All geek questions in one place

VHost subdomain with EC2 / Route53

I am currently trying to configure a new subdomain via route53 and ec2, but I get timeout errors whenever I try to access it through my browser. The Amazon Security Group is configured to allow all traffic through port 80.

I wrote the following vhosts file and saved it under sites available as "new.mysite.com.conf":

<VirtualHost *:80> ServerName new.mysite.com RewriteEngine On #RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] DocumentRoot /var/www/newmysite <Directory /var/www/newmysite> DirectoryIndex index.php AllowOverride All </Directory> </VirtualHost>

I have included this launch;

 a2ensite new.mysite.com.conf service apache2 reload

Finally, under route53, I configured a new A record, set a non-alias, and pointed to the public IP address of the EC2 server, as indicated in my running instances.

I made sure that the test page is available in the var / www / newmysite / index.php file and also backs up var / www / newmysite / index.html for access.

The subdomain itself gives a timeout. Clicking on the public IP address of the server gives apache2 the default "it works!" page

Anyone have any ideas on what I can do wrong here?

+5
source share
2 answers

There is a redirect rule from HTTP to HTTPS

 RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

I think when you click new.mysite.com , it redirects to HTTPs https://new.mysite.com , since there is no VirtualHost with SSL support (443) and there is no listener on 443, the connection is denied.

Try disabling the redirection rule, or you can try using a self-signed certificate or configure ELB to use the ACM certificate and specify the Route53 domain for ELB.

 curl -v -L http://new.mysite.com * Rebuilt URL to: http://new.mysite.com/ * Trying 10.116.131.69... * Connected to new.mysite.com (10.116.131.69) port 80 (#0) > GET / HTTP/1.1 > Host: new.mysite.com > User-Agent: curl/7.43.0 > Accept: */* > < HTTP/1.1 301 Moved Permanently * Issue another request to this URL: 'https://new.mysite.com/' * Found bundle for host new.mysite.com: 0x7ff7a3c0fbc0 * Trying 10.116.131.69... * connect to 10.116.131.69 port 443 failed: Connection refused * Failed to connect to new.mysite.com port 443: Connection refused * Closing connection 1 curl: (7) Failed to connect to new.mysite.com port 443: Connection refused
+4
source

As in the previous answer, there is SSL forwarding. SSL uses port 443 , which is not displayed in your security group.

  • Modify the security group to allow all traffic through port 443 . This allows you to access the website through https
  • Install and configure an SSL certificate for a domain. You can install a free certificate with Let Encrypt. Follow these steps:
    • Install Certbot, a bot that automatically renews your certificate up to a 90-day expiration date.
      • $ sudo add-apt-repository ppa:certbot/certbot
      • $ sudo apt-get update
      • sudo apt-get install python-certbot-apache
    • Configure a new certficate for your subdomain
      • sudo certbot --apache -d new.mysite.com

Your site should now be up and running on https.

ps. when writing this answer, I noticed that you disabled http https redirection, you might want to enable it after enabling https on the website. This ensures the security of all posts on your website.

+1
source

Source: https://habr.com/ru/post/1275765/

More articles:


All Articles