(2 of 4) Amazon ELB Multi-domain SSL forwarding to NGINX and Play Servers

Posted on Wednesday, April 10, 2013

(2 of 4  Install nginx server)

This guide goes over setting up an ELB with a multi-domain SSL certificate.  The servers attached to the ELB will run multiple Play servers on different ports with an nginx server running in front of them to handle routing based on domain/subdomain names.

I know that is quite a mouthful but here is what I am trying to accomplish….

I want to run more than one Play Server on an ec2 instance.  Each Play Server will run on its own port.   I want to have a domain name to route to a specific Play server.  Ex.  www.example.com routes to the Play server running on port 9000 and  www2.example.com routes to the Play server running on port 8000.   In addition I want all the communication to be secure using ssl certificates.

For an individual server you could simply put a nginx server in front of the Play servers and have the nginx handle routing based on domain name.  But, in this case I want to add an AWS ELB (Elastic Load Balancer) in front of several EC2 machines.

Here is what I have found out thus far.   The ELB can handle the ssl certificate, but it can only have one certificate per ELB.  This forces you to use a multi-domain SSL certificate.   Also the ELB cannot port forward based on domain name so you still need an nginx server in front of the Play servers.

I want something like this.  The ELB handles the certificate and the nginx server handles the domain name routing.

Install and set up nginx server

Now that there are 2 Play servers running one using port 9000 and the other port 8000.   I am going to try to get nginx to serve as a proxy server for them. 

>  sudo apt-get update
> sudo apt-get upgrade
> sudo apt-get install nginx

Start the nginx server

>  sudo /etc/init.d/nginx start

Open the address of the server in a web browser and confirm nginx is running



DNS domains

I gave my ubuntu instance an elastic IP and created two different domain names that route to that IP address


I opened them up to test them

Working just fine.

Now to edit the nginx to forward to the play servers based on these domain names
 ssl-test to port 9000 and ssl-test2 to port 8000

Edit the config file

Edit the /etc/nginx/nginx.conf file.

>  sudo vi sudo vi /etc/nginx/nginx.conf

user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events {
        worker_connections 1024;
        use epoll;
        multi_accept on;

http {

  proxy_buffering    off;
  proxy_set_header   X-Real-IP $remote_addr;
  proxy_set_header   X-Scheme $scheme;
  proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header   Host $http_host;

  upstream my-backend {

  server {
    keepalive_timeout    70;
    server_name ssl-test.whiteboardcoder.com;
    location / {
      proxy_pass  http://my-backend;

  upstream my-backend-8000 {

  server {
    keepalive_timeout    70;
    server_name ssl-test2.whiteboardcoder.com;
    location / {
      proxy_pass  http://my-backend-8000;

Then restart

>  sudo /etc/init.d/nginx restart

Reloading the web sites

No comments:

Post a Comment