Getting https on a Node server with ec2 instance
Question
I have an ec2 instance (ubuntu) that runs my node.js back-end: APi + Mongodb. I run the node server with PM2. I'm trying to add https to it.
Here's my node.js code:
const express = require("express");
const app = express();
const fs = require("fs");
const https = require("https");
var options = {
key: fs.readFileSync("./privatekey.pem"),
cert: fs.readFileSync("./server.crt"),
};
const port = process.env.PORT || 3000;
https
.createServer(options, app)
.listen(port, () => console.log(`listening to port ${port}`));
The HTTP works. When I go to the https at port 3000 I get this message:
"This connection is not private". This website may be impersonating "ec2-XX-XXX-XXX-XXX" ....."
I understand that the certificates are only good at localhost? But how can I make them work in prod? From my understanding, it's not possible to buy SSL certs for Ip address?
Any suggestions?
PS: I tried with port 443 but ran into a permission issue (showing in PM2 logs)...
-------EDIT----
My point was to connect my front end (in one instance) to my back-end (in another instance) without any SSL security error.
I ended up creating a sub-domain in AWS hosted zone that re-direct to my front-end domain. I used Nginx and Certobot to upload a new SSL cert to my subdomain instance.
I previously created a sub-domain before but did it the wrong way. I followed this tutorial this time around and it took 2min.
https://dev.to/arswaw/create-a-subdomain-in-amazon-route53-in-2-minutes-3hf0
2 answers
solution1
2 ACCPTED 2020-11-07 08:06:14
it's not possible to buy SSL certs for Ip address?
You should get your own domain. Buy it on Route53 or any other domain re-seller you prefer. Then, you can get your own SSL cert for your domain.
solution2
1 2020-11-12 08:00:44
If you don't want to use certbot on the instances, you can create an SSL cert (within ACM) and assign it to an ELB from within the AWS console.
Just place your instance that needs the SSL cert inside the ELB's target group and update your DNS to reflect this. If you have 2 EC2 instances, you can do this with another ELB too. It costs a bit more money, but now the onus is on AWS to renew the certificates and you wont need to use certbot on the instances at all. I'd advise to use DNS validation when it comes to creating your certificate in ACM and use a wildcard (*.mydomain.com) to allow for your backend subdomain.
You will need to create a subdomain for your backend service and update your nginx config (on the backend EC2 instance), to listen for traffic.
The end product should be 2 instances, 2 ELBs, one wildcard SSL cert.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.