Scaling Multiple SSL Domains on Multiple EC2 instances in AWS ELB
You are on the right track.
ELBs can be SSL termination proxies. In this scenario you set up HTTPS one time on the ELB and install the certificate there and not on the instances.
Traditionally for SSL you needed the web server name to match the CN in the cert. This hasn't been the case for a while now. See http://en.wikipedia.org/wiki/Secure_Sockets_Layer#Support_for_name-based_virtual_servers So no, in no case do you need, including ELB terminated SSL, separate IP addresses for each site.
You can configure the ELB to terminate SSL and speak HTTP to the instances.
It is Amazon's strong recommendation that your website CNAMEs to the ELB instance name (or names, multi-AZ ELBs return 1 name per AZ). The IP addresses can change, especially if you ELB is very E due to traffic spikes.
I would also look into "DNS Failover for Elastic Load Balancing" if you ELBs are going to be multi-AZ.
I strongly recommend you read Amazon's documentation on ELBs http://aws.amazon.com/elasticloadbalancing/ . All these questions are answered--and more!--are answered there and there are best practices. This will be better than gaining a piecemeal understanding through Serverfault questions. (Certainly if you want clarification on the docs SF may be a good place to ask a question.)
Related videos on Youtube
09 : 38
06 : 48
![[ AWS 9 ] Configuring Auto Scaling Group with ELB Elastic Load Balancer](https://i.ytimg.com/vi/aOAqH48Cyc8/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLAj1YlfZSMZCIUfUyaxyMo0dMmYbg)
26 : 25
25 : 00
02 : 45
FAtBalloon
Updated on September 18, 2022Comments
-
FAtBalloon over 1 year
I'm setting up server that will host multiple SSL domains across a wide range of load balanced EC2 instances and being a programmer who really sucks at network/infrastructure stuff I had some questions:
I'm assuming that by using ELB I only have to setup HTTPs one time under the ELB and install the certificate there and not on the actual instances?
For SSL, do I still need separate IP addresses for each site when using ELB or does the communication from ELB to the instance run over HTTP?
What's the best way to point the websites to the elb? CNAME record to the amazon ELB instance name?
Should I be using a loadbalancer for this, am I on the right track here?
I am completely open to any other suggestions/help on this issue.
Thank you for your help.
-
Shatiz over 8 years
-
-
FAtBalloon about 10 yearsMark, thank you so much for the insightful answer. Question for you about the CNAME to ELB. I saw that you can create a CNAME for your www.mydomain.com and then create an Alias 'A' record in Route 53 for mydomain.com. So what if I'm not using Route 53 for DNS? Do I just create a CNAME and not worry about the 'A' record? Or how should I handle this since you can only typically point an A record to an IP address?
-
Mike Scott almost 9 yearsIf you're not using Route 53 for DNS, you basically can't use SSL ELBs for your naked domain. You'll have to handle it some other way, typically by serving a 301 redirect from
http://example.com/tohttps://www.example.com/.
