Setting up a secure proxy using Apache and Raspberry Pi

Question

I am trying to set up my own secure proxy to be utilised by a Django Python script I have written that depends on a secure proxy to return an https request correctly. This is because the script is being run from an American host server and I want the response to be from the UK.

To achieve this and learn something new I am trying to configure an Apache server running on my Raspberry Pi. (I am not expecting a vast amount of traffic!)

I have successfully created an SSL certificate and have the correct files .pem, .csr (and .csr)

I believe I have copied these to the correct locations: /etc/ssl/private and /etc/ssl/certs respectively. I think the only issue I am now having is with the apache configuration.

At present I am trying to configure sites-enabled/default-ssl.conf files as follows:

    <IfModule mod_ssl.c>
    <VirtualHost _default_:443>
            ServerAdmin webmaster@localhost

            DocumentRoot /var/www/html

            # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
            # error, crit, alert, emerg.
            # It is also possible to configure the loglevel for particular
            # modules, e.g.
            #LogLevel info ssl:warn

            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined

            # For most configuration files from conf-available/, which are
            # enabled or disabled at a global level, it is possible to
            # include a line for only one particular virtual host. For example the
            # following line enables the CGI configuration for this host only
            # after it has been globally disabled with "a2disconf".
            #Include conf-available/serve-cgi-bin.conf

            #   SSL Engine Switch:
            #   Enable/Disable SSL for this virtual host.
            SSLEngine on

            #   A self-signed (snakeoil) certificate can be created by installing
            #   the ssl-cert package. See
            #   /usr/share/doc/apache2/README.Debian.gz for more info.
            #   If both key and certificate are stored in the same file, only the
            #   SSLCertificateFile directive is needed.
            #SSLCertificateFile     /etc/ssl/certs/ssl-cert-snakeoil.pem
            #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
            SSLCertificateFile /etc/ssl/certs/aa5758835031e4a3.crt
            SSLCertificateKeyFile /etc/ssl/private/<domainname>.key

I'm very new to Server set-ups and have spent a large amount of time web searching and trying many different suggested methods. I am sure it is something very simple I am neglecting, but not being experience enough; I can't intuitively work this out.

Help and pointers appreciated...

Update:

Hey, thanks for replying.

Response to http: is

   * Rebuilt URL to: http://*.*.*/
    *   Trying 184.168.221.1...
    * TCP_NODELAY set
    * Connected to *.*.* port 80 (#0)
    > GET / HTTP/1.1
    > Host : *.*.*
    > User-Agent: curl/7.52.1
    > Accept: */*
    >
    < HTTP/1.1 302 Found
    < Connection: close
    < Pragma: no-cache
    < cache-control: no-cache
    < Location: /VZaKp/
    <
    * Curl_http_done: called premature == 0
    * Closing connection 0 

and https is:

    * Rebuilt URL to: https://*.*.*/
    *   Trying 50.63.202.18...
    * TCP_NODELAY set
    * connect to 50.63.202.18 port 443 failed: Connection timed out
    * Failed to connect to *.*.* port 443: Connection timed out
    * Closing connection 0
    curl: (7) Failed to connect to *.*.* port 443: Connection timed out

Update 23.04.2018:

Thank you. I believe I have sorted the listening issues, but am now coming across a new issue!

When trying to restart apache2 service I get the following error:

     Apr 23 12:31:30 matthew-raspberry systemd[1]: Starting The Apache HTTP Server...
     Apr 23 12:31:31 matthew-raspberry apachectl[8341]: Action 'start' failed.
     Apr 23 12:31:31 matthew-raspberry apachectl[8341]: The Apache error log may have more information.
    Apr 23 12:31:31 matthew-raspberry systemd[1]: apache2.service: Control process exited, code=exited status=1
    Apr 23 12:31:31 matthew-raspberry systemd[1]: Failed to start The Apache HTTP Server.
    Apr 23 12:31:31 matthew-raspberry systemd[1]: apache2.service: Unit entered failed state.
    Apr 23 12:31:31 matthew-raspberry systemd[1]: apache2.service: Failed with result 'exit-code'.

I suspect this may be something to do with my fqdn setup and/or the certificate. I got this error since adding ServerName localhost as a global name. I added this as the previous error message was about determining my fqdn name and this suggested adding ServerName as a global variable?

Answer 1

The port 443 is not reachable even at a basic TCP level. Make sure to include somewhere in Apache config:

Listen 443 https

Reload httpd after config changes. Examine your firewall-cmd --list-all-zones or iptables -S to see if you allow connections to your port 443.