#StackBounty: #ios #objective-c #swift #amazon-web-services #aws-appsync-ios Process for uploading image to s3 with appsync || iOS Apps…

Bounty: 50

I’m working on a new project that requires uploading attachments in the form of images. I’m using DynamoDB and AppSync API’s to insert and retrieve data from database. As we are new to the AppSync and all the amazon services and database we are using for the app i’m little bit confused about the authentication process. Right now we are using API key for authentication and I have tried these steps to upload image to s3.

1 Configue the AWSServiceManager with static configuration like :-

let staticCredit =  AWSStaticCredentialsProvider(accessKey: kAppSyncAccessKey, secretKey: kAppSyncSecretKey)
let AppSyncRegion: AWSRegionType = .USEast2
let config = AWSServiceConfiguration(region: AppSyncRegion, credentialsProvider: staticCredit)
AWSServiceManager.default().defaultServiceConfiguration = config

2 Uploding picture with this method : –

func updatePictureToServer(url:URL, completion:@escaping (Bool)->Void){
    let transferManager = AWSS3TransferManager.default()
    let uploadingFileURL = url
    let uploadRequest = AWSS3TransferManagerUploadRequest()
    let userBucket = String(format: "BUCKET")
    uploadRequest?.bucket = userBucket
    let fileName = String(format: "%@%@", AppSettings.getUserId(),".jpg")
    uploadRequest?.key = fileName
    uploadRequest?.body = uploadingFileURL
    transferManager.upload(uploadRequest!).continueWith(executor: AWSExecutor.mainThread(), block: { (task:AWSTask<AnyObject>) -> Any? in
        if let error = task.error as NSError? {
            if error.domain == AWSS3TransferManagerErrorDomain, let code = AWSS3TransferManagerErrorType(rawValue: error.code) {
                switch code {
                case .cancelled, .paused:
                    break
                default:
                    print("Error uploading: (String(describing: uploadRequest!.key)) Error: (error)")
                }
            } else {
                print("Error uploading: (String(describing: uploadRequest!.key)) Error: (error)")
            }
            completion(false)
            return nil
        }

        _ = task.result
        completion(true)
        print("Upload complete for: (String(describing: uploadRequest!.key))")
        return nil
    })
}

3 And finally i’m able to see the uploaded image on the S3 bucket

enter image description here

But i’m concerned about how to save the url of the image and how to retrieve the image because when i have to make the buket PUBLIC to retrieve the image and i don’t think that’s a good approach, plus is it necessary to have a Cognito user pool because we aren’t using Cognito user pool yet in our app and not have much knowledge about that too and documents are not helping in practical situations because we are implementing ti for the first time so we need some little help.

So two question : –

  1. Proper procedure to use for uploading and retrieving images for S3 and AppSync.
  2. Is it necessary to use Cognito user pool for image uploading and retrieving.

Thanks

Note: Any suggestion or improvement or anything related to the AppSync, S3 or DynamoDB will be truly appreciated and language is not a barrier just looking for directions so swift or objective-c no problem.


Get this bounty!!!

#StackBounty: #amazon-web-services #amazon-ec2 #elastic-beanstalk #amazon-cloudformation How to automate EBS encryption with Elastic Be…

Bounty: 50

I am looking to encrypt my root EBS volumes for new EC2 environments that I create. I know that I can do this from the AWS console and from CloudFormation, but would like to be able to do so via an Elastic Beanstalk config file.

I have tried by setting the EBS volume in the launch configuration, however this only creates additional volumes from the root volume:

Type: AWS::AutoScaling::LaunchConfiguration
Properties:
  BlockDeviceMappings: [ DeviceName: "/dev/sdf1", Ebs: { Encrypted: true, VolumeSize: 8, VolumeType: gp2}]

I have also tried to create a new EBS volume on environment creation, however I am unsure how to dynamically get the EC2 instance’s logical name (I used MyEC2 here for reference):

Type: AWS::EC2::Volume
Properties:
  AutoEnableIO: true
  AvailabilityZone: { "Fn::GetAtt" : [ "MyEC2", "AvailabilityZone" ] }
  Encrypted: true
  KmsKeyId: mykey
  Size: 8
  VolumeType: gp2

Essentially I need to be able to create a new environment with an encrypted root volume. Any help would be greatly appreciated!


