I have a url which is now https and is ready to be use. But the problem is, I do not know how to use that url as Nodejs backend localhost.
By default, We are using
http://localhost:3000/api/thisRoute
And I want to use that url and it looks like this
https://api.domainName.com/api/thisRoute
Current Status:
My backend is deployed in AWS EC2 and already link to that url and I am still using the default in the backend.
Is this possible?
You can setup an ALB (Application Load Balancer) in AWS and terminate the https connection at the Load Balancer by setting up a HTTPS listener. Then have it send the request via http to your EC2 Instance on port 3000 via a target group.
OR
You could setup a second listener on port 443 in your node.js server (see https.createServer) and point the DNS directly to your EC2 Instance IP address. This would require more work but you don't have to pay for a Load Balancer.
Related
I am currently learning about AWS and I have a single EC2 instance running with a nodejs server on port 3000, an Application load balancer with SSL setup that listen on port 80 and 443 (http & https). When I make requests to the http route it returns back the successful health check message. But when I try to access my api via the https method, I get a 502 Error. I googled around and read some articles and they pointed out that the nodejs server keepAliveTimeout and headersTimeout should be higher than the timeout option of the ALB. I tried that and it didn't work. I also tried to set the max-http-header-value to 16384, I also tried to check the access logs for the load balancer on my S3 bucket and the logs just showed that I am getting a 502 error and nothing more. What could be the issue? Because I have tried all solutions that presented but they don't seem to work.
The 443 listener needs to be pointed to port 80 on the ec2 instance
The first thing to check is that your server is responding to requests. Try connecting to port 3000 on the server, either from the server itself (eg curl localhost:3000) or from outside the server (which will require the Security Group to permit access to port 3000).
Once you have confirm that the server is responding, configure Security Groups as:
A Security Group on the Application Load Balancer (ALB-SG) that permits Inbound access on ports 80 and 443
A Security Group on the Amazon EC2 instance (App-SG) that permits inbound access on port 3000 from ALB-SG
That is, App-SG should specifically refer to ALB-SG in its Inbound rules.
Then, configure the Load Balancer to have a Target Group that points at port 3000 on the app server and provide it a URL for the Health Check (that could simply be /).
Then, connect to the Application Load Balancer and see whether you can access your app.
I want to redirect traffic from http to https on my load balanced node.js instance running on Amazon Linux + nginx on elastic beanstalk.
I configured the load balancer to route traffic on port 80 and 443 to the instance:
When I access the page with https://url.com I have a secure https connection but I can still force http by opening the url with http://url.com.
I want to prevent this by forcing the incoming traffic on port 80 to be redirected to 443.
I found this configuration file in the official AWS documentation:
https://github.com/awsdocs/elastic-beanstalk-samples/blob/master/configuration-files/aws-provided/security-configuration/https-redirect/nodejs/https-redirect-nodejs.config
I created an .ebextensions folder and placed the configuration file in there.
I deployed the application but the redirection still does not work.
Has anybody solved this kind of problem?
Anything else I could try?
In EB you can use Classic, network and application load balances.
If you expect http and https traffic only, switch to Application ELB and do http to https redirection on ELB.
Moreover you can request for SSL certificate in ACM (for free) and attache it to your SLL listener.
I would like to ask about how to configure Nodejs (backend/server) to accept HTTPS request from client side (Front end).
What we did.
Registered domain name in AWS.
List item
Requested SSL in ACM.
Create bucket in S3, and store our front-end code (angular 5) inside of it.
Created distribution in cloud front and put our custom ssl there and connect to bucket in S3.
We set up also ec2 instance and store our back-end code (node js) there.
In our front end code we connect to the ip of our ec2 instances so that we can connect to backend.
The problem:
The front-end can't access the backend in ec2 instances because the front end is https and the backend is http (we don't know how to configure it from http to https in AWS EC2 Instance).
Do you know how to setup web app in aws which front end and backend code is separated?
What did we missed?
What did we missed?
If I understand you correctly, you have a Cloudfront distribution serving angular which is then attempting to connect to an EC2 instance - I presume the IP address or public DNS entry for the EC2 is hard-coded into the angular code.
