0

I'm running into problems while trying to run my API that's hosted on AWS EC2 through a HTTPS protocol.

The API runs normally without the ELB setup, however, after trying to configure (I follow the recommended steps), I get the 502 Bad Gateway message.

Here's my configuration:

  • AWS EC2 (t3a.small) running a docker container of my ExpressJS app listening on port 3000;
  • Security group with http:80 and https:443 open;
  • ACM that covers the following domains (mydomain.com, *.mydomain.com);
  • ELB listening to ports: http:80, https:443, https:3000;
  • Route 53 with my hosted zone containing the A-type record with the ELB DNS value;

Previously URL

http://ec2-ip-address.zone.compute.amazonaws.com:3000/api/

Now

https://api.mydomain.com:443/api/{resourceName}

Please, I will appreciate any insight on how to properly set up in case I missed something let me know.

Gilson Viana
  • 723
  • 1
  • 8
  • 13
  • What is this `https:3000`? A path from ALB to your EC2? – Marcin Apr 29 '20 at 01:15
  • It's the listener ID on the Load Balancer. – Gilson Viana Apr 29 '20 at 01:19
  • I mean, what protocl do you use to communicate with instances. Seems to me you are using HTTPS. But it should be HTTP, as ALB terminates SSL connection, and sends HTTP traffic to your instance. – Marcin Apr 29 '20 at 01:23
  • I added a forward rule for the HTTPS:443 to target group HTTP:80 which should take care of this. But it seems not to be the case. – Gilson Viana Apr 29 '20 at 01:26
  • In your question you write "http://ec2-ip-address.zone.compute.amazonaws.com:3000" which means API is on port 3000. So is it 3000 or 80? – Marcin Apr 29 '20 at 01:27
  • 1
    The traffic should be: client ---->HTTP:80, HTTPS:443 ----> ALB ----> HTTP:3000 --->EC2 instance with API – Marcin Apr 29 '20 at 01:31
  • Thanks for clarifying that to me. The API runs on the port 3000. That’s the port that is open on my docker container. So when I created the ECS task definition I set the port 3000 open. – Gilson Viana Apr 29 '20 at 01:40
  • I guess its working now? – Marcin Apr 29 '20 at 01:42
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/212791/discussion-between-gilson-viana-and-marcin). – Gilson Viana Apr 29 '20 at 13:34

1 Answers1

1

So, with the help of @Marcin (see the comments on my question) and others (Reddit forum) I was able to get it working properly.

The issue was that the ELB wasn't able to communicate with my EC2 instance through the 3000 port since this port wasn't configured on my Security Group.

You need to create an ALB (Application Load Balancer) and the SG with HTTP:80 and HTTPS:443, next select your instance and set it to communicate with your it through the port 3000 (or whatever port your EC2 is running).

You should have two security groups, one assigned to the EC2 instance and one assigned to the ELB. The EC2 security group should allow access from the ELB sg on port 3000. The ELB sg should allow worldwide access on port 80 and 443. The ELB should not listen to port 3000 (towards the world), but should have the internal port set to 3000. If everything works, you should be able to see your EC2 instance as Healthy in the ELB console.

Also, on the Healthy Check, don't forget to set it to listen to an endpoint that actually returns something, like a 200 OK status code otherwise, AWS ELB will presume that has no connection with the EC2 instance.

Gilson Viana
  • 723
  • 1
  • 8
  • 13