-1

I am having several issues trying to get my website to the world. I am very new to the notion of running a web server, so I followed many of the tutorials to help me get started. There is a likelihood I did something wrong (where likelihood >= 95%), and I would very much appreciate assistance correcting these errors.

First, attempts to access it via http are stymied by ERR_CONNECTION_TIMED_OUT. For the record, I cannot reach it via ping.

I ran 'sudo netstat -plunt' and this was the output:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1429/sshd 
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 10863/master
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 15618/mysqld
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 23351/apache2
tcp6 0 0 :::22 :::* LISTEN 1429/sshd 
tcp6 0 0 :::25 :::* LISTEN 10863/master
tcp6 0 0 :::443 :::* LISTEN 23351/apache2

Running 'curl http://unaffiliatedstudios.com' returns the HTML for the webpage; 'curl https://unaffiliatedstudios.com' returns the following:

curl: (51) SSL: certificate subject name (ubuntu-unaffiliated-com) does not match target host name 'unaffiliatedstudios.com'

I ran 'sudo iptables -L | grep ACCEPT', and received this:

Chain INPUT (policy ACCEPT)
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:https
Chain OUTPUT (policy ACCEPT)
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere ctstate NEW
ACCEPT udp -- anywhere anywhere ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh /* 'dapp_OpenSSH' */
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere multiport dports http,https /* 'dapp_Apache%20Full' */
ACCEPT all -- anywhere anywhere

I've attached an image containing the droplet's DNS settings.

Last, and I'm not sure how much this will help, but I ran nmap and these were the results:

Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-21 08:54 Central Daylight Time

NSE: Loaded 148 scripts for scanning.

NSE: Script Pre-scanning.

Initiating NSE at 08:54

Completed NSE at 08:54, 0.02s elapsed

Initiating NSE at 08:54

Completed NSE at 08:54, 0.00s elapsed

Initiating Ping Scan at 08:54

Scanning unaffiliatedstudios.com (138.197.139.28) [4 ports]

Completed Ping Scan at 08:54, 3.51s elapsed (1 total hosts)

Nmap scan report for unaffiliatedstudios.com (138.197.139.28) [host down]

NSE: Script Post-scanning.

Initiating NSE at 08:54

Completed NSE at 08:54, 0.00s elapsed

Initiating NSE at 08:54

Completed NSE at 08:54, 0.00s elapsed

Read data files from: C:\Program Files (x86)\Nmap

Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn

Nmap done: 1 IP address (0 hosts up) scanned in 31.23 seconds

Raw packets sent: 8 (304B) | Rcvd: 0 (0B)

Any help is appreciated.

EDIT: Adding the settings for Cloud Firewall:

Inbound
Type    Protocol    Port Range  Sources 
SSH TCP 22  All IPv4 All IPv6   
Outbound
Type    Protocol    Port Range  Destinations    
ICMP    ICMP        All IPv4 All IPv6   
All TCP TCP All ports   All IPv4 All IPv6   
HTTPS   TCP 443 All IPv4 All IPv6   
All UDP UDP All ports   All IPv4 All IPv6
fireside68
  • 1
  • 2
  • Did you set up a [cloud firewall](https://www.digitalocean.com/community/tutorials/an-introduction-to-digitalocean-cloud-firewalls#applying-a-cloud-firewall-to-droplets)? – Michael Hampton Apr 21 '18 at 17:43
  • I did, yes. I have added the settings there. There was a tutorial on security I followed from Digital Ocean which led me to setting up Tripwire and advanced IPTables settings, which is [here](https://www.digitalocean.com/community/tutorials/an-introduction-to-securing-your-linux-vps), if that helps get a little closer to the issue. – fireside68 Apr 21 '18 at 17:53
  • Turns out I simply forgot to allow incoming traffic on both 80 and 443. That's a big part. Of course, there is still the certificate thing which I can't seem to figure out for the life of me. – fireside68 Apr 21 '18 at 18:11
  • When you ordered the certificate, or created the CSR for it, you simply entered the wrong hostname. Contact your certificate vendor for info on how you can get it changed without paying. Or, if you're using letsencrypt, fix your configuration. If you don't know how to do that, ask a separate question. – Jenny D Apr 21 '18 at 18:42

1 Answers1

0

You use self-signed SSL certificate. That's the reason. I add it to my Firefox and see standard Ubuntu Apache page. If you would like to have normal SSL certificate for free, you could use Let's Encrypt.

Alexander Tolkachev
  • 4,513
  • 3
  • 14
  • 23