Multi SSL Host With ELB - HashedIn Technologies

Multi SSL Host With ELB

Technology - 08 May 2017
Saurabh Srivastava

For our setup, SSL negotiation will be done by nginx on the web server, rather than by the ELB. With nginx, leveraging multiple server blocks each with its own SSL certificate is pretty straight forward. Here is what you will need:

Nginx >= 1.6.2 Ubuntu >= 14.04 AWS CLI

Prerequisites: The nginx PPA includes the required modules, so there is no need to compile a build. Feel free to adjust to your own requirements.

Install Nginx

The AWS CLI will require credentials provided by your account.

Install AWS CLI

Create and Configure the Load Balancer: The listener port should be created using the TCP protocol for both the Load Balancer Protocol and the Instance Protocol. The application layer protocol (HTTPS) is not handled until we reach the nginx instance. In most cases, the public port should be the standard 443.

Create proxy protocol policy

Add policy to elb

Describe ELB

And that’s it. If the real IP settings are working correctly, you should not need to setup a custom log format.

Creating separate server blocks for direct and proxied traffic is more verbose, but has a few benefits. It mitigates the need for conditional blocks later down the road. I also find that it is easier for others to understand.


E-book on Digital Business Transformation