Get this bounty!!!

#StackBounty: #postgresql #amazon-web-services #amazon-redshift Remove ability view/list all table from schema

Bounty: 50

Using a Postgres/Amazon Redshift database. I have a schema called ‘Public’, and another schema called ‘SchemaX’. I have created a user called ‘User1’; and give him access to ‘SchemaX’. I want to stop ‘User1’ from viewing or listing the available tables in my ‘Public’ schema. How does one go about doing this?


Get this bounty!!!

#StackBounty: #amazon-web-services WorkMail hosting many small mail domains

Bounty: 50

I’m considering migrating a dozen low-volume domains to WorkMail. The simplicity is tempting, but there are two features of my existing homemade Postfix & Procmail setup that I’m having a hard time figuring out how to support with WorkMail.

The first issue is that WorkMail doesn’t seem to support group aliases that redirect outside the WorkMail organization. E.g., if I want to replicate this type of /etc/aliases entry I’m stuck:

foo-friends: alice@example.com, bob@example.org, chris@meta.example.net

I have one such group alias that’s important enough to bother doing this for in WorkMail, but it looks like there’s simply not away to do it. Am I wrong?

The other issue is supporting simple aliases across domains, particularly for role accounts like www and the like but especially postmaster and abuse. It looks like the only way to support postmaster@mydomain0.com and postmaster@mydomain1.com and postmaster@mydomain2.com is to set up individual aliases for these, one at a time. And if I have a dozen domains that don’t get a lot of mail traffic, that sounds like two dozen required standard aliases if I want to be consistent about postmaster and abuse. I suppose that would work, but what a mess to administer.

Am I wrong about that? Is there a cleaner way to support standard aliases on all of an organization’s WorkMail domains?


Get this bounty!!!

#StackBounty: #apache-2.2 #amazon-web-services #amazon-elb Amazon Application ELB doesn't work only on one specific WordPress / Apa…

Bounty: 150

Preface:

I’m 99% confident this is an Apache/PHP configuration thats doing some sort of rewrite/forwarding causing my problem.

Please note these similar issues. I’ve tried the suggestions listed but still can’t get it to work:

https://snippets.webaware.com.au/snippets/wordpress-is_ssl-doesnt-work-behind-some-load-balancers/

https://stackoverflow.com/questions/30702490/how-to-fix-wordpress-https-issues-when-behind-an-amazon-load-balancer

https://stackoverflow.com/questions/45981358/wordpress-website-behind-aws-application-load-balancer

I’ve tried the .htaccess and wp-config.php updates mentioned in these posts and I still can’t get it to respond when trying to access through the load balancer.

Problem:

Our site has many different services behind Amazon’s ELB but for some reason this simple Apache site project has turned into a major headache since I can’t resolve this one site through ELB.

When browsing to the public domain name (that routes to ELB) over HTTPS the browser just times out! (Chrome throws a ERR_CONNECTION_TIMED_OUT). Browsing to local site (bypassing ELB) works fine.

Background:

  • ELB: Application load balancer. It listens on 443 and terminates TLS certificate. Working great for many hosts, just not this wordpress site.

  • WordPress Host: Apache container running wordpress (official Docker image wordpress:4.9.8-php7.1-apache). Listens on port 8008 HTTP only, no TLS configuration set on the container/Apache since the load balancer handles TLS.

  • DNS: Both public and private DNS servers are setup for CNAME records for the ELB endpoint.

I just created a brand new site (it’s a wordpress site) using the official WordPress docker image wordpress:4.9.8-php7.1-apache – Basically it’s just an apache server. I can load the site without issue using the IP/port of the host.

