I have a slight problem with SSL.
Currently if I were to route to my domain as example.com, it goes to the http version instead of the https version.
However, if I were to force https://example.com, it stays as https://example.com
I'm wondering what I have to do on the certificate manager side of AWS to get https working when I type in example.com without the https.
I have already configured my route 53 aliases for my domain to route to my elastic beanstalk url. I also have an SSL certificate for my domain example.com and *.domain.com that were both validated successfully, that are Amazon issued and also In Use.
Have you tried redirecting http traffic (80) to https (443)? This answer contains the steps
For ALBs, you can follow the below steps,
1.Add lister for https and forward the traffic to the target group
2.Add Lister for http and forward the traffic to https
Final Setup:
Related
I am deploying a MERN stack using EC2 on AWS.
I have created SSL certificates for the following domains:
example.com
*.example.com
www.example.com
The cname and cvalue for example.com and *.example.com are identical but they are different for www.example.com
I have set up target groups and a load balancer and edited the listener to redirect from http to https.
I have set up 3 different records in the hosted zone of route 53 so that www.example.com, *.example.com and example.com are directed to the loadbalancer
I can load https://example.com
http://example.com directs to https://example.com
When the website loads (either by typing http or https) it does not connect to the server.
I am getting the following error in the console:
Mixed Content: The page at 'https://example.com/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://54.220.212.131:5000/events'. This request has been blocked; the content must be served over HTTPS.
54.220.212.131 is the site's IP and 5000 is the server's port. This is hard coded in the front end.
How should I get the client to send requests to the server for a https connection?
It sounds like you have two services running, a front-end service that you have correctly configured to run behind a load balancer, and a back-end service that you are connecting directly to via the server's IP address on port 5000.
Your backend on port 5000 is not secure, and that is exactly what the web browser's error is telling you. You need to configure all your services to run behind the load balancer. You need to create a second target group that sends traffic to port 5000 on your server, and setup a routing rule on the load balancer's listener to send all traffic for api.ticketglen.com to that target group. Then you need to change your hard-coded values in from http://54.220.221.131:5000 to https://api.ticketglen.com.
What worked for me was to create the SSL certificates from the server and delete them and the load balancer altogether from the AWS platform.
Process is outlined here
I want to have CloudFront infront of a load balancer for a web app (built with VueJs and Nuxt). but the issue is that I get DNS_PROBE_FINISHED_NXDOMAIN when going to the Cloudfront Url {key}.cloudfront.net.
I found that it might have with Certificates to do, I have the same certificate on bout ALB and CloudFront, but CloudFront certificate is stored in N.virginia and ALB is in Ireland which is suppose to give me this issue.
My question is how it should be setup to work.
Today ALB has listeners
Https listener on port 443 with certificate (located in Ireland region)
Http listener on port 80 which redirect all request to Https.
The ALB is publically available therefore I wanted the Http to Https redirect.
I have enabled HTTPS for my custom domain name (haydenclay.page), but I also need the Beanstalk url (app-name.elasticbeanstalk.com) to run through HTTPS as well.
HTTPS does not work currently, because the cert name matches my custom domain name, yielding: ERR_CERT_COMMON_NAME_INVALID
I need HTTPS because I make API requests, and going from HTTPS to HTTP throws a mixed content error. How can I enabled HTTPS on the beanstalk url?
I have already tried making an alias
Sadly you can't enable https directly for app-name.elasticbeanstalk.com domain. This is because this domain is controlled by AWS. You can only register SSL certificates for domains that you control.
If you want to server your content from EB over ssl, you have generally three options.
Front your instance with load balancer. This is the easiest* way as you can associated ACM SSL certificate with the balancer for your domain.
Front your EB instance with CloudFront (CF). You can setup alternative name for your cloudfront domain with your CF distro and your SSL cert. You can also use ACM for that. Also easy setup, but it should be noted that traffic between CF and your EB instance will be http only, unless you also setup your own SSL cert (not from ACM) on the instances (point 3).
Install your own SSL certificate (not from ACM) directly on the EB instance, using nginx. This requires manual setup and a valid public certificate. Popular choice is LetsEncrypt, to get the SSL cert from.
If you use CloudFlare, go to DNS -> Records
Type: CNAME
name: api
Content: "YOUR_URL.eu-west-1.elasticbeanstalk.com"
Proxy status: Proxied
And call your new url: api.your_domain.com
Steps I have taken:
Enabled 80 HTTP -> 80 HTTP and 443 HTTPS -> 80 HTTP on my load balancer in Elastic Beanstalk
Aliased my Route53 hosted zone for both www and apex A records to my load balancer
Set up the SSL certificate
Used the default ASP.NET React Template with HTTPS Redirection
Added <RuntimeIdentifier>win-x64</RuntimeIdentifier> in .csproj since EB doesn't use 2.1 yet.
Deployed with Visual Studio AWS Tools
What works:
https://www.example.com works
https://example.com works
What doesn't work:
http://example.com won't redirect to https://example.com
http://www.example.com won't redirect to https://www.example.com
I know in the past you had to write custom extension methods to get this to work with AWS LBs. Does anyone have a working example using the standard templates?
Maybe this solution is a little overkill for your environment. But you could set up a Cloudfront distribution. You should put your Elastic beanstalk url as origin and your https://example.com under CNAME, then you can decide if you want flexible SSL you can specify communication with the origin as HTTP only, or if you want end to end encryption you can specify HTTPS only (I think this would be the way to go in your particular case since you have configured your elastic load balancer to forward all requests from port 443 to port 80). Then under behavior you can select the option to redirect http to https and every request to http://example.com will be automatically redirected by Cloudfront to https://example.com
I hope this helps
The setup
Route53 record(*.testing.domain.com) linked to an ELB(which uses an Amazon Certificate Manger issued certificate for *.domain.com and domain.com)
The targets of the ELB are running nginx which inturn proxy_passes the incoming requests to a (django)server running on port 80xx (ex: 127.0.0.1:8099).
Note: The nginx server listens to requests on port 80 and 443 and the targets of the ELB are registered on ports 80 and 443.
QUESTION:
I am able to access the following:
http://domain.com
https://domain.com
http://any.subdomain.domain.com
I want to know why I am getting a NET::ERR_CERT_COMMON_NAME_INVALID when I'm trying to access https://any.subdomain.domain.com
Thanks
You need request another certificate for *.subdomain.domain.com
https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html
*.example.com can protect login.example.com and test.example.com, but it cannot protect test.login.example.com. Also note that *.example.com
protects only the subdomains of example.com, it does not protect the
bare or apex domain (example.com). However, you can request a
certificate that protects a bare or apex domain and its subdomains by
specifying multiple domain names in your request.