Comments on: Using ELB to Serve Multiple Domains Over SSL on EC2 for Giggles and Unicorns

By: james

james — Fri, 16 Jul 2010 00:19:46 +0000

This is one of those cases where the CLI tools offer more functionality than the AWS console or Elasticfox. Glad it worked out for you, though!

By: Vince

Vince — Thu, 15 Jul 2010 12:29:15 +0000

Thank You!!!

We definitely use the command line tools for a lot of things, but I never tried to create an ELB from the CLI tools. We were using the Amazon Control Panel web app to create our load balancers. In the AWS control panel, when you try to create an ELB it will only show you instances that are not already assigned to a load balancer. So we just assumed it couldn’t be done.

Thanks to your post, I created a new ELB using the CLI tools and was able to do just that!

In case anyone is interested, we were previously using this method with a multi-domain certificate: http://blog.revolunet.com/index.php/reseau/administration/hosting-multiple-ssl-vhosts-on-a-single-ipportcertificate-with-apache2

By: james

james — Thu, 15 Jul 2010 10:46:51 +0000

Correct, just like in the example we are using multiple ELBs and CNames in front of several instances running apache. Each instance is joined to each ELB with port 443 mapping to the corresponding port for that wildcard cert (ie superawesomefuntime.com has an ELB listener of 443 mapping to 8443 and unicorns-unlimited.com has an ELB listener of 443 mapping to 8445).

To handle failure we scripted an up or down state for port 80 which ELB is listening to for the health check, if our app fails then that health check will fail and the server is pulled out of all the balancers. For example:

elb-configure-healthcheck superawesome –headers –target “HTTP:80/health” –interval 5 –timeout 4 –unhealthy-threshold 2 –healthy-threshold 2

That will have ELB check http://ec2-public-address:80/health and if it returns anything other than 200 it stops serving traffic from it. We also use this method to do rolling deploys through the stack while still keeping the site online.

By: Vince

Vince — Thu, 15 Jul 2010 01:25:13 +0000

@james: Are you saying that you are able to create more than one ELB that points to the same EC2 Instance?

By: james

james — Wed, 14 Jul 2010 21:05:34 +0000

We use multiple ELB’s to do this.

By: Vince

Vince — Wed, 14 Jul 2010 19:16:08 +0000

This only allows one additional SSL site on the box because an instance can only be assigned to a load balancer once.

Therefore, a multi-domain certificate is still the only answer at this time for hosting more than 2 SSL sites on one server.

By: james

james — Thu, 25 Mar 2010 18:09:33 +0000

As I understand the DNS RFC (shaky at best!), the root record need to be an A record and that CNAMEs require no other entries with the same name. Here’s the two resources I’m getting this from: Why can’t I create a CNAME record for the root record? and RFC1034 – Domain names – concepts and facilities (compelling title…). That said, trawling the EC2 boards indicates that AWS is at least mulling the idea of allowing ELB to have static IPs which would go a long way to solving the whole RR issue.

tl;dr — I have no tricks for forcing a CNAME as a RR.

By: Tom

Tom — Thu, 25 Mar 2010 17:24:21 +0000

Thanks for the post James. One issue I’m running into is that I cannot assign a CNAME record for my root domain to point to the ELB host. In the context of your tutorial, I want my DNS to point superawesomefuntime.com to the CNAME superawesome-123456789.us-east-1.elb.amazonaws.com . This is possible for the subdomain “www” but as far as i know it’s not possible for the root of the domain. This means that https://www.superawesomefuntime.com would work but https://superawesomefuntime.com would not work. Got any ideas?

By: Regi

Regi — Fri, 19 Mar 2010 14:46:33 +0000

Thanks!!

By: james

james — Fri, 19 Mar 2010 14:39:44 +0000

We are using Zone Edit and the way we handled this was to set up a web forward for the root to www to get around that issue.