Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why is https being blocked on AWS Elastic Beanstalk?

I'm creating a simple website on AWS Elastic Beanstalk using node js. I'm trying to add an SSL certificate to the EC2 instance but it keeps saying

"Error: listen EACCES: permission denied 0.0.0.0:443"

What did I miss?

EC2 Security Group:

Inbound Rules:

HTTP    TCP    80    0.0.0.0/0
HTTP    TCP    80    ::/0
HTTPS   TCP    443   0.0.0.0/0
HTTPS   TCP    443   ::/0

Outbound Rules:

All traffic    All    All    0.0.0.0/0

Node JS:

    var ipaddress = "0.0.0.0";
    var port = 443;

    var options = {
        key: sslKey,
        cert: sslCert,
        ca: [sslCa]
    }

    server = https.createServer(options, handleRequest);

    server.listen(port, ipaddress, function () {
        console.log("Server listening on port "+port);
    });
like image 915
Gordon Truslove Avatar asked Apr 13 '26 06:04

Gordon Truslove


1 Answers

I know this Elastic Beanstalk stuff is not documented well, but since I did the AWS DevOps certification some time ago which covered this, I remember some points:

  • You should bind your HTTP server to 0.0.0.0. I see you already did that.
  • Your app is not running with root privileges on your EB instance. Usually what they want you to do - probably for security reasons - is to proxy your connection through the nginx proxy which comes pre-configured on your instance. They pass the PORT environment variable to your node.js app and you should use it to listen for upstream traffic by the proxy. [1]
  • For SSL termination on your nginx proxy to work, you must then configure ssl on the proxy accordingly as already pointed out correctly by vikyol. [2]
  • The connection between the proxy and your app will then be unencrypted. This should not be an issue since it does not leave the machine in between.

Some more thoughts

  • I would prefer SSL termination on the load balancer for performance reasons if you have some $$ somewhen.
  • SSL Certificate management usually is much more comfortable via ACM and ELB.

References

[1] https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/nodejs-platform-proxy.html
[2] https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-singleinstance-nodejs.html

like image 105
Martin Löper Avatar answered Apr 15 '26 04:04

Martin Löper



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!