Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why is https being blocked on AWS Elastic Beanstalk?

Tags:

ssl

amazon-web-services

amazon-ec2

amazon-elastic-beanstalk

I'm creating a simple website on AWS Elastic Beanstalk using node js. I'm trying to add an SSL certificate to the EC2 instance but it keeps saying

"Error: listen EACCES: permission denied 0.0.0.0:443"

What did I miss?

EC2 Security Group:

Inbound Rules:

HTTP    TCP    80    0.0.0.0/0
HTTP    TCP    80    ::/0
HTTPS   TCP    443   0.0.0.0/0
HTTPS   TCP    443   ::/0

Outbound Rules:

All traffic    All    All    0.0.0.0/0

Node JS:

    var ipaddress = "0.0.0.0";
    var port = 443;

    var options = {
        key: sslKey,
        cert: sslCert,
        ca: [sslCa]
    }

    server = https.createServer(options, handleRequest);

    server.listen(port, ipaddress, function () {
        console.log("Server listening on port "+port);
    });
like image 915
Gordon Truslove Avatar asked Apr 13 '26 06:04

Gordon Truslove

1 Answers

I know this Elastic Beanstalk stuff is not documented well, but since I did the AWS DevOps certification some time ago which covered this, I remember some points:

  • You should bind your HTTP server to 0.0.0.0. I see you already did that.
  • Your app is not running with root privileges on your EB instance. Usually what they want you to do - probably for security reasons - is to proxy your connection through the nginx proxy which comes pre-configured on your instance. They pass the PORT environment variable to your node.js app and you should use it to listen for upstream traffic by the proxy. [1]
  • For SSL termination on your nginx proxy to work, you must then configure ssl on the proxy accordingly as already pointed out correctly by vikyol. [2]
  • The connection between the proxy and your app will then be unencrypted. This should not be an issue since it does not leave the machine in between.

Some more thoughts

  • I would prefer SSL termination on the load balancer for performance reasons if you have some $$ somewhen.
  • SSL Certificate management usually is much more comfortable via ACM and ELB.

References

[1] https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/nodejs-platform-proxy.html
[2] https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-singleinstance-nodejs.html

like image 105
Martin Löper Avatar answered Apr 15 '26 04:04

Martin Löper
Sign in to Comment

Related questions

Bad idea to assign a domain to an RDS instance?
Define custom SSH key or find autogenerated SSH key in KOPs
Any way to compress video with AWS service?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!