The site itself works fine! I can browse to it using clear HTTP using its internal IP and port.

So I then added it to my ELB setup just like all our other sites (I’ve done this a million times before).

Config/Steps Tried:

  • Cert is already installed for the ELB listener as this is just oen of many sites on this listener.
  • Security group for the host allows inbound for the appropriate listening port from my entire VPC.
  • Security group for the ELB listener is 0.0.0.0/0 for 443, and again works fine for the other sites.
  • Listener rule configured to filter by hostname and route to the appropriate target group. Screenshot below.
  • Target group shows the endpoint is “healthy”
  • When browsing to the internal IP/port the site loads fine.
  • I have many other services running on this host that are routed to it through the same ELB, so the subnet config is ok.
  • I checked the apache logs, and it doesn’t look like any packets are being sent to Apache (nothing shows in the logs) when attempting to connect via ELB.
  • DNS routes to the CNAME of the ELB. This works fine for all our other services.

Since I’m very comfortable with ELB and I am very confident my cert is installed ok and my listener host filtering/target group config is healthy and looking good, where else should I check? Is there any logging of ELB so I can trace what’s going on? Is there maybe something in Apache that I can check?

Here’s how the target looks in the ELB target groups. If I browse to this ip/port it works fine.:
Target

Standard host name filtering, nothing special:
Host name filtering

Here is what developer tools shows when attempting to browse the https page. Apache is forcing a 301 redirect.
enter image description here

Because Apache is forcing the 301, that makes me think it’s assuming the page is not https. I’ve already tried setting rules such as the following:

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';

However, no success still. This appears to be the same behavior both if I have wordpress options siteurl set to the external https hostname or the internal ip:port over http.

Here is curl -I output. I’ve replaced my real host domain with example.com:*

C02SL234G8WN:Documents user$ curl -I marketing-wp.example.com 
HTTP/1.1 200 OK 
Date: Tue, 21 Aug 2018 20:59:16 GMT 
Content-Type: text/html; charset=UTF-8 
Connection: keep-alive 
Server: Apache/2.4.25 (Debian) 
X-Powered-By: PHP/7.1.20 
Link: <https://marketing-wp.example.com/wp-json/>; rel="https://api.w.org/" 

EDIT:

I managed to get this working by updating the is_ssl() function in wp-includes/load.php to force return true. The page now loads! However the wp-admin page isn’t working still. Still hacking away at it


Get this bounty!!!

#StackBounty: #apache-2.2 #amazon-web-services #amazon-elb Amazon Application ELB doesn't work only on one specific WordPress / Apa…

Bounty: 150

Preface:

I’m 99% confident this is an Apache/PHP configuration thats doing some sort of rewrite/forwarding causing my problem.

Please note these similar issues. I’ve tried the suggestions listed but still can’t get it to work:

https://snippets.webaware.com.au/snippets/wordpress-is_ssl-doesnt-work-behind-some-load-balancers/

https://stackoverflow.com/questions/30702490/how-to-fix-wordpress-https-issues-when-behind-an-amazon-load-balancer

https://stackoverflow.com/questions/45981358/wordpress-website-behind-aws-application-load-balancer

I’ve tried the .htaccess and wp-config.php updates mentioned in these posts and I still can’t get it to respond when trying to access through the load balancer.

Problem:

Our site has many different services behind Amazon’s ELB but for some reason this simple Apache site project has turned into a major headache since I can’t resolve this one site through ELB.

When browsing to the public domain name (that routes to ELB) over HTTPS the browser just times out! (Chrome throws a ERR_CONNECTION_TIMED_OUT). Browsing to local site (bypassing ELB) works fine.

Background:

  • ELB: Application load balancer. It listens on 443 and terminates TLS certificate. Working great for many hosts, just not this wordpress site.

  • WordPress Host: Apache container running wordpress (official Docker image wordpress:4.9.8-php7.1-apache). Listens on port 8008 HTTP only, no TLS configuration set on the container/Apache since the load balancer handles TLS.

