I've setup 2 Rails server instances with an Elastic Load Balancer. I setup SSL via opsworks and when I hit the IP of my instances with https e.g. https://1.2.3.4 I can see the correct certificate.
However, when I hit the domain of the Elastic Load Balancer, a timeout is thrown (loads endlessly).
How should I setup ELB, to properly redirect with https to my instances?
Found the answer was in Security Groups. Besides setting all inbound connections to accept HTTPS protocol and port 443, you have to set the outbound connections of the ELB. I found out that they were only to HTTP, and trying to access the instances with HTTPS it failed. I setup a new outbound rule HTTPS to anywhere and it worked!
Related
I am working backend server launched on ECS cluster, hosted on an EC2 instance using docker.
the ECS is running great, exposed by IP address and port, but to be used with my ios app it needs to be served over https.
How do serve my ECS container over https? I have read a couple of things regarding using a load balancer, but tutorials are outdated and I can't find one that shows configuration after the ecs cluster has already been created.
Please point me to the right direction so I can get it served over https.
You need to have the following resources:
DNS address
Valid SSL Certificate
Load Balancer
Load balancer security group
Target Group
The target group will mediate between your server and your load balancer.
Also, in the security group define all the rules you currently have in the server security group, and in the server's security group ad a rule that open is open to all traffic in all ports with the security group instead of id.
This guide can help you:https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-create-https-ssl-load-balancer.html
(look at Create an HTTPS/SSL load balancer using the console)
I need URL logs on my network using SQUID and Mikrotik I am able to get HTTP traffic, but I am not getting HTTPS traffic. How to get HTTPS traffic using SQUID and Mikrotik? another way is also fine.
I run a DNS server, with that, I log the DNS requests on the mikrotik.
username || DNS/URL (website.com)
A quick way to test:
Download and install pi-hole on a rapsberry pi, make that the DNS server of your mikrotik and then in pi-hole you will see the DNS queries for each client on the mikrotik. You can then use the actual files on the raspberry pi to create an API for you or use the build in APIs in pi-hole.
Not sure how to do this via squid or web proxy.
I have a Ruby on Rails App hosted on AWS using Elastic-beanstalk which works with HTTP 1 now I want to use HTTP 2. Can someone suggest me the best approach
If I remember correctly when you add a new load balancer to your Elastic Beanstalk environment, it defaults to using a Classic Load Balancer, which doesn't support HTTP/2, I think the solution would be using an Application Load Balancer that does support it, you can find this info here. You can also specify it while creating your environment as you can see here. This will only allow HTTP/2 communication between the client and the ALB, your ALB will convert those HTTP/2 requests into HTTP/1.1 to communicate with your instance.
As seen here: "If end-to-end HTTP/2 is a requirement for your application you can use a Layer 4 ELB ( Classic Load Balancer with TCP listener or Network Load Balancer). If you are interested also in SSL offloading the only option for now is Classic Load Balancer with an SSL listener."
We configured ELB with sticky sessions for the JSESSIONID cookie for two tomcats (tomcat1 and tomcat2)(Flow is - Apache Http Server - ELB - tomcats)
AJP protocol with port 8009 has been configured on tomcat side as from AWS ELB there is no AJP option, we have configured with tcp:8009
So the Apache httpd.conf entry is, (xxx.amazonaws.com is ELB name)
BalancerMember ajp://xxx.amazonaws.com:8009
Somehow the sticky session is not working, the http request is sent to both tomcat servers. Is it because of the protocol on ELB side (tcp:8009)? We are not sure what is missing here, Need help!!
Once you change it to TCP you lose sticky sessions. It is an ELB limitation. You might be able to get away with switching the protocol to HTTP but with a different port other than 80.
Unless I am mistaken, you might have to setup an HA Proxy or something else instead of the ELB. Something that can do both TCP with sticky.
It is well know that websockets+sticky doesn't work on amazon.
https://forums.aws.amazon.com/thread.jspa?messageID=627367
I am using AWS EC2 instances with ELB. I know that ELB itself has SSL connection enabled. My EC2 instances does not support SSL.
Here comes my problem. I need to implement some kind of authentication method like oAuth.
Is there a way to authenticate users with ELB?
You can't do that on ELB.
I recommend you to take a look at the ELB documentation http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/Welcome.html and this blog post http://harish11g.blogspot.com.br/2012/03/ssl-offloading-elastic-load-balancing.html
In Kong, you can do one thing. You can terminate SSL (trusted, can use free SSL via ACM) on ELB of KONG and use the feature Accept HTTP if already terminated in OAUTH2 plugin. But keep in mind the ELB Listeners will be (Secure TCP 443)--> (Secure TCP 8443 [https port exposed by KONG]).