Elastic Beanstalk instance not responding with https

Question

I'm trying to setup https on my EB instance, which is runnning a django app, it currently works with http, but with https it times out. I've been through every step I thought I needed to:

1. Created self signed certificate with name being the domain (myapp123.vdfb.eu-central-1.elasticbeanstalk.com) and uploaded it to the Certificate Manager

2. Setup port 443 on the Load Balancer:

3. Add rule on the security group attatched to the ec2 instance:

4. Also add rule on the security group attatched to the Load Balancer:

5. Also added these lines in my settings file in the django app:

   SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
   SESSION_COOKIE_SECURE = True
   CSRF_COOKIE_SECURE = True
   

After all of this, it still keeps not resolving when I try to access it with https://.... What am I missing?

Answer 1

Depending on the EB stack, activating TLS does not automatically mean that it is being activated on the backend as well. You have two options:

Terminate at the load balancer

User Agent <-- HTTPS --> Elastic Load Balancer <-- Plain HTTP --> Backend

Just change the "instance protocol" setting from HTTPS to HTTP. This terminates the TLS connection on the load balancer and talks unencrypted HTTP with the backend instance. If that fits your security demands, that would be the easiest and quickest solution, because you don't need to adjust your application.

Terminate at the backend instance

User Agent <-- HTTPS --> Elastic Load Balancer <-- HTTPS --> Backend

In this case, you have to provide an HTTPS listener within your application stack. The stack is partially provided by AWS and depends on your deployment platform, so I would like to forward you to the official docs as they contain the best practices: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-singleinstance-python.html