apache,ssl,amazon-web-services,amazon-ec2 , Enabling SSL on an AWS EC2 instance

Enabling SSL on an AWS EC2 instance


Tag: apache,ssl,amazon-web-services,amazon-ec2

On an EC2 instance that services multiple domains via Virtual Hosts, I have set up a Load Balancer that forwards HTTPS traffic from port :443 to :8443 for one of the domains, in part following this example: http://elwoodicious.com/2009/12/23/using-elb-to-serve-multiple-domains-over-ssl-on-ec2-for-giggles/

My working httpd.conf Virtual Hosts look like this:

NameVirtualHost *:80
<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot /var/www/domain.om
    ServerName domain.com
    ServerAlias *.domain.com
    ErrorLog logs/domain.com-error_log
    CustomLog logs/domain.com-access_log common

# more VirtualHosts on *:80 here

Now, as soon as I add a new virtual host for the same domain.com, like so,

<VirtualHost _default_:8443>
    ServerAdmin [email protected]
    DocumentRoot /var/www/domain.om
    ServerName domain.com
    ServerAlias *.domain.com
    SSLEngine On
    RequestHeader set X_FORWARDED_PROTO 'https'
    ErrorLog logs/domain.com-https-error_log
    CustomLog logs/domain.com-https-access_log common

...Apache fails to restart. There are no error notices - it just says [FAILED].

The only clue I have: even when I remove all *:80 Virtual Hosts and only leave a single one for port *:8443, Apache fails... even when setting NameVirtualHost *:8443.

Could this mean it's an EC2 directive of some sort that only allows Virtual Hosts on port 80?

Thanks for any help!

---------------- Edit: add error log

var/log/httpd/error_log contains this:

[Tue Jun 09 16:52:37 2015] [notice] caught SIGTERM, shutting down
[Tue Jun 09 16:52:37 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jun 09 16:53:13 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jun 09 16:53:47 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jun 09 16:53:47 2015] [notice] Digest: generating secret for digest authentication ...
[Tue Jun 09 16:53:47 2015] [notice] Digest: done
[Tue Jun 09 16:53:47 2015] [notice] Apache/2.2.29 (Unix) DAV/2 PHP/5.3.29 mod_ssl/2.2.29 OpenSSL/1.0.1k-fips configured -- resuming normal operations

var/log/httpd/ssl_error_log contains this:

[Tue Jun 09 16:53:47 2015] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Jun 09 16:53:47 2015] [warn] RSA server certificate CommonName (CN) `ip-xx-xx-xx-xx' does NOT match server name!?

And finally, var/log/httpd/domain.com-https-error_log looks like this:

[Tue Jun 09 16:53:13 2015] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] (/etc/httpd/conf/httpd.conf:1026)

On line 1026 of httpd.conf is <VirtualHost _default_:8043>. I've uploaded the self-signed OpenSSL certificate I created on my local computer using the aws cli, and I attached it to the Load Balancer for HTTPS traffic.

The CNAME record for the domain points to the ELB DNS Name as well. Not sure what I missed.


Great. The error messages helped. You're missing two lines:

SSLCertificateFile /directory/to/file.crt
SSLCertificateKeyFile /directory/to//file.key

Here's a howto on configuring SSL on Apache.


PHP script doesn't execute on Apache server

I have a very simple PHP script on a remote Apache web server. On my PC, it functions perfectly fine with php web server running but nothing appears to be executing in the web server and there appears to be no errors. I have a good suspicion that this is...

How to rewrite example.com/catelogue.php?page=3&cat1=fruit&cat2=apple with .htaccess

Can anyone help me with .htaccess rewrite url, I am new to it and stuck with this below problem i have this urls http://example.com/catelogue.php?page=3 http://example.com/catelogue.php?page=3&cat1=fruit&cat2=apple and i want this to be http://example.com/catelogue http://example.com/catelogue/fruit/apple Below is my .htaccess file, but here the problem is I have achieved this (example.com/catelogue/fruit/apple) but I...

htaccess errors after upgrading Apache from 2.2 to 2.4

I use 3 hosting for my websites, all of them have the same rules in htaccess. One of the hosting was upgraded from Apache 2.2 to 2.4 and now I am getting errors spam and I don't know how to fix it without lossing the rule. [Mon Jun 15 19:38:33.189697...

