I have 2 services running on AWS.
Lets say my domain is example.com
I run both of them through Elasticbeanstalk.
One is a single EC2 instance with a elastic IP setup and running on the apex - example.com and www.example.com which works correctly and i can access it.
The other one is a service that has a load balancer in front and i want it to be accessible through sockets.example.com which i cannot get to work.
I have the route 53 nameservers setup in namecheap.com from where i bought the domain.
Here is my whole setup:
EDIT:
I can get the URl from the alias target and open it in a browser for example or ping it. That works.
I have the loadbalancer setup to forward the traffic from 80 to 8080 where my sockets are because of the root access rights for attaching them with sockets i was unable to set them up on the lower ports such as 80. But i don't think thats the issue since i am running a node.js app and i can open a sample page if i go straight on the Alias target URL.
Did you set your ELB up as public or internal?
Related
Hi i have laravel app deployed with AWS Elastic Beanstalk.
I have domain on cloudflare, I created hosted zone in AWS Route 53 with A record which is alias to my Elastic Beanstalk env but if i want to access app with this domain it just doesnt work, if i create A record with EC2 ip associated with Elastic Beanstalk env everything works, but when autoscaling pops up this ip changes, I tried to point DNS with CNAME to .elasticbeanstalk domain associated with app but same result, anyone had similar problem?
I tried using dig mydomain and answer section gives me 2 ip addresses - typing both to browser lets me access application, but neither of those two are same as ec2 intance associated with Elastic Beanstalk env,
I also tried using DNS Checker online, seems like some DNS servers reads my domain as those two IP addresses from dig command, some DNS servers reads my domain as a combination of EC2 instance address + one of address displayed in dig command
Any idea what can cause this? Server works on amazon linux + nginx on which i used certbot to get SSL Certificates (all 80 port requests are pointed to 443 port which seems working - because after typing http://domain I get 301 redirect to https://) nginx -t tells that configuration of nginx is ok
The problem was lack of HTTPS listener in load balancer.
To resolve something like this:
Go to configuration
Find Load Balancer and Edit
Add Listener for 443 Port HTTPS and SSL certificate
I have springboot application with different ports hosted in ec2 instance
Domain in Route 53
Domain Name : mydomain.com
App A - 8081,
App B - 8085,
App c - 8088
Instance IP : 10.xx.xx.xx
domain :
test1.mydomain.com point to 10.xx.xx.xx:8081/landingpage &
test2.mydomain.com point to 10.xx.xx.xx:8085/landingpage &
test3.mydomain.com point to 10.xx.xx.xx:8088/landingpage
I have some idea in creating Load Balancer and Target Groups in beginner level.
Your views are always welcome.
As stated by Marcin, Route53 can't resolve port, this is a workaround. Assuming you already open two ports on your EC2 instance:
Create 2 target groups. One to port 8085, one to port 8088. Register your instance to those 2 target groups
Create application load balancer (ALB). Create 2 CNAME record with subdomain as your need, route both to your ALB DNS
Optional: Create a certificate for your domain (ACM), it should able SSL on *.example.com, register the certificate to your HTTPS load balancer.
Create listening rule on port 443 of your ALB (80 if you don't use SSL), route depending on your host name, each host name will route to one target group.
Route53 is DNS web service. It only resolves names to IP addresses, not ports nor URL paths. For that you need to either setup a load balancer for your instance, or using nginx on the instance to manage ports and url path redirections.
You can't do what you want in DNS using Route 53. See Can DNS point to specific port? - Webmasters Stack Exchange There are several ways to implement what you want:
Virtual hosts and reverse proxy
It is very common to run Apache on Nginx on your server on ports 80/443 for HTTP/HTTPS respectively. Both support virtual hosts where you point multiple domain names to the same server and the forward the requests to other ports. See What is a "reverse proxy" in webmastering?
Multiple load balancers
You could create multiple Amazon ELBs that forward requests to different ports. Then Route 53 could point each domain to its own load balancer.
