0

In development environment, we're using three services (register, payment & report) as each docker container inside one single EC2. And mapped that EC2 DNS in cloudfront as using https for mobile application. Now I found those three services are using https as their internal protocol. My question is for those three services to communicate internally, I want to use http protocol instead https not inherit cloudfront because I'm using apm-server inside my report services that's why the rest two services are not able to communicate apm-server because of https. Without using Cloudfront, those are working. So, is there anyway to configure not using https internally in cloudfront?

PPShein
  • 13,309
  • 42
  • 142
  • 227
  • Cloudfront is useful for your mobile application to talk to the services. But you don't need to go through CloudFront to talk to the other services. can't you talk to the services directly via `http://localhost:port` . am i missing something – Arun Kamalanathan Dec 21 '19 at 05:28
  • without cloudfront they're calling one another with `http://localhost:8200`, that's fine. But while using with cloudfront, it goes to `https://localhost:8200` that's `apm-server` rejected that protocol. – PPShein Dec 21 '19 at 05:32
  • are you saying, you need to make an https listener for the api-server in order to make it served via CloudFront ? – Arun Kamalanathan Dec 21 '19 at 05:34
  • I want my three services to communicate one another with `http` protocol internally. – PPShein Dec 21 '19 at 05:45
  • can you draw me a picture. – Arun Kamalanathan Dec 21 '19 at 08:46
  • https://ibb.co/2vjXBD6 without cloudfront, they communicate over http. but with cloudfront, they communicate over https, that's what I don't want. – PPShein Dec 22 '19 at 09:25

1 Answers1

0

Cloudfront supports three methods to connect to origin, those are "HTTP Only", "HTTPS Only" and "Match Viewer". here is the definition from cloudfront.

Select whether you want CloudFront to connect to your origin using only HTTP, only HTTPS, or to connect by matching the protocol used by the viewer. For example, if you select Match Viewer for the Origin Protocol Policy, and if the viewer connects to CloudFront using HTTPS, CloudFront will connect to your origin using HTTPS.

So your options are clear.

  • choose "HTTP Only", cloudfront always uses http to talk to your origin. this solves your problem, but not safe. therefore not recommended

  • choose "HTTPS Only" for cloudfront,

    • But you could setup an additional http listener for your apm-server for your internal modules to communicate (if the server is configurable that way). if you are doing this, you could allow http traffic only from the internal applications.

    or

    • You can setup a proxy application that accepts http traffic and then forwards the requests to apm-server via https.
Arun Kamalanathan
  • 8,107
  • 4
  • 23
  • 39