What exactly IS Kafka Rebalancing?

I am a new user to Kafka and have been playing around with it for about 2-3 weeks now. I believe at the moment I have a good understand of how Kafka works for the most part, but after attempting to play around with and design my own Kafka consumer...

How can i get Certificate issuer information in python?

I want the 'issued to' information from certificate in python. I try to use the SSL and SSLSocket library but did not happen. ...

Apache - finding configuration file path

I have to migrate another apache instance from 2.2 to 2.4 but I have one problem. In Apache monitor I see multiple services running but I don't really know where apache .conf files are stored. In previous migrations from 2.2 to 2.4 I had them somewhere within conf folder. Apache...

Redirection loop (URL rewriting)

I'm trying to rewrite my website URLs. I have: http:// website.com/v2/message.php?ID2=123 I want: http:// website.com/v2/message-123.php I tried something in my htaccess but I've a redirection loop :'( Here is my .htaccess: RewriteCond %{QUERY_STRING} ^ID2=([0-9]+)$ RewriteRule message.php? http://website.com/v2/message-%1.php? [L,R=301] Can someone help me with this?...

Unable to increase PHP Memory Limit

I am running into an issue with a project I am working with on my localhost, where I am unable to increase the PHP memory_limit setting. I've tried increasing it directly in the php.ini config: memory_limit = 1024M I've tried increasing it in the projects .htaccess file: php_value memory_limit 1024M...

How to make a website work only with https [duplicate]

This question already has an answer here: How to force HTTPS using a web.config file 3 answers How do I make a website to work only with https? Is there any method to make my website work only if the protocol is https? For example let me say http://www.mywebsite.com,...

Remove plus sign from url using .htaccess

My current url is: http://localhost/mywbsite/search/one+piece/149 I want to change link to like this http://localhost/mywbsite/search/one-piece/149 I have already .htaccess file with this code Options -MultiViews RewriteEngine On RewriteBase /indianrealitybytes/ RewriteCond %{THE_REQUEST} /search_advance\.php\?keywords=([^&]+)&f=([^\s&]+) [NC] RewriteRule ^ search/%1/%2? [R=301,L] RewriteRule ^search/([^/]+)/([^/]+)/?$ search_advance.php?keywords=$1&f=$2 [QSA,L,NC] I don't know where to change to remove plus(+) sign...

serving GAE applications over http

I have implemented an application on GAE which can be accessible through https://<my_app_id>.appspot.com. Now I have a custom domain registered with Register.com. As described in GAE documentation I have mapped my custom domain to https://<my_app_id>.appspot.com and I see my application getting served from my custom domain. But I see requests...

Trouble Understanding URL Rewrite to Proxy to Another Server

I am sorry if this is really simple and I am not paying attention. I need to redirect a url query ({digit string}) to be processed by another server ({digit string}). So far I've failed to do this correctly (this is my latest attempt): RewriteCond %{REQUEST_URI} ^/abc/ [NC] RewriteCond %{QUERY_STRING}...

How does DNS server know the IP address of an SSL's URL?

The SSL/TLS (https) protocol encrypts both of the web page url and its content. So I'm wondering how could the DNS server know the ip address of the requested url if it is encrypted? Any documented reference or idea?

Multiple subdomains to same address

I want to redirect multiple subdomain to same address. Let's say I want www.sitename.com and sitename.com to redirect same address. Do I have to say; <VirtualHost www.sitename.com:81> . . . </VirtualHost> <VirtualHost sitename.com:81> . . . </VirtualHost> or is there a simple solution....

Htaccess rewrite URL with virtual directory and 2 variables

its my URL... result.php?team=arsenal&player=ospina I want to like this mysite.com/virtualdirectory/arsenal/ospina.html I tried this code.. cant work.. Not Found RewriteRule ^(.*)/(.*)/(.*).html$ result.php?team=$2&player=$3 [L] The requested URL /subfolder/arsenal/ospina.html was not found on this server. Apache/2.2.8 (Win32) PHP/5.2.6 Server at localhost Port 80 Thanks for helps, Best regards!!...

