-1

I have a jfrog factory(port 8081) and jfrog docker( port 8082) running on an EC2 instance

with route53 I defined the url of the domain xxx.io and also two subdomains jrog.xxx.io and docker.xxx.io

with certificate manager I applied for a SSL certificate for the domain xxx.io who normaly is available as well for the subdomain if i dont make any mistakes .

What tools do I need to set up so that when a user enters the url jfrog.xxx.io it is redirected to the jfrog instance (port 8081) but the port of this instance must be mapped to 443 ?

olibruno
  • 31
  • 1
  • 5
  • 1
    If you want to use the certificate from AWS Certificate Manager, you need Elastic Load Balancer or CloudFront. – kichik Apr 16 '21 at 19:57
  • but how can i forward the ports with elastic load balancer from ( 8081 to 443 ) . i know that with cloudfront i can but unfortunately the EC2 instances are already running – olibruno Apr 16 '21 at 20:24
  • 1
    You map the ports in the load balancer target group. You setup a listener in the load balancer for port 443, and you configure the target group to send traffic to port 8081 on the target servers. – Mark B Apr 16 '21 at 20:27
  • So when i create the target group i've to chose the protocol TCP and enters my port ( 8081 & 8082 ) ? – olibruno Apr 16 '21 at 20:33
  • Do you have to use the AWS Certificate Manager? You could put a proxy in front (Nginx or Apache for example) and not have to have a load balancer. Of course, that means you may only have a single instance which may not be what you want. – stdunbar Apr 16 '21 at 21:11
  • As you guessed, I'm starting on AWS and in all the tutorials I've seen people use Certificate Manager for SSL. I tried what you said @stdunbar . In my httpd.conf file ( Nginx in reverse proxy ), I specified that I want it to listen on port 443, but when I restart nginx, it keeps listening on port 80. – olibruno Apr 17 '21 at 05:39

1 Answers1

0

You can use an application load balancer to achieve it.

The load balancer works with target groups and you will need 2 target groups for your load balancer. First target group will map the https (443) to your jfrog docker and the second target group will map https (443) to your jfrog factory.

The target group for jfrog factory will look like: enter image description here

The target group for jfrog docker will look like below. P.S: My instance is unhealthy because it has nothing in it, just a dummy instance. enter image description here

Important things in the target group is the port mapping of your application and the target type. Then register your EC2 instance with the target groups.

Now in your load balancer, choose the tab Listeners and View/Edit rules for the listener of type HTTPS (443).

Then add new rules using a condition host header which will then redirect traffic to your target groups based on your subdomains (host header), it should look something like below. P.S I do not have SSL certificates, so I have used http itself, https should not be any different. enter image description here

The finally you must make a DNS entry of type CNAME to map your domain (xxx.io) to the load balancer's DNS name.

This is where you will get the load balancer's DNS name: enter image description here

atish.s
  • 1,534
  • 11
  • 19
  • 1
    Thank you very much for the information you gave me to solve my problem. I didn't see that in the bottom right corner of target group there were edit rules. Thanks again.@atish.s – olibruno Apr 20 '21 at 07:07
  • @olibruno you're welcome, glad it worked out. – atish.s Apr 20 '21 at 12:01