I have a registered domain, let's say example.com, and 3 different services running at AWS:
Static web application, currently hosted at Amazon S3; port 80
TCP service, hosted in an EC2 instance; port 3333
TCP service, hosted in another EC2 instance; port 4444
All 3 services should be accessible - if possible - from the Internet by using the same hostname but different ports, i.e.
www.example.com:80 --> S3 web app
www.example.com:3333 ---> EC2 instance 1
www.example.com:4444 ---> EC2 instance 2
First question is: Is this possible at all? Or should I rather use different host names like www.example.com, service1.example.com...?
If it is possible, how would it be set up and which AWS services can I use? I am still pretty new to AWS and read about (Elastic) Load Balancer, CloudFront, Route 53 but I still don't get how I could achieve my goal.
Without any further AWS service it seems to be impossible to configure a DNS entry to point to the S3 bucket, as this doesn't have a static IP address.
Any hints for a quick solution would be appreciated, as this setup is for a demo only. There won't be many users accessing the services, so from this perspective, a load balancer is not necessary and it's also not necessary for the setup to scale up at the moment.
Is this possible at all?
Answer is Yes.
You could have a proxy server setup to proxy the traffic according to your needs:
Setup a DNS record for www.example.com which resolves to your proxy
IP (Could be one of those instances you already have).
Configure your proxy (multiple choices nginx, squid etc) to
listen on www.example.com and the given ports and forward the traffic
accordingly to the EC2 server IPs and the S3 website CNAME.
Is it worth it for your use case? No Unless you want to try it as an exercise.
Should I rather use different host names ...? Yes
Just create a hosted zone in Route53 for your domain, and create subdomains for the different services www.example.com, service1.example.com.
First question is: Is this possible at all?
Without super-complex setups, it is only possible for your TCP apps with a type of load balancers called Application Load Balancer. http://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html
With ALB you can create different target groups each of your TCP apps (EC2 instance 1 port 3333 and EC2 instance 2 port 4444), then define custom listeners on the load balancer to route port 3333 to the first target group and port 4444 to the second target group.
But ALB is unable to route to S3 or CloudFront distribution.
Related
I have springboot application with different ports hosted in ec2 instance
Domain in Route 53
Domain Name : mydomain.com
App A - 8081,
App B - 8085,
App c - 8088
Instance IP : 10.xx.xx.xx
domain :
test1.mydomain.com point to 10.xx.xx.xx:8081/landingpage &
test2.mydomain.com point to 10.xx.xx.xx:8085/landingpage &
test3.mydomain.com point to 10.xx.xx.xx:8088/landingpage
I have some idea in creating Load Balancer and Target Groups in beginner level.
Your views are always welcome.
As stated by Marcin, Route53 can't resolve port, this is a workaround. Assuming you already open two ports on your EC2 instance:
Create 2 target groups. One to port 8085, one to port 8088. Register your instance to those 2 target groups
Create application load balancer (ALB). Create 2 CNAME record with subdomain as your need, route both to your ALB DNS
Optional: Create a certificate for your domain (ACM), it should able SSL on *.example.com, register the certificate to your HTTPS load balancer.
Create listening rule on port 443 of your ALB (80 if you don't use SSL), route depending on your host name, each host name will route to one target group.
Route53 is DNS web service. It only resolves names to IP addresses, not ports nor URL paths. For that you need to either setup a load balancer for your instance, or using nginx on the instance to manage ports and url path redirections.
You can't do what you want in DNS using Route 53. See Can DNS point to specific port? - Webmasters Stack Exchange There are several ways to implement what you want:
Virtual hosts and reverse proxy
It is very common to run Apache on Nginx on your server on ports 80/443 for HTTP/HTTPS respectively. Both support virtual hosts where you point multiple domain names to the same server and the forward the requests to other ports. See What is a "reverse proxy" in webmastering?
Multiple load balancers
You could create multiple Amazon ELBs that forward requests to different ports. Then Route 53 could point each domain to its own load balancer.
Content delivery network (CDN)
Amazon's CDN is called Cloudfront. It has sit between your site and your visitors and do the mapping that you want.
