Changes

OPS345 Lab 5

18 bytes added, 03:49, 21 February 2022

→‎Set up Apache to use your new keys

Do this part of the lab on your www.yourusername.ops345.ca machine only. No need to touch the slaves you created in the assignment.

* Remember that your keys are tied to a domain, so make sure that the ServerName option in /etc/httpd/conf/httpd.conf is set to your full domain name ~~www.~~yourusername.ops345.ca

Apache can be configured to provide service over HTTPS relatively easily once you have the keys you need, but on Amazon Linux the SSL apache module is not installed by default, so install it now on your www server (give the machine a temporary elastic IP to allow yum to work, and release it after you're done):

** Add a rule for HTTPS in the router's security group to allow access from anywhere.

** Add a rule for HTTPS in www's security group to allow access from the router only.

* Test it in Firefox. It should work well for https://yourusername.ops345.ca and not well for https://www.yourusername.ops345.ca

[[File:AWSHTTPSWorks.png|800px|border|center]]

* Edit ops345sgprivate, add https* Edit ops345sg, add The problem with https* On router: ~~iptables -t nat -I PREROUTING 2 -p tcp --dport 443 -j DNAT --to 10~~//www.3yourusername.45ops345.~~11:443~~* On www: iptables -I INPUT 4 -p tcp --dport 443 -j ACCEPT* Test with firefox https. www gives a warning because the ca is that your certificate is ~~not~~ for ~~that FQDN~~a different domain. But this lab was long enough already, so we're not going to fix it ~~for homework~~.

[[Category:OPS345]]

Andrew

Bureaucrats, Administrators

1,234

edits

Changes

OPS345 Lab 5

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

get involved with CDOT

courses

course projects

links

Tools