I have a Node/Express server running on an EC2 instance that is maintained by Elastic Beanstalk (single instance no load balancer).
I am struggling with implementing a correct SSL redirect that works with EC2.
The SSL redirect is as follows:
const httpsOptions = {
key: fs.readFileSync('/local/ssl/key.pem'),
cert: fs.readFileSync('/local/ssl/cert.pem'),
passphrase: '*****'
}
http.createServer(function (req, res) {
let httpsHost = req.headers.host.replace('8081', '8443');
res.writeHead(301, { "Location": "https://" + httpsHost + req.url });
res.end();
}).listen(8081);
https.createServer(httpsOptions, app).listen(8443)
This works great locally, but when I deploy to my EC2 instance and try to access the site, I get:
Here is a picture of my inbound rules as well:
Do I have the ports configured incorrectly? I cannot use port 80 and port 443 because it requires root permissions, and I won't run my server with root permissions.
When I try to access your host on port 443 I get a response, which means the host is accessible. When I try to access your server on port 8443, I receive a "Connection timed out", what could possibly be caused by wrong firewall (ie. security group) settings.
Your server instance listens to port 8443 and 8081, but in your security group rules the ports 443 and 80 are configured. If you cannot use 443/80 as you wrote, please edit the inbound rules to allow traffic from ports 8443/8081 instead.
This was solved through port forwarding.
Check current IP-tables:
sudo iptables -t nat -L
Remove last entry:
sudo iptables -t nat -D PREROUTING 1
Set up redirection as necessary, in my case:
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8081
This sends all 443 traffic to 8443, and all 80 traffic to 8081.
Related
I want to get a response from a remote node.js server by typing my public IP address into my browser. When I type my public IP into my browser on my personal computer, I get "Unable to Connect". My node.js server isn't connected to the World =(
I am running CentOS on a Linode (but I don't think either choice should matter to my question).
Via Terminal on my person computer (a Mac), I can successfully SSH as root into my Linode.
I have installed node.js successfully on my Linode.
I can compile and run a simple server on my Linode.
var http = require('http');//create a server object:
http.createServer(function (req, res) {
res.write('Hello World!'); //write a response
res.end(); //end the response
}).listen(3000, function(){
console.log("server start at port 3000");
});
I've tried:
Setting a hostname.
Changing the "hosts" file on my server.
Changing the port number in my node.js server (3000, 80, 8080, 3001, 0.0.0.0, etc).
Read literally 100 articles today about how to deploy a node.js server.
Searched Google, Stackoverflow, Linode forums, etc for threads that might help me.
I have zero idea what I'm doing wrong and would be so grateful for your help.
I eventually found the answer, thanks to Saddy's suggestion that the problem might be port forwarding.
1. I decided to use ports 3080 and 3443 for my node server.
2. I SSHed into my CentOs instance.
3. I disabled the default firewall, firewalld.
4. I set up port forwarding using iptables with the following commands:
firewalld stop
firewalld disable
iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT
iptables -I INPUT 1 -p tcp --dport 25 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3080
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3443
iptables-save > /etc/sysconfig/iptables
After this, I was able to access my node server via a browser.
I have a simple Python server on a DigitalOcean Ubuntu droplet that should serve the index.html file in the /dist folder:
port = 8000
os.chdir(os.path.join(os.path.dirname(__file__), 'dist'))
Handler = http.server.SimpleHTTPRequestHandler
httpd = socketserver.TCPServer(('', port), Handler)
print('Serving at port ', port)
httpd.serve_forever()
I ran 'sudo ufw allow 80/tcp' to open the firewall and if I run ufw status it shows port 80 as being open to everybody. I ran 'sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8000' to redirect traffic from port 80 to port 8000.
If I run nmap from another box, the only open port is ssh on 22. Port 80 is filtered. Navigating to the host in my browser results in a connection timeout. What could be causing this?
It turns out I had to enable the DigitalOcean firewall and apply the correct rules, otherwise without the firewall it was just blocking ports by default.
I have a running AWS EC2 instance on an Ubuntu machine running a Nodejs server.
Everything works fine then opening the website via its public ip on port 3000 likes this:
http://XX.XXX.XXX.XXX:3000
Now I want to redirect all requests from port 80 to this port 3000 via iptables like described in this video: https://www.youtube.com/watch?v=WxhFq64FQzA via
sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000.
Unfortunately I am getting this error: http://prntscr.com/lja6hx when opening the site like this: http://XX.XXX.XXX.XXX (without port 3000 specified)
P.S.: I'm not really sure if my approach is correct. I am open to other ways of achieving a redirect from port 80 (http) to port 3000
As #Vorsprung suggested I should use an Application Load Balancer. I did this but it's still not working. Here is my setup:
My Application Load Balancer Listener
The Target Group I'm forwarding to in my ALB
My hosted zone (I've added the alias for the ALB here)
Please let me know if something is missing
either use nginx see https://nodebb.readthedocs.io/en/latest/configuring/proxies/nginx.html
or
you are on AWS! Use an ALB.. see https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancer-tutorials.html
It's my first time when I try configure a server running on Amazon EC2.
I figured out how run my node app on 80 port but now I'm trying to run on 443 port with Letsencrypt SSL. Before to work on 80 port I added
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3000
and
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 3000
and everything worked fine. But now after install Letsencrypt I try to do same thing but with 433 port instead 80 and it's not working.
Letsencrypt config automatically for me all files so now redirect from http to https is working fine and when my iptable is empty on https:// I see ubuntu default website. When I run lines mentioned above with 443 port app is still not working (browser can't even load anything). It's only working with http:/...:3000
I've added 443 port to Security Groups on EC2.
What I can do? Thanks.
You need to check your security group Inbound/Outbound rules, you need to see if port 443 is assigned to which host. A valid but dangerous configuration, just for testing, is allow everything on Inbound and Outbound, to see if its a problem on your Security Group.
Beyond that, you need to be sure if the binding port is listening. Are you using Amazon Linux?
I would like to have my Apache httpd launch as non-route user (httpd) and still listen on port 80/443. This server will be running on a Linux host.
Given that the first 1024 ports are reserved, how would I go about having a reserved port handled by a non-root daemon? Alternatively, can I run my apache on a non-reserved port and have the port's traffic redirect locally to that other port?
You can use iptables for port redirecting:
# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080