I am enabling SSL certificate on my apache linux ecc2 instance.
But when i m adding the following lines
NameVirtualHost *:443
<VirtualHost *:443>
ServerName www.example.com
# other configurations
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/mydomain.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mydomain.key
</VirtualHost>
apache restart is failing.
but when i change in port in above lines to 80.apache starts working.Although i have enabled the port 443 on ec2 admin panel.
I dont know whats the issue.
I have got four certificates from comodo ssl organisation.Out of them i have used only mydomain.crt.Others are intermediate certificates.Do i need to use them as well?
Ensure you have the apache SSL module installed. You can check if it's installed by running:
apachectl -t -D DUMP_MODULES | grep ssl
If it's not running, try this (assuming standard Amazon Linux AMI):
sudo yum install -y mod_ssl
or if you're using apache 2.4
sudo yum install -y mod24_ssl
Related
I have a node app, it runs great in VS Code, and I can launch it using the script command from the terminal window.
It's just a utility I'd like running in the background on my dev machine. It watches for keystrokes and sets my busy / idle indicator to other apps. It uses iohook if you're curious, to do this.
How can I deploy it to just be running in the background (all the time, including at startup)? I'm going to deploy it as a web server so I don't have to mess with linux services.
I already have apache and nginx and all that other web server stuff installed from the numerous tutorials I've done, but I don't know how to deploy to any of them.
I tried this:
https://plainenglish.io/blog/deploying-a-localhost-server-with-node-js-and-express-js
but that only enables launching from vs code or command line, it's not a real "server" that runs all the time, doesn't require a terminal window and starts on system startup.
I need this running from apache or nginx or something like that.
https://www.ionos.com/digitalguide/websites/web-development/nodejs-for-a-website-with-apache-on-ubuntu/
I tried:
To access the Node.js script from the web, install the Apache modules proxy and proxy_http with the commands:
sudo a2enmod proxy
sudo a2enmod proxy_http
Once the installation is complete, restart Apache for the changes to take effect:
sudo service apache2 restart
[Linux Mint] Running a web app on local machine
First website
[Terminal] Install node.js: sudo apt-get install nodejs
[Terminal] Install apache: sudo apt-get install apache2
[Terminal] Install PM: sudo npm install -g pm2
[Terminal] start apache: sudo systemctl status apache2
[Browser] test apache: localhost
[Terminal] Go to your web root. It can be wherever you like: cd /home/homer-simpson/websites
[Nemo][root] Create app folder: /home/homer-simpson/websites/hello-app
[Nemo][root] Create node.js hello world file: /var/www/html/hello-app/hello.js
[Terminal] Make hello.js executable: sudo chmod 755 hello.js
[xed][root] Create node.js app in this file: See hello.js listing
[Terminal] Run from terminal as test: node hello.js
[Browser] Test web site: http://localhost:4567/
Shut down node app CTRL+C
Start up app in PM: sudo pm2 start hello.js
[Terminal][root] Add PM to startup scripts: sudo pm2 startup systemd
[Terminal][root] Save PM apps: pm2 save
[Terminal] enable apache modules: sudo a2enmod proxy && sudo a2enmod proxy_http && sudo service apache2 restart
[Nemo][root] Open as root apache config: /etc/apache2/sites-available/000-default.conf
[xed][root] add / replace config for your website: See 000-default.conf listing
[Terminal] restart apache: sudo systemctl restart apache2
[Browser] test the website: http://localhost/hello-app
Hello World!
Subsequent websites:
[Nemo][root] Create new app folder under your website root: /home/homer-simpson/websites/another-app
[Nemo][root] Copy scripts into there and make executable
[Terminal] Start up app in PM: sudo pm2 start another-app.js
[Terminal][root] Save PM config: pm2 save
[Terminal][root] Add new website to apache config under a new Location tag with the port number of the new app (must be unique): sudo xed /etc/apache2/sites-available/000-default.conf
[Terminal] restart apache: sudo systemctl restart apache2
View it over the LAN:
[Firewall] Set to "Home" profile. Incoming deny, outgoing allow, enabled
[Firewall] Add a rule, simple tab, port 80, name "Apache"
[Terminal] Get your hostname: hostname
[Terminal][root] Change your machine name to something cool: hostname tazerface
[xed][root] Change the host name in /etc/hosts
[xed][root] Change the host name in /etc/hostname
Reboot tazerface. <= that's your machine name now. Omg that's such a cool name.
