1

If I have 3 separate websites which all require SSL (separate certificates) that I want to host on the same EC2 instance(s) across multiple availability zones so that we have the ability to scale and be highly available, how do I achieve this using ELBs in my Amazon VPC?

Each site requires a separate IP address, so I have added multiple private IPs to the EC2 instance, but I am unsure how to bind the ELB to a certain IP on the instance.

I was also able to setup multiple ELB pointing to the same instance, but again, I am not seeing any way to bind each ELB to a separate IP on the instance.

If this is not possible, what is the best option?

  • Run each site on a separate EC2 instance / ELB combo (expensive and harder to maintain)
  • Give each site a separate public IP and use Route 53 to do the load balancing (seems like a hack)
  • Use a different load balancer option such as HAProxy that should be able to work like a normal load balancer appliance.

Please help!

Developr
  • 872
  • 3
  • 9
  • 19
  • Why not offload the SSL processing to the ELBs? – Ladadadada Oct 03 '13 at 12:51
  • @ladadadada - How does that solve my issue? – Developr Oct 03 '13 at 14:01
  • We use a UCC certificate with many domains. Clients who don't want to be on a cert with other folks pay us for an additional ELB for their personal SSL cert. – ceejayoz Oct 03 '13 at 14:03
  • We already have over 10 Premium SSLs... Solution needs to use existing SSL certs. – Developr Oct 03 '13 at 14:43
  • 1
    You'll need an ELB per SSL cert, then, if you want to stick with ELBs. Terminating on the ELB will let you use normal virtualhosts on the server(s). If you can't terminate on the ELB, you can use a different port for each site (rather than a different IP). – ceejayoz Oct 03 '13 at 17:40
  • @ceejayoz - I was thinking the same thing regarding the ports. Might just have to purchase a UCC which should actually be cheaper in the long run since 10+ ELBs will be expensive. Any reason I should not just use Route 53 for all LB needs? – Developr Oct 03 '13 at 19:05
  • I've no personal experience using R53 for load balancing. With health checking it's possible to do it, but it's probably a bit less flexible. We went with the UCC route and have been very happy with it. – ceejayoz Oct 03 '13 at 20:26

1 Answers1

0

I ended up going with a multi domain SSL cert.

Developr
  • 872
  • 3
  • 9
  • 19