1

I would like to ask about how to configure Nodejs (backend/server) to accept HTTPS request from client side (Front end).

What we did.

  • Registered domain name in AWS.
  • List item
  • Requested SSL in ACM.
  • Create bucket in S3, and store our front-end code (angular 5) inside of it.
  • Created distribution in cloud front and put our custom ssl there and connect to bucket in S3.
  • We set up also ec2 instance and store our back-end code (node js) there.
  • In our front end code we connect to the ip of our ec2 instances so that we can connect to backend.

The problem:

  • The front-end can't access the backend in ec2 instances because the front end is https and the backend is http (we don't know how to configure it from http to https in AWS EC2 Instance).
  • Do you know how to setup web app in aws which front end and backend code is separated?
  • What did we missed?
Cœur
  • 37,241
  • 25
  • 195
  • 267
Richard Vergis
  • 1,037
  • 10
  • 20
  • 1
    Just over the top of my head if you need https on ec2 why don't you put ec2 behind a Load Balancer and attach ACM ssl to it this way you will have https criteria fixed. – Kush Vyas Feb 21 '18 at 08:00
  • Thanks for the response @KushVyas I already have an ACM ssl to my ELB and also made an alias to a domain which is "api.dummydomain.com". The problem is, how to use this api.dummydomain.com to be use in the nodejs backend code which is http://localhost:3000/dummyapi? Thanks – Richard Vergis Feb 22 '18 at 03:35

1 Answers1

4

What did we missed?

If I understand you correctly, you have a Cloudfront distribution serving angular which is then attempting to connect to an EC2 instance - I presume the IP address or public DNS entry for the EC2 is hard-coded into the angular code.

This is not a good arrangement - if your EC2 goes down or the IP address changes you will need to push a new site to S3 - and then this change will take time to propagate through Cloudfront.

What you should rather be doing is this.

  1. create an application load balancer
  2. create a target group and add your EC2 to that target group.
  3. add a listener on the ALB, listening on the port your web app connects on, with a rule that forwards to the HTTP port of the back-end EC2.
  4. Add a route 53 DNS Alias record for the ALB (because ALBs do sometimes go away or change their IP address)
  5. Change your front-end code to point at the Route 53 Alias record.

(This is an incredibly simplistic way of doing things that leaves your EC2 open to the internet etc etc).

You should also give serious thought to putting your EC2 into an autoscaling group that spans at least two availability zones, and to setting its minimum size to ensure at least servers are running at any one time.

AWS EC2 instances can go away at any time, and when they do your app goes down with them.

mcfinnigan
  • 11,442
  • 35
  • 28
  • 1
    Point 4 should probably be: "Change your front end code so it connects to the ALB endpoint (instead of EC2 IP address)" – Dusan Bajic Feb 21 '18 at 08:19
  • @mcfinnigan. Thanks for your feedback. We will try this one and we will inform you the progress later. – Richard Vergis Feb 22 '18 at 00:53
  • @DusanBajic. Thanks for the suggestion. We will also try this out. – Richard Vergis Feb 22 '18 at 00:54
  • Surely there's a more private configuration than this. I see a lot of this relying on requests being routable over the internet, which solves the availability problem but create some new security ones. Also, a solution that works for more small scale solutions - where an ALB would be excessive - would be ideal and more to the point. – goldfishalpha Nov 09 '21 at 16:18