How to set up Nginx with HTTPS on EC2 instance with ELB and ACM

Question

I have set up a EC2 instance on which I have installed a flask API that runs using Gunicorn and Nginx as a reversed proxy. I wanted to run it with https protocole, so I bought a domain name via OVH and I asked a certificate via AWS Certificate Manager, which had then been validated. So I set up an Elastic Load Balancer to be able to use this newly certificate. However, I do not know how to modify my Nginx configuration file.

For now it is this one :

server {
    listen 443 ssl;
    server_name <my domain name>;

    location / {
        proxy_pass http://unix:<path to the gunicorn socket>;
    }
}

However, with this configuration, I cannot start Nginx since there is no SSL certificate specified. But as you know, with AWS Certificate Manager, it is not possible to download any certificates, that's why I set up an ELB.

So how can I solve my issue ?

EDIT

I changed my Nginx configuration file to :

server {
    listen 80;
    server_name <my domain name>;

    location / {
        proxy_pass http://unix:<path to the gunicorn socket>;

        # Configurations supplémentaires
    }
}

I also added an entrant rule on port 80 for the EC2 instance.

Here are the listeners I created for the ELB :

And here is the target group : With its saved targets : And its healthcheck settings :

However, as you can see, the health status of the instance resulted in unhealthy, and I do not know why. Besides, with the adding of the ELB, I do not know if I should keep the line server_name <my domain name> in the Nginx configuration file or if I should change it to server_name <public IP of EC2 instance>

score 2 · Accepted Answer · answered Jul 15 '23 at 22:19

2

First, you create an Aplication Load Balancer (ALB). Then create a HTTP Listener on port 80 and add a default rule to redirect traffic to HTTPS on port 443. Create an additional HTTPS listener on port 443. Set the default action to forward all traffic to a target group. Specify the ACM certificate that was created for your domain as the default SSL certificate. Create and gonfigure the target group on port 80. Add your instance to the target group and set up your app to listen on port 80.

answered Jul 15 '23 at 22:19

Vasyl Herman

414
2
11

Hi, can you read the edit I made and come back to me please ? – hitaton Jul 16 '23 at 18:52
1

Sure. It says `healthcheck failed 404` Can you show healthcheck settings? Ideally, you should create a `/health` endpoint in Flask that responds `200` – Vasyl Herman Jul 17 '23 at 05:55
1

Add `server_name localhost;` in nginx.conf – Vasyl Herman Jul 17 '23 at 06:03
I added me healthcheck settings in the edit. Besides, with the following code, will it work if I point the healtcheck to ```/health``` ? ```@app.route('/health') def health_check(): return '', 200``` – hitaton Jul 17 '23 at 07:04
Ok, by adding the code above and ```server_name localhost;``` and by pointing the healthcheck settings to ```/health``` now the instance is healthy. Thank you so much for your help. – hitaton Jul 17 '23 at 07:29

How to set up Nginx with HTTPS on EC2 instance with ELB and ACM

1 Answers1