web ressources don't load on Beanstalk - https instead of http header

Question

Issue

So i created a simple http web server with node.js and express (mostly its just the skeleton from the express application generator). Then i uploaded the server to an AWS Beanstalk web environment.

The issue is that i can't load the ressources (CSS and javascript) from the server if i connect to it. i get a net::ERR_CONNECTION_TIMED_OUT for loading all ressources if i open the site in my browser.

I assume the issue is that the get request on beanstalk uses a "https" url,

Request URL: https://...elasticbeanstalk.com/javascripts/GameLogic.js

Because it works on my localhost but there it uses a "http" url.

Request URL: http://localhost:3000/javascripts/GameLogic.js

Also the html site itself loads (after the timeout of the ressources) but this also uses a "http" request

Request URL: http://....elasticbeanstalk.com/

can you change the header request url (for CSS, JS) in AWS Beanstalk Web-Environment to use http instead of https? Or change it in HTML or on Node.js?

info

The server uses the node.js helmet module. Then i just send my html page on incoming requests:

app.get('/', function(req, res, next) {
res.sendFile(path.join(__dirname + "/public/main.html")); //Um bei / als pfad die main.html zu geben
}); 

In the html page i request the ressources:

<link rel="stylesheet" type="text/css" href="\stylesheets\style.css">
<script src="/javascripts/jquery.min.js"></script>
<script src="/javascripts/GameLogic.js"></script>

solution attempts

I have tried not using helmet, but that version behaves exactly the same and doesn't load ressource if it is on beanstalk (on localhost server it always worked).

I also tried chaning some security group rules to allow https on port 443 from all sources to the loadbalancer and https on port 443 from the loadbalancer to the ec2 instance. Situation didn't change.

then i tried redirecting https requests to http

app.get('/', function(req, res, next){
    console.log("redirect to http?");
    res.redirect('http://' + req.headers.host + req.url);
});

But then the site doesn't even load the html because of "to many redirects".

So currently im out of ideas on how to make the https request work or how to change it to an http request.

note

I am also using a student account so i have no rights to use the AWS Certificate Manager or redirect ELBs to HTTPS, if that has anything to do with it.

Answer 1

OK it was the helmet module for node.js at fault. I dont undertand it good enough to say what exactly changed the headers to https, hsts seems to be only part of it.

But after completly removed it, i and other people could access the web app and load the ressources.

The reason why i didn`t catch it earlier in my tests: I never deleted or regenerated my package-lock after removing helmet. So it was still in there. Now i uninstalled it and made a new package-lock before uploading to AWS Beanstalk.