Magento HTTPS and Amazon AWS Load Balancer
Magento can manage secure HTTPS connections in frontend and in backend. But, manage HTTPS connections is a additional load for the servers. If you use a load balancer in front of the servers, you can avoid this additional load and delegate the encryption process to the load balancer.
Architecture:
Browser <---- HTTPS(443) ----> Load Balancer <---- HTTP(80) ----> Nginx
Scenario:
- Magento 1.7.0.0
- 2 instance as a web servers with Ubuntu 12.04 TLS.
- nginx as webserver
- AWS Load Balancer
To test the system I have created a self signed certificate. To create a self signed certificate in ubuntu, I have run the next commands.
openssl req -new -newkey rsa:2048 -nodes -out csr.pem -keyout private-key.pem -subj "/C=ES/ST=Barcelona/L=Barcelona/O=Enterwine/OU=Enterwine/CN=www.enterwine.com"
openssl x509 -req -days 365 -in csr.pem -signkey private-key.pem -out server.crt
openssl rsa -in private-key.pem -out decrypted-private-key.pem
Once I have the self signed certificate, I have loaded it to AWS Load Balancer.
Add certificate to AWS Load Balancer from AWS Console:
1. Go to AWS Console.
2. Go to Service > EC2
3. Go to Network & Security > Load Balancers
4. Select your Load Balancer and go to Listeners
5. Add new Listener:
Load Balacner Protocol: HTTPS
Load Balancer Port: 443
Instance Protocol: HTTP
Instance Port: 80
6. In the SSL Certificate option chose Select
7. Go to Upload a new SSL Certificate and put your key (decrypted-private-key.pem) and vert (server.crt) content into the Private Key and Public Key Certificate.
8. Save
Magento expect a header to identify the connection as a secure connection and the AWS Load Balancer send a header identifying the secure connection. For this, is necessary to configure the web server to send a header to magento when receive the secure header from AWS Load Balancer.
In my case, I use nginx web server. I have configured the nginx to detect the AWS Load Balacner header and set header to Magento.
set $ssl "off";
if ($http_x_forwarded_proto = "https") {
set $ssl "on";
}
location …. {
…
fastcgi_param HTTPS $ssl;
}
You can read more here:
http://www.aschroder.com/2012/07/magento-ssl-offloading-with-amazon-elb/
http://www.sonassi.com/knowledge-base/magento-kb/magento-https-redirect-loop/
How to mount Amazon S3 bucket with s3fs
Install knife-ec2 in Mac OS X 10.9.1