How to test the php app (with apache server) inside an instance (behind a LB). The app has a cert at LB

0

Hello, I have PHP app with Apache server behind a LB. The app has a cert with domain name a.b.c.d After deploy the app, I want to test the app using wget command. so I ssh to the instance (ssh to its public IP with my credential). However, I got the error "Connection refused"

wget localhost:443
--2024-03-11 19:16:55--  http://localhost:443/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:443... failed: Connection refused.
....
wget a.b.c.d:443
--2024-03-11 19:34:03--  http://172.31.23.9:443/
Connecting to 172.31.23.9:443... failed: Connection refused.

Here is my config:

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

and

# Managed by Elastic Beanstalk
DocumentRoot /var/www/html/web
<Directory /var/www/html/web>
    Options FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

If I have wget to the domain name, it is success (as the request will go through LB):

wget mystaging.com
URL transformed to HTTPS due to an HSTS policy
--2024-03-11 19:18:46--  https://mystaging.com/
Resolving smystaging.com/ (mystaging.com/)... 1.2.3.4, 5.6.7.8
Connecting to mystaging.com/ (mystaging.com/)|1.2.3.4|:443... connected.

Could you please help - I just want to test the app in this instance directly so I can isolate any issue Many thanks

son
質問済み 7ヶ月前246ビュー
2回答
1

This message probably indicates that your web server is not listening on port 443 aka HTTPS

wget localhost:443
Connecting to localhost (localhost)|127.0.0.1|:443... failed: Connection refused

You will need to install a SSL cert on your Apache, and configure it to listen on HTTPS.

After that is done, verify that wget localhost:443 works.

Optional. To use your your domain name for testing, you can hard-code mystaging.com to local IP. Edit /etc/hosts and add this entry

127.0.0.1   mystaging.com
AWS
エキスパート
MikeLim
回答済み 7ヶ月前
  • Thanks, As I mentioned, there is already a cert for the domain for the app (and it is not for localhost). So I need to create another cert (and install it) for this instance just for testing? thank again

  • Yes as your Apache rewrite rule redirects from http to https. You can use a self-signed cert and instruct wget to ignore (using --no-check-certificate if I am not wrong). Alternatively, remove the redirect to https; you can configure your LB to redirect instead.

0

Does Apache have a BindAddress or Listen directive that's only listening to port 443 on the public IP address? https://httpd.apache.org/docs/2.4/bind.html

profile picture
エキスパート
Steve_M
回答済み 7ヶ月前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