I'm trying to enable SSL on a single EC2 Linux instance running PHP but I get a "connection refused" error.
I followed these instructions to enable SSL: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/SSL.SingleInstance.html
And in step 4, I completed the steps to create a .config file (I made sure indentation was correct) and place it inside the .ebextensions folder: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/ssl-singleinstance-php.html
Also, I created a new Security Group for HTTPS (Inbound HTTPS | TCP | 443 | 0.0.0.0/0).
After committing the change, I went ahead and deployed using aws.push. The deployment was successful (no errors). However, I see a "refused connection" error when trying to load my instance both on http and https.
In order to see if I could revert this situation, I removed the .config file and redeployed, but I still see the error, the site is not accessible at the moment.
Any ideas of what I may be doing wrong? I read the answers that were given in similar questions, but I can't find a solution to this issue. I'm also wondering how I can revert the configuration to bring the site back.
Here's my config file:
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
IpProtocol: tcp
ToPort: 443
FromPort: 443
CidrIp: 0.0.0.0/0
packages:
yum:
mod24_ssl : []
files:
/etc/httpd/conf.d/ssl.conf:
mode: "000644"
owner: root
group: root
content: |
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLEngine on
SSLCertificateFile "/etc/pki/tls/certs/server.crt"
SSLCertificateKeyFile "/etc/pki/tls/certs/server.key"
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLSessionTickets Off
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
ProxyPass / http://localhost:80/ retry=0
ProxyPassReverse / http://localhost:80/
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto "https" early
LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
TransferLog /var/log/httpd/elasticbeanstalk-access_log
</VirtualHost>
/etc/pki/tls/certs/server.crt:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN CERTIFICATE-----
mycertificateheremycertificateheremycertificateheremycertificate
mycertificateheremycertificateheremycertificateheremycertificate
mycertificateheremycertificateheremycertificateheremycertificate
mycertificateheremycertificateheremycertificateheremycertificate
mycertificateheremycertificateheremycertificateheremycertificate
mycertificateheremycertificateheremycertificateheremycertificate
mycertificateheremycertificateheremycertificateheremycertificate
mycertificateheremycertificateheremycertificateheremycertificate
mycertificateheremycertificateheremycertificateheremycertificate
mycertificateheremycertificateheremycertificateheremycertificate
mycertificateheremycertificateheremycertificateheremycertificate
mycertificateheremycertificateheremycertificateheremycertificate
mycertificateheremycertificateheremycertificateheremycertificate
mycertificateheremycertificateheremycertificateheremycertificate
mycertificateheremycertificateheremycertificateheremycertificate
mycertificateheremycertificateheremycertificateheremycertificate
mycertificateheremycertificateheremycertificateheremycertificate
mycertificateheremycertificateheremycertificateheremycertificate
mycertificateheremycertificateheremycertificateheremycertificate
-----END CERTIFICATE-----
/etc/pki/tls/certs/server.key:
mode: "000400"
owner: root
group: root
content: |
-----BEGIN RSA PRIVATE KEY-----
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
myrsaprivatekeyheremyrsaprivatekeyheremyrsaprivatekeyheremyrsapr
-----END RSA PRIVATE KEY-----
