Or to see how to create a REST API with Expressive, see: kzbin.info/aero/PL6_nF0awZMoMol4RPLf99WIZuoJ3l87oG

Thank you for contributing.

Thank you.

Thanks for sharing.

Glad I could help

Thank you for the comment. So happy it saved you some troubles.

So happy it helped you. Thank you for letting me know.

At 3:45 he says that SgBeachcasts Lb will be used by target instances - not LB.

3:40, sorry

I hope you found the video helpful, and have succeeded in what you needed to do.

Thank you. I hope you find many other problems to solve with my videos.

That's terrific! Did you do the entire load balancer setup as well?

Great point! Perhaps I will recreate this with more details. I've also learned more since creating this video.

Glad you liked it.

Thanks Marius. The topic was hot on my mind as this past week I had to implement this to help a client overcome a DDoS attack. However, learning this was painful because the docs were a little lacking and didn't smoothly cover how each step was required and linked.

Beachcasts Tech Videos that is true. There’s steps you need to do before enabling the service. Great explanation on the. Learned from this 👍

Thanks Nate. I certainly will look at that. Much appreciated.

It's been awhile since I've looked at that (WAF and ELB), but I think I remember setting up the WAF then associating it with the resource in the Web ACL Rules. Hope that helps.

If I understand correct, the load balancer will have the publicly used cert. Servers don't really matter.

I did this in the Load Balancers area of EC2. I added/set the port 80 listener of a Load Balancer to redirect as the Default action. Hope that helps you.

​@@Beachcasts Thank you for your response. Apologies, but I didn't see that in the video. I saw you edit the rule for Listener HTTPS:443 where the action forward to Target Group 'beachcast443' at 11:50, but I didn't see you edit the rule on Listener HTTP:80 to redirect to Target Group 'beachcast443' as well. Was that meant to be the idea? Or am I missing something? Thanks

You're correct. I didn't do that in the video. I learned it afterward. Give it a try in AWS. In the port 80 listener, delete the current action, and add a new action that redirects port 80 to the 443 listener.

Thank you. Happy it worked for you.

Awesome. Thank you.

Well, as a beginner to AWS and its intricacies, I followed this guide and although it appears my website is SSL certified, when I try and access it using , I get 502 bad gateway error :(

No, this video does not cover how to fully set up the SSL. It only covers how to send http and https through the load balancer. I recommend you set up the SSL first, then add the certificates to the AWS Security Manager, to be used by the Elastic Load Balancer.

Hope you figured this out.

Likely the security groups. I stumble on them every time. Good luck.

@@Beachcasts sounds about right. I still haven't fixed it. Do i set the security group to the cert manager certificate? Or the load balencer?

I found it helpful to look at the server logs to see if AWS was hitting it.

Thanks, will do!

Glad it helped!

ELB is able to balance across availability zones, but not regions, as far as I know.

Thanks for the comment. Yes, the policy allows all traffic on given ports. (example: port 80 and 443) But also insulates the actual IP of the server from being known. Plus, allows additional rules and policies to be put in place prior to passing traffic to the server. (Example: only allow specific IP to hit port 22) This video was a very basic example to get it set up.

@@Beachcasts Ideally, we would want to make the EC2 only allow access via port 80 and 443 from the IP of the ALB. Also, I ran into an annoying issue of my target groups failing the health check without a reason code being shown. For anyone else watching and having this issue, I had to install IIS and bind port 80 and 443 to the site then set the default document for the site. I then referenced the index.htm in the health check path in the target group. I confirmed access to the default file by accessing it from another server on the same network to ensure it was accessible and the target group health check wouldn't get a 404 error. Thanks again for the video and i look forward to your next one!

Thanks Andrew. I think you misunderstood. In the video I show exactly that. Making it so only the traffic coming from the ELB makes it to the EC2 instance via internal IP. Also in the video, I show how I added '/index.php' to the targets so the health checks passed. Both valid points covered in the video.

Great idea. Yes, the expected results are important.

Unfortunately, I'd need to know more of your setup. Typically, though I didn't show this in the video, I set up everything to https:443. Then I set up port 80 as a redirect to 443. Hope that helps.