  • DNS: Both public and private DNS servers are setup for CNAME records for the ELB endpoint.

I just created a brand new site (it’s a wordpress site) using the official WordPress docker image wordpress:4.9.8-php7.1-apache – Basically it’s just an apache server. I can load the site without issue using the IP/port of the host.

The site itself works fine! I can browse to it using clear HTTP using its internal IP and port.

So I then added it to my ELB setup just like all our other sites (I’ve done this a million times before).

Config/Steps Tried:

  • Cert is already installed for the ELB listener as this is just oen of many sites on this listener.
  • Security group for the host allows inbound for the appropriate listening port from my entire VPC.
  • Security group for the ELB listener is 0.0.0.0/0 for 443, and again works fine for the other sites.
  • Listener rule configured to filter by hostname and route to the appropriate target group. Screenshot below.
  • Target group shows the endpoint is “healthy”
  • When browsing to the internal IP/port the site loads fine.
  • I have many other services running on this host that are routed to it through the same ELB, so the subnet config is ok.
  • I checked the apache logs, and it doesn’t look like any packets are being sent to Apache (nothing shows in the logs) when attempting to connect via ELB.
  • DNS routes to the CNAME of the ELB. This works fine for all our other services.

Since I’m very comfortable with ELB and I am very confident my cert is installed ok and my listener host filtering/target group config is healthy and looking good, where else should I check? Is there any logging of ELB so I can trace what’s going on? Is there maybe something in Apache that I can check?

Here’s how the target looks in the ELB target groups. If I browse to this ip/port it works fine.:
Target

Standard host name filtering, nothing special:
Host name filtering

Here is what developer tools shows when attempting to browse the https page. Apache is forcing a 301 redirect.
enter image description here

Because Apache is forcing the 301, that makes me think it’s assuming the page is not https. I’ve already tried setting rules such as the following:

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';

However, no success still. This appears to be the same behavior both if I have wordpress options siteurl set to the external https hostname or the internal ip:port over http.

Here is curl -I output. I’ve replaced my real host domain with example.com:*

C02SL234G8WN:Documents user$ curl -I marketing-wp.example.com 
HTTP/1.1 200 OK 
Date: Tue, 21 Aug 2018 20:59:16 GMT 
Content-Type: text/html; charset=UTF-8 
Connection: keep-alive 
Server: Apache/2.4.25 (Debian) 
X-Powered-By: PHP/7.1.20 
Link: <https://marketing-wp.example.com/wp-json/>; rel="https://api.w.org/" 

EDIT:

I managed to get this working by updating the is_ssl() function in wp-includes/load.php to force return true. The page now loads! However the wp-admin page isn’t working still. Still hacking away at it


Get this bounty!!!

#StackBounty: #apache-2.2 #amazon-web-services #amazon-elb Amazon Application ELB doesn't work only on one specific WordPress / Apa…

Bounty: 150

Preface:

I’m 99% confident this is an Apache/PHP configuration thats doing some sort of rewrite/forwarding causing my problem.

Please note these similar issues. I’ve tried the suggestions listed but still can’t get it to work:

https://snippets.webaware.com.au/snippets/wordpress-is_ssl-doesnt-work-behind-some-load-balancers/

https://stackoverflow.com/questions/30702490/how-to-fix-wordpress-https-issues-when-behind-an-amazon-load-balancer

https://stackoverflow.com/questions/45981358/wordpress-website-behind-aws-application-load-balancer

I’ve tried the .htaccess and wp-config.php updates mentioned in these posts and I still can’t get it to respond when trying to access through the load balancer.

Problem:

Our site has many different services behind Amazon’s ELB but for some reason this simple Apache site project has turned into a major headache since I can’t resolve this one site through ELB.

When browsing to the public domain name (that routes to ELB) over HTTPS the browser just times out! (Chrome throws a ERR_CONNECTION_TIMED_OUT). Browsing to local site (bypassing ELB) works fine.

