Category: Amazon Web Services

How to Setup HTTPS for Free With Terminal

In this article, I’ll show you how to setup HTTPS for your website as long as you have shell/terminal access.

  • We host slothparadise on Amazon Web Services EC2, so we do have shell access to the website.

You should visit https://certbot.eff.org to get customized instructions for your operating system and web server. Let’s Encrypt has more information.

 

1.  Find out what type of web server and operating system you are using.

Open a terminal and ssh into your website.

ssh [email protected]

Once you are connected, you will see what version of your operating system.

Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-24-generic x86_64)

Next, you should find out what type of web server you are running. I know beforehand that I am running an apache server, so I should check the status of apache.

~$ sudo service apache2 status
* apache2 is running

As a result, at the certbot.eff.org website, I’ll select Apache for Software and Ubuntu 14.04 (trusty) for System.

 

2. Follow the instructions that pop up.

Next up is simply following the instructions for Certbot.

$ sudo add-apt-repository ppa:certbot/certbot

$ sudo apt-get update

$ sudo apt-get install python-certbot-apache

Type Y to continue.

certbot is ready to be used, but we still need to check if the 443 port is ready.

 

3. Check if port 443 is open.

$ sudo apt-get install nmap

nmap is a useful tool on Ubuntu to see what ports you have open.

$ nmap localhost
Starting Nmap 6.40 ( http://nmap.org ) at 2017-04-30 03:52 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00028s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3306/tcp open mysql

Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds

nmap shows that I do not have 443/tcp open, so that means that I need to add open port 443.

 

4. Open port 443 if it’s not open.

Since I host the website on Amazon Web Services EC2, I have to visit https://aws.amazon.com and log into my account.

Once I’m on my dashboard, I need to visit EC2.

Next, I click on Running Instances.

I click on the running instance that I want to edit, and the checkbox becomes blue.

Afterwards, I look at the bottom of the page where there is additional information in the Description tab and click on the name of the Security Group.

If you click on Actions, you can Edit inbound rules of the Security Group.

For Edit inbound rules, we want to Add Rule HTTPS.

Before:

After:

Hit Save.

 

5. Use cerbot to add HTTPS to your website.

$ sudo certbot --apache

You will get a message to choose whether to allow both HTTP and HTTPS access or only HTTPS. I like option 2, so I type 2 and hit Enter.

If everything worked properly, you should get a Congratulations message.

Now, you can visit your website with HTTPS. Huzzah!

 

Automatic HTTPS certificate renewal

You will also get a message that your certificate will only last 3 months, but luckily, it should renew by itself.

Your cert will expire on 2017-07-29. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew"

However, the Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature.

You can check the certbot cron entries (automated scheduler):

vim /etc/cron.d/certbot

0 */12 * * * means every 12 hours.

You can test automatic renewal for your certificates to make sure that this automatic renewal will work in the future by running the following command. I like to test that certbot will renew correctly.

certbot renew --dry-run

 

Always redirect to HTTPS

What controls the redirection to HTTPS on apache is the .htaccess file.

You can follow Namecheap’s official documentation on how to force a HTTPS redirection.

.htaccess is typically found in the /var/www/html folder

$ sudo vim /var/www/html/.htaccess

In my .htaccess file, I made sure to have a section with the following:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

php_flag display_errors 1
</IfModule>

This snippet’s most important part is the RewriteRule that states the redirection to https version of the website.

Save the file and restart apache.

sudo service apache2 restart
 * Restarting web server apache2 [ OK ]

Your website should now always redirect to HTTPS.

14 Steps to Create a Website with Amazon Web Services EC2 instance – Ubuntu

Setting up an Amazon Web Services EC2 instance for the first time can be a pain in the ass. It’s time for an easy tutorial on how to get a website set up on an AWS EC2 Ubuntu instance.

Step 1:

Go to http://aws.amazon.com. Sign up for an Amazon Web Services account if you don’t already have an account. Sign into your account if you have one.

signin
Sign up for an AWS account or Sign in.