Content delivery network (CDN)
Amazon's CDN is called Cloudfront. It has sit between your site and your visitors and do the mapping that you want.
I have a frontend React application hosted on Amazon Amplify and a backend SpringBoot application hosted on Amazon EC2.
My domain can only send https request but SpringBoot by default is http. My question is how can my EC2 instance listen to HTTPS request and then redirect to http port in SpringBoot.
I checked other posts and seems like you should not add SSL to your SpringBoot application, but rather to the Load Balancer in front of it. At the end of the today, this is what I want:
POST https: xxx.xxx.xxxx:443/user/signin
---> http: xxx.xxx.xxxx:8080/user/signin
---------------------------------------- update ----------------------------------------
Marcin has provided a top level idea on how to solve this, thank you!
I also attached the step-by-step solution for people like me, please see answers below
Below is the complete steps to take to convert your
http api to https using aws ec2
disclaimer: I only researched for couple hours, some concept might be inaccurate or wrong, but following this guide does gets the job done, correct me for misleading information
(1) springboot:
keep your server port on 8080 and don't change it to https (443)
(2) make sure your EC2 instance has the correct *VPC* and *IPv4 CIDR* set up
go to Instances -> Description -> VPC ID and then click on it
you should now see the list of VPCs, find the one that associated with your instance
In detail -> IPv4 CIDR -> check if it has two or more values in below format:
xxx.xx.0.0/16
xxx.xx.0.0/16
(3) skip this step if you have two IPv4 CIDR set up
select your VPC instance -> click Actions -> EDIT CIDRS -> Add new IPv4 CIDR
make sure two IPv4 CIDR are in different zone
more information on IPv4 CIDR:
https://docs.aws.amazon.com/vpc/latest/userguide/working-with-vpcs.html
(4) now we want to create an application load balancer that listens to https:443 request
select HTTP HTTPS Application Balancer and for each step (as shown in aws)
step 1.
Load Balancer Protocol and Port: https: 443
step 1.
Availability Zones: now is the time to select your VPC and two zones
step 2.
Security Setting choose a certificate from ACM (assume you have one on Route 53)
step 3.
Security Group: make sure to select the same group as your EC2 instance
step 4.
Routing http: 8080, target type: instance
step 5.
Register Targets select your EC2 instance, on port 80, please don't forget!
(5) now load balancer set up, double check security group of your EC2 instance
go to instances -> Description -> Security Group and click on it
for inbound rule, keep port 443, 22, 80, 8080 don't remove 8080
443 is for https, 22 for ssh client, 80 for tomcat
(6) now find the ips to use for the https request
this is not the public ip address of your EC2 instance
your application is behind a load balancer, the ip address should be the network interface IP. each network interface IP associates with a subnet ID that your VPC uses.
so go to Network Interfaces in your EC2 console. select any of your network interface IDs with a subnetId under your EC2's VPC.
click Details -> and scroll down to find the public IP you need
(7) before start next step, make sure you have the following:
a domain hosted in Route 53 (I have one for my frontend UI)
SSL certificated got from aws Certificate Manager
you should have put this SSL to your load balancer in step 3
if don't know what to do, check this stackOverFlow post for answers:
Adding SSL to domain hosted on route 53 AWS
(8) before next step, make sure you understand the following:
If you directly test your https request in postman, you will likely succeed.
However you will fail if using in production, like this:
axios.get("https:xxx.xxx.xxx:443/user/signin");
(failed)net:ERR_CERT_COMMON_NAME_INVALID
This is because whatever static IP you are using, does not match the AName for your SSL certificate. For example, if your domain name is helloworld.com, your backend API request should be https://helloworld.com/user/signin
(9) create a subdomain and config it in Route 53
I'm getting lazy, please see the link below:
https://aws.amazon.com/premiumsupport/knowledge-center/create-subdomain-route-53/
(10) final step!!!!!!
