I have two Docker-based single-instance Elastic Beanstalk environments (one for staging and one for production).
I'd like to migrate the (Elastic Beanstalk) application to sit behind a load balancer (primarily to take advantage of AWS Certificate Manager).
Currently I'm using .ebextensions to customise the Nginx config to satisfy my application's traffic routing requirements:
- For path
/xyz/
, traffic should go to the app via port 80 (i.e. HTTP)
- For all other requests to port 80, a (301) redirect response to port 443 (HTTPS) should be emitted.
- All requests on port 443 (HTTPS) should pass through to the app.
So my question is: how do I achieve those routing requirements using a load balancer in front of one of my Elastic Beanstalk environments? I'm thinking to have one load balancer per environment, for the sake of flexibility.
I've come across the following possible solutions (none of which seem ideal):
- Set up a new Elastic Beanstalk environment with a dedicated Application Load Balancer and then modify the load balancer's listeners and rules via the EC2 console service (similar to what this Elastic Beanstalk documentation entry seems to be suggesting, under "Redirect HTTP traffic to HTTPS > Configure load balancer").
- Set up a new Application Load Balancer via the EC2 console service, create a new Elastic Beanstalk environment connected to the new Application Load Balancer as a Shared Application Load Balancer and then follow these guides (this and this) to (hopefully?) ensure that the load balancer and Elastic Beanstalk environment are in sync (in terms of instance management and traffic routing).
- Set up a new Elastic Beanstalk environment with a dedicated Application Load Balancer and then modify the application so that it listens on three ports (one for the
/xyz/
traffic, one for the HTTP -> HTTPS redirection and one for the HTTPS traffic), which the docs here appear to be telling me to do (but make no mention of how to achieve multiple listening ports on a single app).
Options one and two involve going behind Elastic Beanstalk's "back" to modify underlying resources (which I'm hesitant to do) and the third option would require me to modify my application (which I'd like to try and avoid).
Are any of these options advised?
Is there a better option?