I'm trying to start to use vagrant for development - I'm completely new to using vagrant for my development - relying on an apache/php/mysql set up on a laptop.
I'm developing using laravel and have set up homestead and am up and running.
I've tried to enable SSL on the homestead (box?) and followed these instructions to set up: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-nginx-for-ubuntu-12-04
I made the changes to the homestead sites_enabled file for the site i'm working on.
I added port 443 just beneath port 80 within the server,added the entries for SSL On etc
I've restarted the nginx server and am able to see my pages using https (although chrome doesn't like the certificate)
If I then try to access pages using http I get a 400 error The plain HTTP request was sent to HTTPS port
so a few questions:
1. how can I alter the set up to use a combination of HTTP and HTTPS requests?
2. is it bad practice to serve a site with a combination of HTTP and HTTPS requests - should I simply serve the whole site as https?
Very confused to a completely new subject
Thank you
Add port forwarding to homestead 1.x
You need to forward the SSL port by adding a new line to homestead.rb
sudo nano /vagrant/scripts/homestead.rb
# add SSL port forwarding ...
config.vm.network "forwarded_port", guest: 443, host: 44300
Create SSL certificate
Steps one to four
Do the steps one to step four only from this tutorial https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-nginx-for-ubuntu-12-04
Step five - Set up the certificate
Edit your homestead site you are working on (replace example with your existing site)
sudo nano /etc/nginx/sites-available/example
Duplicate the whole server{…} section (not only the listen line as you did).
In the duplicated section edit listen 80 to listen 443.
Before the end of the section add the following lines:
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
exit and do a vagrant reload.
Be careful with --provision. The changes to sites-available/example you just made are reset to default.
If you need to make the changes permanently even in case of provisioning, then have a look at the serve.sh located at your host's homestead folder homstead/scripts/serve.sh and edit it equally to step 5.
Use https://your.domain:44300 in your browser to access via SSL. Accept the self signed certificate in your browser if necessary.
In addition to Peh. I did not get it working with the above code:
I did need to remove
SSL on
and add the ssl to the listener
listen 443 ssl;
Related
I use a Bitnami MEAN installation (https://bitnami.com/stack/mean) v 3.2.11 on EC2. I didn't do any extra modifications of the apache2 setup except for the rerouting the port where my app runs to port 80, like this
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
Now my app is available fine on :80 port via http:// but I can't make it run via https://. But access via https is what I wanted to achieve. I could not figure the right step by step guide on how to create or enable SSL. All Bitnami docs sound like it's assumed to be working already.
As far as I understood from - https://docs.bitnami.com/aws/components/apache/#https-port the basic certificate is already included into the setup so you can make use of that one without creating your own. The only thing you need is to enable it - That may be wrong assumption, let me know.
Also here on bitnami support it says
Apache waits for HTTPS requests on port 443. Change that by editing
the /opt/bitnami/apache2/conf/bitnami/bitnami.conf file and modifying
the value specified in the Port directive. For example:
Listen 8443
Does that mean that I need to reroute my :5000 port to :8443 ??
I've also found this question - Installing SSL on AWS EC2 Bitnami Mean Stack that didn't recieve a proper answer for more than a year.
Does that mean that I need to reroute my :5000 port to :8443 ??
No, you don't need to redirect that. Your problem is that you're proxy-passing every request from port 80 to 5000 (where your app runs) but when using HTTPS your requests use the port 443. Those request are not being proxy-passed to port 5000 and, therefore, your app doesn't receive them.
What Apache configuration file did you modify including those lines? You need to be sure that both the VirtualHosts for port 80 and the one for port 443 include the ProxyPass redirections. For example, if you edited the file /opt/bitnami/apache2/conf/bitnami/bitnami.conf, ensure you add it in the Virtualhosts <VirtualHost _default_:80> and <VirtualHost _default_:443>
As far as I understood from - https://docs.bitnami.com/aws/components/apache/#https-port the basic certificate is already included into the setup so you can make use of that one without creating your own.
Yes, the Bitnami Stack includes a dummy certificate. However, it's recommended to create your own one since the browsers won't recognize it as a valid one since it's self-signed. You can find more information in the link below:
https://docs.bitnami.com/aws/components/apache/#how-to-create-an-ssl-certificate
I have a website setup, if I load the website with http://www.url.com:443 it works as expected, but if I load https://www.url.com I get a "ERR_CONNECTION_CLOSED" error on Chrome.
I have setup iptables to load port 3000 through both port 80 and 443.
