I have a domain example.com and I want to have https access with subdomain my_subdomain.example.com with aws loadbalancer
I have loadbalancer open for 443 and have route53 cname my_subdomain.example.com point to my loadbalancer address. I can access the site in my ec2 using browser on my_subdomain.example.com however its not secure in browser
My ACM has approve for both example.com and *.example.com
Is there an extra step I need for https to work, because when I do it with a single server with nginx I use https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx so I imagine I need a similar step
Can someone point me a direction?
Use AWS Certificate Manager for your certificate: it will provide a free certificate you can install on your load balancer. When you add the listener for port 443, step 3 will prompt you for a certificate, select 'Choose a certificate from ACM (recommended)'.
Related
I have set up an EC2 instance. Logged in with server and set up apache2 in it.
Example Domain: www.example.com
Created Route53 for example.com and pointed NS record to Domain provider. So, I am going to use Route53 for DNS.
In DNS, I have created A record with EC2 IP.
In apache2 set up VirtualHost for www.example.com, Reloaded apache2 server, and also enable site www.example.com.
Now, I have purchased a certificate from the AWS certificate manager for www.example.com. I have added the CNAME record in Route53 and also validated the domain. The certificate was also activated.
Now, I am going to hit the site www.example.com, It's redirecting to https://www.example.com but the page is giving an error regarding HTTPS.
I have also opened 443 port for that instance.
I think you forget to add a Load Balancer (ALB) or a CloudFront Distribution in front of your EC2 instance since Certificates produced with ACM must be configured on these kind of components. Not possible with EC2. And it can not suggest where to use it.
Currently, I have a domain(mysite.com) bought in the Google Domain, it's just a domain. My application is hosted on AWS, where I have my application deployed, the setup is quite straightforward - access to the application goes thru ALB(lb-123.com), which has no SSL configured yet. My problem is how to link the domain to ALB throughout HTTPS to my application in AWS which is accessed throughout HTTP. I should be able to access mysite.com using HTTPS and it should access lb-123.com either thru HTTP or HTTPS, but for a client, it should look like it accesses HTTPS.
ALB doesn't have an IP, only DNS - I should use the only CNAME for redirection mysite.com to lb-123.com?
Should I configure HTTTs for ALB too - If so, then what is the right way to do it? What certificate should I use? Is there any free certificate for ALB?
How usually ppl link using HTTPS their domains with any sort of backend which has only DNS name(e.g. AWS ALB)?
The easiest way to get SSL for your ALB is through AWS ACM with provides free SSL certificates:
How can I associate an ACM SSL/TLS certificate with a Classic, Application, or Network Load Balancer?
So in your case, you have to got to AWS ACM, and request a free SSL public SSL cert for your domain. Domain can be at google, it does not matter. Once you verity that you control the domain, you will get a cert issued that you can associate with the ALB.
Then you use CNAME on google to point your domain to ALB's domain.
I have following setup at AWS ECS:
Container with Caddy web-server at 80 port that serves static files and performs proxying of /api/* requests to backend
Container with backend at 8000 port
EC2 instance at ECS
ALB at subdomain http://some-subdomain-12345.us-east-2.elb.amazonaws.com/ (subdomain was provided automatically by AWS) with HTTP Listener
I want to setup SSL certificate and HTTPS Listener for ALB at this subdomain that was provided by AWS - how I can do it?
P.S. I have seen an option for ALB with HTTPS Listener when we are attaching custom domain i.e. example.com and AWS will provide SSL certificate for it. But this is a pet project environment and I don't worry about real domain.
You can put your ALB behind CloudFront, which unlike ALB gives you a TLS certificate by default. So you can address your application at e.g.:
https://d3n6jitgitr0i4.cloudfront.net
Apart from the TLS certificate, it will give you the ability to cache your static resources at CloudFront's edge locations, and improve latency on the TLS handshake roundtrips.
I want to setup SSL certificate and HTTPS Listener for ALB at this subdomain that was provided by AWS - how I can do it?
You can't do this. This is not your domain (AWS owns it) and you can't associate any SSL certificate with it. You have to have your own domain that you control. Once you obtain the domain, you can get free SSL certificate from AWS ACM.
This could be a solution without using subdomains but using path redirection
https://caddy.community/t/caddy-2-reverse-proxy-to-path/9193
I try to install the SSL certificate in my AWS ec2. Here are the steps which I follow.
1 - Request certificate from certificate manager services.
2 - Verify the certificate with the DNS method(Add Cname record in
hosted zone of the domain).
3 - Make a load balancer and install the certificate in ec2 instance.
4 - Add .htaccess www and https redirect for the URL.
But when I open my website, it still shows 'Not Secure'. When I try to check the SSL certificate via 'Online SSL Checker'. I didn't find my certificate. It shows some error 'No SSL certificates were found on domain.com. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server's firewall.'. Please help.
Please check the following
If there is a HTTPS listener in your load balancer
The security group
attached to the load balancer allows HTTPS traffic from port 443
You have added a alias A Record in your domain name pointing to the dns hostname of your elastic load balancer
I am trying to host my frontend on AWS using cloudfront and backend on a EC2 behind a classic loadbalancer. I have imported my SSL certificate in ACM. Using ACM the certifcate has been installed on Cloudfront and classic Loadbalancer.
Cloudfront configuration:
Alternate Domain Names (CNAMEs) = mydomain.com
SSL Certificate = mydomain.com (xxx-yyy-zzz............)
Classic loadbalancer Configuration:
The load balancer is hosted on api.mydomain.com and SSL certificate installed using ACM.
Security group inbound rules configuration:
EC2 is running a Nodejs server listening on port 80. I haven't installed SSL certificate on EC2 because it was not mentioned in AWS documentation.
The home page opens up but when I try to login I get an error:
LoginSignUp.js:84 OPTIONS https://api.mydomain.com/user/signin net::ERR_INSECURE_RESPONSE
So the browser is blocking backend response because it is not secure. Do I need to install SSL certificate on EC2 also? Or did I make any configuration mistake?
It appears from your question that your SSL certificate is for mydomain.com and you are trying to request api.mydomain.com
Create a new ACM certificate that includes api.domain.com as either the domain name or as a Subject Alternative Name (SAN).
At a glance, the rest of the build looks correct.