I’m trying to host an apache webserver on a phone with termux, and the final goal is to make this server mobile by using 4G.To achieve this I thought it was possible to use a reverse SSH connection (to set a connection from the phone, wherever he is on internet) to a proxy in my home. The DNS of my website will redirect to this (reverse) proxy, which will redirect to my phone webserver, by using the reverse SSH connection.
For now, the phone server is on the same wifi network as the proxy, not in 4G.
So this phone connects to a computer which acts as a proxy, by connecting with reverse SSH on port 8082. From this computer, when I search http://localhost:8082 on internet on the computer, it works, I have access to the website.
However I can’t access the website from another device on the local network or from internet (I tried http://IPproxyComputer:8082 and I tried from a device on internet http://MyPublicIP with a port redirection from 80 to IPproxyComputer :8082 on my router). I don’t have any firewall on.
Here is a diagram to clarify
I didn’t find anyone trying to host a webserver with this config but someone explain how to give access to a device with reverse SSH and a squid proxy here.
So I thought this is what I must do, but with a different configuration for Squid because in my case, the request comes from someone on internet or local network to the webserver, so Squid must listen on a port, let say 8081 and redirect to 8082 where the SSH connection is, but I failed to set this up.
I need help to undersand two things:
-Why is the page accessible from the proxy with http://localhost:8082, but not from a device on the local network with http://IpproxyComputer:8082 ? Is it because of an authorization (and is it possible to change it?). Or is it just impossible to do this kind of connection ?
Is it a solution to use squid ? How to set this up ?
Here is the reverse SSH command I used from the phone webserver :
ssh -R 8080:localhost:8081 UsrProxyComputer#IPproxyComputer
Here is the config I tried for squid (it is the first time I use it and I am really a beginner in networks)
Define the listening port and default site
# Declare that virtual hosts will be used for allowing the reverse proxy
http_port 8081 accel vhost
# First we will configure the servers in our system
cache_peer 127.0.0.1 parent 8082 0 proxy-only name=InterRedir
# Create an additional ACL for local network access
acl localip src 192.168.0.0/24
http_access allow localip
cache_peer_access InterRedir allow localip
# Next we will map domains to the specific systems
# 1) This is done by creating an ACL for the domain
# 2) Then granting http access to it to allow the connection
# to get through.
# 3) Then mapping an acl to the specific server
# MyWebSite.com
acl MyWebSite_acl dstdomain MyWebSite.Com
http_access allow MyWebSite_acl
cache_peer_access InterRedir allow MyWebSite_acl
# Additional ACL definitions
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl purge method PURGE
acl CONNECT method CONNECT
# Restrictions
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny all
# Disable caching
cache deny all
The https of my website does not appear as secure when I use Google Chrome on my desktop, but it does when I use it on my phone.
This is for an Ubuntu server, running WordPress, Let's Encrypt, PHP5 and APache 2. I've tried to install NginX too, but the problem does not get solved. I have no idea what it is going on, plus the fact that this is the first website I am developing by myself.
This is my ufw status:
22/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
Apache Full ALLOW Anywhere
Nginx HTTP ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
Apache Full (v6) ALLOW Anywhere (v6)
Nginx HTTP (v6) ALLOW Anywhere (v6)
Also, everything seems alright when I check the certificates on https://www.ssllabs.com/
My website is www.floristeriarequena.es
Thanks in advance!
The https of my website does not appear as secure when I use Google Chrome on my desktop ...
I'm not sure what exactly you mean with this, but your site seem to include resources from https://68.183.217.125/..., i.e. you are using the IP address 68.183.217.125 in the URL instead of the hostname www.floristeriarequena.es. Only, the certificate is valid for www.floristeriarequena.es and not 68.183.217.125 which results in certificate errors. This results in a failure to load style sheets etc and can be in the developer console seen as:
When I tried to configure my nginx app with certboot following this tutorial and others like. I allways step with the same amswer from certbot
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins
selected: Authenticator nginx, Installer nginx Obtaining a new
certificate Performing the following challenges: http-01 challenge for
sicocme.enterpriserealdomain.com http-01 challenge for
www.sicocme.enterpriserealdomain.com Waiting for verification...
