Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Application load balancer works for https not http.

0

On my Application load balancer configuration the https listener and traffic distribution is working allright. Now while I was trying to redirect all http traffic to https, it seems not to work.

the Security group attached with the LB has two inbound rules a) to allow https (TCP, 443) from 0.0.0.0/0 b) to allow http (TCP, 80) from 0.0.0.0/0

After a lot of debugging and trials below is the final bare bones trial setup that needs resolution. (even excluding the instances and their internal traffic/rules)

For a test sub domain, for my LB The HTTPS:443 listener has a rule when condition Host Header is 'test.domainName.com'
send a fixed response code '200' and response body 'HTTPS success'

Similarly The HTTP:80 listener has a rule with condition Host Header is 'test.domainName.com'
send a fixed response code '200' and response body 'HTTP success'

Then wget -S https://test.domainName.com/ Resolving test..... Connecting to test ..... :443... connected. HTTP request sent, awaiting response... HTTP/1.1 200 OK Server: awselb/2.0 Date: Wed, 19 Jun 2024 08:33:05 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 13 Connection: keep-alive

and HTML body "HTTPS success"

whereas wget -S http://test.domainName.com/ Resolving test......... Connecting to test............ ^C

is just stuck on connecting for ever.

What could be the issue ? I have also tried temporarily to allow all incoming traffic on the security group rule b) but nothing happened. Is there a way to check if the LB port 80 is indeed working or there is something else ? Please let me know if you need any more information.

Thanks

Topics
Networking & Content Delivery
Tags
Application Load BalancerSecurity Group
Language
English
asked 2 years ago617 views
3 Answers
0

Hlo.

Steps to Check and Resolve the Issue:

Security Group Configuration:

Ensure that your security group attached to the load balancer allows inbound traffic on both HTTP (port 80) and HTTPS (port 443).

Verify that there are no conflicting rules or missing outbound rules.

Listener and Rule Configuration:

HTTP Listener on Port 80:

Create a rule to redirect all HTTP traffic to HTTPS. This can be done in the AWS Management Console under the Load Balancer listeners settings.

Configure the rule as follows: Condition: Path is / (or other conditions as needed).

Action: Redirect to HTTPS (port 443), with the appropriate status code (usually 301 for permanent redirection or 302 for temporary redirection).

HTTPS Listener on Port 443: Ensure that this listener has a rule that forwards traffic to the target group.

Target Group Configuration:

Ensure that the target group associated with your HTTPS listener is properly configured and has healthy targets.

Check health check settings and ensure the targets are healthy and receiving traffic.

Check SSL Certificate:

Verify that the SSL certificate attached to your HTTPS listener is valid and correctly configured. Make sure the certificate covers the domain (test.domainName.com) and is not expired.

DNS Configuration:

Ensure that your DNS (Route 53 or other DNS provider) correctly points to your load balancer. Verify the A or CNAME record for test.domainName.com points to your load balancer's DNS name.

EXPERT
answered 2 years ago
EXPERT
reviewed 2 years ago
  • Vikas
    2 years ago

    Hi, Since the https resolution for same domain, subdomain is working fine DNS, SSL, 443 listener is working fine. Also in the bare bones testing above I am sending a response code 200 and a success message from the ALB itself (without going to any of the internal instances) so (I think we) can rule out any internal configuration issue, unless there is something, I am missing.

    As far as Security group attached to ALB is concerned it has 2 rules to allow inbound 443 and 80, and outbound rules (port 80) to the internal web subnets.

    This setup works for same URL on https but not for http.

  • Thanniru Anil Kumar EXPERT
    2 years ago

    Security Group Configuration:

    Ensure your ALB's security group allows inbound traffic on both ports 80 (HTTP) and 443 (HTTPS).

    Example Security Group Inbound Rules

    Inbound:

    • Type: HTTP, Protocol: TCP, Port: 80, Source: 0.0.0.0/0
    • Type: HTTPS, Protocol: TCP, Port: 443, Source: 0.0.0.0/0

    Outbound:

    • Type: All traffic, Protocol: All, Port: All, Destination: 0.0.0.0/0 HTTP Listener Configuration:

    Ensure you have an HTTP listener on port 80. Set up a rule to redirect HTTP traffic to HTTPS. AWS Console Steps: Go to the AWS Management Console. Navigate to EC2 > Load Balancers. Select your Application Load Balancer. Go to the Listeners tab. Click on View/edit rules for the HTTP listener (port 80). Add a new rule to redirect HTTP to HTTPS. Rule Configuration: Condition: Path is / (or other conditions as needed). Action: Redirect to HTTPS, Port 443, Status code 301 (Permanent Redirect).

0

Hi Vikas,

Please try this solution it will be helpful for you.

when you do not have permission to access a web page or something else on a web server. i will share you some of possibilities to occurs your error and how to resolve

Security Group Configuration:

you must Open ports 80, 443, and any application-specific ports in the security group associated with your EC2 instances. Make sure the security group allows traffic from the ALB.

ALB Target Group Port Forwarding:

Verify that the ALB's target group is correctly configured to forward HTTP traffic (port 80) to HTTPS (port 443). Check the target group's health.

Domain Configuration:

Confirm that your domain is hosted in Route 53 and that the DNS records are correctly configured to point to the ALB's DNS name.

Verify that the domain name is spelled correctly and that there are no typos.

Check if the domain name's validation is expired dates and renew it if necessary.

Ensure that the domain's nameservers are correctly set to Route 53. If using a registrar like GoDaddy, update the nameservers accordingly.

these are maximum chances to resolve your get error, i hope this will helpful if you still facing same issue try to share detailed version of that error i will try to resolve.

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancer-getting-started.html

EXPERT
answered 2 years ago
0

As suggested by Thanniru Anil Kumar

I have the following setup. Security Group settings. Inbound:

Type: HTTP, Protocol: TCP, Port: 80, Source: 0.0.0.0/0
Type: HTTPS, Protocol: TCP, Port: 443, Source: 0.0.0.0/0

Outbound:

Type: All traffic, Protocol: All, Port: All, Destination: 0.0.0.0/0 HTTP Listener Configuration:

I am NOT even trying a http to https redirect now. just a test domain test.domainName.com for for the https and http listener on the ALB. Which returns a fixed response from ALB itself.

Enter image description here

Same setup which I have done for https works.

So either .

  1. There is still some issue with the security group
  2. ALB port 80 is not listening.

nc test.domainName 80 does not return any response. while nc test.domainName 443 returns a message

Any further help would be highly appreciated.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content