0

I am trying to install ssl certificate on my ubuntu server 20.04

I have downloaded ssl files and put them in /home/ubuntu (will change once it works):

  • api_limitlesssoft_com_key.txt
  • api.limitlesssoft.com.p7b
  • api.limitlesssoft.com.crt
  • api.limitlesssoft.com.ca-bundle

Now what I have done is edit Virtual host file to look like this:

LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

<VirtualHost *:80>
        ServerName api.limitlesssoft.com
        ServerAdmin aleksa@limitlesssoft.com

        ProxyPreserveHost On
        ProxyPass / http://127.0.0.1:5000/
        ProxyPassReverse / http://127.0.0.1:5000/

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost *:443>
        ServerName api.limitlesssoft.com
        ServerAdmin aleksa@limitlesssoft.com

        ProxyPreserveHost On
        ProxyPass / http://127.0.0.1:5000/
        ProxyPassReverse / http://127.0.0.1:5000/

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on
        SSLCertificateFile /home/ubuntu/api.limitlesssoft.com.crt
        SSLCertificateKeyFile /home/ubuntu/api_limitlesssoft_com_key.txt
        SSLCertificateChainFile /home/ubuntu/api.limitlesssoft.com.ca-bundle
</VirtualHost>

and for some reason only http one does work.

a2enmod ssl returns that it is already running I have ran sudo ufw 443 and it is enabled

ubuntu@ubuntu:/var/log/apache2$ telnet localhost 443
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
ubuntu@ubuntu:/var/log/apache2$ sudo netstat -peanut | grep ':80'
tcp6       0      0 :::80                   :::*                    LISTEN      0          46821      3493/apache2   
ubuntu@ubuntu:/var/log/apache2$ sudo netstat -peanut | grep ':443'
tcp6       0      0 :::443                  :::*                    LISTEN      0          46825      3493/apache2   
tcp6       0      0 127.0.0.1:443           127.0.0.1:45968         TIME_WAIT   0          0          -  

ubuntu@ubuntu:/var/log/apache2$ netstat -a -n
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.1:5000          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        1      0 127.0.0.1:41170         127.0.0.1:5000          CLOSE_WAIT
tcp        0    192 192.168.1.109:22        192.168.1.2:61495       ESTABLISHED
tcp6       0      0 ::1:5000                :::*                    LISTEN
tcp6       0      0 :::80                   :::*                    LISTEN
tcp6       0      0 :::21                   :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
tcp6       0      0 :::443                  :::*                    LISTEN
udp        0      0 127.0.0.53:53           0.0.0.0:*
udp        0      0 192.168.1.109:68        0.0.0.0:*
raw6       0      0 :::58                   :::*                    7

ubuntu@ubuntu:~$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
33380                      ALLOW       Anywhere
443                        ALLOW       Anywhere
22                         ALLOW       Anywhere
80                         ALLOW       Anywhere
33380 (v6)                 ALLOW       Anywhere (v6)
443 (v6)                   ALLOW       Anywhere (v6)
22 (v6)                    ALLOW       Anywhere (v6)
80 (v6)                    ALLOW       Anywhere (v6)

And here is my application startup (when debugging it works on https)

using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace api.limitlesssoft.com
{
    public class Startup
    {
        // This method gets called by the runtime. Use this method to add services to the container.
        // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddControllers();
            services.Configure<ForwardedHeadersOptions>(options =>
            {
                options.ForwardedHeaders =
                    ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
            });
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseForwardedHeaders();

            app.UseHttpsRedirection();

            app.UseStaticFiles();

            app.UseRouting();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
            });
        }
    }
}

1 Answers1

0

Found solution in Connection refused HTTPS on Apache and it is marked as -1 points.... problem was in routing... port forwarding didn't forward port 443, only 80. That is why it was not working.