AWS Application Load Balancer with SSL

There are many aspects to consider when we run an application behind a load balancer. It varies based on many factors like nature of the application, component services, CNAME, SSL, re-writing rules etc. Let us consider running an application with a single instance behind load balancer over SSL. I have considered Moodle as the application here. Let us see the configuration steps involved:

  • Create SSL certificate
  • Create Application Load balancer
  • Edit DNS server
  • Modify the application

Create SSL certificate

1) Login to AWS web console and access Certificate Manager

2) Click Request Certificate.

3) Select Request a Public Certificate.

4) Enter your domain name.

5) Select Email Validation( Email is sent to 8 mail IDS, admin@yourdomain, administator@yourdomain, webmaster@yourdomain, hostmaster@yourdomain, postmaster@yourdomain and registered Domain registrant, Technical contact, Administrative contact of your DNS WHOIS database).

6) Login to one of the above mail boxes and follow the instructions to approve the certificate.

7) Access Certificate Manager to see that certificate status turns to issued

Create Application Load balancer

  1. Create application Load Balancer with following properties
Name: any_name
Scheme: internet-facing
IP address type :ip4
Listeners: HTTP,HTTPS
Availability Zones: Multiple

2) Choose a certificate from ACM done from the previous step

3) Create Security Group which permits http and https

4) Create Target Group and add your application instance as target

Edit DNS Server

Login to your DNS and add CNAME for load balancer endpoint with the application (www.yourdomain.com) website name.

Modify Application

The steps added below are applicable to any Apache based application. I have considered Moodle as the application here.

  1. In the moodle directory create a .htaccess to accommodate http re-write rules.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

2) Edit moodle/config.php to replace http with https

$CFG->wwwroot = ‘https://www.yourdomain.com';

3) To have load balancer support add the line below to moodle/config.php

$CFG->sslproxy  = 1

4) Restart the web service.

5) Access the moodle web site from your web browser and test it.

UPDATE: AWS recently added redirection feature to Application Load balancer so now we can directly use ALB to redirect the web request from HTTP to HTTPS.

Conclusion

There are certain considerations we have to fulfill while we configure application behind a load balancer. We configured an application behind the Application Load Balancer which can redirect the web request from HTTP to HTTPS.