ArgumentError - unknown SSL method `TLSv1_2'

I am trying to move my AWS integration over TLS instead of SSLv3, but I'm receiving an error when trying to set the config.fog_credentials as another SO post has suggested, but I am receiving the ArgumentError above (unknown SSL method 'TLSv1_2'. I am open to a different solution to move...

Wildfly mysql with SSL

I have a web app using a mysql database as its data store. It is currently running in Glassfish and talking to that mysql database with SSL. I am thinking about migrating to Wildfly but I can't seem to create a Wildfly datasource that will talk to the mysql database...

Rewrite url not working in htaccess

I have website. I just want to rewrite url using .htaccess Here is the code which I want to rewrite: RewriteEngine On RewriteBase / RewriteCond %{QUERY_STRING} /search_data.php\?keywords=([^&]+)&f=([^\s&]+) [NC] RewriteRule ^/search_data.php/?$ /search/%1/%2? [R=301,L,NC] this the current url http://localhost/mywbsite/search_data.php?keywords=one+piece&f=149 I want to convert this to this http://localhost/mywbsite/search/one-piece/149 I tried above code but...

Now that SSLSocketFactory is deprecated on Android, what would be the best way to handle Client Certificate Authentication?

I am working on an Android app that requires Client Certificate Authentication (with PKCS 12 files). Following the deprecation of all that's apache.http.*, we have started a pretty big work of refactoring on our network layer, and we have decided to go with OkHttp as a replacement, and so far...

How to set default virtual server (sites-available) in Apache?

I have 2 sites at my linode VPS. I configured ourdomain.com and mydomain.com in sites-available directory (/etc/apache2/sites-available/ourdomain.com.conf // mydomain.com.conf) and activated and restarted Apache. There is a way to specify ourdomain.com as the main/default site? Because when I access through the ip, Apache shows mydomain.com :(...

ssl certificate with and without www

I have a website that installed a ssl certificate for the name of www.example.com. It works fine for https://www.example.com. But it doesn't work for https://example.com. The browser gave me Error code: ssl_error_bad_cert_domain. I am using Apache 2. I tried to rewrite the url to add www in httpd-ssl.conf, see the...

Django file upload took forever with Phusion Passenger

I have a Django app deployed using Passenger (I did not choose mod_wsgi because mod_passenger is already there and being used). When I uploaded an MP3 file (900 kB), Google Chrome displays upload % which reached 100% pretty fast but then it took forever for the resulting page. The database...

Rails, DNSimple, Heroku and SSL - do I need a certificate?

So I'm currently deploying my app via Heroku. I noticed that in my-app-name.herokuapp.com has HTTPS, so if I do config.force_ssl = true in my environments/production.rb it seems like I have wildcare SSL, right? Now I'm using DNSimple to get my actual name - call it my-app-name.com. Which currently resolves to...

SSL/TLS: Why will the server be the only one to be able to decrypt the encrypted number if it's a public key?

Wouldn't anyone else be able to decrypt it too using the public key? Or is it saying that it will be decrypted with a private key. If that's the case how could something be encrypted with one key and decrypted with another? This is in reference to this wikipedia article....

Codeigniter URL routing issues in .htaccess

Before you mark it as duplicate FIY I have tried all solutions I could find on SO. The url is www.deltadigital.ca config file (if I use $config['base_url'] = 'http://www.deltadigital.ca' - it doesnt work at all) //$config['base_url'] = 'http://www.deltadigital.ca'; $root=(isset($_SERVER['HTTPS']) ? "https://" : "http://").$_SERVER['HTTP_HOST']; $root.= str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']); $config['base_url'] = $root;...

Subject Alternative Name not present in certificate

I have generated a CSR that includes the field subject alt names: openssl req -out mycsr.pem -new -key mykey.pem -days 365 When I inspect this it looks as expected with a new field present: X509v3 Subject Alternative Name: DNS: my.alt.dns However when I use this to sign a certificate that...

