0

I have an EC2 instance on Amazon (AWS). The instance is behind a ELB (Elastic Load Balancer). I want to allow HTTPS connections to reach the EC2 instance.

Is it necessary to have the load balancer configured for HTTPS, ie, to check the certificates etc, or can this just be done traditionally within the EC2 instance and virtual host SSL configuration ?

The reason I'm asking is because I have allowed traffic via ELB -> EC2 for port 80 and 443, but only port 80 reaches the instance.

EDIT

Nmap scan report for localhost (127.0.0.1)
Host is up (0.00021s latency).
Not shown: 996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
3306/tcp open  mysql

EDIT 2

Here is my other stack overflow questions explaining the bigger problem I have, hence why I opened this question. HTTPS only works on localhost

Community
  • 1
  • 1
Janpan
  • 2,164
  • 3
  • 27
  • 53
  • @Michael-sqlbot you should read my comment below http://stackoverflow.com/questions/35474862/https-on-a-ec2-instance#comment58661501_35475664 . I didnt want to take the credit for the answer when it was suggested by devd. So, just until the answer has been submitted, I added the solution in the first question. Once the answer has been submitted either by me or devd, I will remove the "solution part" – Janpan Feb 18 '16 at 16:06
  • You're right, I didn't see that the solution was suggested in comments. Not sure how I missed all that, it's pretty obvious now that you pointed it out. Thanks for the update. I'll remove my previous comment. – Michael - sqlbot Feb 18 '16 at 16:35
  • 1
    @Michael-sqlbot thanks. If devd does not respond in the next 4 hours, I will add the answer below and credit him/her. :) – Janpan Feb 18 '16 at 16:46

1 Answers1

4

Check whether any application is running on port 443.

Use this command to check:

nmap -sT -O localhost

EDIT

Add the certificate files on the server and then upload them to IAM using the command:

aws iam upload-server-certificate --server-certificate-name my-server-cert --certificate-body file://my-certificate.pem --private-key file://my-private-key.pem --certificate-chain file://my-certificate-chain.pem

For more info check this:

http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html

anothernode
  • 5,100
  • 13
  • 43
  • 62
devd
  • 370
  • 10
  • 28
  • Thx, I added nmap report. Looks like 443 is open. – Janpan Feb 18 '16 at 07:53
  • You can also make any other port https (except the reserved ports) and check whether it works or not. To run an app on 443 root privilege is needed. Also, I think you've to set the SSL configuration for the https support. – devd Feb 18 '16 at 07:59
  • do you mean "set the SSL configuration" on the ELB (load balancer) ? – Janpan Feb 18 '16 at 08:08
  • Yes. Check your EC2 security group inbound entry. It'd be somewhat like this **HTTPS TCP 443 0.0.0.0/0** – devd Feb 18 '16 at 09:11
  • I mean I have set it up in the security rule, but not the load balancer port configuration. – Janpan Feb 18 '16 at 09:14
  • You need to set it there as well. This is from ELB create screen `This wizard will walk you through setting up a new load balancer. Begin by giving your new load balancer a unique name so that you can identify it from other load balancers you might create. You will also need to configure ports and protocols for your load balancer. Traffic from your clients can be routed from any load balancer port to any port on your EC2 instances. By default, we've configured your load balancer with a standard web server on port 80`. – devd Feb 18 '16 at 09:16
  • Thx, however, I have already done this. What I meant is, setting up the load balancer to handle 443 and accept certificates – Janpan Feb 18 '16 at 09:17
  • Yes you've to do it. That's what I've understood from these links http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-update-ssl-cert.html and http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html – devd Feb 18 '16 at 09:23
  • Ill add it as soon as I have the new certificate files from my provider. (I moved servers recently) Hopefully soon. – Janpan Feb 18 '16 at 09:38
  • 1
    it works. I added the certificate files on my server and had to upload them to iam and then the load balancer listener for https 443 recognised the certificate and had it available as an option. Do you want to submit the answer or should I ? – Janpan Feb 18 '16 at 14:24
  • Thx @devd for the answer, and it is clear to me now, that when using a load balancer, you have to setup an HTTPS listener on the load balancer in order to receive any HTTPS traffic to the instance. This was my experience, just glad it works now and I figured out why it was not. – Janpan Feb 19 '16 at 07:06