Background:

  • ELB: Application load balancer. It listens on 443 and terminates TLS certificate. Working great for many hosts, just not this wordpress site.

  • WordPress Host: Apache container running wordpress (official Docker image wordpress:4.9.8-php7.1-apache). Listens on port 8008 HTTP only, no TLS configuration set on the container/Apache since the load balancer handles TLS.

  • DNS: Both public and private DNS servers are setup for CNAME records for the ELB endpoint.

I just created a brand new site (it’s a wordpress site) using the official WordPress docker image wordpress:4.9.8-php7.1-apache – Basically it’s just an apache server. I can load the site without issue using the IP/port of the host.

The site itself works fine! I can browse to it using clear HTTP using its internal IP and port.

So I then added it to my ELB setup just like all our other sites (I’ve done this a million times before).

Config/Steps Tried:

  • Cert is already installed for the ELB listener as this is just oen of many sites on this listener.
  • Security group for the host allows inbound for the appropriate listening port from my entire VPC.
  • Security group for the ELB listener is 0.0.0.0/0 for 443, and again works fine for the other sites.
  • Listener rule configured to filter by hostname and route to the appropriate target group. Screenshot below.
  • Target group shows the endpoint is “healthy”
  • When browsing to the internal IP/port the site loads fine.
  • I have many other services running on this host that are routed to it through the same ELB, so the subnet config is ok.
  • I checked the apache logs, and it doesn’t look like any packets are being sent to Apache (nothing shows in the logs) when attempting to connect via ELB.
  • DNS routes to the CNAME of the ELB. This works fine for all our other services.

Since I’m very comfortable with ELB and I am very confident my cert is installed ok and my listener host filtering/target group config is healthy and looking good, where else should I check? Is there any logging of ELB so I can trace what’s going on? Is there maybe something in Apache that I can check?

Here’s how the target looks in the ELB target groups. If I browse to this ip/port it works fine.:
Target

Standard host name filtering, nothing special:
Host name filtering

Here is what developer tools shows when attempting to browse the https page. Apache is forcing a 301 redirect.
enter image description here

Because Apache is forcing the 301, that makes me think it’s assuming the page is not https. I’ve already tried setting rules such as the following:

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';

However, no success still. This appears to be the same behavior both if I have wordpress options siteurl set to the external https hostname or the internal ip:port over http.

Here is curl -I output. I’ve replaced my real host domain with example.com:*

C02SL234G8WN:Documents user$ curl -I marketing-wp.example.com 
HTTP/1.1 200 OK 
Date: Tue, 21 Aug 2018 20:59:16 GMT 
Content-Type: text/html; charset=UTF-8 
Connection: keep-alive 
Server: Apache/2.4.25 (Debian) 
X-Powered-By: PHP/7.1.20 
Link: <https://marketing-wp.example.com/wp-json/>; rel="https://api.w.org/" 

EDIT:

I managed to get this working by updating the is_ssl() function in wp-includes/load.php to force return true. The page now loads! However the wp-admin page isn’t working still. Still hacking away at it


Get this bounty!!!

#StackBounty: #apache-2.2 #amazon-web-services #amazon-elb Amazon Application ELB doesn't work only on one specific WordPress / Apa…

Bounty: 150

Preface:

I’m 99% confident this is an Apache/PHP configuration thats doing some sort of rewrite/forwarding causing my problem.

Please note these similar issues. I’ve tried the suggestions listed but still can’t get it to work:

https://snippets.webaware.com.au/snippets/wordpress-is_ssl-doesnt-work-behind-some-load-balancers/

https://stackoverflow.com/questions/30702490/how-to-fix-wordpress-https-issues-when-behind-an-amazon-load-balancer

https://stackoverflow.com/questions/45981358/wordpress-website-behind-aws-application-load-balancer

I’ve tried the .htaccess and wp-config.php updates mentioned in these posts and I still can’t get it to respond when trying to access through the load balancer.

