1

Raspberry PI running Ubuntu 20.04 hosting a dotnet 6 (core) web application. DotNet by default listens to port 5000 (HTTP) and port 5001 (HTTPS). I can get http://mydomain to work but I CANNOT get HTTPS to work. My Program.cs file is set to for UseHttpsRedirection (Which works on localhost)

Note: I developed webapp on my local machine, published and deployed web app to Ubuntu (Raspberry PI) Here is my config file

<VirtualHost *:80>
   ServerName me.com
   ServerAdmin admin@me.com
   Redirect "/" https://me.com
   ErrorLog ${APACHE_LOG_DIR}/error-me.com-ssl.log
   CustomLog ${APACHE_LOG_DIR}/access-me.com-ssl.log combined
</VirtualHost>

<VirtualHost *:443>
   ServerName me.com
   DocumentRoot /var/www/me.com
   ProxyPreserveHost On
   ProxyPass / https://127.0.0.1:5001/
   ProxyPassReverse / https://127.0.0.1:5001/
   SSLEngine on
   SSLCertificateFile "/etc/ssl/certs/server.me.com.crt"
   SSLCertificateKeyFile "/etc/ssl/private/server.me.com.key"
</VirtualHost>
DavidJS
  • 131
  • If you're asking about Ubuntu 20.04, why have you tagged your question as being about Ubuntu 12.04? Please correct. – guiverc Feb 21 '22 at 21:34
  • 1
    What doesn't work? The redirection, or SSL completely? What URL/Ports are you trying? What errors are you getting? – earthmeLon Feb 21 '22 at 21:49
  • If I use VirtualHost *:80 and use ProxyPass / http://127.0.0.1:5000, then it works because the app listens on port 5000. Then I turned on HTTPSRedirect and changed VirtualHost 80 to redirect to VirtualHost 443. When I go to enter the public domain/IP address the browser just shows "This site can’t be reached" – DavidJS Feb 21 '22 at 21:59
  • 1
    What happens if you use port 5000 with the same nonfiguration? – pa4080 Feb 21 '22 at 22:05
  • @pa4080 - What do you mean? I tried using http:'//127.0.0.1:5000 on <VirtualHost *:443> and I still get "This site can’t be reached" – DavidJS Feb 21 '22 at 23:43
  • I turned off app.UseHttpsRedirection() from Program.cs, published/deployed then accessed my URL with HTTP worked. Then I accessed the site with HTTPS and again "This site can’t be reached". So maybe SSL is not setup correctly?? I created a self-signed certificate using command: sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/server.yourdomain.com.key -out /etc/ssl/certs/server.yourdomain.com.crt – DavidJS Feb 21 '22 at 23:50
  • I get this error when I do a CURL https://localhost:5001, (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html

    curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it

     – DavidJS Feb 22 '22 at 01:57
  • 1
    Looks like you're using a virtualhost file for apache2. Is it installed and configured? Do you have a SSL certificate and are the paths correct? – Nmath Feb 22 '22 at 04:42
  • 1
    Hi, @DavidJS, first of all you need to confirm your HTTPS Virtual Host works properly. Create the DocumentRoot directory with simple index.html file inside... and check these answers: https://askubuntu.com/a/893406/566421 and https://askubuntu.com/a/900433/566421. And the Cerbot's instructions page: https://certbot.eff.org/instructions?ws=apache&os=ubuntufocal – pa4080 Feb 22 '22 at 08:42
  • @Nmath - I am using a virtualhost and I have confirmed that its listening on PORT 80 and 443. I only have a self-signed certificate I created with openssl and I did confirm the paths. I will try out LetsEncrypt and see if that makes a difference. – DavidJS Feb 22 '22 at 19:33

0 Answers0