I am currently SSH'd into my AWS VM IP address on Ubuntu.
I've installed the Apache SSL module, copied my server certificate and private key to /etc/pki/tls/certs and /etc/pki/tls/private. Changed the configuration within /etc/httpd/conf.d/ssl.conf so that it would be listening for port 4443.
From here, I need to change the document root to something different than my nginx HTTP site or else both HTTPS and HTTP will point to the same content.
I was told to use independent directory trees but unsure how to set it up.
I attempted by going to /etc/httpd/conf/httpd.conf and changed the document root to a directory I setup to separate them within /etc/ but still gives me the same message when trying to access the website as shown in the screenshot.
url of test page HTTPS
test page HTTPS
Does your site show up if you add the port? For example, https://yoursite.com:4443. Port 4443 isn't the default https port (that's 443), so you'll need to reference it explicitly.
You might want to, instead, consider using an ALB in front of the EC2 instance and terminate SSL there, leaving the httpd/nginx server on the EC2 instance only running on port 80 (default). This offloads the SSL handling to the load balancer and also enables you to do things like rolling upgrades to a new EC2 instance instead of keeping a "pet" web server.
Related
What I'm trying to do is create an access website for my own services that run on my linux server at home.
The services I'm using are accessible through <my_domain>:<respective_port_num>.
For example there's a plex instance which is listening on port X and transmission-remote (a torrenting client) listening on port Y and another custom processing service on port Z
I've created a simple website using python flask which I can access remotely which redirects paths to ports (so <my_domain>/plex turns into <my_domain>:X), is there a way to display these services on the network paths I've assigned to them so I don't need to open ports for each service? I want to be able to channel an existing service on :X to <my_domain>/plex without having to modify it, I'm sure it's possible.
I have a bit of a hard time to understand your question.
You certainly can use e.g. nginx as a reverse proxy in front of your web application, listen to any port and then redirect it to the upstream application on any port - e.g. your Flask application.
Let's say, my domain is example.com.
I then can configure e.g. nginx to listen on port 80 (and 443 for SSL), and then proxy all requests to e.g. port 8000, where Flask is running locally.
Yes, this is called using nginx as a reverse proxy. It is well documented on the internet and even the official docs. Your nginx.conf would have something like:
location /my/flask/app/ {
# Assuming your flask app is at localhost:8000
proxy_pass http://localhost:8000;
}
From user's perspective, they will be connecting to your.nginx.server.com/my/flask/app/. But behind the scenes nginx will actually forward the request to your app, and serve its response back to the user.
You can deploy nginx as a Docker container, I recommend doing this as it will keep the local files and configs separate from your own work and make it easier for you to fiddle with it as you learn. Keep in mind that nginx is only HTTP though. You can't use it to proxy things like SSH or arbitrary protocols (not without a lot of hassle anyway). If the services generate their own URLs, you might also need to configure them to anticipate the nginx redirects.
BTW, usually flask is not served directly to the internet, but instead nginx talks to something like Gunicorn to handle various network related concerns: https://vsupalov.com/what-is-gunicorn/
I have a server EC2 instance running in AWS, behind a load balancer which currently doesn’t really do anything since I only have one instance (eventually, I planned on using it to scale and distribute traffic among multiple instances). I’m using Rt53 to point my domain name to the load balancer.
The webserver on the instance uses node(js) and express to serve the site over port 443 (https) with the proper certificates loaded in for encryption/identity/etc, generated by certbot using Let’s Encrypt.
The load balancer is configured like so:
load balancer general config
load balancer target config
So for both ports the load balancer points to the same server, using HTTPS:443, which I figured would force all connections to be encrypted. However, when I type in my URL as http://mydomain.tld it takes me to the webserver with no indication that it’s an https connection.
How is this happening? My nodejs server’s not set up to do anything over port 80, and I thought the load balancer should route all connections to port 443.
80 is the default port for the World Wide web. If you type in google.com:80, it will send you to google normally, while if you try google.com:81, you will not connect.
If you disable 80 port and somebody type http://abc it will show error the best way is to redirect 80 requests to 443
create a redirection from 80 to 443.
app.use(function(request, response){
if(!request.secure){
response.redirect("https://" + request.headers.host + request.url);
}
});
Generally most web server has multiple binding 80 and 443 both.Since if certificate expires you can use 80.
There are several methods of enabling an Apache redirect http to https:
Enable the redirect in the Virtual Host file for the necessary domain.
