Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS - SSL/HTTPS on load balancer

Tags:

ssl

amazon-web-services

amazon-ec2

I have a problem to add https to my EC2 instance and maybe you guys can have the answer to make it work.

I have a load balancer that is forwarding the connection to my EC2 instance, I've add the SSL certificate to the load balancer and everything went fine, I've add a listener to the port 443 that will forward to the port 443 of my instance and I've configured Apache to listen on both port 443 and 80, now here the screenshot of my load balancer:

enter image description here

The SSL certificate is valid and on port 80 (HTTP) everything is fine, but if I try the with https the request does not got through.

Any idea?

Cheers

like image 485
Matteo Hertel Avatar asked Nov 16 '14 21:11

Matteo Hertel

People also ask

Does HTTPS end at load balancer?

To use an HTTPS listener, you must deploy at least one SSL/TLS server certificate on your load balancer. The load balancer uses a server certificate to terminate the front-end connection and then decrypt requests from clients before sending them to the targets.

How does SSL work with a load balancer?

If you use HTTPS (SSL or TLS) for your front-end listener, you must deploy an SSL/TLS certificate on your load balancer. The load balancer uses the certificate to terminate the connection and then decrypt requests from clients before sending them to the instances. The SSL and TLS protocols use an X.

Do Loadbalancer redirect http to HTTPS?

Select a load balancer, and then choose HTTP Listener. Under Rules, choose View/edit rules. Choose Edit Rule to modify the existing default rule to redirect all HTTP requests to HTTPS.

2 Answers

Elastic Load Balancer can not forward your HTTPS requests to the server. This is why SSL is there : to prevent a man in the middle attack (amongst others)

The way you can get this working is the following :

  • configure your ELB to accept 443 TCP connection and install an SSL certificate through IAM (just like you did)
  • relay traffic on TCP 80 to your fleet of web servers
  • configure your web server to accept traffic on TCP 80 (having SSL between the load balancer and the web servers is also supported, but not required most of the time)

  • configure your web servers Security Group to only accept traffic from the load balancer.

  • (optional) be sure your Web Servers are running in a private subnet, i.e. with only private IP addressed and no route to the Internet Gateway

If you really need to have an end-to-end SSL tunnel between your client and you backend servers (for example, to perform client side SSL authentication), then you'll have to configure your load balancer in TCP mode, not in HTTP mode (see Support for two-way TLS/HTTPS with ELB for more details)

More details :

  • SSL Load Balancers : http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/US_SettingUpLoadBalancerHTTPS.html
  • Load Balancers in VPC : http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/UserScenariosForVPC.html
like image 167
Sébastien Stormacq Avatar answered Sep 19 '22 11:09

Sébastien Stormacq

Do you have an HTTPS listener on your EC2 instance? If not, your instance port should be 80 for both load balancer listeners.

like image 23
Richard Szalay Avatar answered Sep 22 '22 11:09

Richard Szalay
Sign in to Comment

Related questions

pycurl https error: unable to get local issuer certificate
Wordpress get_template_directory_uri() returns http instead of https
Does android support .jks keystore type?
multiple ssl virtual hosts on apache
ERR_INSECURE_RESPONSE handing tips in Javascript
Directly Read/Write Handshake data with Memory BIO
OAuth 2.0 two-legged authentication vs SSL/TLS
Display received cert with curl?
What happens on the wire when a TLS / LDAP or TLS / HTTP connection is set up?
How to RestSharp add client certificate in Https request? (C#)
How do I setup ssl on a rails 4 app? (nginx + passenger)
Get remote ssl certificate in golang
How to provision a CloudFront distribution with an ACM Certificate using Cloud Formation
nginx SSL no start line: expecting: TRUSTED CERTIFICATE
Disable SSL as a protocol in HttpsURLConnection
Curl - cannot connect using p12 certificate
haproxy: inconsistencies between private key and certificate loaded from PEM file
How to create a certificate chain using keytool?
Spring Boot MongoDB Connectivity Issue
Testing HTTPS files with MAMP [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!