TheCatt wrote: ↑Thu Nov 14, 2024 1:25 pm
For HTTPS you need to open port 443, whitelisting your IP/location. Security Groups under EC2.
I have tried a version of this (I might be doing wrong). Edited my inbound rules to allow my IP address on 443. But my app still won't connect. I even tried https://website:443 with no luck.
I'm editing my EC2 > Security Groups > sg-xxxxxxxxxxxxxxxxxx > Edit inbound rules. Picture below shows current config. I have tried adding my IP address to 443 like it is on 22 and does not work. According to that message, 0.0.0.0/0 allows anyone?
You do not have the required permissions to view the files attached to this post.
Could be, whatever the default is, that's what I have. I set it up using a guide from Appsmith (the 'no code' app that I'm using the create it). Those security settings are default as well. I would not have entered those. I thought 0.0.0.0/0 was odd as well but then thought, "I can't white list every possible user out there. No one would ever get to the site?". I also originally assumed that those were inbound rules to get to the server console, not the app running on it. I also assumed that 0.0.0.0 meant no one, not everyone. So when I saw those rules, I saw "Only I can access on that port and everything else is blocked". I've been assuming a lot.
Cakedaddy wrote: ↑Thu Nov 14, 2024 1:15 pm
All I know is I can't type https://website and access my app. It errors out. Also, I have never setup a security certificate or anything, so how could it 'just work'?
That's not SSH, that's SSL... Big difference!
SSH = "login to shell via terminal"
SSL = "https instead of http"
Yeah that's a bit more complex. You need a registered domain and a signed cert. AWS will sell you both of those, and yes it's a few more steps than "just works" but not a whole lot more.
How you do this depends on how your app works. You said a while back that you were using containers (ECS?). It now sounds like you're using EC2?
We need to know whether you're serving the site directly from a single "machine" or whether you are using a load balancer (hopefully an "application load balancer" or ALB).
The reason is that the setup for SSL is going to depend on this. If you're using an ALB it's actually pretty straightforward, especially if you get AWS to issue the cert for you via their ACM service. I have actually done this in the past and it wasn't terribly hard IIRC.
If you're serving straight from the machine you gotta get the cert on there somehow plus get the webserver on the machine to know about it, which will depend on what you're running (eg, Apache). Never done this.
I'm going to call it a t3.medium ec2 instance thing. AWS is calling it an instance (instance type: t3.medium) and I access it by going through an EC2 link.
The container idea was probably the early (first) implementation of the Appsmith platform. I was self hosting on my desktop at home on a container/linux program thing. When I switched to AWS, because I didn't want to deal with uptime, network security, etc, I just followed their guide which required and EC2 - t3.medium setup.
Ok, so you have some web server program running on a single EC2 instance. This is where you will have to install your certificate. You will also have to ensure that the server program itself is listening on port 443, and as discussed above make sure the the security group for your EC2 instance has an inbound rule that allows traffic on that port from 0.0.0.0/0.
Just out of curiosity...can you hit the web app on port 80 with non-secure http (NOT https)?
Yes. type in website.com and it opens. Although, I'm actually entering my server's IP address, and it opens. The URL is the stupid default one AWS made up and it's long and stupid.
But yes. I've been using the app for about 4 months now. Techs hit it from their mobile phones, etc.
The SSL stuff is being driven by the fact that iphones won't let you download a PDF from an unsecured site. I also want to start tracking GPS locations, and early testing, a long time ago, the phone didn't like sharing that with an unsecured site as well.
Ideally, once configured, the user will type in our new registered URL (that we need for SSL) and it will default to https, and not http. I'm guessing that's a server config that says something like "don't accept port 80, route to 443 by default" or something. Or maybe the browser defaults to 443 and fails over to 80 when not available?
I probably could (I have logged into the console via SSH). Not going to open that can of worms yet as I don't want to take the app down during working hours. Might try this weekend.
Catt, you'll be happy to know that I'll soon have data on AWS servers.
"Happy slaves are the worst enemies of freedom." - Marie Von Ebner
"It was always the women, and above all the young ones, who were the most bigoted adherents of the Party, the swallowers of slogans, the amateur spies..." - Orwell
TheCatt wrote: ↑Thu Nov 21, 2024 8:22 pmWelcome to 2015!
What's wrong with pens and paper?
"Happy slaves are the worst enemies of freedom." - Marie Von Ebner
"It was always the women, and above all the young ones, who were the most bigoted adherents of the Party, the swallowers of slogans, the amateur spies..." - Orwell
