(4 of 4 Create an ELB with the signed certificate)
This guide goes over setting up an ELB with a multi-domain SSL certificate. The servers attached to the ELB will run multiple Play servers on different ports with an nginx server running in front of them to handle routing based on domain/subdomain names.
This guide goes over setting up an ELB with a multi-domain SSL certificate. The servers attached to the ELB will run multiple Play servers on different ports with an nginx server running in front of them to handle routing based on domain/subdomain names.
I know that is quite a mouthful but here is what I am trying to accomplish….
I want to run more than one Play Server on an ec2 instance. Each Play Server will run on its own port. I want to have a domain name to route to a specific Play server. Ex. www.example.com routes to the Play server running on port 9000 and www2.example.com routes to the Play server running on port 8000. In addition I want all the communication to be secure using ssl certificates.
For an individual server you could simply put a nginx server in front of the Play servers and have the nginx handle routing based on domain name. But, in this case I want to add an AWS ELB (Elastic Load Balancer) in front of several EC2 machines.
Here is what I have found out thus far. The ELB can handle the ssl certificate, but it can only have one certificate per ELB. This forces you to use a multi-domain SSL certificate. Also the ELB cannot port forward based on domain name so you still need an nginx server in front of the Play servers.
I want something like this. The ELB handles the certificate and the nginx server handles the domain name routing.
Create an ELB
Give it a name, in my case I called mine myTestLoadBalancer
Test the Load balancer
Associate domain name
Adding an SSL certificate to the ELB
Other resource issue
Here is a link to all the guides in this series
1 - http://www.whiteboardcoder.com/2013/04/1-of-4-amazon-elb-multi-domain-ssl.html
2 - http://www.whiteboardcoder.com/2013/04/2-of-4-amazon-elb-multi-domain-ssl.html
3 - http://www.whiteboardcoder.com/2013/04/3-of-4-amazon-elb-multi-domain-ssl.html
4 - http://www.whiteboardcoder.com/2013/04/4-of-4-amazon-elb-multi-domain-ssl.html
Create an ELB
Now that you have the server and the SSL certificate it's
time to create the ELB
Log into the AWS web console and open up the EC2 service
Click on Load Balancers
Click on Create Load Balancer
Give it a name, in my case I called mine myTestLoadBalancer
In my case I have my ec2 instance running in a VPC I
made. If you are in a similar situation
you need to select your VPC from the pull down menu.
Leave the rest of it the same and click continue
Set the health checks.
In my case I kept them the same.
Click Continue
(I went back and changed the
ping path to "/")
If this is an ELB using a VPC you need to select which
subnets it can attach to. Then click
Continue
Assign a security group to the ELB and click continue
Select the instances you want to attach to this load
balancer by checking their checkboxes then click Continue.
Review the information and then click Create.
Click "View my load balancers and check their status.
Test the Load balancer
Looking at the load balancer you can see that it has an
address associated with it. In my case
it is
myTestLoadBalancer-703543986.us-west-2.elb.amazonaws.com
Now open up the a browser with
Success!
Associate domain name
I won't go into great detail here but I created a subdomain
ssl-test for whiteboardcoder.com on route 53.
I made a CNAME and entered in the ELB name and clicked save Record Set. I also did the same thing for my
ssl-test2.whiteboardcoder.com subdomain.
I ran a dig command to make
sure the domain names were using the cname now.
> dig ssl-test.whiteboardcoder.com
> dig ssl-test2.whiteboardcoder.com
|
Also I had to close the tab on chrome and open a new one to
refresh it and get the new web location.
Now I opened
Success! It's using
the ELB
Adding an SSL certificate to the ELB
What I really want to do is add an SSL certificate to the
load balancer.
I already have my SSL certificate set up and ready to
go. I have other posts about how to
create an SSL certificate if you get stuck on that.
Assuming you have your SSL certificate here is what you need
to do.
Add 443
You need to add port 443 to the ELB
Select the ELB and then click on the Listener tab
From the pull down select HTTPS then click select under the
SSL Certificate column
Give it a name, I
called mine ssl-test.
Enter the private Key and Public Key certificates then click
Save
(the private key is from the whiteboardcoder.key file)
(the public key is from the file ssl-test.whiteboardcoder.com.crt
downloaded from godaddy)
Select the certificate you just made and click Save.
Click Save. (At this
point I did get an odd error Could not add listener. Server Certificate not found for
the key: ) I fixed this by just refreshing the page and
selecting the certificate again.
Now test the https version of the site. In my case I opened
Success!
Other resource issue
In chrome I get this notification that warns me of some
resources on the page not being encrypted.
This is because the default Play page is bringing in resources from
other domains.
To get rid of this notice you need to update the play files.
> cd
> vi HelloWorld/app/controllers/Application.scala
|
Update it to
package controllers
import play.api._
import play.api.mvc._
object Application extends Controller {
def index = Action {
Ok("Hello World this is
the port 9000 Play server")
}
}
|
And then update the other file
> cd
> vi HelloWorld2/app/controllers/Application.scala
|
Update it to
package controllers
import play.api._
import play.api.mvc._
object Application extends Controller {
def index = Action {
Ok("Hello World this is
the port 8000 Play server")
}
}
|
Reload the https
pages.
For chrome I had to
open a new tab. If I tried to refresh
the old tab I the yellow notifications were not updated for some reason.
Success! With no yellow notifications.
Here is a link to all the guides in this series
1 - http://www.whiteboardcoder.com/2013/04/1-of-4-amazon-elb-multi-domain-ssl.html
2 - http://www.whiteboardcoder.com/2013/04/2-of-4-amazon-elb-multi-domain-ssl.html
3 - http://www.whiteboardcoder.com/2013/04/3-of-4-amazon-elb-multi-domain-ssl.html
4 - http://www.whiteboardcoder.com/2013/04/4-of-4-amazon-elb-multi-domain-ssl.html
References
[1] How to Create a SSL
Certificate on nginx for Ubuntu 12.04
Accessed
03/2013
No comments:
Post a Comment