I am trying to install ssl certificate on my ubuntu server 20.04
I have downloaded ssl files and put them in /home/ubuntu (will change once it works):
- api_limitlesssoft_com_key.txt
- api.limitlesssoft.com.p7b
- api.limitlesssoft.com.crt
- api.limitlesssoft.com.ca-bundle
Now what I have done is edit Virtual host file to look like this:
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
<VirtualHost *:80>
ServerName api.limitlesssoft.com
ServerAdmin [email protected]
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName api.limitlesssoft.com
ServerAdmin [email protected]
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /home/ubuntu/api.limitlesssoft.com.crt
SSLCertificateKeyFile /home/ubuntu/api_limitlesssoft_com_key.txt
SSLCertificateChainFile /home/ubuntu/api.limitlesssoft.com.ca-bundle
</VirtualHost>
and for some reason only http one does work.
a2enmod ssl returns that it is already running
I have ran sudo ufw 443 and it is enabled
ubuntu@ubuntu:/var/log/apache2$ telnet localhost 443
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
ubuntu@ubuntu:/var/log/apache2$ sudo netstat -peanut | grep ':80'
tcp6 0 0 :::80 :::* LISTEN 0 46821 3493/apache2
ubuntu@ubuntu:/var/log/apache2$ sudo netstat -peanut | grep ':443'
tcp6 0 0 :::443 :::* LISTEN 0 46825 3493/apache2
tcp6 0 0 127.0.0.1:443 127.0.0.1:45968 TIME_WAIT 0 0 -
ubuntu@ubuntu:/var/log/apache2$ netstat -a -n
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:5000 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 1 0 127.0.0.1:41170 127.0.0.1:5000 CLOSE_WAIT
tcp 0 192 192.168.1.109:22 192.168.1.2:61495 ESTABLISHED
tcp6 0 0 ::1:5000 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::21 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::443 :::* LISTEN
udp 0 0 127.0.0.53:53 0.0.0.0:*
udp 0 0 192.168.1.109:68 0.0.0.0:*
raw6 0 0 :::58 :::* 7
ubuntu@ubuntu:~$ sudo ufw status
Status: active
To Action From
-- ------ ----
33380 ALLOW Anywhere
443 ALLOW Anywhere
22 ALLOW Anywhere
80 ALLOW Anywhere
33380 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
And here is my application startup (when debugging it works on https)
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
namespace api.limitlesssoft.com
{
public class Startup
{
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders =
ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseForwardedHeaders();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
}
