- Newest
- Most votes
- Most comments
Presumably, the reverse proxy is setup on the same EC2 instance as the service itself. In this case, your security group should only allow incoming connections to port 443. Any attempts to connect to port 8443 from outside the instance will be dropped. Leave outbound rules as default (meaning, fully open).
If however your reverse proxy is a separate instance, you should configure two security groups, one for the reverse proxy instance and one for the instance that has your application.
- The reverse proxy SG should contain incoming connections for port 443 from whatever source you desire. The site would be accessed via https:// not http://. Configure port 80 instead if you're not using SSL. The outgoing rules should be left at default (meaning, fully open).
- The application SG should contain either a reference to the above SG or the IP address from your reverse proxy instance, incoming on port 8443. Leave outbound rules as default (meaning, fully open).
If for some reason you're using non-default NACLs, you'll have to configure the rules in both directions. SGs wrap themselves around interfaces of your resources, while NACLs wrap themselves around subnets.
My reverse proxy is within my instance ( I am using SSL). My concern is that by removing it from the security group my springboot will no longer spin up. That port has to be open. As of right now the application site is now accessibly by 443 and 8443. I want to make sure there is no incoming traffic from 8443. I have tried changing the security group to restrict access to the instance IP and my own but the springboot will not connect. I also tried setting up a firewall but then the registry would be unable to connect. How can I stop 8443 connection without interfering with my springboot?
Ok, I think I understand the issue.
Make sure that your reverse proxy is connecting to the application using the 127.0.0.1 IP address and not by hostname or any IPs that were assigned to you by the EC2 service. Remove the security group entry for 8443. Now, your reverse proxy should access the Springboot application directly within the server itself and the security group will block any client access directly to 8443.
The configuration of your security group should not have any effect on the application itself starting or booting.
If this resolves your issues, kindly accept the answer to mark this question as closed.
So if I have this : ServerName example.com Redirect / https://example.com/ and this : ProxyPass / https://example.com:8443/ ProxyPassReverse / https://example:8443/ Where would the 127.0.0.1 go?
My reverse proxy consists of other things of course.
When your proxy is forwarding the request, it should be forwarded to https://127.0.0.1:8443. If your spring boot app is not using SSL, then just http://127.0.0.1:8443. The 127.0.0.1 address simply refers to the local server itself.
I changed my forwarding to https://127.0.0.1:8443. My springboot no longer spun up once I removed port 8443. I cannot remove port 8443. I have tried manipulating the security groups but the it doesn't spin up. If I keep it there, then there is external access to the web browser:8443
Relevant content
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 4 years ago
- AWS OFFICIALUpdated 2 years ago
I assume that when you say "my springboot does not boot.", that you mean it doesn't load in your web browser.