Now you have a working subdomain, let's use it for your network interface IP
For test, you can pick any IP from the list of network interface IPs. Go to Route 53 -> Hosted Zones -> select your subdomain, example: api.helloworld.com -> create record
Record Format
name: api.helloworld.com
type: A
Routing: Simple
Value: <your_network_interface_ip_address_multiple>
(11) sorry not yet ready
please wait for couple of days for DNS record to be updated, if DNS can interpret your subdomain, let's say api.helloworld.com into your network interface IP and since you can already test the correctness of your IP in postman, you should be ready to go!
--------------------------- end of useful information ---------------------------
If you want to keep using only the instance (no load balancer or cloudfront), then you need to get your own domain for it. Then you have to register a valid, public SSL certificate for that using, e.g. letsencyrpt. Once you have that, you can setup nginx on the instance to accept the https connections, and forward to your spring boot as http.
The easier route is to use application load balancer. You still need your own domain, but once you have it, you can easly get free SSL cert from AWS ACM and then deploy it on the balancer. No need to change your instance. So it would be:
Client ---(HTTPS)---> ALB ---(HTTP)---> EC2
I have an AWS setup with ECS and ALB. The ALB has https listener which I am trying to configure the SSL Certificate for and forward the traffic to my ECS task.
My problem here is that in development environment we run the application using localhost, and when trying to send data to the ALB and ECS task, traffic gets rejected, because I cant add localhost as my domain is the SSL.
Is there any way I can solve this problem?
Maybe you can add your domain name in your hosts file.
127.0.0.1 dev.example.com
That way, when you request dev.example.com, it will go to your localhost.
Your local application can then talk to the ALB and your browser will see it with the right SSL certificate.
The issue was in Route53 and the record sets. I created a new subdomain in Route53 services.example.com, with A Record Type and Alias targeting the ALB. Then used this subdomain in frontend.
There is no need to add anything to hosts file.
I have a registered domain, let's say example.com, and 3 different services running at AWS:
Static web application, currently hosted at Amazon S3; port 80
TCP service, hosted in an EC2 instance; port 3333
TCP service, hosted in another EC2 instance; port 4444
All 3 services should be accessible - if possible - from the Internet by using the same hostname but different ports, i.e.
www.example.com:80 --> S3 web app
www.example.com:3333 ---> EC2 instance 1
www.example.com:4444 ---> EC2 instance 2
First question is: Is this possible at all? Or should I rather use different host names like www.example.com, service1.example.com...?
If it is possible, how would it be set up and which AWS services can I use? I am still pretty new to AWS and read about (Elastic) Load Balancer, CloudFront, Route 53 but I still don't get how I could achieve my goal.
Without any further AWS service it seems to be impossible to configure a DNS entry to point to the S3 bucket, as this doesn't have a static IP address.
Any hints for a quick solution would be appreciated, as this setup is for a demo only. There won't be many users accessing the services, so from this perspective, a load balancer is not necessary and it's also not necessary for the setup to scale up at the moment.
Is this possible at all?
Answer is Yes.
You could have a proxy server setup to proxy the traffic according to your needs:
Setup a DNS record for www.example.com which resolves to your proxy
IP (Could be one of those instances you already have).
Configure your proxy (multiple choices nginx, squid etc) to
listen on www.example.com and the given ports and forward the traffic
accordingly to the EC2 server IPs and the S3 website CNAME.
Is it worth it for your use case? No Unless you want to try it as an exercise.
Should I rather use different host names ...? Yes
Just create a hosted zone in Route53 for your domain, and create subdomains for the different services www.example.com, service1.example.com.
First question is: Is this possible at all?
Without super-complex setups, it is only possible for your TCP apps with a type of load balancers called Application Load Balancer. http://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html
With ALB you can create different target groups each of your TCP apps (EC2 instance 1 port 3333 and EC2 instance 2 port 4444), then define custom listeners on the load balancer to route port 3333 to the first target group and port 4444 to the second target group.
But ALB is unable to route to S3 or CloudFront distribution.