0

I have a single instance EC2 LAMP server running on an elastic IP on AWS. I created a self signed certificate and enabled the mod_ssl. Currently, I am able to access my website successfully through https (after accepting an unsigned certificate), but when I actually look at the $_SERVER['SERVER_PORT'] variable in PHP, EC2 is still serving my https request over port 80. To check this, I use the following script:

<?php
    echo $_SERVER['SERVER_PORT'].'<br>';
    echo $_SERVER['REQUEST_SCHEME'].'<br>';
?>

Results:

80
http

However, when I look at my URL bar in all browsers, it shows a secure connection. Is my browser actually testing for a certificate and secure connection or is it just looking for a URL that begins with "https"? Is there a configuration file somewhere that is redirecting SSL traffic back to port 80?

Michael
  • 101
  • 2
  • you might want to include relevant `apache` configuration file, i just tried in my own environment and `SERVER_PORT` returned `443`. – alexus Jul 24 '14 at 13:51

1 Answers1

0

if you're hitting your php script over https and not over http, you should get following output:

[root@wcmisdlin02 ~]# /usr/lib64/nagios/plugins/check_http -H localhost -u /php/phpinfo.php -v | grep SERVER_PORT
<tr><td class="e">SERVER_PORT </td><td class="v">80 </td></tr>
<tr><td class="e">_SERVER["SERVER_PORT"]</td><td class="v">80</td></tr>
[root@wcmisdlin02 ~]# /usr/lib64/nagios/plugins/check_http -H localhost -u /php/phpinfo.php -v --ssl | grep SERVER_PORT
<tr><td class="e">SERVER_PORT </td><td class="v">443 </td></tr>
<tr><td class="e">_SERVER["SERVER_PORT"]</td><td class="v">443</td></tr>
[root@wcmisdlin02 ~]#
alexus
  • 13,112
  • 32
  • 117
  • 174
  • is nagios a module that comes packaged with an EC2 instance or standard in Linux? I ftp into my instance but I cannot find nagios under lib64 – Michael Jul 24 '14 at 15:37
  • `nagios-plugins` is just for a test, so you can see output of `phpinfo();`. – alexus Jul 24 '14 at 15:50
  • how do I install it on my EC2 instance? I'm using putty from my Windows machine (sorry, extremely new to Linux). – Michael Jul 24 '14 at 15:52
  • @Michael as I mention before; I used that just for test to show it to you, so you do _NOT_ need to install it, basically it acts as a http client (a.k.a. browser). – alexus Jul 24 '14 at 15:53
  • Okay, then it sounds like my apache isn't configured properly. I still have the question regarding how browsers handle certificates though. It seems as if Apache is serving up a certificate, my browser is properly reading it as self-signed, and then redirecting me to https, but Apache is putting this through port 80. Then, when PHP is populating the $_SERVER variable, it is determining the REQUEST_SCHEME and HTTPS objects based on port 80. Sounds correct? – Michael Jul 24 '14 at 16:08
  • `ssl.conf` that comes w/ `mod_ssl` will provide you ssl functionality out of the box (without redirecting anywhere), if you're on port 80 that's not secure, it should be port 443 or just `https` instead of `http`. – alexus Jul 24 '14 at 16:39