Node.js and Docker- Elastic Beanstalk 502 Bad Gateway

Question

• I have docker deployed on AWS Elastic Beanstalk - I have a Node.js web application and I require it to run on https.
• I get a 502 Bad Gateway from nginx/1.12.1 when I click on the link in the elastic beanstalk console.
• I am able to access the app at the instance level.
• I have tried configuring Load Balancer for TCP Passthrough (https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-tcp-passthrough.html) just to check if the app would run but that didn't help.
• Next i tried configuring End-to-End Encryption in a Load-Balanced Elastic Beanstalk Environment (https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-endtoend.html) but still get the same error.
• I require End-to-End https for my app for sso.
• The following is the settings i am using in .ebextensions for https

sslSecurityGroupIngress: 
  Type: AWS::EC2::SecurityGroupIngress
  Properties:
    GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
    IpProtocol: tcp
    ToPort: 443
    FromPort: 443
    CidrIp: 0.0.0.0/0

In Nginx I have already increased proxy_connect_timeout and proxy_read_timeout

Answer 1

I was able to see that my Application was configured to listen at both ports 80 and 443, although the rules were only redirecting for the port 80 of the instance, even if the request comes from the https protocol. If you would like to configure a End-to-End https, it will be necessary a rule redirecting to the port 443 of the instances.

Previously my Elastic Beanstalk configuration was set like:

Listener      Rules         Process

443             443            default
80              80             default 

Where the "default" process is redirecting all connections through the port 80 of the instances.

I updated my ElasticBeanstalk Environment to forward the https requests to the port 443 of the instance? Below is an example on how associate the rule with the process:

======== .ebextensions/https-reencrypt-alb.config ========
option_settings:
  aws:elbv2:listener:443:
    DefaultProcess: https
    ListenerEnabled: 'true'
    Protocol: HTTPS
  aws:elasticbeanstalk:environment:process:https:
    Port: '443'
    Protocol: HTTPS
======== .ebextensions/https-reencrypt-alb.config ========

One circumstance that could be causing this issue may be related to your application only listening at the 443 port, once none of the rules of the ALB redirect for this port at the instance, it is reasonable that the access is failing with a Bad Gateway request.

Add this for http to https redirection:

============= http-to-https.config ===============
Resources:
  AWSEBV2LoadBalancerListener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      DefaultActions:
        - Type: redirect
          RedirectConfig:
            Protocol: HTTPS
            Port: 443
            StatusCode: 'HTTP_301'
      LoadBalancerArn:
        Ref: AWSEBV2LoadBalancer
      Port: 80
      Protocol: HTTP
============= http-to-https.config ===============