I have a node server running on a linux aws lightsail server. I have used bncert-tool for an ssl certificate. I also have linked a domain to my instance. Now the problem im having is when I load my site with http:// I get ERR_EMPTY_RESPONSE but when I load the site with https:// the site loads as expected. I know I have to add an http to https redirection to my bitnami.config file but the bncert-tool automatically does that but I went ahead and checked if what's mentioned here is appied properly and everything checks out. Do I have to do anything else to automatically redirect all traffic on http to https? Any help is appreciated. Thanks in advance.
You can create public certificate for SSL from AWS Certificate Manager. After creation of certificate, you need to create new record as a Cname at the place where you managed your domain. After doing that, you will see, your website will have a SSL connection. More information about requesting a public certificate.
Related
I have a EC2 server that serves the backend using HTTP to the S3 bucket Frontend and that works fine when I use the S3 address to run the app. However, after I deploy to the Cloudfront, I get the following error:
Mixed Content: The page at 'https://d3qxpzawaycmw5.cloudfront.net/#/employees' was loaded over HTTPS, but requested an
insecure resource 'http://ec2-3-86-60-146.compute-1.amazonaws.com:3030/api/Employees?'. This request has been blocked;
the content must be served over HTTPS.
This informs that the BE must be served using the HTTPS. If I can't change anything for the BE, is there any solution to use the Cloudfront?
Thanks.
You don't need to change anything in the instance if you don't want. The easiest way to get HTTPS for your instance, is to front it with Load Balancer as explained in:
How can I associate an ACM SSL/TLS certificate with a Classic, Application, or Network Load Balancer?
But for this, and any other method, you need your own domain, as you need a valid public SSL certificate for it. If you use load balancer, you can easily get free SSL cert from AWS ACM.
But if ALB is to much for you, then you need to deploy SSL on the instance. This still requires your own domain, but you can't use ACM. Instead you can get free SSL certificate from https://letsencrypt.org/.
Put http:// at the front of cloudfront domain name
This happens when you try to open the application with https but trying to connect the backend with http.
Installing/configuring SSL certificate for backend solves this problem.
If you want to use without SSL in cloudfront use HTTP and HTTPS like this
I have a web server hosted in AWS ECS using fargate with load balancer.
I added an https listener to the load balancer with a certificate I issued using AWS ACM.
The certificate is issued to a domain I own, the certificate got validated and I'm able to send https requests to the web server via the load balancer using postman.
But, when I open in the browser the url of the load balancer I'm getting the following error
NET::ERR_CERT_COMMON_NAME_INVALID
what am I doing wrong?
Thanks in advance
what am I doing wrong?
Your SSL cert is issued for your own domain, not for "the url of the load balancer". So it does not match and you get the error.
You have to use your own domain now to access your api/website. Browsers are very strict in ensuring that SSL cert and domain match. In terms of postman, you may have disabled these checks, or postman may not be as strict.
You can check postman's ssl checks as shown below:
I bought a domain named studileih.de, then I deployed my Angular frontend on firebase: https://studileih-ceb70.web.app/ and redirected from my domain studileih.de to the firebase URL.
Then I deployed my Spring Boot backend to AWS Elastic Beanstalk on: http://studileih1.eu-central-1.elasticbeanstalk.com/
-> Problem: Since the frontend on firebase used https and the backend on AWS used http I got a Mixed content error. The frontend wasn't able to load any of the backend data.
So I tried to solve this by creating a SSL certificate for my backend in the AWS Certificate Manager (ACM) and adding this to my Elasting Beanstalk Load Balancer. This worked and I could now at least make a connection from my frontend to my backend.
But now I get this error whenever a request to my backend gets sent:
When I click on "Accept the Risk and Continue" once, it works fine and all my backend data gets loaded. But I can't ask my users to do that.
(You can try this out by following: https://studileih1.eu-central-1.elasticbeanstalk.com/products and clicking "Advanced" -> "Accept the Risk and Continue" (if you dare ^^)
after you've done that, click on studileih.de and it will now load with the backend data.)
I know the problem exists because when creating the SSL certificate, I entered studileih.de as the domain that the certificate is for. I think I have to create a SSL certificate for studileih1.eu-central-1.elasticbeanstalk.com instead.
But when I try to create a SSL certificate for studileih1.eu-central-1.elasticbeanstalk.com:
I get this error from ACM:
How do I create a SSL Certificate for the Elastic Beanstalk URL?
p.s. I also tried to issue a certificate for my firebase URL https://studileih-ceb70.web.app/ but this one already uses Https by default. Also I couldnt find out how to DNS/Email validate the ACM request in the firebase console. But I think I need a certificate for the Elastic Beanstalk backend at studileih1.eu-central-1.elasticbeanstalk.com, not for the firebase frontend, right?
p.p.s. I don't really need to use https, so a solution would be to make firebase use http instead of https, but I couldn't find anything on how to do that.
UPDATE:
I added a subdomain called api.studileih.de (the immediate access is blocked by spring security, as you're not logged in to my site, but you can test it with api.studileih.de/products, because this API is accessibly without login). Then I redirected that subdomain to my AWS Load Balancer as suggested by Mark B by adding a CNAME to the subdomain:
(it's not possible to change to english there, sorry)
this is my Load Balancer:
I tried to put the DNS-Name as A-Record into my subdomain, but it was only possible to enter a IP4 adress there, so I entered it as CNAME instead. I also tried to find out the IP Adress of the Load Balancer, but Load Balancer don't have a static IP Adress.
This approach with the subdomain and the CNAME unfortunately didn't work, so I'm still looking for a solution...
(Here's the menu for setting a A-Record. You can only enter IP Adresses there:)
I know the problem exists because when creating the SSL certificate, I
entered studileih.de as the domain that the certificate is for. I
think I have to create a SSL certificate for
studileih1.eu-central-1.elasticbeanstalk.com instead.
You can only create an SSL certificate for a domain you own. You need to point a subdoomain of studileih.de, like api.studileih.de, at the Elastic Beanstalk load balancer, and then attach an SSL certificate to that load balancer that matches that subdomain.
I´ve created a EC2 instance, installed a service and I was able to routed it to my address with Route 53. So I can go to example.com/myservice and see it on the browser.
However, in the browser, I get a small info card in the address bar that says
"Not secure" and information about not entering sensitive information.
What does this message mean? How can I avoid this message? What do I need to change in my existing setup?
All info is welcome, as this is fairly new for me.
This means that you are connecting to your website using HTTP protocol, not HTTPS. HTTP is not secure as all data is in plain text, while in HTTPS your data is encrypted.
To rectify the issue you can install an SSL certificate directly on your instance or leverage Load Balancer or CloudFront in front of the instance.
Some useful links from AWS documentation:
Tutorial: Configure SSL/TLS on Amazon Linux 2 for direct installation of the certificate
Add an HTTPS Listener for Application Load Balancer
Using Alternate Domain Names and HTTPS for CloudFront
My application's URL is: abc.com. I have configured SSL in it and I am also using ELB that acts as the proxy server to the application. Now if someone hits www.abc.com, I want it(www.abc.com) to be redirected to abc.com and also SSL should work.
I have added www.abc.com to the DNS. Now www.abc.com is working but SSL is not working for the same. How can this be done in AWS. Is there any setting in ELB for the same.
Thanks in advance.