I have an EC2 Instance which is having multiple virtual hosts and serve different websites on different domains. (Let say ABC.com, DEF.com, XYZ.com)
For one specific domain let say ABC.com, its running on HTTP. I have been given free credit from AWS. Now I want to run this ABC.com on https without spending any money.
So I have decided to use ELB as it will come with a free SSL. And I want to target that to ABC.com on my EC2 instance.
I know that with ELB I can target to my instance or my IP. Is it possible to target just one virtual host somehow as this website is not my primary website on a server?
ELB is using Listeners. Every listener has:
inbound port - in which you can connect to the ELB
target port - the host on the machine you transfer traffic to
If you're ABC.com can use a different port (let's say 8081) than DEF.com, XYZ.com it will be possible to create a listener that listens on port 443 - SSL and configured to send the traffic to port 8081.
You can potentially achieve this via Application Load Balancer using Host Based Routing. Different Target Groups can listen on different ports (HTTP / HTTPS).
Host-Based Routing Support for AWS Application Load Balancers
Related
I have a VM running on a GCP. With TCP 0.0.0.0:26657 and 0.0.0.0:1317 exposed using firewall rules, I can access them as
http://external_ip:26657 and http://external_ip:1317.
Since they are HTTP I couldn't use them on my HTTPS site where I get
net::ERR_SSL_PROTOCOL_ERROR
How do I add an SSL certificate from a DNS provider and expose the ports to the created domain?
I can however add the DNS for the external IP but I am unable to access ports.
ex: mydomain.com:26657
I appreciate any help you can provide.
There is no way to specify port numbers in DNS. If you are running a website, your server must respond to HTTPS request on port 443 if you are to use an SSL certificate. DNS names will only refer to IP addresses and has no concept of ports for older protocols such as HTTP, HTTPS and SSL.
If you are looking to run multiple sites on the same server, then you'll need to configure virtual hosts for it to happen. Have the A record pointed to the IP address of the VM and the virtual host file should take care of managing the port where the server should operate on.
You may come across SRV records which will allow you to specify port numbers in the DNS. However, this feature only works with newer protocols that specifically do SRV lookups which means that HTTP and HTTPS will continue to use their current port numbers and won't work with SRV.
I have springboot application with different ports hosted in ec2 instance
Domain in Route 53
Domain Name : mydomain.com
App A - 8081,
App B - 8085,
App c - 8088
Instance IP : 10.xx.xx.xx
domain :
test1.mydomain.com point to 10.xx.xx.xx:8081/landingpage &
test2.mydomain.com point to 10.xx.xx.xx:8085/landingpage &
test3.mydomain.com point to 10.xx.xx.xx:8088/landingpage
I have some idea in creating Load Balancer and Target Groups in beginner level.
Your views are always welcome.
As stated by Marcin, Route53 can't resolve port, this is a workaround. Assuming you already open two ports on your EC2 instance:
Create 2 target groups. One to port 8085, one to port 8088. Register your instance to those 2 target groups
Create application load balancer (ALB). Create 2 CNAME record with subdomain as your need, route both to your ALB DNS
Optional: Create a certificate for your domain (ACM), it should able SSL on *.example.com, register the certificate to your HTTPS load balancer.
Create listening rule on port 443 of your ALB (80 if you don't use SSL), route depending on your host name, each host name will route to one target group.
Route53 is DNS web service. It only resolves names to IP addresses, not ports nor URL paths. For that you need to either setup a load balancer for your instance, or using nginx on the instance to manage ports and url path redirections.
You can't do what you want in DNS using Route 53. See Can DNS point to specific port? - Webmasters Stack Exchange There are several ways to implement what you want:
Virtual hosts and reverse proxy
It is very common to run Apache on Nginx on your server on ports 80/443 for HTTP/HTTPS respectively. Both support virtual hosts where you point multiple domain names to the same server and the forward the requests to other ports. See What is a "reverse proxy" in webmastering?
Multiple load balancers
You could create multiple Amazon ELBs that forward requests to different ports. Then Route 53 could point each domain to its own load balancer.
Content delivery network (CDN)
Amazon's CDN is called Cloudfront. It has sit between your site and your visitors and do the mapping that you want.