Cleaning up challenges Failed authorization procedure.
sicocme.enterpriserealdomain.com (http-01):
urn:ietf:params:acme:error:connection :: The server could not connect
to the client to verify the domain :: dns :: DNS problem: NXDOMAIN
looking up A for sicocme.enterpriserealdomain.com,
www.sicocme.enterpriserealdomain.com (http-01):
urn:ietf:params:acme:error:connection :: The server could not connect
to the client to verify the domain :: dns :: DNS problem: NXDOMAIN
looking up A for www.sicocme.enterpriserealdomain.com
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: sicocme.enterpriserealdomain.com Type: connection
Detail: dns :: DNS problem: NXDOMAIN looking up A for
sicocme.enterpriserealdomain.com
Domain: www.sicocme.enterpriserealdomain.com Type: connection
Detail: dns :: DNS problem: NXDOMAIN looking up A for
www.sicocme.enterpriserealdomain.com
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
When I check my domain server the A record is there for both www and no-www with the correct IP address. The server has access to network and can access or be accessed by IP or domain name which proves that the DNS domain recognizes this machine and exists
Also I make shure to allow the proper ports with ufw
To Action From
-- ------ ----
443/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
22/tcp ALLOW Anywhere
5432/tcp ALLOW Anywhere
Nginx Full ALLOW Anywhere
443/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
5432/tcp (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
Why could this be happening?
Thanks in advance!
This is the same issue but with the Apache
check the A record has set with the server then
sudo certbot --apache -d DOMAIN_WOTHOUT_WWW -d DOMAIN_WITH_WWW
Then it will work fine.
The problem is that your DNS records are not propagated yet. See below url -
https://dnsmap.io/#A/sicocme.enterpriserealdomain.com
Make sure your DNS records are propagated all over than things should be fine.
You should add a new DNS record for www.yourdomain.com (for www).
I think you have added only DNS record for '#'
please check this:
I have ubuntu virtual machine that connects to it remotely with public IP. I installed apache2 server on it. However I can't reach the server from the web browser. Can anyone tell what the security rule should I add to access the web page?
I tried
$sudo ufw allow in "Apache Full"
and
#sudo ufw allow 80/tcp
I recently installed an SSL certificate on my Amazon EC2 Ubuntu 12.04(32bit) server running Apache 2.
When I attempt to access my site via https, it does not load. When I perform an nmap scan, i see that port 443 is not open.
I tried to open port 443 in my ip tables to no avail. iptables -L yeilds
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:https
Here's how I installed ssl
I modified /etc/init.d/apache2.conf to include ssl.conf and modified ssl.conf to include the requisite
paths of my certificate files, ie
SSLCertificateFile /path/file
SSLCertificateKeyFile /path/file
SSLCertificateChainFile /path/file
I configured my security group to allow inbound requests from port 443 (TCP source:0.0.0.0/0)
When I perform the following test with php
if (!extension_loaded('openssl'))
{
echo "not loaded";
}
else
{
echo "loaded" ;
}
I get "loaded".
Any ideas?
In httpd-ssl.conf, do you have
Listen 443
If not, try adding that, and restarting apache.
First check if mod_ssl is enabled. If not, enable it by running a2enmod ssl. Then check if Apache is listening on port 443 for https. Then check if the firewall is not blocking port 443.
If anyone else finds this and is using Amazon Lightsail (like me), you have to use their web UI to explicitly open port 443.
I spent hours pouring over my server config files before I discovered that :/
In httpd.conf the following is disabled by default:
# Secure (SSL/TLS) connections
# Include conf/extra/httpd-ssl.conf
Simply remove the # from the Include and restart Apache.
If you can connect locally (e.g. with telnet localhost 443 as mti suggests), check if the firewall is configured properly.
In my case, ufw was blocking everything, so I had to ufw allow 443 which fixed the underlying problem to the same symptom.
I just ran into a situation where there was a process listening on port 443, the firewall was completely open, SELinux was disabled, and I still couldn't telnet to port 443. Not even from the localhost. I kept getting:
telnet 127.0.0.1 443
telnet: connect to address 127.0.0.1: Connection refused`
It turns out the iptables NAT table had some rules redirect traffic coming in on port 443 to a different port (8443). Nothing was listening on port 8443.
# iptables --table nat --list
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:https redir ports 8443
Removing the relevant NAT entries fixed the problem for me.
For me it's the stupid Chrome cache. Ctrl + Shift + Del to clear the cache, restart Chrome, and SSL is correctly working now.
If the SSL keys are not set (or were inexplicably commented out by gremlins), Apache 2.2 SSL will silently fail. There will be no error in the log, and it will not be listening to 443. The http:80 sites will work.
First, Check processes on port "80" and "443" sudo netstat -peanut | grep ':80' and *sudo netstat -peanut | grep ':443'* .If 443 is has no process then this would help:
Editing the Apache configuration file to serve the cert works well.
Use the command sudo certbot --apache
You are good
Sometimes an iptables -F works. I had the port 443 open for inbound in Amazon, but still the site was not opening in my browser.
Logged on to the site, gave an iptables -F and immediately the site was accessible.