Load Balancing multiple Containerized Applications on a Group of Instances





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







-1















The hypothetical scenario is you have 3 containerized (docker) web applications using different ports -- 1234, 5678, 7890.



Is it possible to have an Application Load Balancer that forwards HTTP/HTTPS traffic from app1.example.com, app2.example.com, and app3.example.com to a specific port on an EC2 Target Group?



Example:
All traffic coming from app1.example.com should go to the port 1234 of the EC2 Target Group.



Also, what would be the SSL Certificate Setup for this since the ELB will be having multiple subdomains?










share|improve this question































    -1















    The hypothetical scenario is you have 3 containerized (docker) web applications using different ports -- 1234, 5678, 7890.



    Is it possible to have an Application Load Balancer that forwards HTTP/HTTPS traffic from app1.example.com, app2.example.com, and app3.example.com to a specific port on an EC2 Target Group?



    Example:
    All traffic coming from app1.example.com should go to the port 1234 of the EC2 Target Group.



    Also, what would be the SSL Certificate Setup for this since the ELB will be having multiple subdomains?










    share|improve this question



























      -1












      -1








      -1








      The hypothetical scenario is you have 3 containerized (docker) web applications using different ports -- 1234, 5678, 7890.



      Is it possible to have an Application Load Balancer that forwards HTTP/HTTPS traffic from app1.example.com, app2.example.com, and app3.example.com to a specific port on an EC2 Target Group?



      Example:
      All traffic coming from app1.example.com should go to the port 1234 of the EC2 Target Group.



      Also, what would be the SSL Certificate Setup for this since the ELB will be having multiple subdomains?










      share|improve this question
















      The hypothetical scenario is you have 3 containerized (docker) web applications using different ports -- 1234, 5678, 7890.



      Is it possible to have an Application Load Balancer that forwards HTTP/HTTPS traffic from app1.example.com, app2.example.com, and app3.example.com to a specific port on an EC2 Target Group?



      Example:
      All traffic coming from app1.example.com should go to the port 1234 of the EC2 Target Group.



      Also, what would be the SSL Certificate Setup for this since the ELB will be having multiple subdomains?







      amazon-web-services docker containers amazon-elb amazon-alb






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 4 at 5:35









      Vikrant

      3,994153857




      3,994153857










      asked Jan 3 at 2:56









      Anathema LafarelAnathema Lafarel

      81




      81
























          1 Answer
          1






          active

          oldest

          votes


















          0















          1. In order to do this, first you'll need to create 3 separate target groups, each containing the same EC2's you want to redirect to, differentiated by the target port for each application (1234, 5678, etc).


          2. Once you do this, you can create a new ALB with 2 listeners, one for HTTP on port 80, and another for HTTPS on port 443. If you're creating this through the AWS Console, set the availability zones you want to use, choose a security policy and certificate for the HTTPS listener, and choose or create a security group. For the routing configuration, just create some new arbitrary target group. We're going to simply delete it later (the wizard won't let you select the appropriate options on creation).


          3. Once the ALB is created, we need to edit the rules of the 2 listeners. So select the ALB, go to the listeners tab, and click on the 'View/edit rules' link next to one of the listeners (Note this is NOT selecting the listener and clicking 'Edit', which is something entirely different). Now on this new screen, click on the pencil to edit the current default rule, delete the current 'THEN' action, and replace it with 'Return fixed response...'. For the fields here, I would just set a Response code of 400, with the response body being something like 'invalid host header'. This will only be returned if a client tries to access this load balancer with a host other than the ones we'll explicitly set.


          4. Now click the 'Update' button to save the changes for this default rule, and then click the '+' button to add a new rule above the default rule. For this new rule, add the condition 'Host is...', and set it to one of the app domains (i.e. app1.example.com). Now add the condition for this rule to 'Forward to...', and select the target group for this app that you created earlier.


          5. Now repeat step 4 for all apps you need to service for this load balancer


          6. Now repeat steps 3-5 for the other listener on the ALB


          7. You can now delete the extra target group you may have made earlier during the creation of the ALB via the wizard in the console. Other than that, you should be done.



