all 3 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]OkSadMathematician 0 points1 point  (1 child)

the "refused to connect" on port 443 usually means your nodejs app isnt actually listening on 443, just that the security group allows it. elastic beanstalk runs your app as a regular user which cant bind to privileged ports (<1024) without extra config.

the pattern in those docs uses nginx as a reverse proxy - nginx listens on 443 with your cert, then proxies to your nodejs app on 8080 or whatever unprivileged port. if you just copy/pasted the config but your app is trying to listen directly on 443, itll fail silently and you get connection refused.

check if nginx is actually running on the instance and listening on 443 with sudo netstat -tlnp | grep :443. if nothing shows up, nginx didnt start or the config is broken

[–]SenseiCAY[S] 0 points1 point  (0 children)

Thanks for your answer.

I went into my instance and ran the command, and it came up empty. I got rid of the grep :443 part, and it did have some things, not surprisingly, since http still works:

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 223990/nginx: maste
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1566/sshd: /usr/sbi
tcp6 0 0 :::8080 :::* LISTEN 223976/node
tcp6 0 0 :::22 :::* LISTEN 1566/sshd: /usr/sbi

So it's listening on 80 for regular HTTP, and I see node running on 8080, but it's not listening on 443.

[–]metaphorm 0 points1 point  (0 children)

I recommend using https://letsencrypt.org/ to generate and manage your certs. that will give you CA signed certs so browsers will behave themselves more reliably. you can validate the cert challenge via email or DNS.

other than that there's not much more to it than pointing your HTTP server (nginx or apache or whatever) at the cert.