How to fix or remove security from my server

4 questions:

What is port forwarding? server or router

Where do I find the settings?

What should they be?

How do I change them?

1 Like

It’s probably on your router, it’s probably set in the administrative interface of your router, and you need to make port 443 as seen by the public forward to port 443 on your server.

It’s probably the same interface that you used to fix the problem where port 80 was being forwarded to your printer earlier.

1 Like

I made the change in my router and still no luck. I did the SSL labs check again and got the same results as last time (the 3 files I sent you).

I hope you don’t give up on me. I feel we’re so close. What is your next suggestion?

1 Like

What devices do you have that are made by Motorola? Why would they, and not your web server, be serving HTTPS to the public?

1 Like

Here is the output from a program I have Advanced IP Scanner.

Is that saying the Motorola device is my router?

1 Like

Probably. And it’s probably using port 443 for its administrative interface or something. But it should still be able to forward port 443 as seen by the Internet to your server machine.

1 Like

We seem to be spinning my wheels, is it time to bite the bullet and rebuild my server and start again?

I don’t think that will help—it wouldn’t change the behavior of your router!

1 Like

Did you ever see an HTTPS connection from the public Internet successfully reach this server? If not, I don’t think there’s any indications that the problem can be solved without correcting the router’s configuration.

1 Like

Yes, I have had a neighbor connect to my server from his house using my domain name.

Because I’m new at this sort of thing I have taken all sorts of screen shots of different thing along the way and my router IP Passthrough settings are the same as my last good snapshot.

What I’m confused about is why my browser keeps putting https:// in front of any attempt to connect using my domain name. It never did that before. Isn’t the browser connecting to the server and it thinks it is talking to a server with a valid certificate? What information on my server makes my browser think it is connecting to a secure server. I hope I am making sense. I’m not sure of all the correct terminology to use in my questions.

Because of my previous experience in dataprocessing I sometimes I make up answers to a question that I don’t fully understand and end up leading myself down a wrong path. That is why when I get myself into that situation I try to find someone with more experience than myself to talk to. It was just your bad luck to answer my first question. I hope you are not too sorry you did.:grin:

Using HTTP or HTTPS? A successful connection with HTTP is no proof that the router is doing the right thing with port 443, since it would only have needed to use port 80.

Certbot changed your Apache configuration to add an HTTP 301 redirect message from HTTP to HTTPS. So your Apache is actively telling visitors on port 80 to switch over to HTTPS on port 443. The browsers then obey this and immediately try to connect on port 443.

However, this doesn’t succeed—I still think probably because of port 443 being answered by the router itself rather than forwarded to your server.

1 Like

Hello @garykoz and @schoen!
As many times the “router” has been mentioned or referred to in this thread, I have a feeling that under the circumstances, if we knew exactly what make/model/firmware of the device (router) we could peek at the manual if it exists and this issue could be easily resolved.

Might be wrong, might not. I know it might be a bit off topic in this forum, but you guys have been working this out for a week and I’m sure those watching this thread would like to see @garykoz end up with a secure, functioning website!

Just a thought
Rip

1 Like

The router is supplied by my ISP AT&T

Manufacturer: ARRIS

Model: BGW 210-700

Software Version: 2.5.6

I found this User Manual: https://www.manualslib.com/products/Arris-Bgw210-700-8811509.html

1 Like

Hi @garykoz.

Out of the box, your router is designed to keep “the public” out of your private home network. But when hosting a web server this is not the desired effect.

Port forwarding is used to allow public access to devices (Eg; Web Services) on your home network from outside your home. (The Internet)

To configure port forwarding on your BGW210 please take some time and look at this support page from AT&T. It is a pretty easy to follow guide for your specific device.

PORT FORWARDING - BGW210

As mentioned in the guide - Create a separate service entry for each port, 80 and 443. If necessary contact AT&T support (Your ISP) to assist.

Hope This Helps
Rip

1 Like

I have already done this.

1 Like

@garykoz … Thanks for the screenshot. As @schoen points out the self-signed cert is still getting in the way, and your current configuration is redirecting to it.

Would you share your complete 000-default.conf ?

You could do “cat /etc/apache2/sites-enabled/000-default.conf” and post the output here.

Thanks
Rip

1 Like

Here it is.

1 Like

I can access your “default page” at http://75.38.216.58/ but we want to do it by hostname.

So lets tweak the config a little bit…

#ServerName www.example.com
Should look more like: (no # comments)

ServerName garykoz.com
ServerAlias www.garykoz.com

To get you back to a reasonable starting point comment these out for now… (at the bottom)

#RewriteEngine on
#RewriteCond ....
#RewriteCond ....
#RewriteRule ....

Restart Your Server
service apache2 restart

Let’s see the results!
Rip

1 Like

I changed the conf file

1 Like

Good Job @garykoz!
Don’t forget to restart the server!
service apache2 restart

Rip

1 Like