I am running a nodejs server on ec2 on port 3000. In order to connect it to internet, I am running a nginx server to proxy requests from port 80 to 3000.
I have a ec2 domain "http://ec2-xxx.compute.amazonaws.com" and I am able to make both post and get requests here successfully.
Now I have a domain and want "api.mydomain.com" to point to this server. For that I am using ACM and Cloudfront, after configuring both of them I am successfully able to make GET requests over https however post requests keep getting 502 error response from cloudfront.
This is how a request looks like:
(https) -> route53 -> cloudfront -> (http) -> nginx -> nodejs
GET request on http://ec2-xxx.compute.amazonaws.com: working
POST request on http://ec2-xxx.compute.amazonaws.com: working
GET request on http://dyyyyy.cloudfront.net: working
POST request on http://dyyyyy.cloudfront.net: working
However,
GET request on https://dyyyyy.cloudfront.net: working
POST request on https://dyyyyy.cloudfront.net: not working [<- how do I debug this]
GET request on https://api.mydomain.com: working
POST request on https://api.mydomain.com: not working
This is the my nginx config file:
server {
listen 80;
server_name ec2-3-109-166-206.ap-south-1.compute.amazonaws.com;
location / {
proxy_pass http://127.0.0.1:3000/;
proxy_redirect http://127.0.0.1:3000/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Connection $http_connection;
proxy_ssl_server_name on;
proxy_ssl_session_reuse off;
}
}
I cannot seem to figure out why are GET requests over https successful but POST requests give this error
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>502 ERROR</H1>
<H2>The request could not be satisfied.</H2>
Update: Adding Cloudfront Settings
- Settings
- price class: Use all edge locations (best performance)
- Alternate domain name (CNAME): api.mydomain.com
- Custom SSL certificate: domain.com (id generated by acm)
- legacy client support: not enabled
- security policy: TLSv1
- Supported HTTP versions: HTTP1, HTTP2, HTTP3
- Standard Logging: Off
- IPv6: On
Origin:
- domain: ec2-xxx.compute.amazonaws.com
- protocol: match-viewer
- http: 80
- https: 443
- Minimum Origin SSL protocol: TLSv1.2
- origin path: [empty]
- enable shield: No
Behavior
- Path Pattern: default(*)
- origin: ec2-xxx.compute.amazonaws.com
- compress objects automatically: yes
- viewer protocol policy: Http and Https
- Allowed http methods: GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
- Restrict Viewer Access: No
- Cache key and origin requests: Cache policy and origin request policy (recommended)
- Cache Policy: CachingOptimized
- Origin Request Policy: None
- Response Headers Policy: CorsAndSecurityHeadersPolicy
- SmoothStream: No
- Field Encryption: No
- Function Associations: No Association (for all requests and responses)