I have an elastic beanstalk instance in which I have deployed my spring-boot application. By default elastic beanstalk gives you a URL for your environment over http.
While this works fine this has led to a lot of problems for me. I have the frontend (my react application) deployed on Vercel. I want my frontend app to get data from my elastic beanstalk app. Problem is the url is in http. On the console I get an error like this
Mixed Content: The page at '' was loaded over HTTPS, but requested an insecure resource ''. This request has been blocked; the content must be served over HTTPS.
which renders the app useless basically.
After hours of google I found out that I have to request the data over https because my vercel app is over https*(I might be very wrong here)* I've tried some solutions to get my elastic beanstalk app to serve the data on https to no avail.
Here is what I've tried
I created a self signed ssl certificate using openssl and uploaded
it to AWS via the AWS cli. I then went to my applications load
balancer settings and added the ssl certificate . (This did not
work, I cried)
I used keytool to create yet another ssl certificate and added it to my
resources folder and the corresponding settings in the
application.settings file. I repackaged the jar file and redeployed
it to AWS.(Still didn't work. Didn't cry this time though. I was
out of tears)
Question How do I serve the data from my spring-boot app to my Vercel react app over https? Or any other method. Just anything that will work.
If one thing is clear from all that long nonsense I've told you up there is I don't know wtf I'm doing. Just following a bunch of tutorials which for all I know keep destroying my app and your time even more.
Now my app is broken and now I cant even load the static assets on the elastic beanstalk URL because I'm getting another error
400 Bad Request
The plain HTTP request was sent to HTTPS port
I know that question is really long and maybe even wrong. Please help
So once you have the SSL certificate ready this what you need to do in the AWS Elastic beanstalk to serve your application for https
Add a new listener to for port: 443 and select HTTPS
After this incase you are facing any certificate error while browsing the page, ensure that the URL mentioned in the certificate is matching the URL in browser
Related
I have a reactjs frontend server and a backend ruby on rails server. Both of them are hosted on Heroku.
My domain name is on GoDaddy and i am paying a version on Heroku (for my frontend server) to have a ssl (Automated Certificate Management (ACM)).
I can access my domain name on the https protocol but also on the http protocol
I would like to redirect all connections to the website from http to https.
I tried multiple things:
Cloudflare but that didn't work out
https_only in my static.json of my reactjs server
force_ssl=true on my ruby on rails server
Nothing is working.
What are your advice to solve that kind of problems ? I don't know if i should solve that in the reactjs server (no info about that on google) or on godaddy (apparently that is not working with heroku) or on the rails server (i don't think so because it's the backend server)...
I am looking forward to have a better understanding of the DNS thing but it is not easy, have you some tutorial to share with me ?
Thanks in advance
I just use the "Always use HTTPS"-Feature from Cloudflare for that.
I'm trying to configure my Google App Engine instance with Cloudflare for Saas, and more precisely Cloudflare's SSL for SaaS offering. The objective being that I can provide to my customer a "custom domain" (also known as "vanity domain"), such that they don't go to dashboard.mywebsite.com, but instead app.customerwebsite.com.
Configuration part
To make sure that my App Engine instance is correctly serving content on dashboard.mywebsite.com, I've made the following:
On Google Cloud side:
I've configured the custom domain dashboard.mywebsite.com.
I've let Google manage the SSL configuration (no custom key/certificate)
Here is my app.yaml configuration file:
runtime: nodejs14
env_variables:
NODE_ENV: 'production'
basic_scaling:
max_instances: 10
idle_timeout: 5m
On Cloudflare side:
I've updated the DNS records so that dashboard.mywebsite.com is perfectly working
I've configured the SSL on the Full mode (while I've tried with Flexible as well - both work)
I waited for a few hours and I confirm that dashboard.mywebsite.com resolves correctly and serves my content (from Google App Engine).
Next, custom domains
According to Cloudflare documentation, I had to register the fallback origin (i.e. dashboard.website.com) and then configure a custom hostname (e.g. app.customerwebsite.com). Which I did.
Now, according to Cloudflare documentation again, my customer has to create a CNAME record. Which I did with a domain of mine:
app.customerwebsite.com CNAME dashboard.mycompany.com
The issue
I waited a few hours again. Then, when I open app.customerwebsite.com in my browser, it shows a Google 404 error page instead of my dashboard. Which makes me think that Cloudflare successfully "redirects" the traffic to Google, but App Engine refuses to serve it. Probably because it doesn't know app.customerwebsite.com?
Any thoughts that would help?