Server is running centos, there is no ssl certificate setup at this stage
You configured the server to listen on port 443 but didn't configure it for SSL traffic. In other words, you merely changed the port from 80 to 443, so it is serving HTTP on port 443.
You say there are no SSL certificates set up. That's the problem. You need to set up certificates (even if only self-signed ones) for HTTPS to work at all. It's the key and certificates from this setup process that tell the server how to encrypt the HTTPS data, and how to identify itself.
This page will help you to set things up properly: https://wiki.centos.org/HowTos/Https
There are many places you can look for advice on creating keys and certs, but the easiest and least expensive options are StartSSL and LetsEncrypt. Both will do this for you at no cost.
https://letsencrypt.org/
https://www.startssl.com/
We're running Vagrant VMs here. On a VM, I installed nginx. I then created a self-signed certificate. When I look at the certificate's innards, I see:
subject= /C=US/ST=IN/L=myCity/O=My Company/OU=MyProduct/CN=silly.com/emailAddress=info#silly.com
This is obviously sanitized. I believe this certificate is supposed to work for silly.com. Do I interpret this correctly?
On my laptop, I added a hostfile entry to map silly.com to the appropriate IP address.
On the VM, I added the following configuration to /etc/nginx/conf.d/default.conf
# HTTPS server server {
listen 443;
server_name silly.com;
ssl on;
ssl_certificate /etc/nginx/ssl/silly.crt;
ssl_certificate_key /etc/nginx/ssl/silly.key; }
When I browse the site, the port 80 http screen is displayed properly. When I browse with https://silly.com, however, the https portion is rejected and the non-SSL screen is displayed. (I think I clicked 'proceed' while experimenting...)
I commented from the nginx.conf file all lines relating to port 80. Then I restarted nginx. I will get the same success on port 80 and failure on port 443 as I did before.
I tested the config file with nginx -t. It reported no errors.
Would someone offer a debugging tip, please?
It might have something to do with the fact that your opening server { block is effectively commented out because of the # HTTPS server comment. You should actually be getting an error on this config because the closing } is there. Perhaps this is preventing you from restarting Nginx.
I installed Owncloud on Ubuntu 12.04 with an apache server. I use ssl for authentication but when sharing links and data it is cumbersome for the user to accept the self signed certificate. Is there a way to disable the automatic redirect to https? I did not see any related commands in the .htaccess file.
Thanks
SSL is enforced by the OwnCloud installation routine in your Web server as a rewrite rule. Unchecking the box in the OC FrontEnd won't help. This can be regarded as bug.
To change this, you will have to edit your Web server config. For instance, if you chose nginx as your Web server, uncomment the https rewrite rule in your nginx config file.
Open your config file in an editor:
sudo emacs /etc/nginx/sites-enabled/default
For Apache it should be somewhere in /etc/httpd/conf.d/ssl.conf
Comment out or change the lines containing (this is for nginx):
the server block containing the redirect
change listen 443 ssl to listen 80
ssl_certificate and ssl_certificate_key
fastcgi_params HTTPS on
Re-Read the nginx config files:
sudo kill -HUP `cat /var/run/nginx.pid`
For other servers see:
http://doc.owncloud.org/server/5.0/admin_manual/installation/installation_others.html
There should be a setting in the "Admin" section when logged in as administrative user ("Force SSL") for exactly that.
I am using VBulletin Suite 4.1.4., which is written using PHP and nginx+apache setup (nginx as the front end server and Apache as the back-end server). This is a pretty standard "nginx+apache" configuration with nginx working on port 80 and apache on port 8080. I tried to enable https support and ran into the following problem.
As I read on the web, when one uses "nginx+apache" and wants to have https, he should configure ssl only for nginx server. So, I added required lines into nginx vhost configuration
listen 443;
server_name myserver.org;
ssl on;
ssl_certificate /tmp/myserver.crt;
ssl_certificate_key /tmp/myserver.key;
When I type https://.... the vBulletin forum opens in secure connection and the lock in the right bottom corner of the browser confirms it, so it looks like my settings work. At least to some extent.
But when I bring the mouse over links on the page, these links are showed as http links, not https. So, if I want to stay in secure connection, I can of course add the letter "s" manually each time I open a new page, but normally when you open forum as https://... all displayed links should automatically change to https.
Any ideas why this does not happen?
Even the answer where the problem lies - (a) in nginx configuration, or (b) in apache configuration or (c) in vbulletin configuration would help.
Thanks in advance!
The problem is that vBulletin running on apache detects the HTTP protocol, not HTTPS. But, you can change vbulletin settings in the admin panel in the following way:
Forum URL to 'https://your-site.name'
Always use Forum URL as Base Path to 'yes'