Problem
Hi, I'm setting up a Elastic Beanstalk Node js application with HTTP2 and I'm having some troubles. After a lot of research, I have been able to setup HTTP2 with nginx as reverse proxy on my EC2 instances. I have assigned a public IP to test it out with curl and everything works fine and using http2. To do that, I have created a self-signed certificate on the EC2 instance.
In front of the EC2 instances, there's an ALB with another certificate (validated by AWS), that it's redirecting from HTTPS 443 to HTTP2 443 on the instances. This part does not work and I'm getting 503 errors all the time.
If I access the instances directly, everything works fine so I supppose the problem is in the ALB configuration but I have been trying to fix for a while and I cannot find the right way to do it.
ALB Configuration
On the security groups I have allowed all inbound/outbound traffic to see if that fixed the problem, it did not.
The funny thing is that the target group shows two healthy instances. How can be passing the health checks if the service is returning 503 codes?! Maybe it's because the instances actually work but not the load balancer.
This is the configuration of the load balancer I can see from the Elastic Beanstalk configuration:
Additional Info
The error message it's at least using HTTP2:
$ curl -k --verbose https://awseb-AWSEB-A9MYYH15GGU5-713921422.us-east-1.elb.amazonaws.com
...
...
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 503
< server: awselb/2.0
< date: Thu, 04 Nov 2021 06:51:44 GMT
< content-type: text/html
< content-length: 162
<
<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>
</body>
</html>
* Connection #0 to host awseb-AWSEB-A9MYYH15GGU5-713921422.us-east-1.elb.amazonaws.com left intact
* Closing connection 0
Any idea what may I be doing wrong? Maybe this is caused because I'm using a self-signed certificate?
CodePudding user response:
You can't use HTTPS with awseb-AWSEB-A9MYYH15GGU5-713921422.us-east-1.elb.amazonaws.com
. This domain can only be accessed using HTTP.
If you want to have HTTPS, you have to have your own domain with your own SSL certificate. One way to do this is through Route53 ingratiation with Elastic beanstaslk, as explained in Configuring HTTPS for your Elastic Beanstalk environment.