Cannot reach instance via HTTPS

0

Hi,

i'm experiencing a problem with the HTTPS setup

There is a EC2 instance in the "us-east-1c", which at the moment have nginx in Docker container and is responding to the requests via http :80 (no SSL setup in Nginx)

To be able to communicate via HTTPS i've set up a Load Balancer with the following details:

Load balancer type Application Scheme Internet-facing Availability Zones: subnet-0a5ea626d1b3eea1d us-east-1b (use1-az2) subnet-022fe15b2fc4b19dd us-east-1c (use1-az4)

The Load balancer is "active", as it can be seen in the Load Balancers console.

There is one listener: HTTPS:443 which is connected to the previously issued certificate in the certificate manager.

The listener is forwarding requests to the Target Group in the same VPC, zone us-east-1c. This only contains one instance (mentioned in the beginning of this message), and in the Target Groups console it's status is "healthy"

The Security Group for this Load Balancer contain inbound rules for 80 and 443 for both IPv4 and v6

Still, when i'm trying to connect to my instance via https, i.e.:

curl -I 'https://<domain-name>/'

i'm getting "curl: (7) Failed to connect to <domain-name> port 443 after 163 ms: Couldn't connect to server"

while access via HTTP works just fine, i.e.:

curl -I 'http://<domain-name>/'

responds with the following:

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Sep 2023 15:11:33 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1159
Connection: keep-alive
X-Frame-Options: DENY
Vary: origin
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Cross-Origin-Opener-Policy: same-origin

Please, can you help me - what am I doing wrong?

Target group

Listeners

Listener: details

Enter image description here

Thanks in advance!

  • Hello. Could you please send a screenshot with the target group configuration and Listeners configuration?

    Best regards, Andrii

  • @Andrii S - updated the question

1개 답변
1
수락된 답변

Hello.

Is the domain "https://<domain-name>/" correct for accessing ALB?
Have you linked your domain to EC2 by mistake?

Did you update your domain after adding the ALB?
As you can see in the image, there is only 443 in the listener rule, so access on port 80 should fail.

profile picture
전문가
답변함 8달 전
profile pictureAWS
전문가
검토됨 8달 전
  • The domain is correct and the certificate obtained for it is valid.

    Not sure i understand this: "Have you linked your domain to EC2 by mistake?" - since the webserver gives me correct responses via 80, the domain setup should be correct, isn't it?

  • Adding HTTP:80 to the rules didn't help...

  • Could you please share an image of your ALB security group?

  • @Riku_Kobayashi re: screenshot - updated the question

  • When I run the nslookup command, a different IP address is returned. What kind of domain settings do you have?

    nslookup webserver-531843639.us-east-1.elb.amazonaws.com
    Server:         192.168.11.1
    Address:        192.168.11.1#53
    
    Non-authoritative answer:
    Name:   webserver-531843639.us-east-1.elb.amazonaws.com
    Address: 34.231.232.72
    Name:   webserver-531843639.us-east-1.elb.amazonaws.com
    Address: 52.20.15.22
    
    nslookup staging.memory-lane.ai
    Server:         192.168.11.1
    Address:        192.168.11.1#53
    
    Non-authoritative answer:
    Name:   staging.memory-lane.ai
    Address: 54.160.251.252
    

    If zone has just been updated, there may be some cache remaining due to TTL.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