0

I am running a nodejs server on ec2 on port 3000. In order to connect it to internet, I am running a nginx server to proxy requests from port 80 to 3000.

I have a ec2 domain "http://ec2-xxx.compute.amazonaws.com" and I am able to make both post and get requests here successfully.

Now I have a domain and want "api.mydomain.com" to point to this server. For that I am using ACM and Cloudfront, after configuring both of them I am successfully able to make GET requests over https however post requests keep getting 502 error response from cloudfront.

This is how a request looks like:

(https) -> route53 -> cloudfront -> (http) -> nginx -> nodejs

However,

This is the my nginx config file:

server {
        listen       80;
        server_name  ec2-3-109-166-206.ap-south-1.compute.amazonaws.com;
        location / {
            proxy_pass         http://127.0.0.1:3000/;
            proxy_redirect     http://127.0.0.1:3000/ /;

            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

            proxy_set_header Connection $http_connection;

            proxy_ssl_server_name on;
            proxy_ssl_session_reuse off;
       }
}

I cannot seem to figure out why are GET requests over https successful but POST requests give this error

<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>502 ERROR</H1>
<H2>The request could not be satisfied.</H2>

Update: Adding Cloudfront Settings

  1. Settings
  2. price class: Use all edge locations (best performance)
  3. Alternate domain name (CNAME): api.mydomain.com
  4. Custom SSL certificate: domain.com (id generated by acm)
  5. legacy client support: not enabled
  6. security policy: TLSv1
  7. Supported HTTP versions: HTTP1, HTTP2, HTTP3
  8. Standard Logging: Off
  9. IPv6: On

Origin:

  1. domain: ec2-xxx.compute.amazonaws.com
  2. protocol: match-viewer
  3. http: 80
  4. https: 443
  5. Minimum Origin SSL protocol: TLSv1.2
  6. origin path: [empty]
  7. enable shield: No

Behavior

  1. Path Pattern: default(*)
  2. origin: ec2-xxx.compute.amazonaws.com
  3. compress objects automatically: yes
  4. viewer protocol policy: Http and Https
  5. Allowed http methods: GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
  6. Restrict Viewer Access: No
  7. Cache key and origin requests: Cache policy and origin request policy (recommended)
  8. Cache Policy: CachingOptimized
  9. Origin Request Policy: None
  10. Response Headers Policy: CorsAndSecurityHeadersPolicy
  11. SmoothStream: No
  12. Field Encryption: No
  13. Function Associations: No Association (for all requests and responses)
2
  • Show your CloudFront settings.
    – AlexD
    Commented Feb 8 at 8:34
  • Updated the question @AlexD Commented Feb 8 at 9:04

1 Answer 1

0

You have configured 'protocol: match-viewer' in your CloudFront configuration. This setting means that CloudFront uses HTTPS to connect to your origin server (EC2) when a client uses HTTPS to connect to api.mydomain.com but your nginx doesn't have HTTPS configured. Switch to protocol to HTTP-only or configure HTTPS in nginx. Reference: CloudFront documentation

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .