Skip to content Skip to sidebar Skip to footer
Home / Amazon Ec2 / Amazon Web Services / Django / Python

HTTPS On EC2 Instance Running Python Project

Post a Comment
I'm having considerable difficulty getting HTTPS to resolve on my EC2 instance, which runs a python project. The request just times out (ERR_CONNECTION_TIMED_OUT). HTTP runs ok, ho

Solution 1:

Let me start by giving you a little bit of overview of how a request flows in this case.

As you have rightly guessed, the Load Balancer, Application Load Balancer to be specific can handle SSL traffic. This also means that from the Load Balancer to the origin server, the mentioned target group in this case, only http traffic will flow and not https. So You don't have to worry about handling certificates on the server. The response from the origin server is then again wrapped up in an SSL tunnel and send back to the client by the ALB.

This means that your end user should be able to connect to the Load Balancer port 443 atleast and also on port 80 (which can redirect to 443).

This means the security group of your load balancer should have port 443 (and optionally 80) open to the world, or to your users.

As between the origin server and the ALB, the traffic flows in the port that your app is running, that is what the security group of the server should allow the access to the ALB.

To rephrase, the server (EC2) security group should allow the ALB on whichever port the application is running.

Note: This doesn't have to be 80 or 443, it can also be 8080, as long as your target group knows about it and is forwarding the request on that port.

Now to answer your questions:

a) Given that this is a python/Django project, is enabling HTTPS for EC2 possible to do this through the aws website or do I need to add config files and deploy to my instance?
You don't have to do this. As I mentioned, the encryption/decryption can be offloaded to ALB. Read more about it int he docs here.

b) Do I need to create a target group running on HTTPS?
This builds up on the previous question, no you don't have to. The app server/EC2 instance should not be concerned with this.

c) Do I need listeners on my load balance for port 80 and port 443 or just port 443?
This depends on your use case. The base necessity is to have only 443. If you want to allow users to still land on the http site and then be redirected to a more secure https version, you can again make use of the ALB for this. More about it here.

d) On my security group, do I need port 80 to go to 0.0.0.0/0 and ::0/?
For ALB, yes but not for the EC2 instances. Remember that Ec2 never communicates directly with users, only with the ALB. So you can control the traffic on EC2 more tightly.

e) Should the A record by the DNS name of the load balancer or should it be the CNAME of my environment?
Use Alias records. They are much easier to manage, and AWS will take care of the mapping. More about this here.


Post a Comment for "HTTPS On EC2 Instance Running Python Project"