I setup an ELB to accept http/https traffic with a security group to allow all http/https traffic. Instead of pointing the domain to the EC2 IP, it is instead pointed at the alias of the ELB.
The EC2 is setup to accept http/https from any location at the moment, amongst ssh from my computer.
The target group is setup to forward traffic via https to the instances, and health check is performed via http. The targets show as healthy. In addition, the DNS for the ELB, and the website, throws a 502 error, and is unsecure accessible via https.
When I configure the target group to forward traffic via http to the instances, and the health check is performed via http, the targets still show as healthy. The ELB DNS / website is accessible for the ELB, though https still throws an unsecure warning.
Port 443 shows as closed. I have apache setup to listen to both port 80 and port 443 in order to serve the website. Normally, I would have the certificates on the server and would route port 80 to port 443 to serve them, so that's why they're both enabled.
Related
I am new to AWS EC2, i had just setup an ec2 with whm cpanel, my public dns ip is not working without https, its showing 404 not found, but with https its working fine with a non secure red badge in the url. I would like to use ec2 public dns without HTTPS.
It would be a problem with the security groups associated with your EC2 instances.
While you may have setting to allow traffic on port 443 which is https, port 80 might be missing from your whitelisted ports
To allow traffic on port 80 and 443, you must configure the associated security group and network access control list (network ACL).
For more details check this link
I created application load balancer and assigned a target group which contains two EC2 instances, i am using only https traffic to flow through ALB as i am using SSL certificate from ACM but my target group health check fails. So far i done the following
index.html is in root dir /var/www/html
apache is running as i can hit the server ip to view the web page
http works perfectly fine using ALB
443 instance shows unhealthy
Same ssl certificate when i used in classic load balance worked fine to
route SSL traffic, so the certificate is fine
Something going wrong in application load balancer only
security group allows 443 traffice for both instances and ALB.
Same instance if i put in http target group becomes healthy
Both ec2 if i remove from http target group and assign to ssl target group becomes unhealthy
Thanks
The SSL certificate is on the load balancer. The connection between the load balancer and the EC2 instance cannot be HTTPS because the SSL certificate is not on the EC2 server. You cannot use a target group configured for HTTPS via port 443 with your SSL configuration. You will need to continue using a target group configured for HTTP.
I have an application running on an AWS EC2 instance with the domain's nameservers on AWS as well. I have an A record with the public IP.
I've create a secure certificate with ACM and also created an ELB Load Balancer. My domain still doesn't show the HTTPS in front of it.
Can anyone provide some help? Many thanks
Have you tried this ?
First, you need to open HTTPS port (443). To do that, you go to https://console.aws.amazon.com/ec2/ and click on the Security Groups link on the left, then create a new security group with also HTTPS available. Then, just update the security group of a running instance or create a new instance using that group.
After these steps, your EC2 work is finished, and it's all an application problem.
Credit to : https://stackoverflow.com/a/6253484/8131036
The solution is pretty simple.
First of all, edit the listeners on your ELB and do the following:
443 (HTTPS) => 80 (HTTP) - and apply ACM certificate.
What this essentially is doing is tells the ELB to listen on port 443 (HTTPS) and terminate the certificate and then forward traffic internally over port 80 (HTTP) - the port the instance is listening on.
You can also add port 80 (HTTP) and forward to port 80 (HTTP) (recommended and then set up your application to redirect all users to HTTPS). You can read more about ELB and setting up listeners here Create a Classic Load Balancer with an HTTPS Listener
Second thing you need to do is update Route 53 to point to ELB.
ascisolutions.com. A ALIAS s3-website-us-west-2.amazonaws.com. You can read more about it here Routing Traffic to an ELB Load Balancer
Let me know if you have more questions in the comments section and I'll do my best to reply.
You cannot install an ACM certificate on an ec2 instance directly, but you can install it on your load balancer and have the load balancer terminate SSL.
Create a target group and register your ec2 instances using port 80.
In your ELB, setup listeners for both port 80 and 443. You'll need to add your ACM cert to your https listener (port 443). Note that the certificate needs to be issued in the same region as your ELB.
The ELB does not handle redirecting insecure traffic to HTTPS, if needed, you will need to update your application to redirect http to https.
i configured an ELB for an ec2 instance such the load balancer receives data from http:80 send it to https:443 to instances. But when i entered ELB DNS url , it is not redirecting to https.
output of ELB is:
it is showing the output of port 80. can anyone please help to configure elb such that it redirects incoming port 80 traffic to port 443 to ec2 instacne.
Load balancer used to send and receive traffic from different ports from the EC2 instances attached to that Load Balancer. You cannot setup any redirect using a Load Balancer. For redirects you have to set that up using the Web Server of your EC2 instance attached to that load balancer.
Also as per the https goes either you add a SSL certificate to the EC2 instance or the ELB. But that SSL certificate will be for the domain you are going to use for your application, and you do not own the domain "amazonaws.com" so your load balancer URL will never work for https. You have get a Domain and a SSL certificate for that domain upload that SSL certificate to ELB or the EC2 instance and then point the domain to the ELB by adding a C-Name. Then your domain will work for https ://www.domain.com if you have set everything correctly in the web server.
It sounds like you want to redirect HTTP requests to HTTPS. This is more than just a port "redirect", it is also a protocol change. To properly redirect HTTP traffic to HTTPS you will need to configure your web server to do that.
I can browse to the web site with http but cannot with https, I get ERR_CONNECTION_REFUSED in Chrome.
My environment is an expressJS server on nodejs (64bit Amazon Linux 2015.09 v2.0) running on Elastic Beanstalk. I can telnet to the EC2 elastic public IP on port 80 but I cannot telnet on port 443, connection refused.
Steps taken to set up HTTPS
I created an SSL cert via the AWS Certificate Manager and added the cert to the Load Balancer Listeners.
Port Configuration:
80 (HTTP) forwarding to 80 (HTTP)
Stickiness: Disabled(Edit)
443 (HTTPS, ACM Certificate: 1E21...) forwarding to 80 (HTTP)
Stickiness: Disabled
In the Load Balancer Security Group, I added inbound and outbound https traffic on port 443 Source 0.0.0.0/0.
In my EC2 Elastic I.P, I selected my ExpressJS server instance and then added inbound and outbound https traffic on port 443 Source 0.0.0.0/0.
In addition, I also added the Load Balancer Security Group to my ExpressJS server security because I read in another post that you had to associate the load balancer group with the server instance (not sure that this is required).
Any suggestions?
btw, does HTTPS traffic terminate at the Load Balancer and then unencrypted and handled internally on port 80 to the server?
Solved it, turned out the mistake I made was that I added a record on my monster DNS for my AWS site and pointed it to the AWS Public Elastic IP as a A record, instead, I should have added the CNAME of my Load Balancer to the Monster DNS, once I did that, HTTPS was working.
I also ditched the Public Elastic IP as it was not required anymore, also, having the public I.P prevented me from taking advantage of the load balancer. Hope this helps other people.