Enable it in the . htaccess file (previously created in the web root folder).
Use the mod_rewrite rule in the Virtual Host file.
Use it in the . htaccess file to force HTTPS.
https://developer.ibm.com/technologies/node-js/tutorials/make-https-the-defacto-standard/
So if traffic is being forwarded to the same target group that means the same server port will be used for forwarded traffic from the load balancer (ALB).
Requests get mapped to this from the listener and translated to the port mapping for the target group instead.
Therefore, there are two possible practical scenarios that result from this configuration:
client--[HTTP:80]-->ALB--[HTTPS:443]-->EC2
client--[HTTPS:443]-->ALB--[HTTPS:443]-->EC2
I have one windows server already running sharepoint on 80/443 and the site works correctly.
We're trying to add more functionality by installing NodeJS and Apache
I've set apache to listen on 8080 and the default website comes up.
Node is running on 3000 and I can access the explorer that way as well.
My questions come from this. The server has a complete certificate chain installed on it and https://:8080 comes up correctly, but I can't get the node stuff to work on https: Secondly it appears while I have proxy pass set up correctly within my httpd.conf, either something is wrong within that as if I goto the https://:8080 /api/and anything beyond that, I get 503 errors and the page can't be displayed.
I'm unsure what I'm doing incorrectly here as from reading the documentation on proxy module, it seems that everything is setup and configured correctly.
Netstat shows listening on 3000 and 8080 and 80/443 for my SharePoint farm.
I had to configure the ssl settings for the proxypass to use the IP address of the local machine. After doing that I was able to connect correctly.
This allowed for connecting on :3000 via telnet to the localmachine and allowed for explorer to be viewed with https://:8080 the correct way enforcing our certificates.
I have a server that runs different websites on different ports. All of them (but one) are Apache servers and thanks to webmin, I managed to have, for instance, example.com point to 123.123.123.123:80 and example.fr to 123.123.123.123:8000, somehow automatically
I am now running a nodejs server on the same machine, so the 80, 8000, and many other ports are already taken. My nodejs listens on 8008. I have another domain name, say example.org, and I want it to point to my nodejs website, but I simply don't know how to do that! I have updated the DNS and everything is pointing to 123.123.123.123 (my server's IP). I want to avoid using an ugly example.org:8008/ for everything on this node server. How can I make it point implicitly to the 8008 port?? I must add that I cannot afford to take down the apache servers ;)
DNS only provides name to ip address mapping. It cannot handle ports. What you can do instead is to set up a proxy server listening on port 80. The proxy server can then return data based on the host header.
Your best option is to just redirect the request from Apache. Otherwise you can use a reverse proxy like Nginx. Also, you can write a lightweight proxy in node... check out this page
When using host headers to host multiple websites on the same IP address in IIS, is there any way of accessing that website from a browser running on the local machine?
This is normally required when a given web component only allows configuration from the local machine. It's also useful when things like ASP.Net's built in error handling isn't working and you can only view the error in the browser but don't want to allow remote users to see it.
This has baffled me for a while and everytime I come across it I end up giving up in frustration and reconfigure stuff so I can accomplish such tasks remotely.
Added: #Ishmaeel - modifying hosts doesn't seem to help - you either get a 400 error (if all websites have host headers) or whichever site is configured without a host header.
Just an idea: Mapping the hostname to 127.0.0.1 in the hosts ($WINDOWS$\system32\drivers\etc) file may help. This way you should be able to pull up the local IIS site by typing the hostname as if it's a remote server
Maybe I am not understanding the question, but what's wrong with just typing in the URL for the website? If it's the matter of domain name resolution, you can point to the right DNS or put it in hosts file.
eed3si9n -- if you are trying to access a url locally and you use host headers you cant just type in the url: for example you have 2 websites (website1.com website2.com) on 1 server using host headers. the local ip of the web server is 192.168.1.50 --> if you type in 192.168.1.50 you will get a 'page cannot found'. if you put in the url website1.com or website2.com you will be accessing the sites from the outside (not locally).
so the problem is how to access the sites locally not from the outside -- for example i need this ability so that i can access locally as the test sites are only available locally. not from the outside...
You can try telnetting to the server.
$ telnet localhost 80
(type these lines manually)
GET / HTTP/1.1
Host: www.example.com
(exchange www.example.com for the host name your server is mapped to)
I would assume the only way you can do this is assigning a custom port to the specific website you want to monitor and just access it as "localhost:CustomPort".