Reputation: 475
nginx docker container on aws ecs >> The plain HTTP request was sent to HTTPS port
I have a frontend angular application running on aws ecs ec2 instance and both are connected to TCP port 443 and 80 of network load balancer. I will have many vhost configured on this nginx docker container with multiple domain names. In the ecs service the container to load balance is given as port 443. We will have to choose either port 443 or 80 of the container to load balance. https://prnt.sc/pocu41. On https the site is loading fine. But on http I am getting the error
The plain HTTP request was sent to HTTPS port
I am planning to use the ssl certificate on the docker container and not the ssl on the load balancer. If I choose ssl on the load balancer then we need to use the multidomain ssl in application load balancer default certificate and may not feasible when there are hundreds of domain.
My Nginx conf looks like this
server {
listen 80;
server_name example.com;
root /usr/share/nginx/html/docroot;
index index.html index.htm;
include /etc/nginx/mime.types;
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
location / {
try_files $uri $uri/ /index.html;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/example.com/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com/example.com.key;
server_name example.com;
root /usr/share/nginx/html/docroot;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
Any idea how we can solve this scenario?
Upvotes: 3
Views: 2262
Answers (1)
Reputation: 60074
I am planning to use the ssl certificate on the docker container and not the ssl on the load balancer. If I choose ssl on the load balancer then we need to use the multidomain ssl in application load balancer default certificate and may not feasible when there are hundreds of domain.
Your this assumption does not seem correct, you can create * certificate from LB or you can configure multiple from ACM as well. you can use AWS ACM with load balancer and its totally free of cost and why I should bother to manage SSL at application level? and why I should open port 80 at application level when I can do redirect with application LB if NLB is not requirment?
AWS Certificate Manager Pricing
Public SSL/TLS certificates provisioned through AWS Certificate Manager are free. You pay only for the AWS resources you create to run your application.
Second any special reason for using NLB? For web-application I will never go for network balancer, NLB make sense for TCP level communication, But I will go for application LB for HTTP communication which provides advance routings like host base routing, redirect and path-based routing which will remove the need of Nginx.
Containers are designed for lightweight task and AWS recommends to memory arround 300-500MB and same recommendations for CPU.
Do you know the cost of SSL termination at container level?
SSL traffic can be compute intensive since it requires encryption and decryption of traffic. SSL relies on public key cryptography to encrypt communications between the client and server sending messages safely across networks.
Advantage of SSL termination at LB level
SSL termination at load balancer is desired because decryption is resource and CPU intensive. Putting the decryption burden on the load balancer enables the server to spend processing power on application tasks, which helps improve performance. It also simplifies the management of SSL certificates.
new-tls-termination-for-network-load-balancers
10-tips-to-improve-the-performance-of-your-aws-application
So base on this I am not going to asnwer your problem as suggested by @Linpy may help if you still want to go, you can this too dealing-with-nginx-400-the-plain-http-request-was-sent-to-https-port-error
Upvotes: 0
Related Questions
- AWS ECS using Nginx instead ALB
- Unable to connect with https on EC2 with docker-compose
- SSL not working with Elastic Load Balancer and Nginx
- How to enable HTTPS on AWS Docker
- How to enable HTTPS on AWS EC2 running an NGINX Docker container?
- How can I host an SSL Rest API through AWS using a Docker image?
- nginx-ingress doesn't work with AWS ELB when use aws-load-balancer-backend-protocol: "https"
- HTTPS on Elastic Beanstalk (Docker Multi-container)
- Amazon Web Service ECS (SSL/HTTPS) Issue
- ELB redirecting 443/80 to single port on nginx docker container