HTTPS load balancer configuration process for AWS EC2 servers

AWS EC2 Server Configuration load balancer steps:

1. General Load Balancer

At least two EC2 instances, Here take the Centos6.7 system as an example to install an Apache httpd server default 80 port, or use a different server and port also line, configure the load balancer need to use this port iptables firewall open 80 port or directly shut down the firewall in/var /www/html inside the new index.html file, the content is arbitrary, register the instance to the load balancer through this port to request this default home page file, request an instance to register successfully can first Use Curl http:/Intranet Iptelnet Intranet IP Port to check for success, ELB through intranet and instance communication note that the inbound rules of the AWS security Group's policies must contain the HTTP,80 port security group equivalent to the EC2 server's firewall, and Amazon Linux systems are only controlled by security groups,   Other such as the CentOS system inside still comes with firewall and selinux so use need attention security group, System firewall and SELinux on the left navigation bar of EC2 console interface Select Load Balancer Click Create a custom name, other can default security group to configure according to their needs This step is used by the HTTPS load balancer configuration, so the direct default is to confirm the Ping's port and path yes, just OK. After adding an instance to the label and auditing look after you decide to start, click on the Load Balancer option, in the Description tab below you can see several instances in service, continue clicking to view individual instances State, Inservice is normal if outofservice status is present, check the status of the server intranet IP, port, firewall, SELinux, security Group Policy, Apache server to troubleshoot the problem

2. HTTPS Load Balancer

You first need to create SSL.

To create an SSL certificate:

The documentation provided by Amazon is too official and contains a strong sense of English translation into Chinese, which is not to be read. Although the steps provided by him are created correctly, it is still a little tidy up to list the basic operations, which can be improved by looking at the official documentation.   Official document Address:http://docs.amazonaws.cn/elasticloadbalancing/latest/developerguide/ssl-server-cert.html  Linux (any machine, even a Mac system, as long as you can execute a command):  use OpenSSL to create a server certificate (RSA encryption):openssl genrsa -out  my-private-key.pem 2048  Create a CSR file based on MY-PRIVATE-KEY.PEM, the process will enter some brief information:openssl req -sha256  -new -key my-private-key.pem -out csr.pem  Create a self-signed certificate based on CSR.PEM: openssl x509 - req -days 365 -in csr.pem -signkey my-private-key.pem -out  my-certificate.pem  the last generated file is three (1) private key MY-PRIVATE-KEY.PEM (2) The last server certificate containing the CSR.PEM (3) of the brief information MY-CERTIFICATE.PEM   can then use the AWS CLI to upload and verify according to the steps of the official website, which demonstrates uploading a server certificate when creating an HTTPS load balancer, so the part of creating an SSL certificate is complete.   Create an HTTPS load balancer:  Select the Load balancer, click Create no longer leave the default settings in the Listener Configuration column Click Add, the Load Balancer protocol and the instance protocol are selected HTTPS, Port number default 443 check Enable advanced VPC Settings Select Subnets as required in the multi-choice subnet, which adds two available subnets       Select a security group, note that the security group is inStation rules to have HTTPS for port 443      in the third section, select Upload a new certificate in the configuration security settings. Enter a certificate name. Copies the contents of the previously generated MY-PRIVATE-KEY.PEM to the private key. Enter all the contents of the MY-CERTIFICATE.PEM into the public key certificate. Because you are using a self-signed certificate, you do not need to fill out the certificate chain.   In the option to select a password, you can select a predefined security policy, or you can use a custom. If you choose to use a backend certificate, you can re-create an SSL certificate by following the previous steps, entering the certificate title and the public key certificate. The steps after   are consistent with configuring a normal load balancer. After the  https load balancer is started, if an instance fails to register, the server intranet IP, port, firewall, SELinux, security Group Policy, The status of the Apache server to troubleshoot the problem (pay attention to the addition of port 443 for HTTPS) or refer to the official troubleshooting document.   If the account does not have administrator rights after the audit starts, please contact the administrator to obtain the appropriate permissions.   finally use Elb to pay attention to the problem of preheating.     

Update:

The port 80/8080/443 on the default AWS is off. If the site requires public access, the ICP must be filed first. For more information, see: https://forums.aws.csdn.net/thread.jspa?threadID=111&tstart=0 AWS Forum Pick-up (more than a day) to solve the problem of unable to access the server through the extranet. Three default ports are off if not documented.

HTTPS load balancer configuration process for AWS EC2 servers