We have a springboot backend api running on elastic beanstalk. Our domain is on route53 and uses the Certificate Manager to run as https.
To make an api request we send the request to a subdomain url (https://api.SomeWebsite.com ). In Route53 we direct that subdomain to an EC2 load balancer, which then points that at the beanstalk instance. Our beanstalk should be in http - we are using the LB as an SSL terminator.
We have listeners for incoming traffic on the LB as:
HTTP , Port 80 -> Redirect to HTTPS 443
HTTPS, Port 443 -> Redirect to Target, HTTP, OurBeanstalkENV.
I have triple checked that the https port points to the correct EB instance, and it does note http on the target selection.
The Issue: we keep getting either preflight failed due to no Access-Control-Allow-Origin (even though it's in the request header) or a timeout error error when make the requests. When we look at beanstalk logs, our springboot server has an error: java.lang.IllegalArgumentException: Invalid character found in method name... HTTP method names must be tokens...
Based on this error Springboot is receiving httpS requests, even though it should be receiving http via the load balancer. Does anyone know what could be wrong here?
Related
I am deploying a MERN stack using EC2 on AWS.
I have created SSL certificates for the following domains:
example.com
*.example.com
www.example.com
The cname and cvalue for example.com and *.example.com are identical but they are different for www.example.com
I have set up target groups and a load balancer and edited the listener to redirect from http to https.
I have set up 3 different records in the hosted zone of route 53 so that www.example.com, *.example.com and example.com are directed to the loadbalancer
I can load https://example.com
http://example.com directs to https://example.com
When the website loads (either by typing http or https) it does not connect to the server.
I am getting the following error in the console:
Mixed Content: The page at 'https://example.com/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://54.220.212.131:5000/events'. This request has been blocked; the content must be served over HTTPS.
54.220.212.131 is the site's IP and 5000 is the server's port. This is hard coded in the front end.
How should I get the client to send requests to the server for a https connection?
It sounds like you have two services running, a front-end service that you have correctly configured to run behind a load balancer, and a back-end service that you are connecting directly to via the server's IP address on port 5000.
Your backend on port 5000 is not secure, and that is exactly what the web browser's error is telling you. You need to configure all your services to run behind the load balancer. You need to create a second target group that sends traffic to port 5000 on your server, and setup a routing rule on the load balancer's listener to send all traffic for api.ticketglen.com to that target group. Then you need to change your hard-coded values in from http://54.220.221.131:5000 to https://api.ticketglen.com.
What worked for me was to create the SSL certificates from the server and delete them and the load balancer altogether from the AWS platform.
Process is outlined here
I have a client application hosted on S3 with a custom domain on godaddy. Cloudfront is serving all of the http(s) requests - all of that is well and good. I have an SSL certificate through ACM. There is an input dialog on the UI that when submitted, makes a POST request to a flask application running on ELB, but this request is failing because ELB is not configured for HTTPS (i.e. chrome is blocking an HTTP request because of mixed-content). Requests to the HTTP version of the endpoint work fine, but HTTPS requests time out. How do I configure the ELB load balancer to accept HTTPS requests? I've modified the configuration of the load balancer like so: https://imgur.com/3zWpS7f but requests are still failing. Any tips? Much appreciated!!
EDIT: I've configured the load balancer with a security group that allows ingress on 443 with HTTPS but now i'm getting a "Not secure" message with Chrome. is this because the certificate is registered with a domain associated with the site and not this api? do i need a separate certificate? The error code from chrome is: err_cert_common_name_invalid
I have an aws ECS setup and using ALB for the load balancer. The container task is running on port 8080. I have also added an HTTPS listener with SSL Certificate from ACM, which forwards the requests to the container.
Now I have one issue here. When using curl or postman to contact the load balancer's DNS name, I get the response from the app perfectly. But when using the very same DNS name in my frontend and running in frontend app locally (localhost:3000), and the request is generated from Chrome I get the following error:
net::ERR_CERT_COMMON_NAME_INVALID
How can I resolve this issue?
I also tried deploying the app to my test env, so instead of localhost, I have https://example.com which now matches the Domain name of the Certificate (*.example.com). But still same results.
I want to setup https for my domain name. My files are on AWS Beanstalk(php website)
I have my namecheap ssl for the domain registered.
On EC2 Console:
The ELB was configured by default. I added my SSL to I AM and attached with the ELB that was created with the project. I want to terminate the HTTPS requests from the web at my ELB and send http requests to my instance.
Security groups:
ELB: the default elb (http, https and ssh ports configured) and default vpc is attached to ELB(http and https configured. source is 0.0.0.0 for all)
Instance: default vpc security group is attached.
When I try to do https://the_aws_elb_link :
chrome error: NET::ERR_CERT_COMMON_NAME_INVALID
safari error: host name mismatch
I checked md5 for all the ssl uploads made. They check out.
When I try to enter my domain name with https: This site can’t be reached
What I want: https://www .mydomain .com and authentication at my ELB
elb listners configured
CNAME settings
You need to set up the ELB listeners this way then it will work.
Your Domain is pointing to the EC2 IP address it should point to the AWS ELB C-Name then it will serve the SSL Certificate.
ping www.lbacs.org
PING www.lbacs.org (98.124.199.6): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
When I navigate to my domain link: https://www.mdxbusiness.com I see a blank page with no errors.
I have to note that before I forwarded the HTTP to HTTPS the http://www.mdxbusiness.com worked fine.
I have:
GoDaddy domain with a valid SSL Certificate.
AWS EC2 2 instances associated to Elastic Load Balancer with HTTP & HTTPS Listeners (and security groups).
CName in GoDaddy that links to the AWS Elastic Load Balancer.
In both AWS EC2 instances I have an RDP with IIS with a binding to HTTP & HTTPS - The HTTPS has the SSL Certificate of the GoDaddy's domain.
I use Microsoft Windows Server 2012 R2 Base in both AWS EC2 instances, I have their the DB which is the SQL SERVER and the project which is MVC.
Again - The HTTP worked good as expected but the HTTPS not - shows a blank page.
What could be the cause for this and how can I fix it?
Your ELB listeners should match below setting. The HTTPS should listen to Port 80