AWS Application Load Balancer - https not working properly

Question

I have a web application developed with React JS, for server side rendering, I am using NodeJS. Following is the overall architecture -

Deployed React JS app on EC2 - Ubuntu 18.04 with Nginx
Obtained SSL from AWS ACM
Attached ALB to EC2 instance, added 2 listeners - PORT 80, PORT 443 (Forwarding request to target group on PORT 80)
Added A record on Godaddy with EC2 elastic IP, added CNAME record www pointing to ALB

Following is my nginx config file -

server {
        server_name mydomain.ai;
        return 301 https://www.mydomain.ai$request_uri;
}

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    #server_name www.mydomain.ai;

    if ($host !~ ^www\.) {
        rewrite ^ https://$host$request_uri permanent;
    }

    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name _;

    location /error {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }
    location / {
        proxy_set_header   X-Forwarded-For $remote_addr;
        proxy_set_header   Host $http_host;
        proxy_pass        http://127.0.0.1:8000;
    }
    
    location /aws/ {
        try_files $uri $uri/ /aws/aws.html;
    }
}

server {
  listen *:443 default_server;
  server_name mydomain.ai www.mydomain.ai;
  
  if ($host !~ ^www\.) {
        rewrite ^ https://$host$request_uri permanent;
    }

  location / {   
    proxy_hide_header 'Access-Control-Allow-Origin';
    add_header 'Access-Control-Allow-Origin' "*" always;
    add_header 'Access-Control-Allow-Credentials' 'true' always;
    add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
    add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
    proxy_pass https://localhost:8000;
    proxy_http_version 1.1;
  }

}

When I type https://mydomain.ai it throws "ERR_SSL_PROTOCOL_ERROR", however following cases are working fine -

mydomain.ai //redirected to https://www.mydomain.ai
http://mydomain.ai //redirected to https://www.mydomain.ai
http://www.mydomain.ai //redirected to https://www.mydomain.ai

Can anyone please help me?

Which domains exactly did you register using ACM? – Marcin Apr 01 '21 at 07:47 — Marcin, Apr 01 '21 at 07:47

score 0 · Answer 1 · answered Apr 01 '21 at 07:29

0

I think you forgot to attach the procured certificate to ALB.

It can be done from AWS console by following the steps mentioned: https://aws.amazon.com/premiumsupport/knowledge-center/associate-acm-certificate-alb-nlb/

answered Apr 01 '21 at 07:29

Amit Meena

2,884
2
21
33

Thank you for your response, it is already attached. We can't add listener 443 without attaching SSL. – Sachin Vairagi Apr 01 '21 at 07:30
yes but those will be AWS-provided default certificates you need to replace those with what you have procured from AWS ACM . Please refer: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-update-certificates.html – Amit Meena Apr 01 '21 at 07:33
I have verified and the certificate I obtained from AWS ACM is attached with ALB – Sachin Vairagi Apr 01 '21 at 07:38
Ok. Please have a look at this thread: https://stackoverflow.com/a/29996698/5659521 seems like a client side issue – Amit Meena Apr 01 '21 at 07:43
My load balancer is working fine with https – Sachin Vairagi Apr 01 '21 at 08:03

AWS Application Load Balancer - https not working properly

1 Answers1