I am trying to set up my own secure proxy to be utilised by a Django Python script I have written that depends on a secure proxy to return an https request correctly. This is because the script is being run from an American host server and I want the response to be from the UK.
To achieve this and learn something new I am trying to configure an Apache server running on my Raspberry Pi. (I am not expecting a vast amount of traffic!)
I have successfully created an SSL certificate and have the correct files .pem, .csr (and .csr)
I believe I have copied these to the correct locations: /etc/ssl/private and /etc/ssl/certs respectively. I think the only issue I am now having is with the apache configuration.
At present I am trying to configure sites-enabled/default-ssl.conf files as follows:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCertificateFile /etc/ssl/certs/aa5758835031e4a3.crt
SSLCertificateKeyFile /etc/ssl/private/<domainname>.key
I'm very new to Server set-ups and have spent a large amount of time web searching and trying many different suggested methods. I am sure it is something very simple I am neglecting, but not being experience enough; I can't intuitively work this out.
Help and pointers appreciated...
Update:
Hey, thanks for replying.
Response to http: is
* Rebuilt URL to: http://*.*.*/
* Trying 184.168.221.1...
* TCP_NODELAY set
* Connected to *.*.* port 80 (#0)
> GET / HTTP/1.1
> Host : *.*.*
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 302 Found
< Connection: close
< Pragma: no-cache
< cache-control: no-cache
< Location: /VZaKp/
<
* Curl_http_done: called premature == 0
* Closing connection 0
and https is:
* Rebuilt URL to: https://*.*.*/
* Trying 50.63.202.18...
* TCP_NODELAY set
* connect to 50.63.202.18 port 443 failed: Connection timed out
* Failed to connect to *.*.* port 443: Connection timed out
* Closing connection 0
curl: (7) Failed to connect to *.*.* port 443: Connection timed out
Update 23.04.2018:
Thank you. I believe I have sorted the listening issues, but am now coming across a new issue!
When trying to restart apache2 service I get the following error:
Apr 23 12:31:30 matthew-raspberry systemd[1]: Starting The Apache HTTP Server...
Apr 23 12:31:31 matthew-raspberry apachectl[8341]: Action 'start' failed.
Apr 23 12:31:31 matthew-raspberry apachectl[8341]: The Apache error log may have more information.
Apr 23 12:31:31 matthew-raspberry systemd[1]: apache2.service: Control process exited, code=exited status=1
Apr 23 12:31:31 matthew-raspberry systemd[1]: Failed to start The Apache HTTP Server.
Apr 23 12:31:31 matthew-raspberry systemd[1]: apache2.service: Unit entered failed state.
Apr 23 12:31:31 matthew-raspberry systemd[1]: apache2.service: Failed with result 'exit-code'.
I suspect this may be something to do with my fqdn setup and/or the certificate. I got this error since adding ServerName localhost as a global name. I added this as the previous error message was about determining my fqdn name and this suggested adding ServerName as a global variable?
The port 443 is not reachable even at a basic TCP level. Make sure to include somewhere in Apache config:
Listen 443 https
Reload httpd after config changes. Examine your firewall-cmd --list-all-zones
or iptables -S
to see if you allow connections to your port 443.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.