I have an Angular client (v14) that needs to call a spring boot application that run on an AWS EC2 instance. My angular app is hosted on Firebase. My Angular client is deployed under HTTPS so when I do http calls in Angular with something like that :
httpclient.get(http://myPublicDnsAdress:8080/myApiPath)
I have that error:
Mixed Content: The page at 'https://mywebsiteurl.com/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://ec2-15-188-59-23.eu-west-3.compute.amazonaws.com:8080/activity/random?numberOfActivities=10'. This request has
been blocked; the content must be served over HTTPS.I know I need to call my EC2 instance with HTTPS instead of HTTP. Hence my Angular calls would be :
httpclient.get(https://myPublicDnsAdress:8080/myApiPath)
Instead of:
httpclient.get(http://myPublicDnsAdress:8080/myApiPath)
This is where i'm stuck, I don't know how to do it or what is the best option.
Note: I'm new to AWS and I'd like to avoid setting up something that will we cost money like load balancer and so on. But if it is not possible I will do so.
Thank you very much in advance for you help.
CodePudding user response:
The error is clear. You can't mix https and http. The error clear writes that you are using http to access:
http://ec2-15-188-59-23.eu-west-3.compute.amazonaws.com:8080
You have to get proper public ssl certification for your instance as well as your own domain, and setup https for the instance. You can't use https with ec2-15-188-59-23.eu-west-3.compute.amazonaws.com as this is AWS's domain (not yours). You can only setup valid public SSL for your own domain.
CodePudding user response:
Short answer: Make the spring boot application to use secure HTTPS instead of normal HTTP.
I am not familiar with Spring Boot but there is a tutorial with a github repository at: https://www.baeldung.com/spring-boot-https-self-signed-certificate
It teaches how to use Spring Boot with self-signed certificates in development but certainly in production valid public certificates should be used.