We want to only allow https in our AWS network, and not unencrypted http.
So we switched to us https for yum upgrade, by changing:
/etc/yum.conf
sslverify=1
/etc/yum/vars/awsproto
From http to https
/etc/yum/vars/amazonlinux
amazonlinux-2-repos-eu-central-1.s3
That works, except for the nginx extras.
nginx mirror list: https://amazonlinux-2-repos-eu-central-1.s3.eu-central-1.amazonaws.com/2/extras/nginx1.12/latest/x86_64/mirror.list
returns a http url, instead of a https.
And since we only allow https outbound connections, yum check-update and other yum commands fail.
http://amazonlinux.eu-central-1.amazonaws.com/2/extras/nginx1.12/1.12.2/x86_64/16cfcd22c8b6d22eb76ebcf21cfac836583e70557ae5c0207effa6065faf2c92/repodata/repomd.xml?instance_id=i-0fff97e7940945d70®ion=eu-central-1: [Errno 12] Timeout on http://amazonlinux.eu-central-1.amazonaws.com/2/extras/nginx1.12/1.12.2/x86_64/16cfcd22c8b6d22eb76ebcf21cfac836583e70557ae5c0207effa6065faf2c92/repodata/repomd.xml?instance_id=i-0fff97e7940945d70®ion=eu-central-1: (28, 'Failed to connect to amazonlinux.eu-central-1.amazonaws.com port 80: Connection timed out')
Trying other mirror.
If we disable the extras repo for nginx, it works as expected.
Can you please fix that? Thx.