I have a site hosted with AWS, but the domain is not ready yet. I want to work on it and begin testing.
The site runs through a load balancer.
When I go to Load Balancers in EC2 I can see the DNS name. If I type this into my browser I get a warning that it is unsafe, then when I choose to load anyway I get an error DNS_PROBE_FINISHED_NXDOMAIN
I used the "dig A " command in terminal to get the IP address. I added this IP address to my hosts file, and I get the same error when trying to access it like that.
I get a warning that it is unsafe
It is unsafe because default ALB url does not use HTTPS. It only works with HTTP which is marked as unsecure by all major browsers.
To fix that you need to have your own domain and setup a valid, pubic SSL certificate using AWS ACM for that domain.
Related
I want to have a subdomain (api.mysite.com) which makes calls to an EC2 classic load balancer (load-balancer-123456789.us-east-2.elb.amazonaws.com). Everything is hosted on AWS, to (theoretically) make it as straightforward as possible.
I created a domain and subdomain in AWS Route 53, as per the instructions here, and created an "A" record in the subdomain that links to my load balancer as an alias. That works fine, I can make calls to the load balancer through api.mysite.com, as long as I use HTTP.
But when I try to use HTTPS, I get ERR_SSL_PROTOCOL_ERROR. If I try to open the API in a browser, the security icon says that it's "not secure". I think the problem might be that the certificate is connected to the main domain (mysite.com) instead of the subdomain (api.mysite.com), but I can't figure out how to get it to resolve properly.
This SSL checking site shows the EC2 server itself (the one that the load balancer points to) and reports "Certificate not valid for domain name". It's an Ubuntu server, though I'm not sure if that should matter.
The SSL certificate needs to specify the subdomain as well as the main domain. The easiest way to do this is through AWS's Certificate Manager, by requesting a new certificate.
Make sure to specify each relevant domain and subdomain in the certificate (in this case, both mysite.com and api.mysite.com.)
After creating the certificate, go to the Load Balancer, open up the Listeners tab, and select the HTTPS port. Then, change the SSL certificate for that port to the certificate that includes the relevant subdomain. If you use AWS Certificate Manager, it can be selected from the dropdown menu.
I'm about to lose my mind trying to set this up. I have lost the whole day and can't seem to get near what I want to do.
I have a node js rest api uploaded trough elastic beanstalk, and I'm trying to setup a webpage to present the api, but for the live example to work the api needs to be accessed trough https. I've read the instructions for setting up the https for elastic beanstalk (and like everything on the AWS documentation it is a ridiculous maze). It has sent me trough several different AWS services.
What I basically got from it so far is that I need to set up a Load Balancer that will receive the connection trough https and forward the user to my instance. But I can't get it to work. I have a domain from freenom: bibliaparahumanos.tk, it is setup with an A alias to my EC2 IP, and it works with http, but if I try to access it trough https, I get "connection refused". If I use my normal Elastic Beanstalk url (http://apibibliahumana-env.eba-3nbmrphf.us-east-2.elasticbeanstalk.com/) with https it works, but I get a warning that the connection is not secure due to the domain on the certificate being different from the domain I'm accessing (which I understand, since the domain in the certificate is for my freenom domain).
I have the Load Balancer Listener set up with:
Protocol: https
Port: 443
Default action: forward to target group
(I have tried the target group with both http and https and the problem remains).
My certificate is from AWS Certificate Manager.
I have also seem this other tutorial but it confused me more. It adds some steps for configuring stuff on the app bundle, but I don't understand if it's required or an alternate way. I have tried setting that up, but it asks me to add the certificate's public key, which I can't figure out how to find.
I would suggest adding a CNAME record to your DNS towards apibibliahumana-env.eba-3nbmrphf.us-east-2.elasticbeanstalk.com.
A big advantage of using elastic beanstalk is that you can do blue/green deployments; as you will instead add the app URL to your DNS you can build an entire new environment in elastic beanstalk, test/wait until its stable and swap the app urls; which results in deployments without any downtime.
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.CNAMESwap.html
I bought a domain named studileih.de, then I deployed my Angular frontend on firebase: https://studileih-ceb70.web.app/ and redirected from my domain studileih.de to the firebase URL.
Then I deployed my Spring Boot backend to AWS Elastic Beanstalk on: http://studileih1.eu-central-1.elasticbeanstalk.com/
-> Problem: Since the frontend on firebase used https and the backend on AWS used http I got a Mixed content error. The frontend wasn't able to load any of the backend data.