Make sure pm2 started automatically and has your apps listed as "online": pm2 list
[phone][browser] Test your website: http://tazerface/hello-app
If it doesn't work, make sure tazerface isn't using a wifi provided by a network repeater. It needs to be on the same wifi network as the phone (but can be on either the 5GHz or 2.4GHz variant)
Add free ssl certificate:
[Terminal] Add ssl module: sudo a2enmod ssl
[Firewall] Add a rule, simple tab, port 443, name "Apache ssl"
[Terminal] create self signed free certificate: sudo openssl req -x509 -nodes -days 999999 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
[Terminal] Leave all answers default (by hitting enter) except common name, enter tazerface
[Terminal] Test certificate: openssl verify apache-selfsigned.crt
[Terminal] Replace contents on .conf with ssl .conf listing below: sudo xed /etc/apache2/sites-available/000-default.conf
[Terminal] Restart Apache: sudo systemctl restart apache2
[phone][browser] Test your website: https://tazerface/hello-app
hello.js
var http = require('http');
//create a server object:
const port = 4567
http.createServer(function (req, res) {
res.write('Hello World!'); //write a response to the client
res.end(); //end the response
}).listen(port); //the server object listens on port 4567
// Console will print the message
console.log(`Server running at ${port}`);
000-default.conf (no ssl)
<VirtualHost *:80>
ServerName example.com
<Directory /var/www/>
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
ProxyRequests Off
ProxyPreserveHost On
ProxyVia Full
<Proxy *>
Require all granted
</Proxy>
<Location /hello-app>
ProxyPass http://127.0.0.1:4567
ProxyPassReverse http://127.0.0.1:4567
</Location>
</VirtualHost>
000-default.conf (ssl)
# The only thing in the firewall that needs to be open is 80/443
<VirtualHost *:80>
Redirect / https://tazerface/
</VirtualHost>
<VirtualHost *:443>
ServerName tazerface
<Directory /var/www/>
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
ProxyRequests Off
ProxyPreserveHost On
ProxyVia Full
<Proxy *>
Require all granted
</Proxy>
<Location /hello-app>
ProxyPass http://127.0.0.1:4567
ProxyPassReverse http://127.0.0.1:4567
</Location>
</VirtualHost>
I have to tomcat servers running in my server. And I wanted to do a virtual host routing. So initially I tried it with one tomcat which is running in 8081 port and ajp port enabled to 8011 in the tomcat server.xml file
My conf file in the /etc/apache2/sites-available/mydomain_name.com.conf looks likes this
<VirtualHost *:80>
ProxyRequests off
ProxyPreserveHost On
ServerName mydomain_name.com
ServerAdmin ubuntu#mydomain_name.com
ProxyPass / ajp://localhost:8011/
ProxyPassReverse / ajp://localhost:8011/
</VirtualHost>
Then I did
sudo a2ensite mydomain_name.com.conf
sudo service apache reload
Every thing went find, no issues. And I also ensured the port 8011 is listening.
But when I try to access the server from my personal laptop, the request is blocked by Google chrome.
I have enabled these configurations in the server too.
sudo a2enmod proxy
sudo a2enmod proxy_ajp
sudo a2enmod proxy_http
sudo service apache2 restar
Have anyone has came across this issue ? Shedding some light would be really helpful. Because I have done some thing similar 1 year back, then this issue did not occur, and I'm only trying to direct it to the tomcat home page. Which is a bare minimal page.
After several frustrating hours found the issue. Hope this might help if any one came across this same issue.
Although the port 80 was opened via the aws management console security groups, internally the ports were firewall protected by the ip tables. So by removing the ip-tables entry for the port 80 I was able to make the virtual host work.
I have a problem about how to deploy https server in docker. It failed to access the content due to SSL error. And then I did an experiment to test SSL function in docker container. The experiment is to listen on a port (tls), and if a connection comes then send back the content of a file.
My Dockerfile is like:
FROM ruanhao/centos-dev
EXPOSE 8443
COPY banner .
COPY server.crt.pem .
COPY server.key.pem .
CMD socat -U openssl-listen:8443,reuseaddr,cert=server.crt.pem,key=server.key.pem,verify=0,fork open:banner
And I run the docker as docker run -d -p 8443:8443 --name tls -it ruanhao/socat-tls
Then I used curl to get the content. curl -k -v -L https://192.168.99.100:8443, but it failed:
* Rebuilt URL to: https://192.168.99.100:8443/
* Trying 192.168.99.100...
* Connected to 192.168.99.100 (192.168.99.100) port 8443 (#0)
* Unknown SSL protocol error in connection to 192.168.99.100:-9850
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to 192.168.99.100:-9850
I don't know why it is like this. Is there something I do not know about the usage of TLS in docker? Do you know how to fix it? Thank you.