Recently, I purchases a domain from google domains namely, neurocognition.app. I initialized an EC2 instance from AWS (Free tier), got an elastic IP. added the A record, with the same elastic IP at the google website. Its been over 2 weeks but the site still won't work
What could be the possible reason? Do I have to setup my instance in a separate manner for HSTS domains. ???
So, looking at the dns: https://www.whatsmydns.net/#A/neurocognition.app your domain points to 65.0.156.79 which responds on http, but not https.
http://neurocognition.app redirects to https://neurocognition.app
this could mean one of the following:
your security group does not have port 443 open
your web server does not accept connections on port 443
Network Access Control Layer have been modified to block port 443
I would focus on the first two, which are most likely the issue here.
Check your security group, whether it has https port added in route.
I have a EC2 instance running a Node.Js server on Ubuntu.
My goals are:
Connect my hosted zone to the EC2 instance
Route all incoming traffic from port 80 to port 3000 (because my server runs on port 3000)
and most importantly Use an Application Load Balancer to forward all requests to HTTPS (I already created a SSL Certificate in the Certificate Manager).
Currently, I am only able to open the website with the EC2 intances' Public Ip on port 3000 (http://prntscr.com/livali). Https requests or Http to port 80 don't work (http://prntscr.com/livau2). Altought a made an A record on my hosted zone with the instances' Public Ip, it's not possible to open the instance via the hosted zone (http://prntscr.com/liv9no).
I am really confused, as I am somehow not able to get this up and running. I would really appreciate a step by step guide on how to set this whole thing up.
If you already have a SSL certificate it is secure to use only port 443 instead of port 80.
Create an internet facing Application Load Balancer that listens on port 443 and routes traffic to your EC2 instance on port 3000.
Redirect users to HTTPS when accessing your domain on HTTP
See Docs > Load Balancer Listeners > Redirect Actions
Add an A record to point your domain name to the Load Balancer's public DNS.
These are web server concerns rather than DNS concerns. You'll need to set up something like NGINX or Apache to proxy port 80 to port 3000. See Apache redirect to another port for information.
You can also force HTTPS with a rewrite rule in Apache: https://wiki.apache.org/httpd/RewriteHTTPToHTTPS
Another option for forcing HTTPS is to create a CloudFront distribution and use that. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https.html
I have a registered domain, let's say example.com, and 3 different services running at AWS:
Static web application, currently hosted at Amazon S3; port 80
TCP service, hosted in an EC2 instance; port 3333
TCP service, hosted in another EC2 instance; port 4444
All 3 services should be accessible - if possible - from the Internet by using the same hostname but different ports, i.e.
www.example.com:80 --> S3 web app
www.example.com:3333 ---> EC2 instance 1
www.example.com:4444 ---> EC2 instance 2
First question is: Is this possible at all? Or should I rather use different host names like www.example.com, service1.example.com...?
If it is possible, how would it be set up and which AWS services can I use? I am still pretty new to AWS and read about (Elastic) Load Balancer, CloudFront, Route 53 but I still don't get how I could achieve my goal.
Without any further AWS service it seems to be impossible to configure a DNS entry to point to the S3 bucket, as this doesn't have a static IP address.
Any hints for a quick solution would be appreciated, as this setup is for a demo only. There won't be many users accessing the services, so from this perspective, a load balancer is not necessary and it's also not necessary for the setup to scale up at the moment.
Is this possible at all?
Answer is Yes.
You could have a proxy server setup to proxy the traffic according to your needs:
Setup a DNS record for www.example.com which resolves to your proxy
IP (Could be one of those instances you already have).
Configure your proxy (multiple choices nginx, squid etc) to
listen on www.example.com and the given ports and forward the traffic
accordingly to the EC2 server IPs and the S3 website CNAME.
Is it worth it for your use case? No Unless you want to try it as an exercise.
Should I rather use different host names ...? Yes
Just create a hosted zone in Route53 for your domain, and create subdomains for the different services www.example.com, service1.example.com.
First question is: Is this possible at all?
Without super-complex setups, it is only possible for your TCP apps with a type of load balancers called Application Load Balancer. http://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html
With ALB you can create different target groups each of your TCP apps (EC2 instance 1 port 3333 and EC2 instance 2 port 4444), then define custom listeners on the load balancer to route port 3333 to the first target group and port 4444 to the second target group.
But ALB is unable to route to S3 or CloudFront distribution.