Tag: beanstalk

SSL HTTPS with Elastic Beanstalk Node.JS backend

If you used Elastic Beanstalk to deploy automatically your Node.JS backend on your EC2, you will have an URL to access your app deployed but you will see that by default it doesn’t have a secure certificate

The backend is not on a secure URL

Add a certificate on AWS Certificate Manager (ACM)

You will not be able to have an SSL certificate if you don’t have domains on ACM. You can have it for FREE if you already have domains. It can be on another web hosting provider.

– If you don’t have domains yet, you should have one.
You can buy one on ACM on amazon directly or buy one on another domain provider.
You might find some domains providers for free but usually the service will be bad or slow, and the address will not be simple, usually like yourdomain.freehostprovider.com

– If you have domains
if you buy it with ACM it’s automatic you don’t need to do anything, if it’s on another web host provider you will need to link it with a DNS configuration, by adding CNAME fields. Let’s see how to do this.

Request a new certificate that will be used for your backend application

It will be asked to fill a form where you will have to put the domain you want for your application. You can put something like : backend.yourdomain.com
After filling the form, few minutes after, you will be able to copy the CNAME fields (if your domain is not on AWS):

Copy the CNAME fields with the copy buttons to your web host provider
Copy the CNAME informations in the DNS configuration of your web host provider

If you have changed the DNS on your web host provider, you have to wait 20 minutes.
Also, you may need to add a “A” field on the DNS of your host provider to link the IP of your beanstalk to the domain. You can do that with a ping on the beanstalk generated domain, and copy it in the DNS configuration:

Configuration of your load balancer on Elastic Beanstalk

On Elastic Beanstalk, you can now configure your SSL domain

Go in the Configuration of your Elastic Beanstalk app

Then, go to the Load balancer configuration and add the HTTPS protocol and the port 443 on the listeners.

HTTPS is now enabled in the listeners
We upgraded the listeners
The HTTPS certificate is now working for the backend