I’ve been extensively researching about this on the net and I could not find any result that matched my case, forgive me if this is a duplicate somehow.
So, I have an AWS EC2 instance running multiple apps on different ports. For the sake of this example let’s say that I have a Node server at 3001 and a Python server at 8001, both applications are dockerized and I already mapped the ports (so 3001:3001 and 8001:8001).
After deploying those apps and make sure that they worked fine, I bought a domain that already comes with a SSL certificate.
My question is: How can I use an URL like https://api.mydomain.com/node
to my node server and https://api.mydomain.com/python
for my python server? And yes, I need HTTPS since those are acting as APIs, so a client need to hit those endpoints and browsers blocks HTTP requests from HTTPS websites (I have a static app that uses https://app.mydomain.com
)
The solutions I found were things like creating a load balancer and generating a certificate using AWS, or use NGINX and generate a certificate using OpenSSL, but I already have the certificate and – in my mind at least – this should be as simple as saying something like "Hey reverse proxy, use this domain and listen to 443, but if you receive a /node
go to 3001 http port and when you receive /python
go to 8001 http port"
I honestly don’t know much about AWS load balancer and even less about NGINX, so I need some help where I can simply config this right, so I can create the subdomain on my DNS provider and point to the EC2’s public IPv4 and then the balancer/proxy will handle the forwarding job (I am guessing).
I am preferring a free solution, since this app is just a personal project and I don’t plan to pay more than just the server on this, so seems like NGINX is the way to go but I am open to any simpler solution to this issue, I just need to know hot to properly setup things to have this behavior.
2
Answers
You can either create an API Gateway or Application Load Balancer to sit in front of your EC2 instance. You can import your existing certificate into AWS Certificate Manager and associate it with APIGw / ALB for SSL termination.
Since this is a personal project, you can do the following to achieve this without using any additional aws services.
setup
nginx
on port 443 on the same ec2 instance and configure it to send requests coming to /node to 3001 and /python to 8001. You can use the SSL certificate that you have already. Am assuming the certificate you have is forapi.mydomain.com
Add a DNS A record for
api.mydomain.com
pointing to the public IP / elastic IP of your ec2 instance.Allow connections to port 443 in your security groups so you can connect from outside to nginx running in your ec2 instance.
Hope this helps.