Problem:

Our site has many different services behind Amazon’s ELB but for some reason this simple Apache site project has turned into a major headache since I can’t resolve this one site through ELB.

When browsing to the public domain name (that routes to ELB) over HTTPS the browser just times out! (Chrome throws a ERR_CONNECTION_TIMED_OUT). Browsing to local site (bypassing ELB) works fine.

Background:

  • ELB: Application load balancer. It listens on 443 and terminates TLS certificate. Working great for many hosts, just not this wordpress site.

  • WordPress Host: Apache container running wordpress (official Docker image wordpress:4.9.8-php7.1-apache). Listens on port 8008 HTTP only, no TLS configuration set on the container/Apache since the load balancer handles TLS.

  • DNS: Both public and private DNS servers are setup for CNAME records for the ELB endpoint.

I just created a brand new site (it’s a wordpress site) using the official WordPress docker image wordpress:4.9.8-php7.1-apache – Basically it’s just an apache server. I can load the site without issue using the IP/port of the host.

The site itself works fine! I can browse to it using clear HTTP using its internal IP and port.

So I then added it to my ELB setup just like all our other sites (I’ve done this a million times before).

Config/Steps Tried:

  • Cert is already installed for the ELB listener as this is just oen of many sites on this listener.
  • Security group for the host allows inbound for the appropriate listening port from my entire VPC.
  • Security group for the ELB listener is 0.0.0.0/0 for 443, and again works fine for the other sites.
  • Listener rule configured to filter by hostname and route to the appropriate target group. Screenshot below.
  • Target group shows the endpoint is “healthy”
  • When browsing to the internal IP/port the site loads fine.
  • I have many other services running on this host that are routed to it through the same ELB, so the subnet config is ok.
  • I checked the apache logs, and it doesn’t look like any packets are being sent to Apache (nothing shows in the logs) when attempting to connect via ELB.
  • DNS routes to the CNAME of the ELB. This works fine for all our other services.

Since I’m very comfortable with ELB and I am very confident my cert is installed ok and my listener host filtering/target group config is healthy and looking good, where else should I check? Is there any logging of ELB so I can trace what’s going on? Is there maybe something in Apache that I can check?

Here’s how the target looks in the ELB target groups. If I browse to this ip/port it works fine.:
Target

Standard host name filtering, nothing special:
Host name filtering

Here is what developer tools shows when attempting to browse the https page. Apache is forcing a 301 redirect.
enter image description here

Because Apache is forcing the 301, that makes me think it’s assuming the page is not https. I’ve already tried setting rules such as the following:

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';

However, no success still. This appears to be the same behavior both if I have wordpress options siteurl set to the external https hostname or the internal ip:port over http.

Here is curl -I output. I’ve replaced my real host domain with example.com:*

C02SL234G8WN:Documents user$ curl -I marketing-wp.example.com 
HTTP/1.1 200 OK 
Date: Tue, 21 Aug 2018 20:59:16 GMT 
Content-Type: text/html; charset=UTF-8 
Connection: keep-alive 
Server: Apache/2.4.25 (Debian) 
X-Powered-By: PHP/7.1.20 
Link: <https://marketing-wp.example.com/wp-json/>; rel="https://api.w.org/" 

EDIT:

I managed to get this working by updating the is_ssl() function in wp-includes/load.php to force return true. The page now loads! However the wp-admin page isn’t working still. Still hacking away at it


Get this bounty!!!

#StackBounty: #apache-2.2 #amazon-web-services #amazon-elb Amazon Application ELB doesn't work only on one specific WordPress / Apa…

Bounty: 150

Preface:

I’m 99% confident this is an Apache/PHP configuration thats doing some sort of rewrite/forwarding causing my problem.

Please note these similar issues. I’ve tried the suggestions listed but still can’t get it to work:

https://snippets.webaware.com.au/snippets/wordpress-is_ssl-doesnt-work-behind-some-load-balancers/

https://stackoverflow.com/questions/30702490/how-to-fix-wordpress-https-issues-when-behind-an-amazon-load-balancer

https://stackoverflow.com/questions/45981358/wordpress-website-behind-aws-application-load-balancer

I’ve tried the .htaccess and wp-config.php updates mentioned in these posts and I still can’t get it to respond when trying to access through the load balancer.

