How to Setup AWS ELB with SSL for Laravel
Setting up HTTPS for your Laravel apps can be counter-intuitive sometimes as it involves multiple layers playing nicely together. Luckily AWS has made this very easy for us especially if you are using ELB.
Let's get started.
Step 1. Get a Free SSL Cert from AWS Certificate Manager
We have written a very comprehensive guide that you can follow. Once you are done come back to Step 2.
Step 2. Go to the EC2 Dashboard
Find EC2 from the
Services dropdown menu and click the link. You should see the EC2 Dashboard after that.
Scroll down a bit and you should see Load Balancers on your left. Click the link.
Step 3. Create a new Load Balancer
Once you are at the ELB Management Dashboard, click
Create Load Balancer.
Step 4. Select "Application Load Balancer"
Step 5. Configure Security Settings for the new ELB
If you have followed our guide, select
Choose a certificate from ACM and pick the right certificate from the list.
Under Security Policy, choose
ELBSecurityPolicy-2016-08. This is a generic policy that is applicable for most cases.
Step 6. Configure Security Groups
You should already have a security group setup for your EC2. Let's use that. Or if you prefer you can create a new security group as well.
This is a changeable setting so let's go with the easiest for now.
Step 7. Configure Routing
If this is your first ELB, you will need to create a
New Target Group. Give your target group a name. The rest should be the defaults from AWS.
Step 8. Register EC2 Instances to be Added to ELB
Under the table of Instances, select the EC2 instances to be added to ELB. You may have only 1 or more than that. Choose at least 1 instance to be added.
Once selected, click
Add to registered to add the instances to the ELB.
You should see this once you have added the EC2 instances. Once confirmed, click
Step 9. Update the ELB Listeners
Once you are done, your ELB should show in the ELB dashboard with
provisioning as the status.
Click on the ELB, select the
Listeners tab, then click
View/edit rules for HTTP : 80.
Step 10. Update the HTTP Redirection Rules
Currently it's forwarding the unsecured
http://domain.com as it is to our EC2. What we want to do here is to force it to redirect to the secured
https://domain.com instead so that all connections to our website is always HTTPS.
Let's click the
Edit button for our rule.
Then click the
Trash button to discard the rule.
Now we are going to create a new rule to redirect all HTTP traffic to HTTPS.
Now if you go to
https://yourdomain.com, you should see that it's secured.
Noticed how we did not change any configurations on the EC2 or NGINX side. This may seem odd if you had setup HTTPS on an single NGINX node for Laravel before.
In fact if you previously had NGINX configurations catered for HTTPS / SSL, you need to remove them.
The reason is that the HTTPS connection actually terminates at the ELB side instead of the EC2 / NGINX side. Between ELB and EC2, we are just serving normal unsecured HTTP connections.
Is that an issue?
Well for most of the apps out there it should be relatively safe as the traffic between our ELB and our EC2 instances happen within a private network.
If you wish to terminate the SSL at the EC2 / NGINX side, that's definitely possible. In such cases however we would not be able to use the free Public SSL cert from AWS Certificate Manager anymore.
One alternative would be to use Cloudflare's free SSL cert instead. Or you may opt for paid certificates by AWS or other providers.
Anyway hopefully you find this guide useful!