on Windows, and I have set up a VirtualHost in the httpd-vhosts.conf file, and an 'A' record in my DNS server that points subdomain.mydomain.com to my IP address. Unfortunately, connecting to subdomain.mydomain.com just shows the same page as mydomain.com. Here is the code I used in the httpd-vhosts.conf file:
<VirtualHost *:80>
ServerAdmin admin#mydomain.com
DocumentRoot "c:/Apache24/subdomain/htdocs"
ServerName subdomain.mydomain.com
ErrorLog "c:/Apache24/subdomain/logs/errors.log"
CustomLog "c:/Apache24/subdomain/logs/access.log"
</VirtualHost>
What am I doing wrong?
Make sure your domain provider configuration doesn't redirect # to www, you need them to be configured separately to redirect to your machines IP address
I'm trying to add a virtual host on my EC2 centos instance.
I added mod24_ssl, and my certificates.
But when I try to add a new virtual host apache don't want to restart.
I just copy paste a working vhost and change port :
<VirtualHost *:80>
ServerName www.mysite.com
DocumentRoot /var/www/www/
ErrorLog /var/www/www/logs/error.log
CustomLog /var/www/www/logs/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName www.mysite.com
DocumentRoot /var/www/www/
ErrorLog /var/www/www/logs/error.log
CustomLog /var/www/www/logs/access.log combined
</VirtualHost>
It's working fine without the second virtual host, but not when I Add it.
Anyone has an idea ?
Ok, I had a conflict with the default 443 vhost of amazone EC2.
The things to know is that a default ssl virtual host is already set in /etc/httpd/conf.d/ssl.conf
that's all