I'm struggling with ssl configuration of my Elastic Beanstalk environment. I can reach my site by 80 port (http) but I can't reach it using 443 port. I followed this documentation: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-elb.html but was unable to configure it properly. I'm getting 408 HTTP Status trying to reach my site (https://apploit.com). I allowed inbound traffic to port 443 for the Security Group:
and configured my load balancer to listen on port 443 and redirect traffic to port 443 on the EC2 instance:
Any ideas what is wrong with my configuration?
Well, it works right now... don't know why, maybe it needed some time :)
As per documentation link shared by you only in question :
Single-instance environments don't have a load balancer and don't
support HTTPS termination at the load balancer.
Hope it helps you!
Related
My EC2 instance has the following security rules:
Unfortunately, if I browse its public IP address via HTTPS, I get "Unable to reach the site", while if I browse it via HTTP it works as it should.
SOLVED - I had to set Apache to listen on port 443.
I remember doing it before but now it seems I have forgotten the process.
I want to create an HTTPS listener for an ALB. However, I don't have anything in my ec2 running on 443.
Should I configure a reverse proxy which points 443 to the app running port or add my HTTPS listener with port 80 HTTP target group?
Could someone help me with this?
You need a single Target Group pointing to your EC2 instance on port 80.
Then you can create a port 443 listener on the ALB that uses that target group. You will have to attach an SSL certificate to the listener when you create it. The ALB will terminate the SSL connection and send the request to the backend server over port 80.
I have tried everything to get this to connect with HTTPS. I have added the SSL certificate to my IAM console, added the security group needed to open port 443 and attached it to my load balancer, and have added the HTTPS listener to my load balancer.
Still, I am getting a timeout when going to the HTTPS URL. The HTTP port is open and connects without issue.
I honestly don't know what information might be needed here, as this is my first go at setting up an HTTPS connection on an EC2 instance. Below are some screenshots of how things are set up in the EC2 console:
Load balancer listeners:
Load balancer port configuration:
And finally the Security Groups:
I realize these may not be the right details, and I cringe at the screenshots, but I am a one-man-band tasked to set this up, and I have no one to turn to for help! Thank you in advance for reading this and any insight provided.
I was able to make this work.
In the load balancer listener, I had an HTTP and HTTPS listener configured as so:
Load Balancer Protocol: HTTP | Load Balancer Port: 80 | Instance Port: 80
Load Balancer Protocol: HTTPS | Load Balancer Port: 443 | Instance Port: 80 | SSL Cert
The HTTPS listener was timing out no matter what I did. I even edited the security group to allow connections to port 443.
What I ended up doing was changing the HTTPS listener to this:
Load Balancer Protocol: SSL | Instance Protocol: TCP | Load Balancer Port: 443 | Instance Port: 80
And now I can connect to the HTTPS url. I have no idea why this works, but it does and it's good enough for me.
I created a network load balancer with EC2 instance and then I added listener with custom port 5000. I was successfully access load balancer dns with port 5000. I also created cloudfront linked with this load balancer but it seemed that AWS only supports port 80 or 443. Could anyone open custom port? Thanks
From Values That You Specify When You Create or Update a Distribution - Amazon CloudFront:
HTTP Port: The HTTP port that the custom origin listens on. Valid values include ports 80, 443, and 1024 to 65535. The default value is port 80.
Assume the front end port is 443 doing ssl termination
The backend instance port is port 8080 which is clear text
Anyway to configure that? I can not see that option while it is available in AWS
Yes we can do that. We can configure TCP load-balancer with SSL-Proxy which is listen on port 443 and also configure SSL cert and create backend service which can listen on any random port like 8080.
For more info please visit: https://cloud.google.com/compute/docs/load-balancing/tcp-ssl/