Changes

Jump to: navigation, search

OPS345 Lab 5

18 bytes added, 02:49, 21 February 2022
Set up Apache to use your new keys
Do this part of the lab on your www.yourusername.ops345.ca machine only. No need to touch the slaves you created in the assignment.
* Remember that your keys are tied to a domain, so make sure that the ServerName option in /etc/httpd/conf/httpd.conf is set to your full domain name www.yourusername.ops345.ca
Apache can be configured to provide service over HTTPS relatively easily once you have the keys you need, but on Amazon Linux the SSL apache module is not installed by default, so install it now on your www server (give the machine a temporary elastic IP to allow yum to work, and release it after you're done):
** Add a rule for HTTPS in the router's security group to allow access from anywhere.
** Add a rule for HTTPS in www's security group to allow access from the router only.
* Test it in Firefox. It should work well for https://yourusername.ops345.ca and not well for https://www.yourusername.ops345.ca
[[File:AWSHTTPSWorks.png|800px|border|center]]
* Edit ops345sgprivate, add https* Edit ops345sg, add The problem with https* On router: iptables -t nat -I PREROUTING 2 -p tcp --dport 443 -j DNAT --to 10//www.3yourusername.45ops345.11:443* On www: iptables -I INPUT 4 -p tcp --dport 443 -j ACCEPT* Test with firefox https. www gives a warning because the ca is that your certificate is not for that FQDNa different domain. But this lab was long enough already, so we're not going to fix it for homework.
[[Category:OPS345]]

Navigation menu