How to create a private certificate for connecting to a website

My apologies if this is a duplicate, I may just not be using the correct terminology in my queries to find what I am looking for. I have a vendor that sent me a certificate to install in my browser so that we can access their website. We cannot get...

Apache Regex How To Get This Value

I have a URI like this: http://example.com/demo/makemoney?matchtype=chancee&network=agagag&ifmobile=1&placement=nyc&adposition=111&copy=25&pid=123&zid=231&mid=234&cid=342&param1=zaleemm&param2=vatansvr I want to get makemoney and after "?" character values. In my .htaccess file write this rule: RewriteRule ^demo/(.*)?(.*)$ demo.php?utm_campaign=$1&$2 [L,NC] But only utm_campaign I get in $_GET super globals. What's true regex?...

Exporting Data from Cassandra to CSV file

Table Name : Product uid | productcount | term | timestamp 304ad5ac-4b6d-4025-b4ea-8b7991a3fe72 | 26 | dress | 1433110980000 6097e226-35b5-4f71-b158-a1fe39a430c1 | 0 | #751104 | 1433861040000 Command : COPY product (uid, productcount, term, timestamp) TO 'temp.csv'; Error: Improper COPY command. Am I missing something? ...

NPM Error: self signed certificate in certificate chain

I am following the Angular 2 quick start guide and I'm stuck right at the beginning of it. My company is filtering our network connections and modifying SSL negociation. In a man in the middle style they assign a self signed certificate as the CA of the destination's certificate. Therefore...

Wildcard SSL - Which to chose and what is the key differences?

I have been left in confusion for quite some time in deciding which CA should i approach to obtain a SSL certificate. Much comparison has been made from different CA but I do not see what is the key differences that sets each other apart except the price they offer....

What are correct permissions for Linux Apache2 PHP 5.3 log file?

I discovered the reason why I was not getting entries into my php_errors.log file related to permissions. Right now, I have set it to 666 (rw-rw-rw-) but surely this is a security weakness? Thus, my question. php.ini file: error_log /var/log/httpd/php_errors.log log_errors On # ls -ld /var/log /var/log/httpd /var/log/httpd/php_errors.log drwxr-xr-x 6...

deploy django under apache mod_wsgi waiting for localhost

I am deploying a Django project on Apache. and after configuration, I open the "localhost" in the browser, and nothing showed up and the status bar just keep saying "Waiting for localhost". Here is some info. Environment: OS: ubuntu Python: 2.7.3 Django: 1.8.2 Apache: 2.2.21 Django project: /var/www/ocr_service Apache virtualhost:...

Apache httpd connection refused during stress test using jmeter

Now, I do stress test using jemter in windows(jmeter.bat). Number of Threads = 100 Ramp-up period = 0 Loop count = 1000 But raise connection refused error in jmeter, after 20~30 seconds. I can not find connection refused error in /usr/local/apache/logs/error.log or /usr/local/apache/logs/access.log. Test is HTTP GET, index.html("It's works") Apache...

How do you unblock the 993 port if your firewall settings is blocking it?

I am trying to retrieve my emails from Gmail using php. for writing the host name, this is my code: $hostname = '{imap.gmail.com:993/imap/ssl}INBOX'; I am getting this error: Warning: imap_open(): Couldn't open stream {imap.gmail.com:993/imap/ssl}INBOX in /home1/mtc/public_html/mtcerp/emailparser/email.php on line 10 Cannot connect to Gmail: Can not authenticate to IMAP server: [CLOSED]...

Pattern matching in htaccess rewrite condition

I have a rewrite condition in an .htaccess file which is used to 'not' force specific URLs to use a HTTPS connection but it's matching erroneously on other URLs at present, here's the rewrite rule... RewriteCond %{HTTPS} off RewriteCond !/go/ [NC] RewriteCond %{HTTP_HOST} ^app\.ihasco\.co\.uk [NC] RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] And...

