3

I am getting a problem when trying to access my domain with https causes a request timeout on AWS.

I have a load balancer, with 2 listeners, one at port 80 for http and one at port 443 (with a relevant certificate attached to it) for https

Visiting the site at just http:// works fine, with my aliased domain name, and correctly returns data, but as soon as i try with https:// it just times out

Happy to provide info, im not sure what other bits are relevant, but this is the domain in question (the root just redirects to a front end)

http://api.endlessvine.co/vines?page=1&rarity=2 (works)
https://api.endlessvine.co/vines?page=1&rarity=2 (doesnt work)

jthawme
  • 223
  • 1
  • 10
  • 2
    Do you have port `443` open in the security group assigned to the load balancer? How is the SSL listener on the load balancer configured to forward requests to the server? Specifically, what server port does it forward requests to? – Mark B Jun 29 '18 at 13:03
  • I think so? Looking at the security group there is a 'Custom TCP Rule' with the port 443. Then there is '443 (HTTPS, ACM Certificate: ...) forwarding to 443 (HTTPS) in the port configuration – jthawme Jun 29 '18 at 13:46
  • 3
    So you are forwarding to port 443 on the back-end server, but is the back-end server even listening on port 443? You most likely need to configure the 443 listener on the load balancer to forward to port 80 on the server (or whatever port the port `80` load balancer listener is forwarding to). – Mark B Jun 29 '18 at 13:51
  • I have a listener on my load balancer set up like this 'port: 443 protocol: HTTPS instance port: 443 instance protocol: HTTPS'. How do i add forwarding from 443 to port 80? – jthawme Jun 29 '18 at 14:12
  • 2
    Change "instance port" to `80` ... – Mark B Jun 29 '18 at 14:23
  • So initially i tried this, but what I fooooolishly made the mistake with is i didnt change instance protocol to 'http' from 'https' so it complained about trying to serve secure and non secure at the same time. You do not know what anguish you have saved me from today, thank you – jthawme Jun 29 '18 at 14:43
  • 2
    Since I also struggled a long time with this particular setup I documented the whole thing [here](https://stoitschev.de/2018/09/10/enable-elastic-beanstalk-for-https-with-a-load-balancer/). Thanks to @MarkB for clarifying the listener config. – Viktor Stoitschev Sep 11 '18 at 11:25
  • 1
    OMG can we please have @MarkB's comment submitted as an answer and marked as the correct answer! Had this 408 issue for about 4 hours today and this is the first time I've seen someone mention this! thank you so much! – Caleuanhopkins Oct 02 '18 at 19:23
  • I was struggling all day as well. In previous versions, the Amazon Linux 1 we were using inside beanstalk containers set the instance targets to port 80, and so this easy and aws recommended approach to SSL load balanced sites was doing it correctly, unlike the current form, which sort of hides it. – Joel Teply Aug 05 '22 at 03:18

1 Answers1

12
  • Go to EC2
  • Click Load balance anad configure port for https 443 point to port 80

enter image description here

vaquar khan
  • 10,864
  • 5
  • 72
  • 96