Fork me on GitHub
#juxt
<
2017-09-12
>
steveb8n07:09:50

Good morning gents, I’ve taken the next step in my Roll journey and need a little help

steveb8n07:09:30

I’ve installed an ACM SSL cert and added the ARN to my config.edn, following the example

steveb8n07:09:15

but I’m getting errors from the servlet container that indicate that the encrypted request is being passed through on port 8080

steveb8n07:09:06

I don’t know EC2 well enough to figure out where the decryption occurs i.e. which part of my Roll config I got wrong.

steveb8n07:09:09

Any suggestions?

steveb8n07:09:02

FWIW here’s the error WARN org.eclipse.jetty.http.HttpParser - Illegal character 0x16 in state=START for buffer HeapByteBuffer@4c14e830[p=1,l=168,c=8192,r=167]={\x16<<<\x03\x01\x00\xA3\x01\x00\x00\x9f\x03\x03\x9d\x81\n\xCd\xDd\xF9\xCb...\x02\x04\x03\x03\x01\x03\x02\x03\x03\x02\x01\x02\x02\x02\x03>>>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}

dominicm08:09:28

@steveb8n did you update the protocol?

dominicm08:09:38

(I also notice the sample config is wrong in this)

steveb8n09:09:19

yes here’s my config `{:listen 443 :forward ^:ref [:web-server :port] :protocol “HTTPS” :ssl-policy “ELBSecurityPolicy-2015-05" :certificate-arn “<elided>“}`

steveb8n09:09:41

does that look right?

dominicm10:09:57

@steveb8n looks exactly like ours.

steveb8n10:09:51

odd isn’t it. I think this must be an EC2 config thing but I don’t know which part

steveb8n10:09:51

it seems to be ELB -> Target Group -> EC2 Instances but where would 443 decrypt to 8080 in that chain?

steveb8n10:09:13

before ELB makes the most sense I suppose

dominicm10:09:43

ELB should do the decryption, yeah.