Https not working on aws ec2

galbangi · May 7, 2018, 6:44pm

i am using aws ec2 my http is working but https is not working.
server starting properly. without error

i checked inbound ports in security group.

config :myapp, MyappWeb.Endpoint,
     http: [ port: 80 ],
     https: [port: 4443,
        otp_app: :myapp,
        keyfile: "priv/ssl/api.myapp.key",
        certfile: "priv/ssl/api.myapp.crt",
        cacertfile: "priv/ssl/api.myapp.cacrt",
        ],
        debug_errors: false,
        code_reloader: false,
        check_origin: false,
        watchers: []

Generated myapp app
Starting ExqUI on Port 4040
[info] Running MyappWeb.Endpoint with Cowboy using http://0.0.0.0:80
[info] Running MyappWeb.Endpoint with Cowboy using https://0.0.0.0:4443

thanks

idi527 · May 7, 2018, 6:47pm

What do you mean by not working?

galbangi · May 7, 2018, 6:49pm

i am getting response on http but
on https no response
The connection has timed out

i have wildcard *.mydomain.com ssl

idi527 · May 7, 2018, 6:50pm

What happens if you curl https://mydomain.com --verbose? Are there any logs on the server?

galbangi · May 7, 2018, 6:53pm

curl https://apis.mydomain.com:4443 --verbose

Rebuilt URL to: https://apis.mydomain.com:4443/
Trying …
TCP_NODELAY set
Connected to apis.mydomain.com () port 4443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
successfully set certificate verify locations:
CAfile: /etc/ssl/cert.pem
CApath: none
TLSv1.2 (OUT), TLS handshake, Client hello (1):

nothing after that

idi527 · May 7, 2018, 6:54pm

And the logs?

galbangi · May 7, 2018, 6:59pm

i am new to phoenix. so i dont know about checking logs.

idi527 · May 7, 2018, 7:08pm

How do you deploy the app, do you use distillery or something similar? If you do, connect to the node running the app and check ~/your_app/var/logs folder.

galbangi · May 7, 2018, 7:10pm

for testing I setup new app directly on server and setting up ssl.
i am not using any tool.

idi527 · May 7, 2018, 7:11pm

How do you start the app? Where do you get

[info] Running MyappWeb.Endpoint with Cowboy using http://0.0.0.0:80
[info] Running MyappWeb.Endpoint with Cowboy using https://0.0.0.0:4443

from? These are the logs.

galbangi · May 7, 2018, 7:12pm

mix phx.server its on aws server but not production app

idi527 · May 7, 2018, 7:12pm

Is anything logged when you make a request to https://apis.mydomain.com:4443?

galbangi · May 7, 2018, 7:13pm

only this
no errors or messages

Generated myapp app
Starting ExqUI on Port 4040
[info] Running MyappWeb.Endpoint with Cowboy using http://0.0.0.0:80
[info] Running MyappWeb.Endpoint with Cowboy using https://0.0.0.0:4443
[/quote]

idi527 · May 7, 2018, 7:14pm

And when you make a request to http://apis.mydomain.com:80? If nothing is logged, then the server is probably not reached and you need to check the networking setup on your virtual machine.

galbangi · May 7, 2018, 7:17pm

its working and this is a response:
[info] GET /
[debug] Processing with MyappWeb.Comman.RooController.yahoo/2
Parameters: %{}
Pipelines: [:api]
[info] Sent 200 in 33ms

idi527 · May 7, 2018, 7:18pm

Then something might be wrong with your networking setup for 4443 port since the request doesn’t reach cowboy.

i checked inbound ports in security group.

You might want to check them again …

galbangi · May 7, 2018, 7:31pm

checked every thing is fine.

HTTP
TCP
80
0.0.0.0/0

HTTP
TCP
80
::/0

Custom TCP Rule
TCP
4040
0.0.0.0/0

Custom TCP Rule
TCP
4040
::/0

SSH
TCP
22
0.0.0.0/0

Custom TCP Rule
TCP
4443
0.0.0.0/0

Custom TCP Rule
TCP
4443
::/0

idi527 · May 7, 2018, 7:34pm

What about the rules for each of those? As far as I remember there is an ability to restrict certain ports to a set of ip addresses.

benwilson512 · May 8, 2018, 2:25pm

Are you intentionally using a non standard https port?

idi527 · May 8, 2018, 2:28pm

Also, I think there is an HTTPS rule for https, or is it only for 443?