I have set up a fleet of Ec2 servers in a autoscaling group that has NGINX serving SSL certificates of multiple domains. But the issue is when I add the loadblancer url as the CNAME I get a ERR_TOO_MANY_REDIRECTS error whereas if I add the IP of one of the server as A record for a domain it works as expected. Not sure what to do in this case so any help will be greatly appreciated
Related
I'm trying to put a simple Wordpress site on Google Cloud with SSL.
I set up a load balancer using an instance group, as described here: https://docs.bitnami.com/google-templates/how-to/configure-lb-ssl-google-templates/
except I used one-click deployment instead of bitnami.
unmanaged instance group with the vm as a member
load balancer with the instance group on the backend, port 80
front end HTTPS, port 443
The front end works, this is my test site: https://thescanclub.com
However, insecure access is still possible to the backend I.P. and also the database! I must have left out a firewall or something. How would you fix this?
Back end IP to the vm: 34.150.136.72
PS... this is a small test site and may get a new vm if I have to redo it.
The Google Managed Certificate that you created resides within the Front End of the Load Balancer. This means that it will only use the Google's SSL certificate, and redirect from HTTP to HTTPS when you access your Wordpress site through the Load Balancer's front end IP address or through the domain (thescanclub.com).
Digging the A record of your domain, you'll see that it is not pointed to the VM's public IP but rather to a different one which I presume is the HTTPS Load Balancer's front end IP.
If you wish to access the website directly from the VM's public IP, then it will be best to set up a letsencrypt SSL certificate within the Bitnami instance and set up the HTTP to HTTPS redirection through it. Hope you find this documentation helpful.
I set up a Cloudflare account and redirected my domain to its nameservers. During setup I left all the settings at default.
I added two DNS records:
An "A" record targetting my IP address and a "CNAME" record creating an alias for it.
In my Nginx Proxy Manager (running in Docker on a bridged network connected with a database), there is only one proxy host directing the "CNAME" alias to a LAN IP (https://192.168.0.50:9443; Portainer operates on HTTPS).
Everything works flawlessly until I decide to add an SSL certificate. The only option I tick is "Force SSL". When I try to access the site at this point, it loads for a bit and then times-out to the "522" error. The only way I can get the site to work is to clear the Nginx volumes and restart the stack.
Turning Cloudflare proxy off doesn't seem to make any difference. Neither does trying to access different docker containers operating on HTTP
I managed to solve the problem. I didn't forward port "443" on my router to the target device... I hope that this helps anyone else who made this mistake.
I'm migrating a bitnami wordpress site from AWS lightsail to GCP.
The AWS's setup includes a purchased wildcard SSL. When I set up the loadbalancer in GCP, I opt for Google's SSL instead.
I got this error Error code: SSL_ERROR_NO_CYPHER_OVERLAP when I access from the loadbalancer's IP. The VM is working fine and I am able to access it with it's own external IP.
The domain is still pointing to AWS's server. I wonder if the error is because I have not pointed the domain to the load balancer's IP?
I'm hoping to gain some clarity first before I update the domain's IP. I want to avoid situation where it does not work after I make the switch.
Thanks
I'm trying for the first time to connect my local server (Synology) through NGINX and Cloudflare so I can access it through my own domain name. I have the proxy host all set up pointing to my local IP address with the port and I have an SSL encryption using Let's Encrypt. The site gives me either a timed out error or unreachable, however one time somehow the site took my to ASUS aicloud which is through my ASUS ac68u router but I was not even pointing NGINX to that.
using cloudflare diagnostic center site it syas the request failed because the web server did not respond.
I'm not sure whether my router is blocking Cloudflare or if there is any other issue going on, would appreciate any help with the matter!
I have and ASP.NET MVC application hosted under IIS on a EC2 Instance.
I can access the application without any problems through the EC2 DNS once I set the proper binding in IIS
http - EC2 DNS - port 80
But if I add an Elastic Load Balancer and then I try to access that web application through the Load Balancer DNS the only way I can get it working is by adding an empty binding in IIS
"empty host name for http:80"
But this can't be ok.
If I don't add this the ELB sees my instance as unhealthy and when I access the ELB DNS I just get a HTTP 503 Service Unavailable.
The EC2 instance is in a Auto Scaling group.
I've tried modifying the security group of that instance from allowing all IPs for HTTP:80 to only allowing the Load Balancer Ip (amazon-elb/amazon-elb-sg)
Any ideas what I'm doing wrong?
Thanks
I am running several IIS servers behind ELB. Here are things that you need to ensure:
The ELB security group is allowed to accept port 80 traffic from anywhere (0.0.0.0/0)
The ELB security group is allowed to send outbound port 80 traffic to your EC2 instance where IIS is running. This point was valid for the ELBs that are set inside VPC. Hence please ignore this.
The EC2 security group of the EC2 instance where you have IIS running, should be allowed to accept port 80 traffic from the Load Balancer.
If this whole set-up is in VPC then there are few other things you need to check. so let us know if this is the case
No configuration changes on IIS are needed for sure.