How to configure NGINX as a reverse proxy in front of an AWS ALB

Question

I have an AWS ALB that serves traffic from the internet. Inside an AWS VPC I have a JAVA application (not a web app) running on an EC2 instance on port 8080 that inherently does not support ALB to EC2 SSL traffic. As per the set security standards in my company, I would like to encrypt all traffic between the ALB and the service running on EC2 instance. I am thinking of introducing a reverse proxy like NGINX that will run on the EC2 instance where the JAVA application is running, get requests from the ALB and forward the requests to the app on the same machine. The communication between the ALB and the NGINX server will be through SSL. Has anyone done something similar or I am headed in the wrong direction and there is an easy alternative to that?

The JAVA application is third party and does not support HTTPS out of the box. Any tips or recommendations are highly appreciated.

Thanks in advance, Nick

Answer 1

Yes, using a web server like nginx/apache is the right way to add HTTPs if you cannot do it in the java web container itself(as you mentioned it is third party).

As your requirement is to use SSL on the application internal network, you can install NGINX on each of your java EC2 instances. Your NGINX server can talk HTTPs upward to the ALB and can talk HTTP to your java container.

Here is a link to follow to understand how to configure HTTPs listener in NGINX

http://nginx.org/en/docs/http/configuring_https_servers.html