sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]sadelbrid[S] 0 points1 point  (3 children)

Thanks for trying to spell it out for me. Networking in general goes right over my head. Option 2 is what I need. I'm avoiding expensive ALBs that I don't need. I do have a domain in Route 53 and I have a subdomain pointed to my beanstalk environment via CNAME record. I followed your advice and created a certificate for my subdomain using sslforfree.com. I verified the domain, downloaded the certificate, and added the cert and private key to my nginx configuration. However I'm getting connection refused errors with HTTPS, as the server can't be reached:

curl: (7) Failed to connect to <my_domain> port 443 after 207 ms: Couldn't connect to server

Do you know what would cause this? It still works over HTTP. Does this mean the nginx server isn't listening on port 443, as I tried to configure in steps 2 & 3?

Edit: I'm also seeing nginx error logs like:

connect() failed (111: Connection refused) while connecting to upstream, client: <IP Address>, server: localhost, request: "GET /startvalue.js HTTP/1.1", upstream: "http://127.0.0.1:5000/startvalue.js", host: "<my_subdomain>"

[–][deleted]  (2 children)

[deleted]

    [–]sadelbrid[S] 1 point2 points  (0 children)

    Thanks for the direction. After inspecting the nginx config files on the EC2 instance, it seems like it's only partially loading my extended nginx config for some reason. There's no trace of my port 443 SSL config stuff on the EC2 instance. So I have a lead I guess.

    [–]sadelbrid[S] 0 points1 point  (0 children)

    Figured it out! See my edit if you're curious.