Thanks for all the work on Docker for AWS, awesome.
Just wondering how I might configure Docker for AWS to terminate https traffic in an ELB listener created via a ‘service create’ command and allow http to pass through to our app service containers running in the swarm?
I’ve tried a few things including:
adding a new https 443 to http 80 listener manually on the ELB created by Docker for AWS, it was promptly removed though I presume by CloudFormation/Docker. While it was created, both port 80 and 443 wouldn’t accept any requests and hung.
published port 443 (external) to port 3000 (container ie. our app port), this created a ELB mapping 443 to 443 but with a tcp/tcp layer - I tried changing it to https/http and it kind of worked, curling it gave me the certificate details in a http trace, but loading the actual page contents timed out.
published port 80 to port 3000 and changed the port 80 listener from tcp to https, but similar results as above. First request went through (not all assets on the page loaded), and subsequent requests timed out.
Any recommendations for how I should be handling https traffic with the ELBs in Docker for AWS?
Hi Marcus… I tried the same thing and got the same results except that I was able to get to https after I manually added a mapping in the ELB from 443 to 80 and selected a cert. This seems like a very common scenario. I know that I want to do it… to terminate SSL at the load balancer for my hosted APIs and forward a decrypted request to a container.
Trying to do docker service create --name myproxy -p 443:80 nginx just created a 443 tcp to 443 tcp mapping.
Seems like we need to do something to support docker service create --name myproxy -p 443:80 --ssl-cert arn:aws:acm:*.* nginx
where the presence of the ssl-cert flag would trigger the different type of mapping in the LB.
I would be ok with having to add this mapping manually to the ELB but there then has to be a way for it not to get removed when another service is created.
Hi, I have an issue that is somewhat related to this topic.
I need a HTTP/HTTPS listener on the ELB instead of the TCP listeners that are created by docker-for-aws in order to have the X-Forwarded-for header available when processing requests in the upstream.
So is it already possible to accomplish this somehow manually/automatically?
This will configure a HTTPS type ELB listener on port 443 and a TCP SSL listener on port 8080. HTTPS is forwarded to HTTP - there is currently no way to change this but at least the X-Forwarded-For headers will be appended to the request.