- Newest
- Most votes
- Most comments
Hi,
You don't need nginx as reverse proxy, you can directly use the ELB. Take a look at this article: https://exanubes.com/blog/adding-ssl-certificate-to-fargate-app The related documentation can be found here: https://docs.aws.amazon.com/AmazonECS/latest/userguide/create-application-load-balancer.html
Effectively you will have a Route53 -> Application Load Balancer 443 + certificate -> Target Group port 3000 for "client" -> ECS
It's a very common pattern to terminate your TLS connection at the ALB, but keep in mind that the ALB is not a web server, which is what you need NGINX for. If you need end to end HTTPS, there are a couple of different ways to achieve this: https://docs.aws.amazon.com/AmazonECS/latest/bestpracticesguide/security-network.html
To terminate TLS at the ALB, you'd simply have a listener on port 443 that points to your target group on port 80 (or whatever port you want to map). https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
I created a security group with one inbound rule: https 443 anywhere ipv4
A target group http 3000
A Load balancer with one listener (https 443) pointing target group just I created, and the ACM certificate
Created the task definition (the api exposes port 5000 and the client exposes port 3000)
Then I Launched the service and tried to access by the dns name or to the domain name but the requests all timeout.
Can you please point out what I am doing wrong?
Relevant content
- asked 10 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 5 months ago
I tried to reproduce this Nest.JS code in the AWS Console
I created a security group with one inbound rule: https 443 anywhere ipv4
A target group http 3000
A Load balancer with one listener (https 443) pointing target group just I created, and the ACM certificate
Created the task definition (the api exposes port 5000 and the client exposes port 3000)
Then I Launched the service and tried to access by the dns name or to the domain name but the requests all timeout.
Can you please point out what I am doing wrong?
@rePost-User-5821038 how do you deploy? through console? using CDK you have ecsPatterns which directly implement it for you: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs_patterns.ApplicationLoadBalancedFargateService.html This pattern for instanceö https://github.com/aws/aws-cdk/blob/v2.78.0/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/application-load-balanced-service-base.ts