I'm trying to set up SSL on my wordpress site.
I've an EC2 instance running wordpress on nginx and ubuntu. Database running on RDS.
I've launched an application load balancer with listeners on ports 80 and 443 and attached the SSL certificate which I got via ACM. I've set my targets to point to the EC2 instance I am using.
At this point the how-to guides and information stops. Apparently that's all there is to it and it should now all be working. However it's not. I'm getting connection refused errors when I add the https to my site's URL.
When I put my URL into https://www.sslchecker.com/sslchecker I'm told that no certificates are found.
So clearly I need to something more to get this working - can anyone point me to the next step?
Using the ELB and ACB is the way to go here. It sounds like you might be using the wrong type of ELB though. You mentioned application load balancer, you should use a classic load balancer. Also make sure your security groups are setup correctly to allow your ELB to talk to the EC2 instance.
You didn't mention Route53 but I assume you have the DNS entry setup to point at the ELB as well.
Share more and I will help more. Good luck.
Related
I'm migrating a bitnami wordpress site from AWS lightsail to GCP.
The AWS's setup includes a purchased wildcard SSL. When I set up the loadbalancer in GCP, I opt for Google's SSL instead.
I got this error Error code: SSL_ERROR_NO_CYPHER_OVERLAP when I access from the loadbalancer's IP. The VM is working fine and I am able to access it with it's own external IP.
The domain is still pointing to AWS's server. I wonder if the error is because I have not pointed the domain to the load balancer's IP?
I'm hoping to gain some clarity first before I update the domain's IP. I want to avoid situation where it does not work after I make the switch.
Thanks
I followed this guide: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes on how to setup an Nginx Ingress with Cert Manager with Kubernetes having DigitalOcean as a cloud provider.
The tutorial worked fine, I was able to setup everything according to what it was written. Though, (as it is stated) following the tutorial one ends up with three pods of which only one is in "Running 1/1", while the other two are "Down". Also when checking the comments section, it seems that it is quite a problem. Since if all the traffic gets routed to only 1 pods, it is not really scalable. Or am I missing something? Quoting from their tutorial:
Note: By default the Nginx Ingress LoadBalancer Service has
service.spec.externalTrafficPolicy set to the value Local, which
routes all load balancer traffic to nodes running Nginx Ingress Pods.
The other nodes will deliberately fail load balancer health checks so
that Ingress traffic does not get routed to them.
Mainly my question is: Is there a best practice that I am missing in order to have Kubernetes hosting my website? It seems I have to choose either scalability (having all the pods healthy and running) or getting IP of the client visitor.
And for whoever will ever find himself/herself in my situation, this is the reply I got from the DigitaOcean Support:
Unfortunately with that Kubernetes setup it would show those other
nodes as down without additional traffic configuration. It is possible
to skip the nginx ingress part and just use a DigitalOcean load
balancer but this again does require a good deal of setup and can be
more difficult then easy.
The suggestion to have a website with analytics (IP) and scalable was to setup a droplet with Nginx and setup a LoadBalancer to it. More specifically:
As for using a droplet this would be a normal website configuration
with Nginx as your webserver configured to serve content to your app.
You would have full access to your application and the Nginx logs on
the droplet itself. Putting a load balancer in front of this would
require additional configuration as load balancers do not pass the
x-forward header so the IP addresses of clients would not show up in
the logs by default. You would need to configured proxy protocol on
the load balancer and in your nginx configuration to be able to obtain
those IPs.
https://www.digitalocean.com/blog/load-balancers-now-support-proxy-protocol/
This is also a bit more complex unfortunately.
Hope it might save some time to someone
Currently, I am working on a Wordpress application and I am using AWS hosting. My domain is in GoDaddy.com and I have deployed the application in elastic beanstalk. I have created load balancer and also I need to run the application through HTTPS.
I have done my research and I think I found the right way, but it's not working for HTTPS. when I browse on HTTP on port 80, it runs well. Now I am helpless.
Here's what I have done so far:
1) I created a hosted zone on AWS Route 53 for the domain named "example.com". There are two records are created, NS and SOA.
