On AWS, I'm hosting Multiple (totally different) Domains on EC2 covered by an ELB on top. I already have 1 Wildcard SSL Cert for 1 Domain and its childs. (xxxx.site1.com)
Then now can I add one more Single SSL Cert (on same ELB) for 1 another different Domain, like (www.site2.com) please?
I'm asking this because some Articles are saying, it won't work and just crush.
Please kindly advise.
No. The only way you could do it is if you use a second port for HTTPS connections (other than 443) which doesn't apply to real world scenarios since 443 is the default port for HTTPS
Having said that, you can simply create a second ELB and assign your second wildcard certificate to it. You can also forward your traffic to the same backend server as the one where the first ELB is forwarding its traffic to.
Hope this helps.
Yes. But not by terminating SSL on the load balancer. You have to enable Proxy Protocol on the ELB and transparently forward TCP requests to the web server. There are more details in this article on how to configure the ELB with example NGINX configurations:
Multiple SSL domains on AWS ELB with Nginx
Using the AWS CLI to enable:
aws elb create-load-balancer-policy \
--load-balancer-name acme-balancer \
--policy-name EnableProxyProtocol \
--policy-type-name ProxyProtocolPolicyType \
--policy-attributes AttributeName=ProxyProtocol,AttributeValue=True
aws elb set-load-balancer-policies-for-backend-server \
--load-balancer-name acme-balancer \
--instance-port 9443 \
--policy-names EnableProxyProtocol
aws elb describe-load-balancers --load-balancer-name acme-balancer
There is also a mod_proxy_protocol
module available if you are using Apache.
This does NOT add an additional distribution layer; ELB still handles distributing the traffic, connection draining. However, SSL termination is handled by each individual server.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With