Failed redirect from naked domain on SSL - wordpress

I have recently installed SSL on my AWS hosted wordpress site and my named domain is no longer working.
https:// example.com, https:// www.example.com, www.example.com are all working as expected.
example.com is not working. example.com throws a connection refused error.
The Setup:
Wordpress hosting is on a single AWS EC2 installed off the bitnami AMI. EC2 sits behind a classic load balancer.
SSL certificate is managed on AWS certificate manager and was issued to *.example.com, example.com and www.example.com
DNS uses route 53: www.doamin.com and domain.com have A records that point to the same load balancer alias
.htacces has been modified with RewriteRule ^(.*)$ https://example.com/$1 [R,L]
What do I do to get this working?

HTTPS does work, so the issue is not DNS. You mention a load balancer. The Connection Refused error indicates that your request is not making it to the load balancer or being accepted by the load balancer.
Check your security groups for the load balancer and ensure port 80 inbound is allowed.
Check your load balancer has a listener on port 80.
If you have modified the NACL's (Network Access Control Lists) on the public subnets of the loadbalancer, then you will need to allow 80 inbound and everything outbound. The default NACL rules already allow this.
As an aside, I note that you are terminating SSL on the load balancer (because you are using an ACM cert). Depending on your configuration, this may mean that you are forwarding requests to your web server unencrypted on port 80. If so then your re-write rules will not correctly detect the use of HTTPS. AWS has some documentation explaining this in more detail.

Related

DigitalOcean Load Balancer and Nginx droplet returns 503

I have a load balancer set with the following forwarding rule
HTTPS:443 -> HTTPS:443 with a certificate I am not using Passthrough
forwarding rules and health checks
this load balancer has two droplets with Nginx setup with an SSL certificate when I try to access the domain name I get a 503 service Unavailable although it was working fine before the Load balancer
Am I missing something here ?

How can I redirect NON HTTP/NON HTTPS traffic to a specified IP with Nginx?

I have website and some game server.
I have domain which I connect to Cloudflare.
I want to redirect non http/https traffic to my server IP because when I try to connect to server with domain I can't do this because of Cloudflare proxy.
Maybe it can be done differently?
I use Nginx.
Cloudflare has its own SSL configuration.
There are 4 options for you:
Off disables https completely
Flexible Cloudflare will automatically switch client requests from HTTP to HTTPS but it still points to port 80 on your nginx server, should not configure SSL on nginx in this case.
So the only options for you are Full or Full Strict (more restricted on the cert configured on nginx, must be a valid cert).
With Full you can configure your nginx with a self-signed SSL and let it go. Cloudflare will handle the part between client and its proxy server.

wordpress site behand load balancer not loading

I have a WordPress site that is not loading after passing it through https. The site is hosted in AWS and is behind the load balancer. The domain of the site is registered under an external registerer.
I also have other sites in which the domain is registered with AWS and they are behind the load balancer as well and they load perfectly on https. I am not sure why this one is not loading, the load balancer health check status indicated that it is healthy.
This is what I have on my wp-config.php file
define('WP_HOME','domain.com');
define('WP_SITEURL','domain.com');
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
I believe that you have set the SSL cert for the load balancer. I guess that you are sending the SSL traffic to the ec2 instances. If you send the SSL traffic to the ec2 instances, the instances should have the SSL certificate and decrypt the incoming traffic.
Alternatively, You can choose to terminate the SSL at the load balancer and send the decrypted traffic to the instances.
if you look at the screenshot taken of the ec2 classic load balancer console below, SSL traffic is sent to the instance via port 80.
I pass the ns records to my external domain registerer to add it on the the dns record, then I try again and it pickup.

ssl redirection in docker container on aws ecs

I have a frontend angular application running in a nginx docker container in aws ecs ec2. This is a saas product and other third party domain names will be pointed to this frontend docker container. I have set the default rule to that target group, But I wonder how to set up the ssl for each domain. ALB currently support only 100 listener rules ie in effect each listener will have only 50 rules( considering 80 and 443)
30 rules are already filled by the backend apis.
if I have 150 domains needs to be pointed to this frontend how can I set the ssl? if I set a 301 redirection in the port 80 vhost of nginx like
return 301 https://$host$request_uri
the request will again pass to the application load balancer port 443 and it will take the defaul ssl and may cause ssl error. Is there any chance we can make the nginx https redirection with out going again back port 443 of application load balancer? or any other method? I think the multidomain ssl certificate is an option here so that making it as a defaul ssl on the load balancer.
Do you have access to SSL certs for all these domains? If yes, you can configure them in the nginx container. Use a network load balancer instead of ALB and add a TCP listener on port 443 which will not terminate SSL and redirect traffic to nginx container which will terminate certificate.
You can also dynamically reload nginx configuration to setup certificates dynamically.
AWS load balancers now support SSL redirection so you don't have to do it on your containers.
In addition, your 443 listener can have multiple certificates added to it. So just add all your certs to the 443 listener on your load balancer.
Then in your 443 listener rules, just have a single rule with:
IF: Requests otherwise not routed
THEN:
HTTPS, Port 443
Redirect to 'Original host, path, query'
'301 - permanently moved' as the status
Now all your http requests will be sent back to the user with a redirect back to HTTPS without ever hitting your container or nginx. When they come back as HTTPS, AWS ALB has all the certificates there for it.
If you run up against limits on the load balancer, you may have to 'chunk' them up into 2 or 3 ALBs, but I find this easier to manage especially when cert change time comes around.

How to AWS Route Load Balancer from HTTP to HTTPS for TOMCAT Server

I have JAVA REST API Web Server on Tomcat Server which is running on port 8080 in the AWS EC2 instance.
And There is a Classic Load Balancer to manage all traffic for this instance. So before, ELB was on the HTTP and after sometimes, it was routed from HTTPS(443: ELB Port) to HTTP(8080: Instance Port) on the Listeners of the ELB.
And I added inbound rule in the security groups of ELB for HTTPS(443).
Elastic Load Balancer Image
Security Group of Elastic Load Balancer
When I call HTTP request, response is received but when I call HTTPS, it says Could not get any response.
And I added some Web UI to check, that shows for both the HTTP and HTTPS Request but https shows like line-through(HTML type) the https and Not Secure in the URL Address Bar.
check if 443 port is open for the ELB. Go to Security Groups on EC2 console and ensure the ELB security group has port 443 open.
open HTTPS 443 port on EC2 security group
Check if you have a rule set in Ec2 security group which allows inbound traffic on port 443 and port 80 from source ELB security group. If you do not have such rule try adding one and then check again.
I have opened the ports - 80and443 on both the ELB and EC2 sides. Now it is working.

Resources