Reputation: 7304
Setting up load balancer at my EC2 instance at AWS
I set up load balancer to my instances. My instances are inside an Auto Scaling Group.
My load balancer has HTTPS listener with SSL certificate from AWS. For load balancer's security group has inbound rule set to https with port 443 and outbound rule set to https with port 443 and EC2 instance's security group.
Then EC2 instance has https inbound rule set to load balancer's security group and outbound rule is open to all. This scenario doesn't work and I can't load my website.
Then I added http inbound with 0.0.0.0/0 to EC2 instance's security group and I can load my website.
Why I can't set load balancer's outbound fix to ec2's security group and ec2's inbound fix to load balancer's security group?
I have SSL certificate with my domain name. But I can't load my website with https. Using http is fine. Why?
Upvotes: 0
Views: 2354
Answers (1)
Reputation: 26013
Quick sanity checks:
You can check that HTTPS is working correctly by simply visiting your ELB endpoint (not the route 53 address; the raw ELB DNS endpoint) with HTTPS via a web browser.
If your application does not manage SSL, your ELB should not forward HTTPS traffic to your EC2 instance. Let the ELB terminate HTTPS and forward it as HTTP.
Check that your Instance Port is Correct
A common pattern with ELBs is to allow the ELB to manage HTTPS for you; HTTPS is terminated at the load balancer, and the load balancer forwards traffic to your EC2 instances as HTTP. Unless your application is specifically managing your SSL, this is what you want and you'll need to configure your EC2 layer to accept HTTP traffic.
This HTTPS termination is managed in the ELB Load Balancer Listeners, by accepting HTTPS on the load balancer protocol/port, and HTTP on the instance protocol/port. Example:
It sounds like your ELB is attempting to forward traffic to your application as HTTPS, and on the HTTPS port, while your application is configured to accept HTTP. Simply edit this "Instance Port" to accept traffic on the port that your application expects HTTP traffic on. Example: port 80
You can additionally restrict HTTP inbound traffic on your EC2 instance's security group to only be allowed from your ELB's security group, instead of 0.0.0.0/0.
Associate your Route 53 Record with your ELB
To associate a route 53 record with your ELB, simply create an IPv4 Record that is aliased to your load balancer. Your load balancer should show up as one of the resources in the alias drop-down menu.
Further Reading
- AWS Documentation - Internet-Facing Classic Load Balancers
- AWS Documentation - Create a Classic Load Balancer with an HTTPS Listener
- AWS Documentation - Route 53: Routing Traffic to an ELB Load Balancer
Upvotes: 1
Related Questions
- ssl certificate through amazon elastic load balancer
- Trouble establishing a secured connection to a load balancer
- AWS - SSL/HTTPS on load balancer
- Installing SSL on EC2 as well as load balancer
- Using Application Load Balancer with HTTPS
- how do I connect to an AWS "Application Load Balancer" with SSL
- How to implement SSL on AWS instance
- AWS Load Balancer not secure
- SSL Certificate For AWS Load Balancer
- Setup Elastic Load Balancers in AWS