So I tried to solve this by creating a SSL certificate for my backend in the AWS Certificate Manager (ACM) and adding this to my Elasting Beanstalk Load Balancer. This worked and I could now at least make a connection from my frontend to my backend.
But now I get this error whenever a request to my backend gets sent:
When I click on "Accept the Risk and Continue" once, it works fine and all my backend data gets loaded. But I can't ask my users to do that.
(You can try this out by following: https://studileih1.eu-central-1.elasticbeanstalk.com/products and clicking "Advanced" -> "Accept the Risk and Continue" (if you dare ^^)
after you've done that, click on studileih.de and it will now load with the backend data.)
I know the problem exists because when creating the SSL certificate, I entered studileih.de as the domain that the certificate is for. I think I have to create a SSL certificate for studileih1.eu-central-1.elasticbeanstalk.com instead.
But when I try to create a SSL certificate for studileih1.eu-central-1.elasticbeanstalk.com:
I get this error from ACM:
How do I create a SSL Certificate for the Elastic Beanstalk URL?
p.s. I also tried to issue a certificate for my firebase URL https://studileih-ceb70.web.app/ but this one already uses Https by default. Also I couldnt find out how to DNS/Email validate the ACM request in the firebase console. But I think I need a certificate for the Elastic Beanstalk backend at studileih1.eu-central-1.elasticbeanstalk.com, not for the firebase frontend, right?
p.p.s. I don't really need to use https, so a solution would be to make firebase use http instead of https, but I couldn't find anything on how to do that.
UPDATE:
I added a subdomain called api.studileih.de (the immediate access is blocked by spring security, as you're not logged in to my site, but you can test it with api.studileih.de/products, because this API is accessibly without login). Then I redirected that subdomain to my AWS Load Balancer as suggested by Mark B by adding a CNAME to the subdomain:
(it's not possible to change to english there, sorry)
this is my Load Balancer:
I tried to put the DNS-Name as A-Record into my subdomain, but it was only possible to enter a IP4 adress there, so I entered it as CNAME instead. I also tried to find out the IP Adress of the Load Balancer, but Load Balancer don't have a static IP Adress.
This approach with the subdomain and the CNAME unfortunately didn't work, so I'm still looking for a solution...
(Here's the menu for setting a A-Record. You can only enter IP Adresses there:)
I know the problem exists because when creating the SSL certificate, I
entered studileih.de as the domain that the certificate is for. I
think I have to create a SSL certificate for
studileih1.eu-central-1.elasticbeanstalk.com instead.
You can only create an SSL certificate for a domain you own. You need to point a subdoomain of studileih.de, like api.studileih.de, at the Elastic Beanstalk load balancer, and then attach an SSL certificate to that load balancer that matches that subdomain.
I have a kubernetes service I exposed with a custom domain name. When I try to access the service using custom domain, it fails (just loading forever). But if I use the IP, it works. Do I need to configure something somewhere? I am using GKE.
When I ping the URL, its trying to hit the correct IP. Also ping works.
The LoadBalance service is a layer 4 load balancer and thus only uses the IP to route traffic to your backend pods. If ping works and the site loads correctly when you use the IP address, this shows that the load balancer is directing traffic correctly.
There is likely a setting in your webserver that is looking at the URL and is having issues loading when a URL is used. Check your container logs to see if any errors are returned when you use a URL instead of IP.
Sorry for the rookie question, but I was unable to find the answer when I searched.
I'm trying to learn how to use AWS, and to do so I'm setting up an online blog with my own domain name. I purchased the domain name, set it up, and everything was working. I was able to get to my page.
Then I wanted to add a TLS certificate, so I set that up, set up a load balancer, connected CloudFront to the load balancer, and waited for that to set up. But when I then tried to access the page, I got an error saying that CloudFront couldn't connect to the page.
So I decided to try to start from scratch. I deleted my CloudFront, Load Balancer, Security Certificate, and EC2 instance, started a new EC2 instance, and hooked up Route 53 to it.
But now when I try to access my domain, it still tries to redirect to HTTPS and I get an error. Since I deleted the load balancer and Cloudfront, I can't figure out where it is trying to redirect to HTTPS. How can I stop AWS from trying to redirect to HTTPS and instead just use HTTP?