How to use https in Amazon EC2 with NGINX and Ruby on Rails?

0
votes

After 12 hours, I could not make HTTPS work in my application. I did:

  1. In Amazon Certificate Manager, I created a certificate for my domain;
  2. In Security Groups - Inbound Tab, I included the HTTPS (HTTPS - TCP - 443 - 0.0.0.0/0)

  3. I created a Classic Load Balancer and included 2 listners:

    • HTTP - Port 80
    • HTTPS - Port 443 | Instance Protocol HTTP | INSTANCE PORT 80 | Associate my certificate (step 1 - ACM Amazon Certificate Manger)

  4. In Amazon Route 53 - Hosted Zones, I added 2 records in my hosted zone:

    • CNAME www with value mydomain.com
    • Type A IPv4 Address | Alias YES | Alias Target: My Load Balancer

In tutorials I saw (youtube + internet), only with the steps above the HTTPS works on Amazon EC2. But, the tutorials is not for NGINX and Ruby On Rails.

The error I get is: ERR_CONNECTION_REFUSED

After more search:

  1. Using ssh, I went to: /etc/nginx/sites-available/myapp and I removed the comment: listen 443 ssl;

After restart nginx, I got 2 random errors: ERR_CONNECTION_RESET and ERR_CONNECTION_CLOSE

I don't know more what to do.

Some prints:

Security Group Security Group

Load Balancer - Tab Instances Load Balancer - Tab Instances

Load Balancer - Tab Listners Load Balancer - Tab Listners

Amazon Hosted Zones Amazon Hosted Zones

/etc/nginx/sites-available/myapp /etc/nginx/sites-available/myapp

My Environment

OS: Ubuntu 14.04.2 LTS
ruby -v: ruby 2.2.2p95 (2015-04-13 revision 50295) [x86_64-linux]
rails -v: Rails 4.2.3
nginx -v: nginx/1.8.0

Tks everyone!

1
ruby-on-railsamazon-web-servicesnginxamazon-ec2

1 Answers

0
votes

The problem was that the domain's DNS records did not point to my EC2. When I registered the custom domain, I leaved the DNS records default. In domain advanced DNS zone, I pointed "*.domain.com" and "@.domain.com" to my EC2 public IP. But it not works when we use a Load Balancer.

Then, I went to my domain panel, I changed the DNS, pointing to my EC2. Are 4 DNS, like this:

ns-XXX.awsdns-XXX.org
ns-XXX.awsdns-XXX.co.uk
ns-XXX.awsdns-XXX.net
ns-XXX.awsdns-XXX.com

After the DNS propagation, the Amazon Route 53 will be the responsible to manage the server DNS records.

In Amazon Route 53 (Amazon Hosted Zones), I have an alias record, that use my Load Balancer.

If you want to use an Amazon Certificate Manger (ACM), follow the steps 1 to 4 in my question. And remember, point your domain DNS to Amazon EC2. Forget the step 5.

I followed a tutorial on Youtube to do this to work. If you alredy have an instance (like me), ignore the create instance process. I ignored the Elastic IP create process too.

And now, https works fine.