subdomain VHost setup with EC2/Route53

Question

I'm currently trying to set up a new subdomain via route53 and ec2, but receiving timeout errors whenever I try to access it via my browser. Amazon security group is set up to allow all traffic over port 80.

I wrote the follow vhosts file and stored it under sites-available as "new.mysite.com.conf" :

<VirtualHost *:80>
    ServerName new.mysite.com
    RewriteEngine On
    #RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    DocumentRoot /var/www/newmysite
        <Directory /var/www/newmysite>
                DirectoryIndex index.php
                AllowOverride All
        </Directory>
</VirtualHost>

I enabled this running;

a2ensite new.mysite.com.conf
service apache2 reload

Lastly, under route53, I set up a new A Record, set to non-alias, and pointing to the public IP of the EC2 server as listed under my running instances.

I've ensured that a test page is available under var/www/newmysite/index.php , alongside creating a backup var/www/newmysite/index.html for access.

The subdomain itself just gives a timeout. Hitting the server's public IP directly gives the default apache2 "it works!" page.

Would anyone have any ideas on what I might be doing wrong here?

Answer 1

There is a redirect rule from HTTP to HTTPS

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

I guess when you hit new.mysite.com it redirects to HTTPs https://new.mysite.com since there is no SSL-enabled VirtualHost(443) and no listener on 443 the connection is refused.

Try disabling the redirect rule or you can try using a Self-signed certificate or configure an ELB to use ACM Certificate and the point the Route53 Domain to ELB.

curl -v -L http://new.mysite.com
* Rebuilt URL to: http://new.mysite.com/
*   Trying 10.116.131.69...
* Connected to new.mysite.com (10.116.131.69) port 80 (#0)
> GET / HTTP/1.1
> Host: new.mysite.com
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
* Issue another request to this URL: 'https://new.mysite.com/'
* Found bundle for host new.mysite.com: 0x7ff7a3c0fbc0
*   Trying 10.116.131.69...
* connect to 10.116.131.69 port 443 failed: Connection refused
* Failed to connect to new.mysite.com port 443: Connection refused
* Closing connection 1
curl: (7) Failed to connect to new.mysite.com port 443: Connection refused

Answer 2

Just like mentioned in the previous answer, there's an SSL redirect. SSL uses port 443 which isn't exposed in your security group.

1. Modify the security group to allow all traffic over port 443 . This enables access to the website over https
2. Install and configure SSL certificate for the domain. You can install a free certificate from Let's Encrypt. Follow the steps below:
   • Install Certbot, a bot that automatically updates your certificate before it's 90-day expiration period
     • $ sudo add-apt-repository ppa:certbot/certbot
     • $ sudo apt-get update
     • sudo apt-get install python-certbot-apache
   • Configure a new certficate for your subdomain
     • sudo certbot --apache -d new.mysite.com

Now your site should be up and running on https.

ps. while writing this answer I noticed you had turned off the http redirect https you might want to turn this back on after enabling https on the website. This ensures all communication to your website are secure.