SSL & Elastic Beanstalk Load Balancing
DNS for EC2 / Elastic Beanstalk Load Balancing
Becuase EC2 and Elastic Beanstalk instance will apply load balancer, so no static IP address is assigned.
So the only valid option is to create "www" cname that opint to the EC2 instantces load balancing url.
However, if you want to change the root level domian, most of DNS provider won't allow you to do so, cause the URL is not a valid ip address. Some DNS provider allows you to create @ cname and point to 'app.url'
Alternatively, could use AWS Router 53. Router 53 helps you created hosted zone that then define record sets.
So you could create an "Alias" www or root then point to Load Balancer.
HTTPS SSL on AWS
- Load the Cert to EC2 Load Balancer.
- In Security Group, allow HTTPS 443 inbound from any source.
AWS Health Check
Health Check will auto ping/check the target load balancer, if repsonse timeout, it will Email and indicate the instance is not avilable, so the load balancer will be auto-removed.
For debugging purposes.
1. create robot.txt file under your document root.
2. In AWS Load Balancer, change the Heath Check to HTTP:80 target at /robot.txt, also upsize the time to 5 mins
AWS Load Balancer and Web Nodes
Since Web Nodes only accept traffic from port 80, the Load Balancer accepts traffic from both HTTP:80/ HTTPS:443 and forward to Web node port 80.
Therefore, The traditional
RewriteCond %{HTTPS} on #is not working
RewriteCond %{Server_Port} 80 #is not working, will generate error "too many redirects"
Apache config / .htaccess
AWS introduced a new handler for checking the fowarded https protocol.
#enable ssl
RewriteCond %{HTTP:X-Forwarded-Proto} !=https #works
RewriteRule (.*) https://%{SERVER_NAME}/$1 [last]
RewriteCond %{HTTP:X-Forwarded-Proto} !=https #works
RewriteCond %{REQUEST_URI} !/^events [or]
RewriteCond %{REQUEST_URI} !/^events [or]
RewriteRule (.*) https://%{SERVER_NAME}/$1 [last]