How can I configure .ebextensions so the EB load balancer terminates https, then forwards the unencrypted request to my EC2 instance. And the EC2 instance reads the request.
My load balancer accepts requests on 2 ports. 80 and 443. 443 has an uploaded cert which I purchased with "AWS Route 53" and requested a certificate with "AWS Certificate Manager" (required to open port 443).
(*** ssl cert hidden above)
Also my security groups allow https over 443.
The problem is I don't know how to write the .ebextensions/...config to allow accepting unencrypted requests over 443 that are passed from the load balancer.
I found this (amazon docs): https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-singleinstance-python.html and (stack overflow): Flask on Elastic Beanstalk with SSL gives 403 Forbidden
But I think these both give examples when the load balancer is just forwarding the encrypted requests.
I've tried below but it was unsuccessful:
#https.config
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupName: {Ref : AWSEBSecurityGroup}
IpProtocol: tcp
ToPort: 443
FromPort: 443
CidrIp: 0.0.0.0/0
Where I'd like the load balancer to do decryption, then forward the unecrypted request to a port that my app uses.
In my app:
# wsgi.py
from app import application
if __name__ == "__main__":
application.run(host='0.0.0.0', port=443)
Currently http works well and fast, but https just times out.
I'm a developer but I know almost nothing about sysops.
I've been trying to debug this for over a day so any help would be very appreciated.
UPDATE:
Based on Configure apache to listen on port other than 80 , I tried changing:
Listen 80toListen 443in/etc/httpd/conf/httpd.conf<VirtualHost *:80>to<VirtualHost *:443>in/etc/httpd/conf.d/wsgi.conf- then ran
sudo /sbin/service httpd restart
