Otdfbt

How does ice melt when immersed in water?

Did the UK government pay "millions and millions of dollars" to try to snag Julian Assange?

Why can't wing-mounted spoilers be used to steepen approaches?

Wall plug outlet change

Is this wall load bearing? Blueprints and photos attached

Is it ok to offer lower paid work as a trial period before negotiating for a full-time job?

Windows 10: How to Lock (not sleep) laptop on lid close?

Why can't devices on different VLANs, but on the same subnet, communicate?

First use of “packing” as in carrying a gun

How long does the line of fire that you can create as an action using the Investiture of Flame spell last?

Finding the path in a graph from A to B then back to A with a minimum of shared edges

How can I define good in a religion that claims no moral authority?

Slither Like a Snake

How to test the equality of two Pearson correlation coefficients computed from the same sample?

What aspect of planet Earth must be changed to prevent the industrial revolution?

Derivation tree not rendering

Why did all the guest students take carriages to the Yule Ball?

Is above average number of years spent on PhD considered a red flag in future academia or industry positions?

"... to apply for a visa" or "... and applied for a visa"?

Why is the object placed in the middle of the sentence here?

how can a perfect fourth interval be considered either consonant or dissonant?

Working through the single responsibility principle (SRP) in Python when calls are expensive

How can I protect witches in combat who wear limited clothing?

How to pronounce 1ターン?

HTTPS in applications running on Docker in EC2/ECS

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

0

This is the first project I'm deploying in AWS and I'm really struggling with how things work. Stack Overflow wasn't the right place for this question so hopefully, this one will be.

I currently have an application running on Docker in an EC2 instance, perhaps that container will be eventually run in ECS depending on what is decided. The Node API is currently running in HTTP and it is going to be consumed by both a SPA which is hosted in Firebase and only allows connections with HTTPS. Is AWS Elastic Load Balancer + AWS Certificate Manager with Public Certificate able to do the job for me in both EC2 and ECS situations? If yes, can Load Balancer point to multiple APIs and will I need more than one certificate/domain for each one? Thank you in advance for your attention.

amazon-web-services node.js

share|improve this question

edited Apr 9 at 11:49

André

31

asked Apr 9 at 8:57

Tomás FonsecaTomás Fonseca

31

New contributor

Tomás Fonseca is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

0

This is the first project I'm deploying in AWS and I'm really struggling with how things work. Stack Overflow wasn't the right place for this question so hopefully, this one will be.

I currently have an application running on Docker in an EC2 instance, perhaps that container will be eventually run in ECS depending on what is decided. The Node API is currently running in HTTP and it is going to be consumed by both a SPA which is hosted in Firebase and only allows connections with HTTPS. Is AWS Elastic Load Balancer + AWS Certificate Manager with Public Certificate able to do the job for me in both EC2 and ECS situations? If yes, can Load Balancer point to multiple APIs and will I need more than one certificate/domain for each one? Thank you in advance for your attention.

amazon-web-services node.js

share|improve this question

edited Apr 9 at 11:49

André

31

asked Apr 9 at 8:57

Tomás FonsecaTomás Fonseca

31

New contributor

Tomás Fonseca is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

This is the first project I'm deploying in AWS and I'm really struggling with how things work. Stack Overflow wasn't the right place for this question so hopefully, this one will be.

I currently have an application running on Docker in an EC2 instance, perhaps that container will be eventually run in ECS depending on what is decided. The Node API is currently running in HTTP and it is going to be consumed by both a SPA which is hosted in Firebase and only allows connections with HTTPS. Is AWS Elastic Load Balancer + AWS Certificate Manager with Public Certificate able to do the job for me in both EC2 and ECS situations? If yes, can Load Balancer point to multiple APIs and will I need more than one certificate/domain for each one? Thank you in advance for your attention.

amazon-web-services node.js

share|improve this question

edited Apr 9 at 11:49

André

31

asked Apr 9 at 8:57

Tomás FonsecaTomás Fonseca

31

New contributor

Tomás Fonseca is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

edited Apr 9 at 11:49

André

31

asked Apr 9 at 8:57

Tomás FonsecaTomás Fonseca

31

New contributor

Tomás Fonseca is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

edited Apr 9 at 11:49

André

31

asked Apr 9 at 8:57

Tomás FonsecaTomás Fonseca

31

New contributor

Tomás Fonseca is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

edited Apr 9 at 11:49

André

31

edited Apr 9 at 11:49

André

31

asked Apr 9 at 8:57

Tomás FonsecaTomás Fonseca

31

New contributor

Tomás Fonseca is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked Apr 9 at 8:57

Tomás FonsecaTomás Fonseca

31

1 Answer
1

active

oldest

votes

0

Instead of ELB (Elastic Load Balancer) consider ALB (Application Load Balancer) - it is generally cheaper and more flexible.

