1

I have hosted a Django-based website, which is running on Apache2, on an AWS Lightsail Ubuntu 20.04 instance.

The website is accessible when you use the ip, 18.133.43.205. But when I try to search my website using the domain, roosta.xyz, the connection times out.

The DNS is using AWS's nameservers. I don't believe that the DNS is the problem as when I do a whois look up, it shows the AWS nameservers and when I run dig roosta.xyz in the linux terminal the correct ip is returned.

A few days ago, I was getting a response from my server but it was requesting to use https, but I don't have a ssl certificate so my browser freaked out. I don't want to use https. But after meddling with the server, trying to stop it wanting to use https, I'm now back to the connection just timing out.

Another thing is that I ran curl roosta.xyz on my own machine's terminal and it returns the html for the webpage? So how is chrome not getting that?!

Here's a copy of the apache virtual host config file:

<VirtualHost *:80>
    ServerName www.roosta.xyz
    ServerAdmin webmaster@localhost
    ServerAlias roosta.xyz
    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    Alias /static /home/ubuntu/myWebsite/static
    <Directory /home/ubuntu/myWebsite/static>
        Require all granted
    </Directory>

    <Directory /home/ubuntu/myWebsite/myWebsite>
        <Files wsgi.py>
            Require all granted
        </Files>
    </Directory>

    WSGIScriptAlias / /home/ubuntu/myWebsite/myWebsite/wsgi.py
    WSGIDaemonProcess myWebsite_app python-path=/home/ubuntu/myWebsite python-home=/home/ubuntu/myWebsite/venv
    WSGIProcessGroup myWebsite_app 
</VirtualHost>

Apache2ctl -S

VirtualHost configuration:
*:80                   roosta.xyz (/etc/apache2/sites-enabled/myWebsite.conf:2)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex watchdog-callback: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33 not_used
Group: name="www-data" id=33 not_used

I completely stumped after searching the web for hours on end. I am more than happy to provide more relevant code or pictures of lightsail settings to help solve my problem.

James
  • 13
  • 2
  • Thank you for including your actual domain and IP-address in your question. Without that answering your problem would have been quite impossible. – Bob Mar 05 '21 at 15:33

1 Answers1

2

  1. The root of your problem is the fact that your server does not respond on HTTPS.
    (As in: not responding at all on TCP port 443. My connection attempts simply had to time out because your server doesn't even return a "connection refused" packet. That is typically the effect of DROP rather than a REJECT firewall policy).

  2. Chrome on the other hand refuses to connect on plain HTTP because it determines that the HSTS policy for your domain won't allow that. Because of that policy Chrome adjusts any http://www.roosta.xyz URL's and changes the http to an https URL.

To test the HSTS policy from Chrome: got the chrome://net-internals/#hsts

HSTS check for frosts.xyz

Your domain is part of the preloaded HSTS list (possibly submitted on https://hstspreload.org/)
See: https://source.chromium.org/chromium/chromium/src/+/master:net/http/transport_security_state_static.json

To solve this you either need to get your domain removed from the HSTS pe-load list (won't happen in the short term) or you need set up TLS so that your site appears over https.

Bob
  • 5,335
  • 5
  • 24