AWS Application Load Balancer with SSL

This Blog has moved from Medium to blogs.tensult.com. All the latest content will be available there. Subscribe to our newsletter to stay updated.

There are many aspects to consider when we run an application behind a load balancer. It varies based on many factors like nature of the application, component services, CNAME, SSL, re-writing rules etc. Let us consider running an application with a single instance behind the load balancer over SSL. I have considered Moodle as the application here. Let us see the configuration steps involved:

• Create SSL certificate
• Create Application Load balancer
• Edit DNS server
• Modify the application

Create SSL certificate

1) Login to AWS web console and access Certificate Manager

2) Click Request Certificate.

3) Select Request a Public Certificate.

4) Enter your domain name.

5) Select Email Validation( Email is sent to 8 mail IDS, admin@yourdomain, administator@yourdomain, webmaster@yourdomain, hostmaster@yourdomain, postmaster@yourdomain and registered Domain registrant, Technical contact, Administrative contact of your DNS WHOIS database).

6) Log in to one of the above mailboxes and follow the instructions to approve the certificate.

7) Access Certificate Manager to see that certificate status turns to issued

Create Application Load balancer

1. Create application Load Balancer with following properties

Name: any_name
Scheme: internet-facing
IP address type :ip4
Listeners: HTTP,HTTPS
Availability Zones: Multiple

2) Choose a certificate from ACM done from the previous step

3) Create Security Group which permits Http and https

4) Create Target Group and add your application instance as target

Edit DNS Server

Login to your DNS and add CNAME for load balancer endpoint with the application (www.yourdomain.com) website name.

Modify Application

The steps added below are applicable to any Apache-based application. I have considered Moodle as the application here.

1. In the moodle directory create a .htaccess to accommodate Http re-write rules.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

2) Edit moodle/config.php to replace Http with https

$CFG->wwwroot = ‘https://www.yourdomain.com';

3) To have load balancer support add the line below to moodle/config.php

$CFG->sslproxy  = 1

4) Restart the web service.

5) Access the Moodle web site from your web browser and test it.

UPDATE: AWS recently added redirection feature to Application Load balancer so now we can directly use ALB to redirect the web request from HTTP to HTTPS.

Conclusion

There are certain considerations we have to fulfill while we configure the application behind a load balancer. We configured an application behind the Application Load Balancer which can redirect the web request from HTTP to HTTPS.