          Note: There is no way to have a single HTTPS listener use multiple different certificates, even though you can route based on the host header. In order for SSL to be valid across multiple different apps, you will be REQUIRED to use a wildcard certificate that is valid for all your apps at the same time. If you use ACM, you can generate free wildcard certificates and use them on the ALB.






          share|improve this answer


























            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54015754%2fload-balancing-multiple-containerized-applications-on-a-group-of-instances%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0















            1. In order to do this, first you'll need to create 3 separate target groups, each containing the same EC2's you want to redirect to, differentiated by the target port for each application (1234, 5678, etc).


            2. Once you do this, you can create a new ALB with 2 listeners, one for HTTP on port 80, and another for HTTPS on port 443. If you're creating this through the AWS Console, set the availability zones you want to use, choose a security policy and certificate for the HTTPS listener, and choose or create a security group. For the routing configuration, just create some new arbitrary target group. We're going to simply delete it later (the wizard won't let you select the appropriate options on creation).


            3. Once the ALB is created, we need to edit the rules of the 2 listeners. So select the ALB, go to the listeners tab, and click on the 'View/edit rules' link next to one of the listeners (Note this is NOT selecting the listener and clicking 'Edit', which is something entirely different). Now on this new screen, click on the pencil to edit the current default rule, delete the current 'THEN' action, and replace it with 'Return fixed response...'. For the fields here, I would just set a Response code of 400, with the response body being something like 'invalid host header'. This will only be returned if a client tries to access this load balancer with a host other than the ones we'll explicitly set.


            4. Now click the 'Update' button to save the changes for this default rule, and then click the '+' button to add a new rule above the default rule. For this new rule, add the condition 'Host is...', and set it to one of the app domains (i.e. app1.example.com). Now add the condition for this rule to 'Forward to...', and select the target group for this app that you created earlier.


            5. Now repeat step 4 for all apps you need to service for this load balancer


            6. Now repeat steps 3-5 for the other listener on the ALB


            7. You can now delete the extra target group you may have made earlier during the creation of the ALB via the wizard in the console. Other than that, you should be done.



            Note: There is no way to have a single HTTPS listener use multiple different certificates, even though you can route based on the host header. In order for SSL to be valid across multiple different apps, you will be REQUIRED to use a wildcard certificate that is valid for all your apps at the same time. If you use ACM, you can generate free wildcard certificates and use them on the ALB.






            share|improve this answer






























              0















              1. In order to do this, first you'll need to create 3 separate target groups, each containing the same EC2's you want to redirect to, differentiated by the target port for each application (1234, 5678, etc).


              2. Once you do this, you can create a new ALB with 2 listeners, one for HTTP on port 80, and another for HTTPS on port 443. If you're creating this through the AWS Console, set the availability zones you want to use, choose a security policy and certificate for the HTTPS listener, and choose or create a security group. For the routing configuration, just create some new arbitrary target group. We're going to simply delete it later (the wizard won't let you select the appropriate options on creation).


              3. Once the ALB is created, we need to edit the rules of the 2 listeners. So select the ALB, go to the listeners tab, and click on the 'View/edit rules' link next to one of the listeners (Note this is NOT selecting the listener and clicking 'Edit', which is something entirely different). Now on this new screen, click on the pencil to edit the current default rule, delete the current 'THEN' action, and replace it with 'Return fixed response...'. For the fields here, I would just set a Response code of 400, with the response body being something like 'invalid host header'. This will only be returned if a client tries to access this load balancer with a host other than the ones we'll explicitly set.


              4. Now click the 'Update' button to save the changes for this default rule, and then click the '+' button to add a new rule above the default rule. For this new rule, add the condition 'Host is...', and set it to one of the app domains (i.e. app1.example.com). Now add the condition for this rule to 'Forward to...', and select the target group for this app that you created earlier.


              5. Now repeat step 4 for all apps you need to service for this load balancer


              6. Now repeat steps 3-5 for the other listener on the ALB


              7. You can now delete the extra target group you may have made earlier during the creation of the ALB via the wizard in the console. Other than that, you should be done.



              Note: There is no way to have a single HTTPS listener use multiple different certificates, even though you can route based on the host header. In order for SSL to be valid across multiple different apps, you will be REQUIRED to use a wildcard certificate that is valid for all your apps at the same time. If you use ACM, you can generate free wildcard certificates and use them on the ALB.






              share|improve this answer




























                0












                0








                0








                1. In order to do this, first you'll need to create 3 separate target groups, each containing the same EC2's you want to redirect to, differentiated by the target port for each application (1234, 5678, etc).