Allow space and other special characters in htaccess url rewrite

Hi everyone i have this URL: orderprod_cntr/147/ok2%20-%20val1%20val2%20val3%20val4 When ever i open this URL i get 404 error. The htaccess rule that i am using at present is: RewriteRule orderprod_cntr/([-\w]+)/([-\w]+)/?$ controller/orderprod_cntr.php?id1=$1&id2=$2 [L] The error is occurring due to %20 in the URL, without it works fine. Please tell me the correct...

mod_rewrite - force redirecting to rewritten URL

I have following URL [1]: www.domain.com/?search=somequery which i want to redirect to [2] www.domain.com/search/somequery I am using following code in my .htaccess: Options +FollowSymLinks -MultiViews RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^search/(.*)$ /?search=$1 [L] Code above works kind of fine since server understands both URLs:...

How to enable mod_rewrite on Apache 2.4?

I'm using Wordpress and wanted to enable pretty urls feature, but they don't work, i'm thinking that it's because of mod_rewrite, but i don't know how to enable it on Apache 2.4 under CentOS 7... I've already try this: grep -i LoadModule /etc/httpd/conf/httpd.conf | grep rewrite but nothing... Also would...

Best way to block countries [on hold]

I was requested to prevent access to a website. There are two ways I know I can choose - 1. At apache level (a tool like this: http://www.ip2location.com/blockvisitorsbycountry.aspx) which generates a long htaccess file with list of IP ranges. The other way I know of is using PHP (be it...

How to disable common name check in SSLContext in java?

I am using SSLContext so set up Jersey client, and need to disable the common name check in order to avoid unnecessary issues. However, I can find no documentation as to how we can do it correctly. So is the common name check disabled by default in SSLContext (assuming using...

Make dynamic links (with ?) return error 404 not found

Using .htaccess (are there any other solutions?) is there a way to make all dynamic links (links containing the sign ?) of a site return a 404 not found response header? For example: http://www.example.com/?bla_bla - will return 404 http://www.example.com/test/index.html?no_redirect=true - will return 404...

mod-rewrite to remove a folder

I have the following URL http://www.example.com/folder1/folder2/file.php I want to redirect it to http://www.example.com/demo/folder1/file.php I tried this, but it does not work: RewriteCond %{HTTP_HOST} www.example.com RewriteCond %{REQUEST_URI} ^folder RewriteRule /demo/folder(.*) /folder1/folder2/$1 ...

Starting a tls communication with python asyncio

I have some python code snippet that uses asyncio and initiates a "plain" connection: loop = asyncio.get_event_loop() coro = loop.create_connection(lambda: MyCustomClassProtocol(loop), sock=client_socket) loop.run_until_complete(coro) The point is my plain connection switches to a tls one once some exchanges have happened. In the traditional way one would do this: ssl_sock = ssl.wrap_socket(client_socket,...

Rewrite non-dynamic pages using htaccess

I've been banging my head since many hours on this and I am unable to come up with a solution. What I need to get done. domain.com/page.php => domain.com/page/ domain.com/category1-name1.php => domain.com/category1/name1/ domain.com/category2-name1.php => domain.com/category2/name1/ Details: I have couple of files with the following names & I want them to...

.htaccess Mod_Rewrite inconsistent

Here is my .htaccess file: RewriteEngine On #Working rules: RewriteRule ^privacy$ privacy.php [L] RewriteRule ^terms$ terms.php [L] RewriteRule ^team$ team.php [L] RewriteRule ^candidates$ candidates.php [L] RewriteRule ^clients$ clients.php [L] #Not working rules: RewriteRule ^article/([^/]*).*$ article.php?id=$1 [L] RewriteRule ^job/([^/]*).*$ job.php?id=$1 [L] RewriteRule ^contact/([^/]*).*$ contact.php?location=$1 [L] The top rules are all working...

Disable direct access to application via Tomcat

I have a small local (internal to organisation) browser application running on Tomcat. I have inherited an application (also for internal organisation use only) running under PHP server which I have been asked to get running on the same box. I decided the best thing was to get both Tomcat...

Virtual host returns the default host on another pc

Hello I am trying to set up an apache server on a PC.(PC A) I created the folder /var/www/test. In this folder I have my index.html. I created a conf file test.conf in the /etc/apache2/sites-available folder with the following entries: <VirtualHost www.test.tld:80> ServerName www.test.tld DocumentRoot /var/www/test ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log...