Problem:

Our site has many different services behind Amazon’s ELB but for some reason this simple Apache site project has turned into a major headache since I can’t resolve this one site through ELB.

When browsing to the public domain name (that routes to ELB) over HTTPS the browser just times out! (Chrome throws a ERR_CONNECTION_TIMED_OUT). Browsing to local site (bypassing ELB) works fine.

Background:

  • ELB: Application load balancer. It listens on 443 and terminates TLS certificate. Working great for many hosts, just not this wordpress site.

  • WordPress Host: Apache container running wordpress (official Docker image wordpress:4.9.8-php7.1-apache). Listens on port 8008 HTTP only, no TLS configuration set on the container/Apache since the load balancer handles TLS.

  • DNS: Both public and private DNS servers are setup for CNAME records for the ELB endpoint.

I just created a brand new site (it’s a wordpress site) using the official WordPress docker image wordpress:4.9.8-php7.1-apache – Basically it’s just an apache server. I can load the site without issue using the IP/port of the host.

The site itself works fine! I can browse to it using clear HTTP using its internal IP and port.

So I then added it to my ELB setup just like all our other sites (I’ve done this a million times before).

Config/Steps Tried:

  • Cert is already installed for the ELB listener as this is just oen of many sites on this listener.
  • Security group for the host allows inbound for the appropriate listening port from my entire VPC.
  • Security group for the ELB listener is 0.0.0.0/0 for 443, and again works fine for the other sites.
  • Listener rule configured to filter by hostname and route to the appropriate target group. Screenshot below.
  • Target group shows the endpoint is “healthy”
  • When browsing to the internal IP/port the site loads fine.
  • I have many other services running on this host that are routed to it through the same ELB, so the subnet config is ok.
  • I checked the apache logs, and it doesn’t look like any packets are being sent to Apache (nothing shows in the logs) when attempting to connect via ELB.
  • DNS routes to the CNAME of the ELB. This works fine for all our other services.

Since I’m very comfortable with ELB and I am very confident my cert is installed ok and my listener host filtering/target group config is healthy and looking good, where else should I check? Is there any logging of ELB so I can trace what’s going on? Is there maybe something in Apache that I can check?

Here’s how the target looks in the ELB target groups. If I browse to this ip/port it works fine.:
Target

Standard host name filtering, nothing special:
Host name filtering

Here is what developer tools shows when attempting to browse the https page. Apache is forcing a 301 redirect.
enter image description here

Because Apache is forcing the 301, that makes me think it’s assuming the page is not https. I’ve already tried setting rules such as the following:

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';

However, no success still. This appears to be the same behavior both if I have wordpress options siteurl set to the external https hostname or the internal ip:port over http.

Here is curl -I output. I’ve replaced my real host domain with example.com:*

C02SL234G8WN:Documents user$ curl -I marketing-wp.example.com 
HTTP/1.1 200 OK 
Date: Tue, 21 Aug 2018 20:59:16 GMT 
Content-Type: text/html; charset=UTF-8 
Connection: keep-alive 
Server: Apache/2.4.25 (Debian) 
X-Powered-By: PHP/7.1.20 
Link: <https://marketing-wp.example.com/wp-json/>; rel="https://api.w.org/" 

EDIT:

I managed to get this working by updating the is_ssl() function in wp-includes/load.php to force return true. The page now loads! However the wp-admin page isn’t working still. Still hacking away at it


Get this bounty!!!

#StackBounty: #apache-2.2 #amazon-web-services #amazon-elb Amazon Application ELB doesn't work only on one specific WordPress / Apa…

Bounty: 150

Preface:

I’m 99% confident this is an Apache/PHP configuration thats doing some sort of rewrite/forwarding causing my problem.

