Expected behavior
To be able to serve multiple public facing web sites using HTTPS with ELB. Each site is running as a separate service in a Docker Swarm. Preferably the SSL/TLS would be terminated in ELB and the requests forwarded to the correct service based on the host header.
Actual behavior
At the moment, when setting up Docker for AWS one ELB is created. However the ELB is very rudimentary and can not do layer 7 routing, like checking host header. ELB doesn’t support multiple certs, hence termination of SSL/TLS can not be done for the sites.
Additional Information
One solution is to setup your own LB, like HAProxy or Nginx, as a service in the swarm that will terminate the SSL/TLS and route traffic to the proper docker service. This means more moving parts to attend and the LB must be notified when the number of containers are changing. One thing that you loose is that you can not make use of the AWS certificate management with automatic renewal of certs. Interlock and Nginx-proxy seems to like a possible solution, but it is perhaps more aimed at then build the swarm from scratch, not using Docker for AWS?
Another solution is to setup a separate cloud formation for each site, which means more overhead when it comes to the number of aws services and nodes that have to run.
Thanks!