Issue
I'm trying to configure my server so that it terminates https connections at the EC2 instances. This is all on Elastic Beanstalk, and my environment is Node.js. The connection from the client to the load-balancer is already https, but I am taking this extra measure to meet HIPAA requirements.
I feel like I followed the instructions on AWS docs to the T, but am getting a "502 Bad Gateway" error. Below are the steps I took. Please let me know if you need more information.
Added secure listener on Application Load Balancer using the console. (followed instructions here)
Made a self-signed certificate using OpenSSL. For "Common Name," entered the qualified domain registered with Route 53 (looks something like server.example.com). (followed instructions here)
Configured nginx to listen on port 443 and terminate SSL connections using the certificate by creating a config file
.ebextensions/https-instance.config(followed instructions here)
--- from here on, the contents of the config files can be found here----
Configured the secure listener on the load balancer to forward to port 443 of instances using config file
.ebextensions/https-reencrypt-alb.configConfigured security group of the load balancer using
.ebextensions/https-lbsecuritygroup.configConfigured security group of the EC2 instances using
.ebextensions/https-backendsecurity.config
Thanks in advance for any help.
EDIT 1:
- The server returns a valid response if I make a http request (i.e. http://server.example.com).
- The security group rules are currently set so that both load balancer and instances allow All Traffic from Anywhere on all ports.
- The error.log for nginx shows rows and rows of
2021/03/19 17:33:43 [error] 12568#0: *159 connect() failed (111: Connection refused) while connecting to upstream, client: 172.XX.XX.XX, server: , request: "GET / HTTP/1.1", upstream: "http://127.X.X.X:8081/", host: "172.XX.X.XXX"(X's are my redaction)
Solution
This article solved my problem.
I think that the issue was that, contrary to what the docs claimed, nginx wouldn't play nicely with a self-signed certificate. I used Let's Encrypt instead of self-signing an OpenSSL one.
One more thing I noticed is that the instructions in the docs might be creating the nginx config file in an outdated location. The location specified by the article cited above was effective for my Linux2 EC2.
Answered By - user14481041 Answer Checked By - Candace Johnson (WPSolving Volunteer)