                2. Once you do this, you can create a new ALB with 2 listeners, one for HTTP on port 80, and another for HTTPS on port 443. If you're creating this through the AWS Console, set the availability zones you want to use, choose a security policy and certificate for the HTTPS listener, and choose or create a security group. For the routing configuration, just create some new arbitrary target group. We're going to simply delete it later (the wizard won't let you select the appropriate options on creation).


                3. Once the ALB is created, we need to edit the rules of the 2 listeners. So select the ALB, go to the listeners tab, and click on the 'View/edit rules' link next to one of the listeners (Note this is NOT selecting the listener and clicking 'Edit', which is something entirely different). Now on this new screen, click on the pencil to edit the current default rule, delete the current 'THEN' action, and replace it with 'Return fixed response...'. For the fields here, I would just set a Response code of 400, with the response body being something like 'invalid host header'. This will only be returned if a client tries to access this load balancer with a host other than the ones we'll explicitly set.


                4. Now click the 'Update' button to save the changes for this default rule, and then click the '+' button to add a new rule above the default rule. For this new rule, add the condition 'Host is...', and set it to one of the app domains (i.e. app1.example.com). Now add the condition for this rule to 'Forward to...', and select the target group for this app that you created earlier.


                5. Now repeat step 4 for all apps you need to service for this load balancer


                6. Now repeat steps 3-5 for the other listener on the ALB


                7. You can now delete the extra target group you may have made earlier during the creation of the ALB via the wizard in the console. Other than that, you should be done.



                Note: There is no way to have a single HTTPS listener use multiple different certificates, even though you can route based on the host header. In order for SSL to be valid across multiple different apps, you will be REQUIRED to use a wildcard certificate that is valid for all your apps at the same time. If you use ACM, you can generate free wildcard certificates and use them on the ALB.






                share|improve this answer
















                1. In order to do this, first you'll need to create 3 separate target groups, each containing the same EC2's you want to redirect to, differentiated by the target port for each application (1234, 5678, etc).


                2. Once you do this, you can create a new ALB with 2 listeners, one for HTTP on port 80, and another for HTTPS on port 443. If you're creating this through the AWS Console, set the availability zones you want to use, choose a security policy and certificate for the HTTPS listener, and choose or create a security group. For the routing configuration, just create some new arbitrary target group. We're going to simply delete it later (the wizard won't let you select the appropriate options on creation).


                3. Once the ALB is created, we need to edit the rules of the 2 listeners. So select the ALB, go to the listeners tab, and click on the 'View/edit rules' link next to one of the listeners (Note this is NOT selecting the listener and clicking 'Edit', which is something entirely different). Now on this new screen, click on the pencil to edit the current default rule, delete the current 'THEN' action, and replace it with 'Return fixed response...'. For the fields here, I would just set a Response code of 400, with the response body being something like 'invalid host header'. This will only be returned if a client tries to access this load balancer with a host other than the ones we'll explicitly set.


                4. Now click the 'Update' button to save the changes for this default rule, and then click the '+' button to add a new rule above the default rule. For this new rule, add the condition 'Host is...', and set it to one of the app domains (i.e. app1.example.com). Now add the condition for this rule to 'Forward to...', and select the target group for this app that you created earlier.


                5. Now repeat step 4 for all apps you need to service for this load balancer


                6. Now repeat steps 3-5 for the other listener on the ALB


                7. You can now delete the extra target group you may have made earlier during the creation of the ALB via the wizard in the console. Other than that, you should be done.



                Note: There is no way to have a single HTTPS listener use multiple different certificates, even though you can route based on the host header. In order for SSL to be valid across multiple different apps, you will be REQUIRED to use a wildcard certificate that is valid for all your apps at the same time. If you use ACM, you can generate free wildcard certificates and use them on the ALB.







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Jan 3 at 8:25

























                answered Jan 3 at 8:18









                cheeseandcerealcheeseandcereal

                263




                263
































                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54015754%2fload-balancing-multiple-containerized-applications-on-a-group-of-instances%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    'app-layout' is not a known element: how to share Component with different Modules

                    android studio warns about leanback feature tag usage required on manifest while using Unity exported app?

                    WPF add header to Image with URL pettitions [duplicate]