2 Risposte
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
Have you updated the record for BrandBrahma.com to point to the load balancer, and no longer to the EC2?
And are you now terminating the HTTPS connection on the load balancer, and having it do the SSL offloading? So it's HTTPS over port 443 as far as the load balancer, and then plain HTTP over port 80 beyond the load balancer to the EC2 (no cert required).
0
Hi RWC
Yes, I have created an alias record for the load balancer.
I did not understand the next sentence, are you asking about the target group?
con risposta un anno fa
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
Yes. Users hit the load balancer address on port 443, the load balancer presents its cert to the client device, that's SSL taken care of (SSL terminates on the load balancer).
It's safe for connections from the load balancer to the back end EC2(s) to use plain HTTP on port 80. So the EC2 instance(s) need to be listening on port 80, and the listener and target group need to be configured for port 80 https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancer-getting-started.html#configure-target-group
Users' connections will only ever go as far as the load balancer, which is HTTPS with the cert from ACM, so their connections are always protected.