Installing HTTPS for my web app in DigitalOcean, `https://XXX.XXX.XXX.XXX` is okay but not with, `https://XXX.XXX.XXX.XXX:1234`

Question

I followed these tutorials.

• https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04, without the step 5.
• https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04, without the, "(Recommended) Modify the Unencrypted Virtual Host File to Redirect to HTTPS" part.
• I put ServerName server_domain_or_IP with http://XXX.XXX.XXX.XXX:1234.

What I have now.

• http://XXX.XXX.XXX.XXX:1234 goes to my web application. I need SSL to access webcam.
• https://XXX.XXX.XXX.XXX goes to Apache default screen after warning, which is expected.
• https://XXX.XXX.XXX.XXX:1234 goes Chrome error page of This site can’t provide a secure connection.

I need to have access to https://XXX.XXX.XXX.XXX:1234 what went wrong and what should I do?

EDIT, More details.

• Fresh install with SSH attached into the droplet (Ubuntu LTS 16.04).
• ssh root@xxx:xxx:xxx:xxx.
• adduser notalentgeek.
• usermod -aG sudo notalentgeek.
• su notalentgeek.
• Now I am on the newly created user notalentgeek.
• Move into "How To Create a Self-Signed SSL Certificate for Apache in Ubuntu 16.04" tutorial.
• sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt.
• In the form I put everything as "asd" (any arbitrary thing in my mind, are these matters). Except for "Common Name (e.g. server FQDN or YOUR name) []:" is to ip of xxx:xxx:xxx:xxx.
• sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 and wait for a while.
• sudo nano /etc/apache2/conf-available/ssl-params.conf.

• Copy paste the settings from the tutorial (StackOverflow code formatting does not working here!).

  from https://cipherli.st/

  and https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html

  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLProtocol All -SSLv2 -SSLv3 SSLHonorCipherOrder On

  Disable preloading HSTS for now. You can use the commented out header line that includes

  the "preload" directive if you understand the implications.

  Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

  Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains" Header always set X-Frame-Options DENY Header always set X-Content-Type-Options nosniff

  Requires Apache >= 2.4

  SSLCompression off SSLSessionTickets Off SSLUseStapling on SSLStaplingCache "shmcb:logs/stapling-cache(150000)"

  SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"

• sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf.bak to create backup.

• sudo nano /etc/apache2/sites-available/default-ssl.conf.

  ServerAdmin asd@asd.com ServerName xxx:xxx:xxx:xxx

              DocumentRoot /var/www/html
  
              ErrorLog ${APACHE_LOG_DIR}/error.log
              CustomLog ${APACHE_LOG_DIR}/access.log combined
  
              SSLEngine on
  
              SSLCertificateFile      /etc/ssl/certs/apache-selfsigned.crt
              SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
  
              <FilesMatch "\.(cgi|shtml|phtml|php)$">
                              SSLOptions +StdEnvVars
              </FilesMatch>
              <Directory /usr/lib/cgi-bin>
                              SSLOptions +StdEnvVars
              </Directory>
  
              BrowserMatch "MSIE [2-6]" \
                             nokeepalive ssl-unclean-shutdown \
                             downgrade-1.0 force-response-1.0
  
      </VirtualHost>
  

• sudo ufw app list, adjusting fire wall. I just put whatever codes they put there.

• sudo ufw status.
• sudo ufw allow 'Apache Full'.
• sudo ufw delete allow 'Apache'.
• sudo ufw status.
• sudo a2enmod ssl.
• sudo a2enmod headers.
• sudo a2ensite default-ssl.
• sudo a2enconf ssl-params.
• sudo apache2ctl configtest, there is no warning appeared in my case. But, in the tutorial it may have warning. This command returns, Syntax OK.
• Testing server as I mentioned before, https://xxx.xxx.xxx.xxx works, but https://xxx.xxx.xxx.xxx:5000 does not (5000 is my port for Flask.).
• sudo nano /etc/apache2/sites-available/000-default.conf
• Add Redirect permanent "/" "https://xxx.xxx.xxx.xxx:5000/".
• sudo apache2ctl configtest results in Syntax OK.
• sudo systemctl restart apache2.
• This the launch from my Flask App.

WebSocket transport not available. Install eventlet or gevent and gevent-websocket for improved performance. * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)

• Going to http://xxx.xxx.xxx.xxx:5000/, where xxx.xxx.xxx.xxx is the IP of DigitalOcean Droplet refer to my web app successfully. But web app needs access to webcam and microphone.
• Following other tutorial, https://www.digitalocean.com/community/tutorials/how-to-deploy-a-flask-application-on-an-ubuntu-vps.
• sudo apt-get install libapache2-mod-wsgi python-dev.
• sudo a2enmod wsgi.
• cd /var/www.
• sudo mkdir FlaskApp.
• cd FlaskApp.
• git clone https://github.com/notalentgeek/my_app --depth 1.
• cd my_app.
• Installing, pip3 and virtualenv. Running from http is still fine!

• sudo nano /etc/apache2/sites-available/FlaskApp.conf (formatting also does not working!).

  ServerName https://xxx.xxx.xxx.xxx:5000/ ServerAdmin asd@asd.com WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi Order allow,deny Allow from all Alias /static /var/www/FlaskApp/my_app/static Order allow,deny Allow from all ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined

• sudo a2ensite FlaskApp.

• cd /var/www/FlaskApp.
• sudo nano flaskapp.wsgi.
• sudo service apache2 restart, the tutorial says that would be a warning message. but I did not get any.
• sudo python3 -B my_app.py results in these.

WebSocket transport not available. Install eventlet or gevent and gevent-websocket for improved performance. * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)

• In http all work but not https.

Some of the codes has ## make the indent-to-code in StackOverflow does not working. Here is the raw from PasteBin, https://pastebin.com/iShsHjCX.

Answer 1

This thing solved me, can you add HTTPS functionality to a python flask web server?. It is more in the Flask side rather than anything else.