Yes, in Certificate Manager you can add 3rd Party certs, and then use them. But honestly, easier to use a cert generated by AWS instead, and let the renewals get handled. Otherwise, you will need to re-upload the cert for every renewal.

Hi, will be there any problem if both the certificates are running, say AWS certificate running on my ALB and 3rd part certificate running on the application server, will there be any conflict or complication of using both certificates.

By implementing the ELB it gave me access to also use WAF to protect against common attacks. Not to mention removing the need for public IP on EC2 instances.

That is exactly what I need. Any resources you can point me to?

Hope you've figured this out since then. Thanks for watching.

Great question. I'll hold onto this for future content. Thank you.

You're welcome. Thanks for watching.

put / only

Server logs (like Apache) will show the responses, so you can see how your server is reacting to the health checks. Maybe it is sending 302 redirects, or something else. You can also customize the health check to look for a specific file "/index.html" for instance.

Thanks for sharing. Yes, you are correct, no need in most cases to encrypt traffic between the load balancer than server. I have a project where I use Let's Encrypt for other things, so wanted to carry it over to the load balancer. Othewise, not really needed.

every load balancer creates an endpoint, you have to use CNAME in your DNS

There are other DNS providers that also allow ALIAS types, but I don't know of any. I see another commenter mentioned CNAME, but I'm not sure if that will work for zone roots.

Beachcasts Programming Videos The CNAME worked, turns out the reason the routing didn't appear to work was because I had set the lb and instance to have the same security group, but I had to give them different security groups and allow traffic to the instance only from the security group that the load balancer had since I didn't want to expose the instance itself to the world.

@@sasogeek Thanks for sharing!

instrad of A record use CNAME?

Most welcome

Sorry about that. I was also struggling with it at the time. I should do a follow-up video to more thoroughly explain that portion. I've added it to my pending video list. ;-)

Glad you found it helpful. Thank you.

You're welcome!

Thanks for that. I need to add it to the merch merch.streamelements.com/beachcasts

I found out how, thank you anyways :)

Thank you for the added question.

Glad you figured it out. Thank you.

Great ideas! Thank you.

Try looking in the server logs of your EC2 instance. Often you can find the reason there. Often it is a bad route, or some small missing thing in the checks. Good luck.

Thanks for watching. Did you figure out the issue? I found that 503 happened most times from routing issues. I had to specify 'index.php' in my case for the app to resolve in quality tests.

@@Beachcasts I did. A simple error on my part.

@@paulhanrahan6728 Thanks for the update.

Happy you found it useful. Thank you for watching.

Very welcome.

Glad it helped!

Take a look at your website logs and see if the checks are hitting it. Might shed light on the fails.

no It is not even hitting it. I get bad gateway. 502.

@@rmuchala Did you resolve this issue? I have just followed the guide and have the same problem :/ There is nothing complex about my EC2 instance. It is a simple website created in Elastic Beanstalk and dns for the friendly domain managed in Route53.

@@rmuchala I would go through the checklist. Try another browser and/or clear your cache and try reloading. I hope this helps.

Originally I did do that while recording, but removed it because the quality of the section was not as expected. Decided not to re-record. ;-)

Yes, a domain is needed for the cert.

The load balancer doesn't really care what web server you are using. It simply forwards the port based on the Target you set up in the load balancer. Make sure your security groups are configured correctly.

@@Beachcasts Thanks a lot for your answer. I finnaly found the issue, I had to open the ports on the server in the Windows firewall. :-)

@@Beachcasts can you explain why we in security group load balancer added another sg-..52e ID sg ?

You're welcome! Thank you for watching.

You bet!

Glad you found it helpful.

Fully agree. It was a missed opportunity to include that in the video. However, I hope folks watching go the next step.

I like this idea. Thank you. Stay tuned.

Thank you. I agree, this video could have been more complete. I'm thinking of creating a new one with what I've learned since then, as well.

Thank you Barron. It was indeed a challenging topic I'd leaned mere hours before creating the video. Thanks for the feedback.

Thanks.

It can be. I've thought about creating a newer version of this, that is a little more simple. I've learned much more since creating this video.