Good morning gents, I’ve taken the next step in my Roll journey and need a little help

I’ve installed an ACM SSL cert and added the ARN to my config.edn, following the example

but I’m getting errors from the servlet container that indicate that the encrypted request is being passed through on port 8080

I don’t know EC2 well enough to figure out where the decryption occurs i.e. which part of my Roll config I got wrong.

Any suggestions?

FWIW here’s the error WARN org.eclipse.jetty.http.HttpParser - Illegal character 0x16 in state=START for buffer [email protected][p=1,l=168,c=8192,r=167]={\x16<<<\x03\x01\x00\xA3\x01\x00\x00\x9f\x03\x03\x9d\x81\n\xCd\xDd\xF9\xCb...\x02\x04\x03\x03\x01\x03\x02\x03\x03\x02\x01\x02\x02\x02\x03>>>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}

@steveb8n did you update the protocol?

(I also notice the sample config is wrong in this)

yes here’s my config `{:listen 443 :forward ^:ref [:web-server :port] :protocol “HTTPS” :ssl-policy “ELBSecurityPolicy-2015-05" :certificate-arn “<elided>“}`

does that look right?

@steveb8n looks exactly like ours.

odd isn’t it. I think this must be an EC2 config thing but I don’t know which part

it seems to be ELB -> Target Group -> EC2 Instances but where would 443 decrypt to 8080 in that chain?

before ELB makes the most sense I suppose

ELB should do the decryption, yeah.