Elastic Load Balance Config for Node.js and AWS EB - node.js

I am trying to deploy a Node.js Express server to AWS EB, but have some problem to config the proxy.
If I have no elasticloadbalancing.config file under the extension folder, then I can access to the server through HTTP and port 3000. However if I want to add a config to enable the HTTPS and proxy the listener port 433 to instance port 3000, then the site cannot be loaded.
Here is my Config file,
option_settings:
aws:elb:listener:443:
ListenerProtocol: HTTPS:
SSLCertificationeId: arn****
InstancePort: 3000
InstanceProtocol: HTTP
Could anyone give me any suggestions?
I am not sure if the EB is correctly configured, because once I deployed the config file, all ports in the Load Balancing in the web tier configuration were off. Will the EB use the loading balance automatically?
Here is the web tier config,
And here are listeners
Thanks.

You will need to specify config for opening the instance port access from the ELB.
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
IpProtocol: tcp
ToPort: 3000
FromPort: 3000
SourceSecurityGroupName: {"Fn::GetAtt" : ["AWSEBLoadBalancer" , "SourceSecurityGroup.GroupName"]}
Please see the documentation available at
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-elb.html

Related

Application stops after configuring nginx (docker) for https

I have followed this tutorial for deploying docker containers on AWS EC2 instance:
https://www.digitalocean.com/community/tutorials/how-to-secure-a-containerized-node-js-application-with-nginx-let-s-encrypt-and-docker-compose
and after reaching step 5 (where nginx is configured for HTTPS), the application just stops working. Here's my application: www.alphadevop.co
Here’s my nginx configuration:
https://github.com/cyrilcabo/alphadevelopment/blob/master/nginx-conf/nginx.conf
And here’s my docker-compose.yml:
https://github.com/cyrilcabo/alphadevelopment/blob/master/docker-compose.yml
[Here's the webserver logs][1]
[1]: https://i.stack.imgur.com/oawtD.png
Silly mistake, port 443 wasn't allowed on my application. I was confused because when i checked on my server, port 443 was open. Then I checked here, https://www.yougetsignal.com/tools/open-ports/ , saying it was closed. I then found out that there's an inbound rule for AWS EC2 instance top allow port 443.
Credits here: NGINX SSL Timeout

How do I make a NodeJs project publicly accessible on port 3000?

I have a NodeJs/Express project in Alibaba cloud based Ubuntu server.
When I run project and access with curl localhost:3000 and curl 127.0.0.1:3000 it works!
When I access with IP public, e.g. curl 192.x.x.x:3000 it doesn't work, even though I have edited config in Express project in some code to : server.listen(3000,"0.0.0.0") OR server.listen("3000","192.x.x.x").
FYI I have Apache on this server. When I access on Internet with IP public no problem.
What can I do to solve this problem? Thanks beforehand.
PS: the 192.x.x.x is my IP public and it works access with Apache project
Issue the following command to open port 3000 for TCP traffic.
sudo ufw allow 3000/tcp
You have to configure your security ground and create a inbound rule to allow port 3000. Follow this guideline.
https://www.alibabacloud.com/help/doc-detail/25471.htm
Make sure you allow TCP traffic or all traffic from all sources to the port 3000 as the inbound rule.
The fact that you can access your service locally - but not publicly could mean 2 possible configurations:
The server running your application has blocked the port 3000
You have not configured your server to map the port 80 of a specific route to the port 3000
It is highly possible that a most essential part of your server configuration has not been done.

Cannot Access Google App Engine Instance Externally

I'm running a node JS app on Google Cloud Services using the cloud shell. I've deployed using gcloud app deploy, everything reports as a success. If I use gcloud app logs tail -s default I can see the logs, it says my app is listening on port 3000, that's the first debug message I see from my app.
When I invoke the endpoint without the port on the end, i.e.
https://myapp.appspot.com/myendpoint
I get an error,
"GET /myendpoint" 502
If I try with port 3000, i.e.
https://myapp.appspot.com:3000/myendpoint
The request just times out and I get no log messages from the shell.
I have port 3000 opened on the firewall, and my app.yaml is,
runtime: nodejs
env: flex
service: default
manual_scaling:
instances: 1
resources:
cpu: 1
memory_gb: 0.5
disk_size_gb: 10
Update 1:
I've also tried adding a forwarding port to my app.yaml,
network:
forwarded_ports:
- 3000/tcp
And allowed port 3000 in the VPC Firewall, but this seems to make no difference.
Update 2:
I can SSH into the instance and access the endpoint using a wget http://127.0.0.1:3000/myendpoint command but still no external access.
Update 3:
I've also tried port 443 too, listening on IP 0.0.0.0. But it seems to bind to IPV6 ip address 0 and changes the port to 8443 (somehow). This is just insane...
I resolved the issue by binding my service to port 8080, and removing the "service" field from my app.yaml. the external calls are all routed to port 8080 by default.
External calls have no port specified.

Single Instance Elastic Beanstalk Node App. HTTPS refused to connect

I have deployed a node.js app to Elastic Beanstalk. When I try to access the page via HTTP: everything works fine. when I try to access via HTTPS: I get a refused to connect error. I have followed the instructions on
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-singleinstance-nodejs.html
I created a .ebextensions folder and my https-instance-single.config looks like:
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
IpProtocol: tcp
ToPort: 443
FromPort: 443
CidrIp: 0.0.0.0/0
I have uploaded and deployed the new zip file with these included and still the same thing. I can access via HTTP but not via HTTPS.
Any help would be greatly appreciated.
I would suggest you use LetsEncrypt for Elastic Beanstalk single instance. According to your current configuration, its only open port 443 to serve HTTPS but you are not pointing to certificate. This is the tutorial for LetsEncrypt SSL on Elastic Beanstalk:
https://www.tutcodex.com/ssl-on-single-instance-elastic-beanstalk-tutorial/

Configure subdomain port forwarding on EC2 VPC

I am running a Linux instance on EC2. It is running Apache on port 80 and a custom nodejs server on port 8080.
I would like to use a subdomain to redirect the petitions from port 80 to 8080.
Traffic to nodejs.mydomain.com:80 should be redirected to the EC2 server on port 8080.
Is that possible using AWS VPC?
I do not want to configure Apache as a proxy.
More details about the current configuration:
The instance has attached an Elastic IP address.
I'm using Route 53 to point my domain to this IP
The instance is running inside a VPC
The server is on production so I'm looking for a minimum downtime
Thanks for your help.

Resources