AWS - SSL/HTTPS on load balancer

16
votes

I have a problem to add https to my EC2 instance and maybe you guys can have the answer to make it work.

I have a load balancer that is forwarding the connection to my EC2 instance, I've add the SSL certificate to the load balancer and everything went fine, I've add a listener to the port 443 that will forward to the port 443 of my instance and I've configured Apache to listen on both port 443 and 80, now here the screenshot of my load balancer:

enter image description here

The SSL certificate is valid and on port 80 (HTTP) everything is fine, but if I try the with https the request does not got through.

Any idea?

Cheers

2
sslamazon-web-servicesamazon-ec2

2 Answers

30
votes

Elastic Load Balancer can not forward your HTTPS requests to the server. This is why SSL is there : to prevent a man in the middle attack (amongst others)

The way you can get this working is the following :

  • configure your ELB to accept 443 TCP connection and install an SSL certificate through IAM (just like you did)
  • relay traffic on TCP 80 to your fleet of web servers
  • configure your web server to accept traffic on TCP 80 (having SSL between the load balancer and the web servers is also supported, but not required most of the time)

  • configure your web servers Security Group to only accept traffic from the load balancer.

  • (optional) be sure your Web Servers are running in a private subnet, i.e. with only private IP addressed and no route to the Internet Gateway

If you really need to have an end-to-end SSL tunnel between your client and you backend servers (for example, to perform client side SSL authentication), then you'll have to configure your load balancer in TCP mode, not in HTTP mode (see Support for two-way TLS/HTTPS with ELB for more details)

More details :

3
votes

Do you have an HTTPS listener on your EC2 instance? If not, your instance port should be 80 for both load balancer listeners.