Unable to make it works using HTTPS with a container port configured on 80

[ms-spown]

Hello,

I tried your module with the official "nginx:alpine" docker image. I configured a new certificate and the route53 record but I am still unable to make it work properly:

If I keep the default configuration, I can't "tf apply" my config because it says my container has no 443 port openned. So I adapted the module configuration as below:

module "test-fargate" {
  source  = "cn-terraform/ecs-fargate/aws"
  version = "2.0.46"
  name_prefix         = "test"
  vpc_id              = module.test-network.vpc_id
  container_image     = "nginx:alpine"
  container_name      = "test"
  public_subnets_ids  = module.test-network.public_subnets_ids
  private_subnets_ids = module.test-network.private_subnets_ids
  default_certificate_arn = module.acm.acm_certificate_arn
  port_mappings       = [
    {
      containerPort = 80
      hostPort = 80
      protocol      = "tcp"
    }
  ]
  lb_https_ports      =  {
    default_http = {
      listener_port     = 443
      target_group_port = 80
    }
  }
  lb_target_group_health_check_matcher = "200-305"
  lb_target_group_health_check_path = "/"
}

Now, I can terraform apply, but it doesn't work using HTTPS, I get this response from awselb/2.0: 503 Service Temporarily Unavailable.

It works using HTTP (80), but my goal is to auto-redirect 80 to 443 and make it works using HTTPS.

Do you have any suggestion ? Should I open the 443 port on my container ?

Regards,

[AlexAtkinson]

@ms-spown , this might be what you need. lb_https_ports ultimately maps to 'https_ports' in cn-terraform/ecs-alb/aws, which defaults to "HTTPS" for the proto if 'target_group_proto' isn't provided. Note that while that value is not specified in the parent module for lb_https_ports, providing it doesn't hurt.

    lb_https_ports = {
        "default_http": {
            "listener_port": 443,
            "target_group_port": 80,
            "target_group_protocol": "HTTP"
        }
    }