Show:
grep -ri listen /etc/apache/sites-enabled/*
$ grep -ri listen /etc/apache2/sites-enabled/*
I have "apache2" directory. No results when grep.
try again without “sites-enabled”
$ grep -ri listen /etc/apache2/*
/etc/apache2/apache2.conf:# supposed to determine listening ports for incoming connections which can be
/etc/apache2/apache2.conf:# Include list of ports to listen on
/etc/apache2/ports.conf:Listen 80
/etc/apache2/ports.conf: Listen 443
/etc/apache2/ports.conf: Listen 443Change
Listen 443
to
Listen <internal IPv4 address>:443
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
<IfModule ssl_module>
Listen <internal IPv4 address>:443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
This is my change. <internal IPv4 address> is found from ifconfig eth0
restart apache and
rerun netstat command
$ netstat -pant | grep -i LISTEN
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 172.31.3.197:443 0.0.0.0:* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
$ openssl s_client -connect my-ip:443 -servername www.my-domain.com . still not work
yeah still blocked from outside.
did you try openssl from same system?
$ openssl s_client -connect my-ip:443 -servername www.my-domain.com . still not work
Does this fail?!?!?!
openssl s_client -connect 172.31.3.197:443
if it connects just press ctrl-C
openssl s_client -connect 172.31.3.197:443 is working.
172.31.3.197 is my internal ip
While
$ openssl s_client -connect my-ip:443 -servername www.my-domain.com . (not working)
The my-ip here is my host’s public ip
This is good news!
Now you need to ensure that your system is allowing port 443 in from the internet
what does this show:
sudo ufw status
$ sudo ufw status
Status: inactive
Then…
You need to speak with AWS about why HTTPS is not reaching your internal IP
So, there are some obstruction in the net router (between internal ip and external ip) stopping me openssl ?
Are the security groups blocking port 443?
Is there a non-ufw firewall blocking port 443?
Is the IP address correct?
(Why disable IPv6?)
Hi mnordhoff. I edit my security group by adding Inbound port 433 in AWS. Now, https works!!
Thank you for your suggestions.
Success!
The Internet can now connect to your site via HTTPS:
Welcome to <your.domain>
We share cutting-edge computer technique thoughts and applications here. Feel free to play with them…
Post #6 should have solved this.