Please note these similar issues. I’ve tried the suggestions listed but still can’t get it to work:

https://snippets.webaware.com.au/snippets/wordpress-is_ssl-doesnt-work-behind-some-load-balancers/

https://stackoverflow.com/questions/30702490/how-to-fix-wordpress-https-issues-when-behind-an-amazon-load-balancer

https://stackoverflow.com/questions/45981358/wordpress-website-behind-aws-application-load-balancer

I’ve tried the .htaccess and wp-config.php updates mentioned in these posts and I still can’t get it to respond when trying to access through the load balancer.

Problem:

Our site has many different services behind Amazon’s ELB but for some reason this simple Apache site project has turned into a major headache since I can’t resolve this one site through ELB.

When browsing to the public domain name (that routes to ELB) over HTTPS the browser just times out! (Chrome throws a ERR_CONNECTION_TIMED_OUT). Browsing to local site (bypassing ELB) works fine.

Background:

  • ELB: Application load balancer. It listens on 443 and terminates TLS certificate. Working great for many hosts, just not this wordpress site.

  • WordPress Host: Apache container running wordpress (official Docker image wordpress:4.9.8-php7.1-apache). Listens on port 8008 HTTP only, no TLS configuration set on the container/Apache since the load balancer handles TLS.

  • DNS: Both public and private DNS servers are setup for CNAME records for the ELB endpoint.

I just created a brand new site (it’s a wordpress site) using the official WordPress docker image wordpress:4.9.8-php7.1-apache – Basically it’s just an apache server. I can load the site without issue using the IP/port of the host.

The site itself works fine! I can browse to it using clear HTTP using its internal IP and port.

So I then added it to my ELB setup just like all our other sites (I’ve done this a million times before).

Config/Steps Tried:

  • Cert is already installed for the ELB listener as this is just oen of many sites on this listener.
  • Security group for the host allows inbound for the appropriate listening port from my entire VPC.
  • Security group for the ELB listener is 0.0.0.0/0 for 443, and again works fine for the other sites.
  • Listener rule configured to filter by hostname and route to the appropriate target group. Screenshot below.
  • Target group shows the endpoint is “healthy”
  • When browsing to the internal IP/port the site loads fine.
  • I have many other services running on this host that are routed to it through the same ELB, so the subnet config is ok.
  • I checked the apache logs, and it doesn’t look like any packets are being sent to Apache (nothing shows in the logs) when attempting to connect via ELB.
  • DNS routes to the CNAME of the ELB. This works fine for all our other services.

Since I’m very comfortable with ELB and I am very confident my cert is installed ok and my listener host filtering/target group config is healthy and looking good, where else should I check? Is there any logging of ELB so I can trace what’s going on? Is there maybe something in Apache that I can check?

Here’s how the target looks in the ELB target groups. If I browse to this ip/port it works fine.:
Target

Standard host name filtering, nothing special:
Host name filtering

Here is what developer tools shows when attempting to browse the https page. Apache is forcing a 301 redirect.
enter image description here

Because Apache is forcing the 301, that makes me think it’s assuming the page is not https. I’ve already tried setting rules such as the following:

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';

However, no success still. This appears to be the same behavior both if I have wordpress options siteurl set to the external https hostname or the internal ip:port over http.

Here is curl -I output. I’ve replaced my real host domain with example.com:*

C02SL234G8WN:Documents user$ curl -I marketing-wp.example.com 
HTTP/1.1 200 OK 
Date: Tue, 21 Aug 2018 20:59:16 GMT 
Content-Type: text/html; charset=UTF-8 
Connection: keep-alive 
Server: Apache/2.4.25 (Debian) 
X-Powered-By: PHP/7.1.20 
Link: <https://marketing-wp.example.com/wp-json/>; rel="https://api.w.org/" 

EDIT:

I managed to get this working by updating the is_ssl() function in wp-includes/load.php to force return true. The page now loads! However the wp-admin page isn’t working still. Still hacking away at it


Get this bounty!!!