As you noticed, the issue is not related to Cloudflare, but App Engine. The problem with your configuration is that, when App Engine receives a request, based on the Host header, it forwards the request to the right instance.
App Engine lets you map any custom domains that has been previously validated by Google. But in your situation, that would mean you have to register each custom domain of your customers on your App Engine instance. That's too cumbersome (if even possible).
What you need to do instead is the following:
enable a static IP address with Google Cloud
change your DNS record from dashboard CNAME ghs.googlehosted.com to dashboard A YOUR_IP_ADDRESS
configure a Google Cloud Load Balancer to map requests received on that IP address to your App Engine instance.
Google's documentation has a great guide on how to setup a load balancer with Cloud Run. By changing a few settings it works great with App Engine. As an extra help, below is the configuration details of our load balancer that allows us to provide vanity domains / custom domains to our customers through Google Cloud:
Again, the load balancer is here responsible to map all requests received by your IP address (no matter the Host header) straight to your App Engine instance.
As a best practice, it might be useful to push a dispatch.yaml file to your instance:
dispatch:
- url: '*/*'
service: default
Which tells App Engine to send all requests to the default service. It works a bit like a wildcard virtual hosts on an Apache server.
I'm running a react app frontend on Netlify which should ideally send commands to an elastic beanstalk backend in form of POST calls. Netlify is bound to my own purchased domain (myname.com) and the beanstalk is running the default address (XXXXXX.elasticbeanstalk.com).
Now the problem is Netlify won't allow sending POST calls to an unsecured (HTTP) endpoint, and requires the endpoint be https://XXXXX.elasticbeanstalk.com. I have pretty limited knowledge on how HTTPS actually works, so anything below this is me fumbling around in the dark and may be quite incorrect.
I tried several methods of enabling HTTPS on the beanstalk
Create a self signed request on beanstalk and upload the cert to netlify (apparently they do not allow it)
Create a CSR on beanstalk and sign it from let's encrypt (not working because I think beanstalk domain is not owned by me)
Use Amazon certificate service (certificate got created but netlify still says it's a self signed certificate, and cannot allow the connection)
Anyone know how to either
Allow netlify to call my HTTP endpoint or
Make the beanstalk endpoint HTTPS or
Suggest a different place to host my react frontend app that doesn't involve this HTTPS mess
Note: At this point, I'm not really worried about the security, and even an unsecure platform would work for now.
Thanks
Finally managed to solve it using CORS-anywhere proxy, by adding the endpoint as https://cors-everywhere.herokuapp.com/http://xxxx.elasticbeanstalk.com/my-endpoint
Current App:
Goole App Engine on a custom domain: myapp.com
Google Cloud Storage bucket on a custom subdomain (it uses DNS): images.myapp.com
I have SSL certificate with the images subdomain
My question is: Is possible to have this configuration with SSL?
Things I have tried:
Load balancer. I cannot figure out how to redirect everything that is not /images/* to the GAE (it seems it only works with backends)
dispatch.yaml. I think it only works for the services you deploy
In App Engine Settings I have added images.myapp.com, but as the redirection of images.myapp.com is done at DNS level, the secure layer is lost
Any suggestion or idea is more than welcome.
Thank you!
The limitation comes from the Cloud Storage bucket presented as a website under a custom domain - you can't use SSL with that. From You want your content served through HTTPS:
SSL is not currently supported by the Cloud Storage webservers; thus,
you can only use a CNAME redirect with HTTP and not with HTTPS. If you
wish to serve content through HTTPS from your bucket, we recommend you
use a third-party Content Delivery Network with Cloud Storage.
Alternatively, you can serve your static website content from
Firebase Hosting instead of Google Cloud Storage.
If the content of your site meets the Code and static data storage quota you can serve your website through GAE, as static content (through a google CDN), which can be mapped to a custom domain and use SSL. See:
Serving Static Files
Hosting a static website on Google App Engine
If your content exceeds the mentioned quota then you can still serve it through your app, but dynamically, with your app accessing the content stored on GCS and serving it - more expensive as you'll be using instance hours for it.
I want to know if is possible to run an AngularJS app directly from Amazon S3 bucket, having in mind that this app makes requests to a web server.
This will generate a CORS problem, considering that the files on S3 are not running on a HTTP server?
If more information is needed so that you can help me, I can readily answer.
Thanks.
In this instance S3 is the HTTP server. You wouldn't be able to load the site in the browser if there was no server serving the files.
The CORS issue will depend on the CORS configuration on the web server hosting the resources AngularJS will be requesting.