 

Step 2:

Click on EC2 Virtual Servers in the Cloud on the left side of the management console.

ec2
Go to EC2.

 

Step 3:

Click on the Launch Instance button to create a new EC2 virtual server.

Click the Launch Instance blue button.

 

Step 4:

Choose an Amazon Machine Image. You can select from a number of free tier eligible instances, which include a variety of different linux distributions and a windows server. We will be selecting Ubuntu Server 14.04 LTS (HVM).

Select the free tier eligible Ubuntu Server.

 

Step 5:

Through Steps 2-5 on the EC2 instance setup, you can click the gray Next button at the bottom right of your browser.

 

Step 6:

On the Configure Security Group step, you want to Create a new security group for future websites. Input a Security group name in the box and a description in the other box. Add two additional rules. Add rule Type HTTP. Add rule Type Custom TCP Rule. For the Custom TCP rule, input port range 8080 in the box. By adding these two rules, we can see our website online. HTTP is the default website port connection. Port 8080 for the Custom TCP rule is the common alternative port.

Configure Security Group. Add HTTP rule and a Custom TCP rule with port range 8080.

 

Step 7:

Click the blue button at the bottom right to Review and Launch the instance.

 

Step 8:

A Select an existing key pair or create a new key pair prompt box will pop up. Leave the create a new key pair as it is. Write a name for the key pair. Download key pair. This key pair will be used to ssh (get access) to the AWS EC2 instance.

Save the key pair after naming it.

 

Step 9:

For Mac or any Linux distribution, you can open any terminal. For Windows, you must use a program like Cygwin or Putty in order to use SSH. Open up a terminal that can use SSH on your computer. Maneuver to your pem file. ls is to list the contents of the directory. cd is to switch directories/folders.

cd ~ (I change directory to the home folder for my user)
ls (I list the contents of this directory where I saved my pem file)
cygwin
cd – change directory. ls – list contents.

 

Step 10:

To SSH or get access to your Amazon EC2 instance, you must change permissions of the pem (key) file. Amazon likes to secure the instance, so you need specific, secure permissions on the pem (key) file.

ls -l (lists the name and permissions of all files in the directory).
chown :Users website.pem (gives the file ownership to the Users group (for Windows, you have to do this)).
chmod 600 website.pem (allows only the owner of the file to read and write that file (Amazon requires this type of permission for the key to be used)).
permissions
Give the correct permissions to the pem (key) file.

 

Step 11:

Now, you can SSH into the EC2 instance. You first need the public DNS or IP of the EC2 instance. Go back to the EC2 Management Console. Click on Running Instances or Instances on the left sidebar to be brought to the EC2 instance dashboard. By now, your instance state should be running. Click on the instance. At the bottom of your browser, you can see the description of this instance. At the right, you can see a public DNS. Copy the public DNS.

Copy the Public DNS.

 

Step 12:

Once you have the public DNS, you can SSH onto the instance. Go back to your terminal. The command is:

ssh -i website.pem [email protected]

We SSH onto the instance as the user ubuntu. ubuntu is the default user. The flag -i is to use the key file. Type yes for the fingerprint prompt.

ec2successfullogin
ssh with the key file as ubuntu on the Ubuntu instance.

 

Step 13:

Let’s set up an Apache web server so that our EC2 instance is viewable online. We must first install apache2. For Ubuntu, you type the following command:

sudo apt-get install apache2 (apt-get install is used to install packages on ubuntu. apache2 is a web server that allows our web files to be seen through the browser. sudo is running the command as the super user or basically the administrator.)
Type Y and enter to continue.
installapache2
Install apache2 by using sudo apt-get install apache2.

 

Step 14:

Copy the Public DNS to any web browser and go to the web address. You’ll see that your EC2 instance is now viewable on the web. Hurray!

ec2instanceisup
Copy and paste the Public DNS to a browser, and you can see that the page is up and running with the default success page.

 

Your website is now up and running with the default success page for newly installed apache2 web server Amazon Web Service instances. Enjoy!