Recently, I purchases a domain from google domains namely, neurocognition.app. I initialized an EC2 instance from AWS (Free tier), got an elastic IP. added the A record, with the same elastic IP at the google website. Its been over 2 weeks but the site still won't work
What could be the possible reason? Do I have to setup my instance in a separate manner for HSTS domains. ???
So, looking at the dns: https://www.whatsmydns.net/#A/neurocognition.app your domain points to 65.0.156.79 which responds on http, but not https.
http://neurocognition.app redirects to https://neurocognition.app
this could mean one of the following:
your security group does not have port 443 open
your web server does not accept connections on port 443
Network Access Control Layer have been modified to block port 443
I would focus on the first two, which are most likely the issue here.
Check your security group, whether it has https port added in route.
Framework: .Net core 2.0
Hi everyone,
I have deployed let's say 3 applications on the same EC2 instance which are websites (front end angular js and 2 web apis for authentication and communication). How do I setup a single load balancer for catering requests for all of the 3 websites using HTTPS?
These websites communicate among each other for authentication and providing the required data between them.
The websites are deployed on the EC2 using hostnames on the IIS and they are accessible directly through the hostnames. Is there another/better way to deploy them instead of hostnames only?
When setting up a load balancer, you would have to configure listeners for it, wherein you mention the ports through which you would want to access your application. And in the listeners you would have to mention target groups to which you would route traffic, based on hostnames / host headers.
So, here are the steps to follow.
Since all your traffic has to anyway go to the same instance, you would have to create one target group and register the instance that you have already created with traffic routed through the 80 port.
Now, coming back to the ELB configuration, you would need to create a HTTP listener (port 80) that would have a default rule to redirect all traffic to HTTPS (port 443).
In the same ELB, create a HTTPS:443 listener, where (usually) you would have different listener rules depending on what are the hostnames of your sites in IIS. But just for simplicity, configure the default rule to route all traffic to the target group created in the step above (once we check if traffic is flowing right, we can change the configuration to improve security).
That's all!
With the right security group whitelisting, your traffic should flow into your instance through the ELB.
Congratulations! That should be enough...
... unless you want to make sure that ONLY the requests related to those sites flow into your instance, then, once you are sure that the traffic flow is right, you can create another listener rule in your ELB's HTTPS:443 listener, wherein you can configure the following setting:
IF Host Header is frontend.website.com OR webapi1.website.com OR webapi2.website.com THEN Forward to (target group created in Step 1)
I have an EC2 Instance which is having multiple virtual hosts and serve different websites on different domains. (Let say ABC.com, DEF.com, XYZ.com)
For one specific domain let say ABC.com, its running on HTTP. I have been given free credit from AWS. Now I want to run this ABC.com on https without spending any money.
So I have decided to use ELB as it will come with a free SSL. And I want to target that to ABC.com on my EC2 instance.
I know that with ELB I can target to my instance or my IP. Is it possible to target just one virtual host somehow as this website is not my primary website on a server?
ELB is using Listeners. Every listener has:
inbound port - in which you can connect to the ELB
target port - the host on the machine you transfer traffic to
If you're ABC.com can use a different port (let's say 8081) than DEF.com, XYZ.com it will be possible to create a listener that listens on port 443 - SSL and configured to send the traffic to port 8081.
You can potentially achieve this via Application Load Balancer using Host Based Routing. Different Target Groups can listen on different ports (HTTP / HTTPS).
Host-Based Routing Support for AWS Application Load Balancers
I have 2 services running on AWS.
Lets say my domain is example.com
I run both of them through Elasticbeanstalk.
One is a single EC2 instance with a elastic IP setup and running on the apex - example.com and www.example.com which works correctly and i can access it.
The other one is a service that has a load balancer in front and i want it to be accessible through sockets.example.com which i cannot get to work.
I have the route 53 nameservers setup in namecheap.com from where i bought the domain.
Here is my whole setup:
EDIT:
I can get the URl from the alias target and open it in a browser for example or ping it. That works.
I have the loadbalancer setup to forward the traffic from 80 to 8080 where my sockets are because of the root access rights for attaching them with sockets i was unable to set them up on the lower ports such as 80. But i don't think thats the issue since i am running a node.js app and i can open a sample page if i go straight on the Alias target URL.
Did you set your ELB up as public or internal?