0

I am currently SSH'd into my AWS VM IP address on Ubuntu.

I've installed the Apache SSL module, copied my server certificate and private key to /etc/pki/tls/certs and /etc/pki/tls/private. Changed the configuration within /etc/httpd/conf.d/ssl.conf so that it would be listening for port 4443.

From here, I need to change the document root to something different than my nginx HTTP site or else both HTTPS and HTTP will point to the same content.

I was told to use independent directory trees but unsure how to set it up.

I attempted by going to /etc/httpd/conf/httpd.conf and changed the document root to a directory I setup to separate them within /etc/ but still gives me the same message when trying to access the website as shown in the screenshot.

Webpage

URL

url of test page HTTPS

test page HTTPS

Alex Ronde
  • 3
  • 3
  • The address in your browser needs to be `https://SOMETHING:4443/`. Looks like you tried with `http://SOMETHING:4443/` – Nic3500 Nov 18 '21 at 02:43
  • Ahh that loaded a site but it crosses out the HTTPS in the URL as shown in the image and displays it as a HTTP server? Is this what I should be seeing – Alex Ronde Nov 18 '21 at 02:57

1 Answers1

0

Does your site show up if you add the port? For example, https://yoursite.com:4443. Port 4443 isn't the default https port (that's 443), so you'll need to reference it explicitly.

You might want to, instead, consider using an ALB in front of the EC2 instance and terminate SSL there, leaving the httpd/nginx server on the EC2 instance only running on port 80 (default). This offloads the SSL handling to the load balancer and also enables you to do things like rolling upgrades to a new EC2 instance instead of keeping a "pet" web server.

Blastomatic
  • 130
  • 6
  • Yeah it allows me to access now but unsure if I am supposed to be seeing this, I added updated links to what I see in the post – Alex Ronde Nov 18 '21 at 03:04
  • The https in your browser's address bar is crossing out https because you're using a self-signed SSL certificate that hasn't been installed to your local system CA. [There's many ways to handle that](https://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate). The page itself looks like the default for the distro package. You'll need to change the path in the config file to use the path you'd like, or replace the files in the default location with your own. – Blastomatic Nov 18 '21 at 03:30
  • Can I use any path when changing within config file or you recommend a spot to save it at where there wont be any errors? – Alex Ronde Nov 18 '21 at 04:10
  • You can use any filesystem path you wish, but as it seems you're new to Apache Httpd, you might want to stick with the default that's declared in the DocumentRoot parameter for the virtual host. By default it's something like /var/www in Ubuntu. – Blastomatic Nov 18 '21 at 04:20