Solved

How to configure redirection URL when using AWS's ALB with SSL

  • 4 October 2022
  • 6 replies
  • 70 views
T
Badge

Hello.

 

I'm trying to host FME Server under AWS's Application Load Balancer (ALB).

 

A SSL certification (which is provided by AWS) is attached to the ALB and ALB listens to 443 port.

The EC2 insance runs FME web application on the standard HTTP port (80).

 

Let's say the domain I host FME Server is mysite.com.

When I open https://mysite.com , the browser redirects to http://mysite.com/fmeserver/ (port 80) instead of https://mysite.com/fmeserver/ .

 

How can I configure FME Server web application to redirect to https ?

 

EDIT:

I'm using Ubuntu 20.04.

FME Server installer is https://downloads.safe.com/fme/2022/fme-server-2022.1.2-b22627-linux-x64~ubuntu.20.04.run

icon

Best answer by takashige 11 October 2022, 10:24

View original

6 replies

dustin
Rank
Userlevel 3
Badge +26

Configuring for HTTPS (safe.com) This documentation should be helpful to you.

T
Badge

Configuring for HTTPS (safe.com) This documentation should be helpful to you.

Thank you for answering!

 

I read the documentation.

In my case ( which is a standard way to host EC2 with SSL in AWS), SSL certificate is not attached to the EC2 instance but to the load balancer (ALB) .

EC2 instance listens to 80 port.

ALB listens to 443 port and forwards requests to EC2's 80 port.

 

Do I still have to flow the steps in the document above?

richardatsafe
Rank
Badge +10

Thank you for answering!

 

I read the documentation.

In my case ( which is a standard way to host EC2 with SSL in AWS), SSL certificate is not attached to the EC2 instance but to the load balancer (ALB) .

EC2 instance listens to 80 port.

ALB listens to 443 port and forwards requests to EC2's 80 port.

 

Do I still have to flow the steps in the document above?

Hi @takashige​ ,

 

It's up to you whether you want to encrypt FME Server or not. A lot of customers are happy having the ALB deal with the certificates and sending HTTP request to the server. If you want to configure FME Server for HTTPS then you will also have to change the ALB redirects to use HTTPS. Either way, though your Services will need updating to reflect the ALB URL. https://docs.safe.com/fme/html/FME_Server_Documentation/AdminGuide/Set-Up-Load-Balancer.htm

T
Badge

Thank you for answering!

 

I read the documentation.

In my case ( which is a standard way to host EC2 with SSL in AWS), SSL certificate is not attached to the EC2 instance but to the load balancer (ALB) .

EC2 instance listens to 80 port.

ALB listens to 443 port and forwards requests to EC2's 80 port.

 

Do I still have to flow the steps in the document above?

Hi, @richardatsafe​ 

 

Thank you for answering.

 

I've already followed the steps in "Configure FME Server with the Load Balancer URL" of the URL you mentioned.

 

I thought I could set redirection url somewhere in fmeServerConfig.txt or Web UI.

But it seems I was wrong.

I'm sorry for my poor understanding of English (which is not my 1st language) but let me confirm again. 🙏

 

> you will also have to change the ALB redirects to use HTTPS

 

So one of the collect setting for my case is ...

 

  1. ALB listens to 443 port
  2. user access to https://mysite.com
  3. ALB forwards the request to EC2's port 80
  4. Redirection url is http://mysite.com/fmeserver/ (port 80)
  5. ALB redirects the request on 80 port to 443

 

Am I right?

 

I'll try a bit more setting ALB on 443 port and EC2 on 80.

If I have no luck, I'll set EC2 on 443 port with self-signed SSL certificate .

 

Thank you again.

 

 

 

 

T
Badge

I solved the problem.

 

After all, all I had to do was changing proxyPort to "443" and scheme to "https" in <FMEServerDir>\\Utilities\\tomcat\\conf\\serer.xml.

 

Thank you.

 

 

richardatsafe
Rank
Badge +10

I solved the problem.

 

After all, all I had to do was changing proxyPort to "443" and scheme to "https" in <FMEServerDir>\\Utilities\\tomcat\\conf\\serer.xml.

 

Thank you.

 

 

Thanks for posting the answer. I see where you are going with this now. Typically we only see the need for the server.xml configuration if you are using Azure AD or it's a gateway vs a load balancer. I'll add to the documentation to make this recommendation across the board for all load balancers / reverse proxies.

Reply


Community Stats

28,731
Posts
109,530
Replies
36,565
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.