DocsICP FilingConsole
官方文档
首页

Configure multiple HTTPS websites on a single ALB instance

更新时间:
复制 MD 格式
产品详情
我的收藏

You can use a single listener on an Application Load Balancer (ALB) instance to route HTTPS requests for different domain names to different backend servers. This topic shows you how to configure an ALB instance to host multiple HTTPS websites.

Example scenario

An Application Load Balancer (ALB) instance uses the domain name from an incoming HTTPS request to find the matching certificate. After completing HTTPS authentication, it routes the request to the appropriate backend server based on the configured forwarding rules.

This topic uses the following configuration as an example:

  • The listener's default certificate, named default, is associated with the domain name aliyundoc.com. The default server group is RS1.

  • An additional certificate, example1, is associated with the domain name www.example.com. Requests to https://www.example.com are routed to server group RS1.

  • Another additional certificate, example2, is associated with the domain name www.example.org. Requests to https://www.example.org are routed to server group RS2.

image

Prerequisites

  • You have created an Application Load Balancer (ALB) instance. For more information, see Create and manage ALB instances.

  • You have created two server groups: RS1 and RS2. For more information, see Create and manage server groups.

  • You have added backend servers to the server groups: an ECS instance named ECS01 to RS1 and another named ECS02 to RS2. You have also deployed your applications on both ECS instances.

  • You have registered your domain names and obtained Internet Content Provider (ICP) filings for them. For more information, see Register a domain name on Alibaba Cloud and ICP filing process.

  • You have purchased or uploaded the necessary certificates to Certificate Management Service and associated them with their respective domain names. For more information about how to create a certificate, see Enable HTTPS for a website by using a commercial certificate. This topic requires the following certificates:

    • A default certificate named default associated with the domain name aliyundoc.com.

    • An additional certificate named example1 associated with the domain name www.example.com.

    • An additional certificate named example2 associated with the domain name www.example.org.

Step 1: Add an HTTPS listener

  1. Log on to the Application Load Balancer console.

  2. In the top navigation bar, select the region where the ALB instance is deployed.

  3. In the left-side navigation pane, select Instances.

  4. On the Instances page, find the target instance and click Create Listener in the Actions column.

  5. On the Configure Listener page, configure the following parameters and keep the default values for other parameters. Then, click Next.

    Parameter

    Description

    Listener Protocol

    Select HTTPS.

    Listener Port

    Set the port to 443.

  6. On the Configure SSL Certificate page, configure the following parameter and keep the default values for other parameters. Then, click Next.

    Parameter

    Description

    Server Certificate

    Select the default certificate that you prepared, named default.

  7. On the Select Server Group page, configure the following parameter and keep the default values for other parameters. Then, click Next.

    Parameter

    Description

    Server Group

    Select the server group RS1 that you created.

  8. On the Configuration Review page, review your settings and click Submit.

Step 2: Add additional certificates

  1. On the Instances page, find the target instance and click its ID.

  2. Click the Listener tab. Find the HTTPS listener and click Manage Certificates in the Actions column.

  3. Click the Certificates tab and then click Add EV Certificate.

  4. In the Add Additional Certificate dialog box, select the certificate example1 and click OK. Repeat this step to add the additional certificate example2.

Step 3: Configure forwarding rules

  1. On the Instances page, find the target instance and click its ID.

  2. Click the Listener tab. Find the HTTPS listener and click View/Modify Forwarding Rule in the Actions column.

  3. On the Forwarding Rules tab, click Add New Rule.

  4. Configure the following two forwarding rules and click OK.

    • If the Domain Name is www.example.com, then Forward RS1. Set the Weight to 100.

    • If the Domain Name is www.example.org, then Forward RS2. Set the Weight to 100.

Step 4: Configure domain name resolution

Add CNAME records for www.example.com and www.example.org to point to the public DNS name of your ALB instance.

  1. Log on to the Application Load Balancer console.

  2. In the top navigation bar, select a region.

  3. Find the target ALB instance and copy its Domain Name.

  4. Follow these steps to add a CNAME record.

    Note

    If your domain names are not registered with Alibaba Cloud, you must first add them to the Alibaba Cloud DNS console before configuring DNS settings. For more information, see Domain management. If your domain name is registered with Alibaba Cloud, proceed with the following steps.

    1. Log on to the Alibaba Cloud DNS console.

    2. On the Public Zone page, find the target domain name and click Settings in the Actions column.

    3. On the Settings page, click Add Record.

    4. In the Add Record panel, configure the following parameters for the CNAME record, and then click OK.

      Parameter

      Description

      Record Type

      Select CNAME from the drop-down list.

      Hostname

      The prefix of your domain name, such as www.

      Query Source

      Keep the default value.

      Record Value

      Enter the CNAME address for the domain name. This is the DNS name of the ALB instance that you copied.

      TTL

      Specifies the duration that a DNS record is cached on a DNS server. Keep the default value.
      Note

      • New CNAME records take effect immediately. The propagation time for a modified CNAME record depends on the TTL of the cached record on the local DNS server. The default TTL is 10 minutes.

      • If a conflict occurs when you add the record, use a different hostname. For more information, see DNS record conflict rules.

Step 5: Verify the configuration

After completing the configuration, enter https://www.example.com and https://www.example.org in a browser to verify that your forwarding rules are working correctly. For this topic, we assume you have deployed a simple static web page on each backend server instance.

  • Enter https://www.example.com in your browser. The request is routed to the backend server ECS01 in server group RS1. The page displays Hello World ! This is ECS01., confirming that the request was routed to the correct backend server.

  • Enter https://www.example.org in your browser. The request is routed to the backend server ECS02 in server group RS2. The page displays Hello World ! This is ECS02., verifying that the forwarding rule for this domain works correctly.

Note

If the test fails, try clearing your browser cache and testing again.

Related documents

For more information about forwarding rules, see Configure domain-based and path-based forwarding rules.

Previous:E2E HTTPS encryption for data transfersNext:Deploy an HTTPS service with mutual authentication by using ALB