Yes you can have a certificate from AWS Certificate Manager and terminate SSL on the ALB. The ALB can then talk to your docker container over plain HTTP (non-SSL). If you use ECS (and you should!) it can register the containers with ALB automatically.

ALB has a concept of Target Groups where you can have different content providers, e.g. different API containers, behind a single load balancer. They will differ by paths, e.g. /api1/... and /api2/..., but will share the same host name. That also means you'll get away with a single ACM certificate.

Hope that helps :)

share|improve this answer

answered Apr 9 at 9:54

MLuMLu

9,72222445

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thank you so much for the detailed explanation. I could imagine that there would be better options but AWS offers so many services that it is a bit overwhelming to me right now. I will go with that, it seems like the best approach to what we need. :)
  
  – Tomás Fonseca
  Apr 9 at 10:11
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

Tomás Fonseca is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f962175%2fhttps-in-applications-running-on-docker-in-ec2-ecs%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

Instead of ELB (Elastic Load Balancer) consider ALB (Application Load Balancer) - it is generally cheaper and more flexible.

Yes you can have a certificate from AWS Certificate Manager and terminate SSL on the ALB. The ALB can then talk to your docker container over plain HTTP (non-SSL). If you use ECS (and you should!) it can register the containers with ALB automatically.

ALB has a concept of Target Groups where you can have different content providers, e.g. different API containers, behind a single load balancer. They will differ by paths, e.g. /api1/... and /api2/..., but will share the same host name. That also means you'll get away with a single ACM certificate.

Hope that helps :)

share|improve this answer

answered Apr 9 at 9:54

MLuMLu

9,72222445

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thank you so much for the detailed explanation. I could imagine that there would be better options but AWS offers so many services that it is a bit overwhelming to me right now. I will go with that, it seems like the best approach to what we need. :)
  
  – Tomás Fonseca
  Apr 9 at 10:11
  

  
  
  
  

add a comment | 

0

Instead of ELB (Elastic Load Balancer) consider ALB (Application Load Balancer) - it is generally cheaper and more flexible.

Yes you can have a certificate from AWS Certificate Manager and terminate SSL on the ALB. The ALB can then talk to your docker container over plain HTTP (non-SSL). If you use ECS (and you should!) it can register the containers with ALB automatically.

ALB has a concept of Target Groups where you can have different content providers, e.g. different API containers, behind a single load balancer. They will differ by paths, e.g. /api1/... and /api2/..., but will share the same host name. That also means you'll get away with a single ACM certificate.

Hope that helps :)

share|improve this answer

answered Apr 9 at 9:54

MLuMLu

9,72222445

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thank you so much for the detailed explanation. I could imagine that there would be better options but AWS offers so many services that it is a bit overwhelming to me right now. I will go with that, it seems like the best approach to what we need. :)
  
  – Tomás Fonseca
  Apr 9 at 10:11
  

  
  
  
  

add a comment | 

Instead of ELB (Elastic Load Balancer) consider ALB (Application Load Balancer) - it is generally cheaper and more flexible.

Yes you can have a certificate from AWS Certificate Manager and terminate SSL on the ALB. The ALB can then talk to your docker container over plain HTTP (non-SSL). If you use ECS (and you should!) it can register the containers with ALB automatically.

ALB has a concept of Target Groups where you can have different content providers, e.g. different API containers, behind a single load balancer. They will differ by paths, e.g. /api1/... and /api2/..., but will share the same host name. That also means you'll get away with a single ACM certificate.

Hope that helps :)

share|improve this answer

answered Apr 9 at 9:54

MLuMLu

9,72222445

share|improve this answer

answered Apr 9 at 9:54

MLuMLu

9,72222445

answered Apr 9 at 9:54

MLuMLu

9,72222445

answered Apr 9 at 9:54

MLuMLu

9,72222445