Expose non 80 or 443 port on aws

Question

I am looking to enable https and redirect traffic from http to https on a server hosted on ec2.

I have achieved binding to port 4000 with https, but am having issues exposing this port for my instance to serve content from.

In my security groups I have the following configuration:

Incase it might be useful, the output of sudo docker ps is:

CONTAINER ID        IMAGE               COMMAND               CREATED              STATUS              PORTS              NAMES
59315f7862f1        site_web            "/site/entrypoint.sh …"   37 minutes ago      Up 36 minutes       0.0.0.0:443->443/tcp, 0.0.0.0:4000-4001- >4000-4001/tcp, 0.0.0.0:5432->5432/tcp   site_1

I was thinking of looking down the route of using nginx to redirect traffic from 443 or iptables.

What direction should I look to solve this problem? Am I configuring this unconventionally?

Answer 1

Your security group as written allows tcp/443 from everywhere (IPv4 & IPv6), tcp/80 from everywhere (IPv4 & IPv6) and allows tcp/22 from the single IP 146.90.23.135.

If your goal is to expose all of the docker ports listed you should remove both TCP 80 entries in your security group and add two new entries:

• Type: Custom TCP Rule, Protocol: TCP, Port Range: 4000-4001, Source: 0.0.0.0/0
• Type: Custom TCP Rule, Protocol: TCP, Port Range: 5432, Source: 0.0.0.0/0
• Leave the rule for TCP 443 (to go to your docker container) and TCP 22 (so you can SSH to your host).

A few notes:

• The Type column of the security group is really just to help input common protocols, it means nothing from a filtering/firewall standpoint. HTTP is no different from a Custom TCP Rule with the Port Range set to 80.
• You won't be doing any redirection of ports with AWS Security Groups. If you need that you can use iptables inside the OS, or you can use an Elastic Load Balancer from AWS.