2

Title

Hi. I've been struggling to find out why my EC2 Amazon Linux (1) Instance isn't serving my site at the https:// address, even though I've confirmed that the SSL is configured, per https://www.ssllabs.com/ssltest/. I've scoured the web for answers and am still coming up short. I've gotten the following header info from two queries of the site; one with and one without https://. www.example.net and the non-www work but only without the https://. A lot of it is alien to me, though.

From http://example.net/

GET / HTTP/1.1
Host: example.net
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 5949
Content-Type: text/html; charset=utf-8
Date: Fri, 18 Oct 2019 19:18:46 GMT
Keep-Alive: timeout=5, max=99
Server: Apache/2.4.39 (Amazon) OpenSSL/1.0.2k-fips PHP/5.6.40
Vary: X-Requested-With,Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Powered-By: Nette Framework

From https://example.net/

GET / HTTP/1.1
Host: example.net:443
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

HTTP/1.1 301 Moved Permanently
Content-Length: 98
Content-Type: text/html; charset=utf-8
Date: Fri, 18 Oct 2019 19:09:13 GMT
Location: http://example.net/
Server: Apache/2.4.39 (Amazon) OpenSSL/1.0.2k-fips PHP/5.6.40
Vary: X-Requested-With
X-Frame-Options: SAMEORIGIN
X-Powered-By: Nette Framework

Can anyone confirm from this what might be wrong? My config files all appear to be pointing to my certificate files (generated from Lets Encrypt after following this article: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-amazon-linux-2.html). I also don't think I saw anything messing with this in the .htaccess, and when I set it to redirect to HTTPS, it does, but the page it leads to is blank.

What might be wrong? Is there something else I can look at what might need to be updated? Thanks in advance.

Edit: I have also discovered that, in Nette (2.3), I need to add isSecured to my RouterFactory.php. I've done so using this (translated): https://forum.nette.org/cs/26975-routerfactory-https-static-a-pouziti-this-fatal-error-using-this-when-not-in-object-context.

When I add the aforementioned, or if I add a rewrite rule to my .htaccess, (one or the other) I get a 500 internal error and no redirect error.

anonymoose
  • 79
  • 6
  • 5
    You seem to have a 301 redirect from the https site to the http site. – Tim Oct 19 '19 at 02:15
  • Hi @Tim, what places most often designate that? I'm not seeing anything in my `.htaccess` or conf. files, but I am sure I'm missing something. Thanks. – anonymoose Oct 19 '19 at 18:42
  • 1
    Not sure sorry, I haven't used Apache in years. – Tim Oct 19 '19 at 20:23
  • hey, this should be pretty common issue for everyone. Could you please just tell us the error message when you visit the page? What is shown in your browser? We need to identify what the issue first, if it is on the browser side, DNS side, .htaccess redirection issue, apache setting issue, or SSL configuration issue. – AlbertSamuel Oct 24 '19 at 04:28
  • In Your above example the https traffic is redirected to http by Your nette app. This has nothing to do with EC2, Apache or Linux version in the first place. Also it's recommended generally to not use .htaccess if not really needed, for many use cases configuration is better done directly in webserver config and htacces overwrite disabled. You should post the relevant parts of nette code and how You integrate that into apache config. If You get 500 errors You are closer then with redirect and can check nette logs. – EOhm Oct 24 '19 at 19:43
  • As stated by others, you seem to have a redirect, look at this line in the HTTPS output: "HTTP/1.1 301 Moved Permanently". You should post your apache config files to see if you have something misconfigured there, although it probably has something to do with Nette URL routings. – Leo Gallego Oct 29 '19 at 05:03

2 Answers2

0

As mentioned by others in the comments you've not really given enough information for anyone to say for sure but my guess would be that you need to add the following to your Nette application somewhere:

Route::$defaultFlags = Route::SECURED;

I'm not familiar with Netter but it seem that you're getting redirected from https back to http and if you've not added the above I would guess it's by the framework.

If that's not it you need to share your Apache configs.

Enicli
  • 43
  • 1
  • 7
0

In the Amazon firewall settings add "443" to the allow "http/80" rule. Maybe even disable/delete the allow HTTPS 443 rule. Remember this is in the Amazon settings, not on your virtual machine.

As stated by most of the other people trying to help, I'm just troubleshooting in the dark.

Arrrstin
  • 1
  • 1