skip to Main Content

I’m quite new to networking, but I have been working on this problem for quite some time with no success.

I have an AWS EC2 instance (Windows Server) hosting a video management web portal. The user should be able to access the web portal through their browser and view video footage (traffic is both HTTP and TCP). The issue is that I am trying to route DNS requests for the web portal through an Amazon application load balancer, forwarded to my EC2, so that I can make use of amazon’s certificate manager, as I would like the webpage to be encrypted.

If I access the EC2 directly (with it’s IP or DNS), everything works correctly. However, when the traffic routes through the ALB, the video never loads, and I assume this is because the ALB does not pass the TCP traffic through, just the HTTP/HTTPS traffic. If I use a network load balancer to route the traffic then I am able to see the video just fine, the issue here is that there is no way to add my certificate to the NLB and encrypt the traffic. I’m stuck, but I know for someone with more experience than me, this is likely a very simple problem.

Any advice you have would be greatly appreciated.
Thank you

3

Answers


  1. Chosen as BEST ANSWER

    Further development. It appears to be some issue with the encryption.

    When I use a listener on port 80 with HTTP, there is no problem with the video. If I use an HTTPS listener on 443, the video does not come through.

    I believe the video uses websockets. Is it possible this has something to do with the issue?


  2. It’s true that ALB’s talk HTTP and HTTPS. If you need other protocols, NLB is your best bet.

    I’m wondering why you say you can’t use certificates on an NLB. As discussed in this blog, TLS termination is possible on NLB. It integrates with aws certificate manager to encrypt your traffic, so you create a TLS listener and forward TCP to your instance.

    Login or Signup to reply.
  3. Things to check:

    • is the ALB security group allowing traffic on ports being used (http/https )
    • are the alb targets healthy?, if not go the targets
      and try accessing health checks locally.

    HTH

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search