Magento can manage secure HTTPS connections in frontend and in backend. But, manage HTTPS connections is a additional load for the servers. If you use a load balancer in front of the servers, you can avoid this additional load and delegate the encryption process to the load balancer.


Browser <---- HTTPS(443) ----> Load Balancer <---- HTTP(80) ----> Nginx


  • Magento
  • 2 instance as a web servers with Ubuntu 12.04 TLS.
  • nginx as webserver
  • AWS Load Balancer

To test the system I have created a self signed certificate. To create a self signed certificate in ubuntu, I have run the next commands.

openssl req -new -newkey rsa:2048 -nodes -out csr.pem -keyout private-key.pem -subj "/C=ES/ST=Barcelona/L=Barcelona/O=Enterwine/OU=Enterwine/"

openssl x509 -req -days 365 -in csr.pem -signkey private-key.pem -out server.crt

openssl rsa -in private-key.pem -out decrypted-private-key.pem

Once I have the self signed certificate, I have loaded it to AWS Load Balancer.

Add certificate to AWS Load Balancer from AWS Console:

1. Go to AWS Console.
2. Go to Service > EC2
3. Go to Network & Security > Load Balancers
4. Select your Load Balancer and go to Listeners
5. Add new Listener:
Load Balacner Protocol: HTTPS
Load Balancer Port: 443
Instance Protocol: HTTP
Instance Port: 80
6. In the SSL Certificate option chose Select
7. Go to Upload a new SSL Certificate and put your key (decrypted-private-key.pem) and vert (server.crt) content into the Private Key and Public Key Certificate.
8. Save

Magento expect a header to identify the connection as a secure connection and the AWS Load Balancer send a header identifying the secure connection. For this, is necessary to configure the web server to send a header to magento when receive the secure header from AWS Load Balancer.

In my case, I use nginx web server. I have configured the nginx to detect the AWS Load Balacner header and set header to Magento.

set $ssl "off";
if ($http_x_forwarded_proto = "https") {
set $ssl "on";

location …. {

fastcgi_param HTTPS $ssl;


You can read more here: