How to test the php app (with apache server) inside an instance (behind a LB). The app has a cert at LB

0

Hello, I have PHP app with Apache server behind a LB. The app has a cert with domain name a.b.c.d After deploy the app, I want to test the app using wget command. so I ssh to the instance (ssh to its public IP with my credential). However, I got the error "Connection refused"

wget localhost:443
--2024-03-11 19:16:55--  http://localhost:443/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:443... failed: Connection refused.
....
wget a.b.c.d:443
--2024-03-11 19:34:03--  http://172.31.23.9:443/
Connecting to 172.31.23.9:443... failed: Connection refused.

Here is my config:

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

and

# Managed by Elastic Beanstalk
DocumentRoot /var/www/html/web
<Directory /var/www/html/web>
    Options FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

If I have wget to the domain name, it is success (as the request will go through LB):

wget mystaging.com
URL transformed to HTTPS due to an HSTS policy
--2024-03-11 19:18:46--  https://mystaging.com/
Resolving smystaging.com/ (mystaging.com/)... 1.2.3.4, 5.6.7.8
Connecting to mystaging.com/ (mystaging.com/)|1.2.3.4|:443... connected.

Could you please help - I just want to test the app in this instance directly so I can isolate any issue Many thanks

son
gefragt vor 7 Monaten248 Aufrufe
2 Antworten
1

This message probably indicates that your web server is not listening on port 443 aka HTTPS

wget localhost:443
Connecting to localhost (localhost)|127.0.0.1|:443... failed: Connection refused

You will need to install a SSL cert on your Apache, and configure it to listen on HTTPS.

After that is done, verify that wget localhost:443 works.

Optional. To use your your domain name for testing, you can hard-code mystaging.com to local IP. Edit /etc/hosts and add this entry

127.0.0.1   mystaging.com
AWS
EXPERTE
MikeLim
beantwortet vor 7 Monaten
  • Thanks, As I mentioned, there is already a cert for the domain for the app (and it is not for localhost). So I need to create another cert (and install it) for this instance just for testing? thank again

  • Yes as your Apache rewrite rule redirects from http to https. You can use a self-signed cert and instruct wget to ignore (using --no-check-certificate if I am not wrong). Alternatively, remove the redirect to https; you can configure your LB to redirect instead.

0

Does Apache have a BindAddress or Listen directive that's only listening to port 443 on the public IP address? https://httpd.apache.org/docs/2.4/bind.html

profile picture
EXPERTE
Steve_M
beantwortet vor 7 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen