I'm working on this site that I'm hosting with AWS. I'm hosting a vue.js frontend in an S3 bucket and the backend utilizes Spring Boot hosted with Elastic Beanstalk and a MySQL RDS instance. After playing around some, I got the frontend to serve up files via HTTPS, but now my requests to the Spring API are failing.
I've done a lot of digging on this and it seems that are may be several ways to handle this, but I just keep getting stuck and not knowing where to turn next. I've tried playing around with setting up a load balancer, and also tried configuring a proxy in a .ebextensions configuration file.
This whole thing was working when I set it up with HTTP originally, but now that the front-end is serving up HTTPS it won't work.
Web browsers must be blocking your mixed HTTP/HTTPs content because of their inbuilt security. You need to make sure that you setup the whole site using HTTPs or HTTP. As you have already set up the S3 content to be served through HTTPs, now you must configure your Elastic Beanstalk environment to be setup with HTTPs too. Here is the link to help you with that
Configuring HTTPS for Your Elastic Beanstalk Environment
If your site is built with a CRM? (WordPress/Joomla/ect.) then there are plugins/extensions that handle that. I had a similar situation with a WordPress site, and used the plug-in called "SSL Insecure Content Fixer". Worked without a hitch, rather than scanning through the entire site for mixed HTTP/HTTPs content.
Related
I am running a custom PHP application, My application is using ALB and EC2. I am facing issues with a lot of fake requests which are similar to the WordPress site and loading my site and make it inactive. Is there a way that we can create Rules in WAF and attach it to load balancer to block that bad requests? Any other alternate way suggestions/solutions are also appreciated.
Fake requests look as below
https://example.com/xxx.php
https://example.com/wp-login.php
https://example.com/dsfh.php
My instance is a single instance, no load balancer.
I cannot seem to add a load balancer to my existing app instance.
Other recommendations regarding Elastic Load Balancer are obsolete - there seems to be no such service in AWS.
I do not need caching or edge delivery - my application is entirely transactional APIs, so probably don't need CloudFront.
I have a domain name and a name server (external to AWS). I have a certificate (generated in Certificate Manager).
How do I enable HTTPS for my Elastic Beanstalk Java application?
CloudFront is the easiest and cheapest way to add SSL termination, because AWS will handle it all for you through its integration with certificate manager.
If you add an ELB, you have to run it 24/7 and it will double the cost of a single instance server.
If you want to support SSL termination on the server itself, you're going to have to do that yourself (using your web container, such as apache, nginx, tomcat or whatever you're running). Its not easy to setup.
Even if you don't need caching, CloudFront is going to be worth it just for handling your certificate (which is as simple as selecting the certificate from a drop-down).
I ended up using CloudFront.
That created a problem that cookies were not being passed through.
I created a custom Caching Policy to allow the cookies, and in doing so, I also changed the caching TTLs to be very low. This served my purposes.
Background
I am trying to deploy a dummy application with React frontend and Django backend interacting via REST api. I have done the following:
Use a S3 bucket to host static website and deploy my react code to it
Put Cloudfront for S3 bucket - set up certificate and changed my domain name (from GoDaddy) to link to this address
Kicked off Elastic Beanstalk environment following the python environment tutorial of AWS
Set up Postgres RDS and linked the Django server with it
So now I can do the following
Access my frontend using https via my domain name (https://www.example.com)
Access django admin site using the path of elastic beanstalk and update items
i.e. each component is up and running
Problem
I am having trouble with:
Making a secure REST API call from the static page to Elastic Beanstalk environment. Before I set up certificates I could easily make REST API calls.
The guides I can find usually involve putting a domain name for Elastic Beanstalk, which I imagine does not apply to my case (or does it?)
I tried to follow this faq and updated configuration in load balancer that accepts 443 https and redirects to 80 http. But I am using same certificate as from CloudFront, which does not sound right to me.
Would appreciate help with
how to solve the above ssl connection issue
or is there a better architecture for what I'm trying to achieve here?
According to Request a certificate in ACM for Elastic Beanstalk backend, it sounds like I have to use a subdomain and request a certificate for that subdomain, and use Cloud 53 to direct requests to that subdomain to Elastic Beanstalk environment. Would that be the case?
Thank you in advance!
By default EB url will HTTP only. To use HTTPS you need to deploy SSL certificate on your ALB.
In order to do that you need a custom domain, because you can only associated an SSL certificates with domains that you control. Thus, normally you would get a domain (you seem to already have one from godaday). So in this case you can setup a subdomain (e.g. api.my-domian.com) on godady. Then you can use AWS ACM to register a free public SSL certificate for api.my-domian.com.
Once the certificate is verified, using either DNS (easier) or email technique, you deploy it on your ALB using HTTPs listener. Obviously you will need to point api.my-domian.com to the EB's https url. You can also redirect on your ALB http traffic from port 80 to 443 to always use https.
Then in your front-end application you only use https://api.my-domian.com, not the original EB url.
There can be also CORS issues alongside this, so have to be vary of them as well.
I'm new to AWS and I'm in the process of deploying an app there. I already hosted my frontend in S3 and cloudfront and generated a certificate in order to serve my frontend with https. Now I need to provide access to my backend. I already created the proper structure in EC2 and I can even retrieve info from my backend through simple http. The problem is that once my frontend is https and my backend is http it refuses to receive info thowing an error for "mixed content".
I already read a lot of articles from AWS and yet I'm confused on how to implement https in ec2.
I've created load balancers, VPC and etc, but I really can't make it work.
If anyone can help me with , I'd be thankful!
I have setup an AWS Bitnami Magento deploy which is using Application Load Balancer and host name routing to use https but the site insists on loading .css and .js assets via http which is blocked by the browser unless I manually tell it to load.
I have read about turning off Varnish and adding a few settings to Apache but I'm wary of experimentation. Has anyone got their deploy to load assets via https by turning off Varnish?
It seems a bit like throwing the baby out with the bath water to remove such a good http accelerator... and sites do use https with it, e.g. The New York Times.