This is not a good arrangement - if your EC2 goes down or the IP address changes you will need to push a new site to S3 - and then this change will take time to propagate through Cloudfront.
What you should rather be doing is this.
create an application load balancer
create a target group and add your EC2 to that target group.
add a listener on the ALB, listening on the port your web app connects on, with a rule that forwards to the HTTP port of the back-end EC2.
Add a route 53 DNS Alias record for the ALB (because ALBs do sometimes go away or change their IP address)
Change your front-end code to point at the Route 53 Alias record.
(This is an incredibly simplistic way of doing things that leaves your EC2 open to the internet etc etc).
You should also give serious thought to putting your EC2 into an autoscaling group that spans at least two availability zones, and to setting its minimum size to ensure at least servers are running at any one time.
AWS EC2 instances can go away at any time, and when they do your app goes down with them.
Having difficulty phrasing my question, so I could not find much info on it so I will explain:
I have a node.js app that hosts a restify/express api on port 8081.
This same api hosts a websocket server on port 8083.
All this works wonderfully on localhost by specifying the ports, but in a hosted environment it needs to run on port 80 http. (omitting 443 for simplicity).
I am using AWS Elastic Beanstalk (nginx server). When I deployed my app, it creates an EC2 and ELB (load balancer) instance. The ELB then has a public dns which I use to access the api on port 80. There is no special listeners configured (only 80 and 443). So I am not sure how it gets to the api on port 8081. The EC2 instance also only allows 80 and 443.
The api works fine using it with the ELB public dns on port 80.
Now I have added the websocket server in there.
My problem is - I need another public dns on port 80 to go to the socket server on port 8083 of the same Beanstalk app. How would I approach this?
I would appreciate any thoughts and ideas.
It appears that..
Elastic Beanstalk creates a Classic load balancer which does not support websockets.
Default nginx setup on AWS does not allow Upgrade headers.
However, I got it working in the following manner:
Default EB setup (with classic ELB) serves the API as it normally did.
Then I created an ALB (Application load balancer) from the EC2 dashboard.
I added a target that routes to my EC2 instance (that EB created) on port 8083 (my websocket listener). My API runs on port 8081. Then add the target to the new ALB on on the Listeners tab.
This will allow traffic that hits the new ALB on port 80 to route to port 8083 of the server where my application is hosted.
In my .ebextensions file in the project, I added the following that will update nginx settings to allow the Upgrade header that is needed for websockets:
Add to .ebextensions
container_commands:
enable_websockets:
command: |
sed -i '/\s*proxy_set_header\s*Connection/c \
proxy_set_header Upgrade $http_upgrade;\
proxy_set_header Connection "upgrade";\
' /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf
So basically I have two load balancers. The default one that routes 80 to 8081, and another (ALB) that routes 80 to 8083.
This is by no means perfect. Auto scaling/load balancing would probably not work. But for now is serves the API and websocket server from the same application.
I have a nodejs program that creates two servers.
HTTPS server running on port 3000
HTTP server running on port 8080 (it just forwards to my domain name with https)
I am trying to deploy this on elastic beanstalk.
I uploaded the certificate and opened HTTPS port in the elastic beanstalk (as outlined in this document: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https.html)
My application doesn't run at all. It goes red as soon as it is deployed.
Looking at the logs, I see it trying to redirect to https domain name, but that goes nowhere.
I fail to see how Amazon would know which port has which. How would it know that port 3000 has https, and port 8080 has http? That is never mentioned anywhere. Perhaps that's the issue?
Any idea what to do? Many thanks.
Basically, you need to to coustumized your Elastic Beanstalk environment:
Elastic Load Balancer:
Listen on port 80 and proxy it to EC2 instance port 8080.
Listen on port 443 and proxy it to EC2 instance port 3000.
EC2 Web Server/Proxy (your Nginx/Apache):
Listen on port 8080 and response with redirect to HTTPS.
Listen on port 3000 and serve the request.
I thought your config failed because you configure ELB using Elastic Beanstalk Web Console. The Web Console only able to forward the HTTP and HTTPS into a single port in EC2 instance. So, your request is never handled by port 3000. You can't do this using Elastic Beanstalk Web Console, you need to apply this using another method, such as .ebextensions or CLI.
Please take a look into my answer here and my post in here.