Amazon Web Service ECS (SSL/HTTPS) Issue

Question

I have currently set up my website in AWS ECS with a nginx reverse-proxy architecture with Docker. However, right now I'm facing the issue of securing my website with HTTPS.

I have googled for hours, and got my Amazon Certificate Manager issued, set up a Application Load Balancer with my Cluster's service but to no avail. My nginx.conf is listening at port 80, while my internal services are hosted on port 80 as well. Cloudflare routes my website to each service with *.domain.com.

• So what exactly is the step that I might be missing or is there any proper guide there that I can reference from? I'm hoping to get it up using Amazon Certificate Manager, best with automated renewals. The second option would be a manually signed certificate by letsencrypt. But I have no idea how I can store the certificate because my repository right now is public.

• I have 2 url currently. domain.com & api.domain.com, which both are running on the same ECS Instance. Is it possible to secure both of them as it would be necessary for that so that I can make backend calls from my frontend (HTTPS request policy).

Thanks in advance guys!

Update:

I have finally gotten my SSL to work with my domain. For those who are encountering the same issue. Try using the classic load balancer instead, I tried multiple times with Application Load Balancer and mapping to different ports but it doesn't work. But it works the moment I used Classical Load Balancer.

Answer 1

1. Cloudflare should be routing everything to the ALB, not directly to ECS. You have to route all traffic through the ALB in order for the ALB to serve the SSL certificate.

2. When you request a certificate in ACM you can list multiple domains that you want the certificate to work for. The easiest way to make the certificate to work for your domain and every possible subdomain is to request a certificate for "domain.com" and "*.domain.com".