For our setup, SSL negotiation will be done by nginx on the web server, rather than by the ELB. With nginx, leveraging multiple server blocks each with its own SSL certificate is pretty straight forward. Here is what you will need:
Nginx >= 1.6.2 Ubuntu >= 14.04 AWS CLI
Prerequisites: The nginx PPA includes the required modules, so there is no need to compile a build. Feel free to adjust to your own requirements.
The AWS CLI will require credentials provided by your account.
Install AWS CLI
Create and Configure the Load Balancer: The listener port should be created using the TCP protocol for both the Load Balancer Protocol and the Instance Protocol. The application layer protocol (HTTPS) is not handled until we reach the nginx instance. In most cases, the public port should be the standard 443.
Create proxy protocol policy
Add policy to elb
And that’s it. If the real IP settings are working correctly, you should not need to setup a custom log format.
Creating separate server blocks for direct and proxied traffic is more verbose, but has a few benefits. It mitigates the need for conditional blocks later down the road. I also find that it is easier for others to understand.