What changes require in LEMP stack for session handling over HTTPS with AWS Certificate Manager (ACM) and EC2 server running behind ELB?
I came to know I can use AWS Certificate Manager(ACM) to get wild card SSL i.e. *.example.com.
SSL certificate created in ACM can be used on EC2 running behind AWS ELB.
The problem occurs when there is request from AWS ELB from port 443 to EC2 on port 80, URL in browser still on HTTPS, internal PHP is running on HTTP(not listening in nginx config to 443), so session is not valid, and the application logout flow occurs and session is not valid.
I have no idea how to resolve this, or how I can configure port 443 in nginx witout SSL?
PS
As Amazon do not give option to download SSL private key and public key from ACM to setup SSL on EC2 nginx config over port 443.
As you added SSL to the load balancer, not your instance, you don’t have to deal with configuring keys or listening on a new port. As far as the web server is concerned you’re still running under HTTP which comes with it’s own problems.
Luckily AWS are one step ahead and have a header we can use for this purpose as shown in the example below:
server {
listen 80;
server_name yoursitename;
root /path/to/web/dir;
index index.php;
proxy_set_header X-Forwarded-Proto $scheme;
if ( $http_x_forwarded_proto != 'https' ) {
return 301 https://$host$request_uri;
}
location ~ \.php$ {
# PHP conf
}
}
You may also have to edit settings in your application to tell it you’re using HTTPS. This will likely be in a config file or a setting in a database.
You’ll most likely have some insecure content warnings now. You can’t load insecure content over HTTPS so make sure that you aren’t loading any images or scripts over HTTP. Google Developers have a good guide on this so give it a read if you want to learn more.
- AWS RDS restoring snapshot with upgraded engine version giving error
- Error with not existing instance profile while trying to get a django project running on AWS Beanstalk
- Timeout when trying to retrieve EC2 instance-id metadata from within it
- Lease table is not updated when new shards are added causing stale workers in KCL
- libsndfile.so.1: cannot open shared object file: No such file or directory
- Why does ECS binpack strategy on memory always scale up a new EC2 instance despite available resources?
- How to pull every single image (tag or untagged) from AWS ECR?
- In CloudFormation how can I link RDS and Secrets Manager so I don't have to hardcode the password?
- How to install postgresql-client to Amazon EC2 Linux machine?
- PyCharm: Why "Python Console" is not accessing ~\.aws\credentials file? How to set it within "Python Console"
- Is it possible to run aws s3 sync with boto3?
- Python 3 asyncio with aioboto3 seems sequential
- Serverless / AWS Lambda - Create the triggers for the published lambda versions
- AWS Glue missing permissions
- Invoking lambda from API gateway test, but hitting the endpoint does not invoke the lambda. 500 returned
- terraform destroy needs original terraform code to destroy?
- How to correctly/safely access parameters from AWS SSM Parameter store for my Python script on EC2 instance?
- Why is my image not displaying on my Web page?
- How to copy blobs from azure to aws using python?
- S3 Bucket action doesn't apply to any resources
- Couldn't proceed with upgrade process as new nodes are not joining node group standard-workers
- How to customize "From" name for SNS emails
- Changing the name of a Load Balancer on AWS Console
- AWS S3 Bucket Access Issue with IAM User Permissions
- how to decrease the exceution time of aws lambda function nodejs
- Row was updated or deleted by another transaction (or unsaved-value mapping was incorrect)
- Downloading an entire S3 bucket?
- Unable to unzip .zip file on linux machine
- Missing Authentication Token while accessing API Gateway?
- AWS S3 Access Denied when open object URL in browser