2) Then, in GoDaddy, I added NS records from AWS as Custom Nameservers.
3) After that, I created A record for the domain in the AWS hosted zone, set ALIAS targeted to the Load Balancer of the Elastic Beanstalk environment.
4) Then, I changed the SITE URL from the wp_options table the wordpress application database.
After doing up to this, my application was running in HTTP. But as I want to change it to HTTPS. So,
1) I requested a certificate from AWS Certificate Manager and created CNAME (provided by ACM after requesting certificate) record in the hosted zone.
2) After the certificate is issued, I edited the listener from EC2 >> Load Balancer >> Listener and changed the protocol from HTTP to HTTPS and also allowed port on Security groups.
3) Also, I changed, the SITE URL from WordPress database and changed it from "http://example.com" to "https://example.com" but it was not working.
4) So I went to Elastic Beanstalk >> Configuration >> Load Balancer and added listener. After the environment is saved and restarted, still, the site was not running on HTTPS [ HTTP 408 ERROR IS SHOWN ]. But if I change SITE URL to "http://example.com", it works
I have found a solution, which says to use RedirectURL and set it to server config but I don't want to do that.
I also found this solution which suggest to Export Zone File and import it to AWS hosted zone. But whenever I click Export Zone File(Unix), the file downloaded is shown empty. I tried this for other accounts, still, this problem exists. So I did not do that.
Sorry for the long story, but I really need this help.
I have solved the issue.
In my load balancer port configuration, I previously set load Balancer port 443 and instance 443. here what I need to do is to call the load balancer on port 443 and backend make the backend call on port 80 and enable https on WordPress.
So I kept load balancer port 443 and changed the instance port to 80. After that, on the browser, there was too many redirects error shown. So then what I needed to do is that add $_SERVER['HTTPS'] = 'on' on wp-config. And then everything was running smoothly.
I hope this will help if some
Setup within the AWS ecosystem is multiple web sites across 2 domains using ELB, SSL, IIS & ASP.NET across 2 EC2 instances.
After a security audit, we discovered our cookies weren't set to secure, so I setup a URL rewrite to look for the appropriate header from ELB and set HTTPS to true. The problem is, users started getting emails stating https://www.test.com:80/ as the domain and unfortunately, we have too many references to Request.Url to make a change quickly.
Obviously IIS requires a different IP address (or port number) to host 2 SSL certificates. If we change the port number, we'll still have the same issue, so we were hoping to add a secondary IP address and point ELB to use it, but that doesn't appear to be supported. I'm fairly new to AWS, so I was hoping someone could give me some direction in terms of getting SSL to terminate within IIS on ELB.
So what I am asking is, is there a way to get ELB to use a specific IP Address instead of a generic EC2 instance which uses the primary IP Address?
Thank you in advance,
Andrew
If we change the port number, we'll still have the same issue,
No, you wouldn't.
Set up a second ELB using standard ports toward the Internet and custom ports toward the instance(s).
I’ve set up a multisite Wordpress installation and would like to move it to 2 EC2 instances behind a load balancer. My issue is with the wp-config.php configuration setting for the DOMAIN_CURRENT_SITE parameter. I currently have it set as follows
define('DOMAIN_CURRENT_SITE', ‘ec2-instance-1.us-west-2.compute.amazonaws.com');
How should this be set if I am load balancing between multiple EC2 instances? Because it’s multisite the DOMAIN_CURRENT_SITE value is saved in the WP database. I am unsure how this should be set since I am sharing a single RDS db between multiple Wordpress instances. If I set it to one of the EC2 host names then the others would generate an error when connecting to the db. I’ve tried setting it to the load balancer domain name (and have updated the domain name in the db) but I’m getting a blank white page and the load balancer shows the EC2 instances as ‘Out of Service’. I’d appreciate any help anyone can offer.
Thanks
Make a DNS CNAME record for the ELB's hostname. Then use the CNAME's hostname as the DOMAIN_CURRENT_SITE.
Just an update - it turned out the issue was caused by not including the correct IP addresses in the security group for the EC2 instances and the load balancer. Once I added the addresses to each security group the ELB was able to direct traffic to the instances without a problem.