Load balancers are used to distribute the requests/queries to multiple server instances. Most web infrastructures have multiple front-end servers that share the load of the application. Although there are multiple server instances, the end-user only see them a single node. In this tutorial, I’ll walk you on how to configure an Elastic Load Balancer on Amazon, add your web server nodes and point your domain name to the EC2 load balancer.
** Here is the scenario that we’ll assume on the next tutorial.
You at least a single web server node which you want to add behind the load balancer
You use only https for the site and you have an SSL certificate
You have you domain name and ready to point it to the load balancer
Create the Load Balancer Instance
Login to the Amazon EC2 web console.
Go to Load Balancing > Load Balancers
Click Create a Load Balancer an you’ll be presented with the 7 Steps for creating your load balancer
1. Define Load Balancer
On this section you define the basics for you load balancer. You should define here:
Load Balancer Name: Name for your load balancer
Create LB Inside: The same network as your web server nodes
Create LB Inside: do no check (since your LB will face the public internet)
Enable advanced VPC configuration: Check this option
Listener configuration: Use HTTPS and port 443 for both load balancer and instance options respectively
Select Subnets: click the plus sign on your VPC subnets to enable the load balancer to use instances on those networks.
2. Assign Security Groups
On Assign Security Groups, you can create a firewall security group for your load balancer. It’s a good idea to create a new one here and allow only the load balanced port which is HTTPS port 443. Or if you have a pre-made security group, you can also select that and assign it here.
3. Configure Security Settings
On this section, you’ll upload your SSL certificates. The catch is that the certificates need to be pem encoded so if you have a certificate.key, certificate.crt and certificate.ca, you’ll probably need to convert them before you upload them here.
Certificate Type: upload new SSL Certificate.
Certificate Name: name for your certificate bundle
To convert your SSL private key, use the following command:
openssl rsa -in certificate.key -text
The result of this command is a lot of text, the final piece of which is what Amazon is looking for. You’ll see something that looks like this:
-----BEGIN RSA PRIVATE KEY----- (tons of text) -----END RSA PRIVATE KEY-----
Copy this whole block, including the delimiters to begin and end the private key text, and copy that into the Private Key box in the AWS dialog.
To convert the Server certificate and public CA, use the below command.
openssl x509 -inform PEM -in certificate.crt
openssl x509 -inform PEM -in certificate.ca
Copy this entire text block, including the BEGIN and END delimiters, and paste it into the Public Certificate field and Certificate Chain Field in the AWS dialog.
4. Configure Health Check
In this section, you’ll configure the health check to be used by the load balancer to determine if one of your nodes is up and running.
Ping Protocol: HTTPS
Ping Port: 443
Ping Path: /index.html (This will be the test page to determine if the node is responding correctly)
Leave the Advanced Details to their default, but you can also adjust them if you need more control.
Response Timeout: 5 seconds (time to wait until the test page responds)
Interval: 30 Seconds (time interval for every health check)
Unhealthy threshold: 2 (number of consecutive failed response before considering the node as unhealthy, thus no traffic flow will be disabled on the unhealthy node)
Healthy threshold: 10 (number of consecutive successful response before considering the node as healthy, thus traffic will now flow on this healthy node)
5. Add EC2 instances
On this section you’ll pick at least one of your web nodes to be added behind the load balancer. Select your desired nodes and proceed to the next step.
6. Add Tags
On this section, you can create tag to properly identify your load balancer.
Finally you’ll review everything you’ve created on the previous steps. If everything is correct, then click the Create button to provision your Load Balancer.
When your Load Balancer you’ll see it on the Load Balancing > Load Balancers section.
Point Your Domain to the Load Balancer
Elastic Load Balancers from Amazon EC2 do not have static IPs. You can’t assign an Elastic Public IP to the load balancer so you won’t be able to point your Domains A record to the Amazon elastic load balancer.
Fortunately Elastic Load Balancers have permanent DNS CNAME that you can use to point you domain. You can see the load balancer DNS name by selecting your load balancer and clicking the Descriptions Tab.
In this example the DNS name of the load balancer is
So the last step is to edit your DNS settings and point your domain such as www.mysite.com to the CNAME of the load balancer. To confirm that you have successfully pointed your website, using the dig command should return the DNS name of the load balancer.
[root@goddard ~]# dig www.mysite.com CNAME | grep -A1 "ANSWER SECTION" ;; ANSWER SECTION: www.mysite.com. 3494 IN CNAME web-loadbalancer-1557299520.ap-southeast-1.elb.amazonaws.com.
Lastly, you can check on the Apache logs of your web server and you’ll see that requests are now coming from the IP of the load balancer. You’ll need to modify the log-format of your apache configuration in order to show the “true-client IP” of the original request coming from the public internet.