AWS Application Load Balancer with SSL

Girish V P
Jul 11, 2018 · 2 min read

This Blog has moved from Medium to blogs.tensult.com. All the latest content will be available there. Subscribe to our newsletter to stay updated.

There are many aspects to consider when we run an application behind a load balancer. It varies based on many factors like nature of the application, component services, CNAME, SSL, re-writing rules etc. Let us consider running an application with a single instance behind the load balancer over SSL. I have considered Moodle as the application here. Let us see the configuration steps involved:

  • Create SSL certificate
  • Create Application Load balancer
  • Edit DNS server
  • Modify the application

Create SSL certificate

1) Login to AWS web console and access Certificate Manager

2) Click Request Certificate.

3) Select Request a Public Certificate.

4) Enter your domain name.

5) Select Email Validation( Email is sent to 8 mail IDS, admin@yourdomain, administator@yourdomain, webmaster@yourdomain, hostmaster@yourdomain, postmaster@yourdomain and registered Domain registrant, Technical contact, Administrative contact of your DNS WHOIS database).

6) Log in to one of the above mailboxes and follow the instructions to approve the certificate.

7) Access Certificate Manager to see that certificate status turns to issued

Create Application Load balancer

  1. Create application Load Balancer with following properties
Name: any_nameScheme: internet-facingIP address type :ip4Listeners: HTTP,HTTPSAvailability Zones: Multiple

2) Choose a certificate from ACM done from the previous step

3) Create Security Group which permits Http and https

4) Create Target Group and add your application instance as target

Edit DNS Server

Login to your DNS and add CNAME for load balancer endpoint with the application (www.yourdomain.com) website name.

Modify Application

The steps added below are applicable to any Apache-based application. I have considered Moodle as the application here.

  1. In the moodle directory create a .htaccess to accommodate Http re-write rules.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

2) Edit moodle/config.php to replace Http with https

$CFG->wwwroot = ‘https://www.yourdomain.com';

3) To have load balancer support add the line below to moodle/config.php

$CFG->sslproxy  = 1

4) Restart the web service.

5) Access the Moodle web site from your web browser and test it.

UPDATE: AWS recently added redirection feature to Application Load balancer so now we can directly use ALB to redirect the web request from HTTP to HTTPS.

Conclusion

There are certain considerations we have to fulfill while we configure the application behind a load balancer. We configured an application behind the Application Load Balancer which can redirect the web request from HTTP to HTTPS.

Tensult Blogs

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store