How does port in ElasticBeanStalk works?
I have a NodeJs/ExpressJS application which will be deployed in ElasticBeanStalk.
The ElasticBeanStalk has a load balancer used to attach SSL certificates.
Should i specify the port from my nodejs application?Can it be any port?
Or elastic beanstalk has some specific ports for this?
Can someone throw some lights on this?
I think the elastic bean stalk comes with a default infront of it. So is port specified in this?
You should use process.env.PORT to get the port from environment variables.
Elastic Beanstalk will set it for you.
Externally port 80 will be opened and will be routed to the port configured on Elastic Beanstalk.
Your Load Balancer with SSL will probably forward traffic from port 443 to Elastic Beanstalk.
See more in these docs.
Related
I have nodejs app which is listening for http connections on port 3000 and also listening for tcp connections on port 5001 using nodejs' net library.
I am hosting the app using aws elastic beanstalk and it's classic load balancer.
My CLB listeners:
My Elastic Beanstalk load balancer listeners:
Also port 5001 is enabled in ec2 instance and load balancer security groups.
When trying to send tcp packet to load balancer's dns name it goes through, but never reaches the ec2 instance. Is there something else I have to configure for this to be possible?
The problem was I had net.listen host set to localhost instead of 0.0.0.0
Having difficulty phrasing my question, so I could not find much info on it so I will explain:
I have a node.js app that hosts a restify/express api on port 8081.
This same api hosts a websocket server on port 8083.
All this works wonderfully on localhost by specifying the ports, but in a hosted environment it needs to run on port 80 http. (omitting 443 for simplicity).
I am using AWS Elastic Beanstalk (nginx server). When I deployed my app, it creates an EC2 and ELB (load balancer) instance. The ELB then has a public dns which I use to access the api on port 80. There is no special listeners configured (only 80 and 443). So I am not sure how it gets to the api on port 8081. The EC2 instance also only allows 80 and 443.
The api works fine using it with the ELB public dns on port 80.
Now I have added the websocket server in there.
My problem is - I need another public dns on port 80 to go to the socket server on port 8083 of the same Beanstalk app. How would I approach this?
I would appreciate any thoughts and ideas.
It appears that..
Elastic Beanstalk creates a Classic load balancer which does not support websockets.
Default nginx setup on AWS does not allow Upgrade headers.
However, I got it working in the following manner:
Default EB setup (with classic ELB) serves the API as it normally did.
Then I created an ALB (Application load balancer) from the EC2 dashboard.
I added a target that routes to my EC2 instance (that EB created) on port 8083 (my websocket listener). My API runs on port 8081. Then add the target to the new ALB on on the Listeners tab.
This will allow traffic that hits the new ALB on port 80 to route to port 8083 of the server where my application is hosted.
In my .ebextensions file in the project, I added the following that will update nginx settings to allow the Upgrade header that is needed for websockets:
Add to .ebextensions
container_commands:
enable_websockets:
command: |
sed -i '/\s*proxy_set_header\s*Connection/c \
proxy_set_header Upgrade $http_upgrade;\
proxy_set_header Connection "upgrade";\
' /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf
So basically I have two load balancers. The default one that routes 80 to 8081, and another (ALB) that routes 80 to 8083.
This is by no means perfect. Auto scaling/load balancing would probably not work. But for now is serves the API and websocket server from the same application.
I am developing a web application locally. However, I would like to host the final product on an Amazon EC2 instance. I have moved my web application to the EC2 instance and am able to run the application; it's now listening on port 8081.
What I don't understand is how to allow users on the internet to access the web application running on port 8081 of the EC2 instance. I have tried redirecting the domain name to the IP address of the EC2 instance on the NameCheap DNS (where we bought the domain) to no avail. I suspect one of the things I need to do is set the permissions of the EC2 permission group but what should I set it to?
Help is greatly appreciated!
Thanks!
You can setup a nginx server to proxy all request to the port 8081.
Read more information here: https://doesnotscale.com/deploying-node-js-with-pm2-and-nginx/
Generally speaking, for a public web application you will want to run on a standard port (e.g. 80 or 443). You could do that by just running your node app as a privileged user (required by most OS's to expose 80 or 443), but generally it's better to have a web server in front pass the traffic, treating your node app as an upstream server (even if it's on localhost). NGinX is a good choice for this.
Regardless of what port you want to run it on, you'll need to update your EC2 security policy for that instance to allow traffic on that port (80, 443, 8081, whatever). You'll also need to make sure it's exposing a public IP address. It's not a bad idea to assign it an Elastic IP, since you'll wnat it to have the same address across instance reboots.
Finally, depending on what AMI you're running from, there may be a host firewall configured that you'll need to check on and configure to allow the traffic.
I have a nodejs program that creates two servers.
HTTPS server running on port 3000
HTTP server running on port 8080 (it just forwards to my domain name with https)
I am trying to deploy this on elastic beanstalk.
I uploaded the certificate and opened HTTPS port in the elastic beanstalk (as outlined in this document: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https.html)
My application doesn't run at all. It goes red as soon as it is deployed.
Looking at the logs, I see it trying to redirect to https domain name, but that goes nowhere.
I fail to see how Amazon would know which port has which. How would it know that port 3000 has https, and port 8080 has http? That is never mentioned anywhere. Perhaps that's the issue?
Any idea what to do? Many thanks.
Basically, you need to to coustumized your Elastic Beanstalk environment:
Elastic Load Balancer:
Listen on port 80 and proxy it to EC2 instance port 8080.
Listen on port 443 and proxy it to EC2 instance port 3000.
EC2 Web Server/Proxy (your Nginx/Apache):
Listen on port 8080 and response with redirect to HTTPS.
Listen on port 3000 and serve the request.
I thought your config failed because you configure ELB using Elastic Beanstalk Web Console. The Web Console only able to forward the HTTP and HTTPS into a single port in EC2 instance. So, your request is never handled by port 3000. You can't do this using Elastic Beanstalk Web Console, you need to apply this using another method, such as .ebextensions or CLI.
Please take a look into my answer here and my post in here.
I'm trying to host my web app on AWS.
I'm hosting my nodejs app on Elastic Beanstalk (salable).
I have created an ec2 instance to host my mongodb.
In test, the mongodb ec2 instance accepts connection at port 27017 from anywhere.
And my website works great.
The problems is that I want to restrict the access to mongodb ec2 instance to only allow connections from my Elastic Beanstalk app.
I changed the rule of my ec2 instance security group, to only accept tcp port 27017 connection from the security group where Elastic Beanstalk app is assigned to.
This breaks the communication to mongodb from my app immediately.
I have also tried to allow all traffic from beanstalk security group, no luck
Have I got anything wrong? please help!
Needed to edit the /etc/mongod.conf file and set your bind_ip = 0.0.0.0 in order to make connections externally.
Also had to try the different version of the mask to work. xxx.xxx.0.0/16 worked for me, but xxx.xxx.0.0/24 and xxx.xxx.0.0/32 didn't.
Also, they recommended that you use the private IP if you are in the same zone (keeps costs down), but public otherwise.