Dockerfile
ADD ./apache.conf /etc/apache2/sites-enabled/000-default.conf
ADD ./ssl/ /ssl/
RUN a2enmod ssl
CMD service apache2 start
ssl folder contains server.key & server.key files.
apache
<virtualHost _default_:443>
DocumentRoot "/var/www/"
SSLEngine on
SSLCertificateFile /ssl/server.crt
SSLCertificateKeyFile /ssl/server.key
</VirtualHost>
i am try to make my pic.localhost virtual host accessible to public network(all of the internet)
now the problem is that it works only on the same machine in address pic.localhost but its not accessible even by lan network, only by the machine who runs it. what should i do?
i add and edited this files to make my pictures sub domain site:
1 - i included the httpd-vhosts file in my httpd.conf file.
2 - i added to httpd-vhosts file this lines:
<VirtualHost *:80>
ServerAdmin admin#domain
DocumentRoot "/opt/lampp/htdocs/"
ServerName pic.localhost
# ServerAlias www.pic.localhost
ErrorLog "logs/picture-error_log"
CustomLog "logs/picture-access_log" common
</VirtualHost>
3 - i added this line to /etc/hosts
127.0.0.1 pic.localhost
4 - i restarted the xampp server
i am running xampp 5.6.8 on Centos 7 machine.
Centos 7 has a firewall that by default blocks some ports (including port 80).
in the comand line, with sudo privileges try..
service firewalld stop
then in the terminal see you CENTOS LAN IP (ifconfig) and try to access that ip (ex 192.168.1.100).
if you are able to access the web-server. then try from another machine and in the browser tipe http://centos-lan-ip where centos-lan-ip is your centos machine IP.
Hope this works
I just installed pump.io on my server (CentOS 6.5, x64), and I also have a Ghost blog (blog.mydomain.example) hosted on my server, which is behind Apache. The home page of my site is a static html page.
Now the problem is: when I visit social.mydomain.example, I'll be redirected to my blog (the URL is still social.mydomain.example). I can only visit pump.io by entering social.mydomain.example:31337 and the user link would be something like social.mydomain.example:31337/test. How can I make the port number disappear in the URL and visit pump.io via social.mydomain.example? Thanks!
Here are some configurations on my server:
Apache host settings:
<VirtualHost *:80>
ServerName blog.mydomain.example
ProxyPreserveHost on
ProxyPass / http://127.0.0.1:2368/
</VirtualHost>
<VirtualHost *:80>
ServerName mydomain.example
ServerAlias www.mydomain.example
ProxyRequests off
DocumentRoot /var/www/html
</VirtualHost>
How I installed pump.io
cd /usr/bin/nodejs/
git clone https://github.com/e14n/pump.io.git
cd pump.io
npm install
cd pump.io/node_modules/databank
npm install databank-mongodb
cd /usr/bin/nodejs/pump.io/bin
forever start pump
My pump.io configuration
cat /etc/pump.io.json
{
"driver": "mongodb",
"params": {"host": "localhost"},
"secret": "pumpiol",
"noweb": false,
"port": 31337,
"site": "social.mydomain.example",
"owner": "NetAdmin",
"ownerURL": "http://mydomain.example",
"hostname": "social.mydomain.example",
"nologger": false,
"serverUser": "pumpio",
"uploaddir": "/var/local/pump.io/uploads",
"debugClient": false,
"firehose": "ofirehose.example"
}
My iptables configuration
-A INPUT -m state --state NEW -m tcp -p tcp --dport 31337 -j ACCEPT
My DNS zone file:
A (Host)
Host Points To
# M.Y.I.P
CName (Alias)
Host Points To
blog #
social #
www #
OK since I got the badge of Tumbleweed, I'm encouraged to provide an answer.
For those like me who want a self-own microblogging service along with a blog, a home page (multiple sub-domains with one host server), while don't want the port number shown in the url, I recommend storytlr. It meet all my needs and it has been easily installed on a CentOS server (mine is 6.5, x64). The latest stable release is 1.20. Simple and direct.
What you're doing is running pump.io behind a web server. The simplest and recommended installation is to run pump.io standalone, if you have the extra IP address for it.
The other common way of running pump.io is to put it behind nginx. Apache is not as well suited to this kind of reverse proxying/websockets work. Many of us have started out trying pump.io behind Apache and switched to nginx because it's easier to configure and troubleshoot.
See http://jrobb.org/moving-my-pump-home.html or http://sjoberg.fi/blog/pumpio.html for examples.