Reputation: 79
AWS EC2 load balancing target group 'https 443' unhealthy
I am trying to secure my EC2 server with HTTPS. I have a backend application written in Node.js. Here's the basic structure of my server setup:
app.use(cors());
app.use(express.json());
app.get("/", (req, res) => {
res.status(200).send("server running");
});
const port = process.env.PORT || 8080; // Assuming port is defined here for clarity
app.listen(port, () => {
console.log(`Server running on http://localhost:${port}`);
});
So far, I have completed the following steps:
- Created an EC2 instance.
- Generated an AWS domain and issued an SSL certificate.
- Created a Route53 hosting zone and registered records.
- Added 443, 80, and 8080 (for the Node.js app) ports to the EC2 security group.
- Created an EC2 target group.
- Set up a load balancer with the following rules:
- Rule for port 8080: Redirect to 443 when the host header is personindicator.com.
- Rule for port 443: Forward to the target group when the host header is personindicator.com.
(I can't upload images for low reputation...)
Despite these configurations, I am facing a couple of issues:
The health status for port 8080 is healthy, but for port 443, it is marked as unhealthy. Currently, I can only access my application through the EC2's public IPv4 address on port 8080. Any attempt to access it via HTTPS or even HTTP without specifying the port results in a timeout.
Given this situation, I am unsure how to correctly set up HTTPS for my server to ensure it is secure. Specifically, I am looking for guidance on how to integrate the issued SSL certificate with my Node.js application, ensure all traffic goes through HTTPS, and resolve the unhealthy status of port 443 as well as the timeout issues.
Could someone provide a detailed explanation or step-by-step guide on how to secure my Node.js application with HTTPS on an EC2 server, especially focusing on how to use the SSL certificate with my application, any necessary configurations on the AWS side, and troubleshooting the mentioned issues?
Upvotes: 0
Views: 807
Answers (1)
Reputation: 2737
Can you please verify whether you've configured the following;
- Adding Default SSL/TLS server certificate for the 443 listener in the ALB.
- Configure your target group to use http at port 8080 which corresponds to load balancer to send traffic.
- You might need to add another listener for port 80 having permanent redirection to https. This will enforce your users to use https instead of http.
Please Let me know if still you're getting issues even after configuring above settings.
Upvotes: 0
Related Questions
- AWS EC2 Spring Boot Deployment - SSL/HTTPS Error after Configuring Route 53, ACM, and GoDaddy
- How to get an AWS EC2 instance ID from within that EC2 instance?
- What's the target group port for, when using Application Load Balancer + EC2 Container Service
- AWS Application Load Balancer to EC2 Node over HTTPS not responding
- AWS Target Group Unhealthy - Docker Container
- AWS - SSL/HTTPS on load balancer
- How to troubleshoot unhealthy status code in AWS target group
- https raises ERR_SSL_PROTOCOL_ERROR for AWS EC2 Ubuntu instance