Forgive me for my weak understanding of this topic, however I can’t seem to figure out the solution for this. I have an EC2 instance running an express server on AWS linux. The server can only accept HTTP requests on port 6001. However, I need the requests to be HTTPS so I can properly access them on my front-end. So, I purchased a domain through Route 53 and generated a certificate through ACM and attached it to my domain. In my Route 53 settings, the domain is configured to redirect requests to my load balancer. My load balancer then has a target group which consists of the one EC2 instance running the express server. This all works over HTTP, however, I can’t get it to work over HTTPS.
Is it possible to take in a HTTPS request but then downgrade the request to HTTP in the load balancer so my server can process it? I do not want to add a certificate to the express server if possible, I read online that the proper way to accomplish this is with a load balancer. Any help is greatly appreciated, thank you!
2
Answers
You can create HTTPS listener on ALB and the use the same Target group (the one with your EC2 with HTTP:6001). This works just fine and is one of the ALB’s feature "SSL Offloading". Finally it will be:
ALB HTTP Listener:
Forward to <TG_name>ALB HTTPS Listener:
Forward to <TG_name>Ensure your load balancer is configured to accept HTTPS traffic on port 443. Attach the SSL certificate you generated through ACM to the load balancer.
Configure a listener on the load balancer for HTTPS (port 443) that forwards traffic to your target group on HTTP (port 6001). This is where the SSL termination happens.
Verify that the security group associated with your EC2 instance allows inbound traffic on port 6001 from the load balancer.