one of the most popular real world

architecture pattern is using a load

balancer along with a custom domain url

and https or ssl for your application

in this video we are going to go over

the design as well as a hands-on demo

all right let's get started

let's first look at the load balancer

flow

so in this case either a user or another

application is invoking the load

balancer using the default load balancer

url provided

and then the load balancer is accepting

traffic in http protocol port 80

and then it redirects the traffic back

to the application in this case let's

say your application is running on

kubernetes now extending one step

further so you want to invoke your

application using a custom domain name

uh such as your website name instead of

the default load balancer url so in this

case you need a dns resolver in between

so amazon root 53 is the service for aws

so you can register your domain and you

can invoke the app using http colon

slash slash let's say myapp.com so this

myapp.com is registered in amazon 53 but

the same flow will work for any external

dns registrar as well

in route 53 you will have a dns a record

pointing to the load balancer and this

load balancer will be accepting traffic

for http protocol port 80 and then it

will redirect it to the backend

application now going one step further

for load balancer custom domain ssl flow

the requester will still invoke it via

domain but in this case instead of http

they will invoke using https

nothing changes in route 53 the dns a

record still points to the elb

but in this case the load balancer

accepts the traffic for protocol https

and port 443 so to accept traffic in

https protocol you need to have a ssl

site for your domain

so load balancer can integrate directly

with aws certificate manager or sem and

you need to provision a certificate for

this domain name myapp.com but what if

someone invokes this website using http

colon slash class myapp.com and not

https

that's okay as well in that case the

traffic will come to http port 80 in

load balancer listener

but you need to redirect the traffic

back to port 443 so that the traffic

converts to https and it utilizes the

ssl cert all right so that's the design

flow now let's jump into aws console and

do this hands-on

for this demo i'm just running a sample

apache web server in ac2

so i spun up ac2 and then i connect from

the aws console and once i am there i

ran

sudo yum install dash y httpd

and then i started the httpd server

and then what i did was i went to

var slash

www.html and then i put a index.html

here you can put any index.html so i'm

going to change this a little bit

just going to put hello from

cloudwithraj

and then save this file

so basically at this point uh if i copy

this public ip address

open a new tab test this

it says welcome to my website hello from

cloud with raj

all right so now what i'm going to do is

create a application load balancer and

point the load balancer to this ec2 okay

i'm in the load balancer screen click

create load balancer and then

application load balancer click create

load balancer name

i'm going to give the name web server

test

internet facing

select all the subnets

on the ppc

uh security group so in the security

group actually create a new security

group uh name this as

lb

security group bpc uh so currently the

security group has no inbound rules so

i'm going to add some rules so i'm going

to allow

http traffic and also going to allow

https traffic all right click create

security group description

web server security group create

security group okay go here refresh this

i'm going to select this lb security

group remove the default one

and now the listener is where the magic

happens

so the first thing we need to do is

protocol http port 80 and then i need to

create a target group with that ec2

instance so i'm going to click create

target group
select instances scroll down target

group name

put web server test

health checks should be slash

index.html

click next

select the sample web server include as

pending below

click create target group go back to the

load balancer

refresh the target group

web server test there we go

scroll down click create load balancer

click view load balancer so on the

listener we have a port 80 http

and then we forwarding to web server

test

i select this so it take takes a minute

or two for it to be healthy so it's

running the health test right now all

right so our health check has passed

so at this point the load balancer

should be up and running

uh so let's go back to our load balancer

web server test click description so the

dns name is the system provided url for

the load balancer so if i open up a tab

paste the dns name

all right so now it's going to our

website
all right so at this point this part is

done

and now we are going to do load balancer

custom domain flow

so for this i have a registered domain

test ipaddress.com

and then you can click this so remember

this name servers or take note of this

in a notepad and then open the hosted

zones

and under hosted zone the same domain

should be there and click that domain

and you should see these two record the

name server and then soa

and look at this

entries for this name server record this

entry should exactly match

the one under registered domain

if it doesn't match then root 53 is not

going to work and in that case you can

click this add or edit name server and

then copy these values from

hosted zone and then match it i mean

paste it here

but by default everything should be good

you should only face this error

when you delete the hosted zone and you

recreate this or something

you don't click something like confirm

something then you might get this error

anyway by default everything should be

good and then click create record and

don't worry about the cname thing yet

this got created because of certificate

i'm going to go over it in a second you

don't need the cinema entry for this

demo to work

so click create record simple routing

click next

click define simple record and then

under drop down

select application and classic load

balancer

select your region

in our case we have usos 2

and then select the load balancer

and then click define simple record

click create records

all right so at this point uh any

traffic that's coming to test

ipaddress.com

should be

diverted to the load balancer and that

load balancer should send the traffic to

our apache web server

so let's open another tab

and then we are going to put test

ipaddress.com

all right so this one is working as well

and as you can see this is not secure

all right so now we are going to create

a certificate

and then create the https

so i'm going to go to certificate

manager

and then request a certificate request a

public certificate

and then fully qualified domain name

so i'll give the domain name test

ipaddress.com

dns validation click requests

so you can see for test ipaddress.com

status is spending validation

so since we chose the dns validation

click that go here

and then select create records in route

53

so this will put an entry in there

this validates that we actually own this

url or the domain so that we are not

trying to add something to someone

else's website click create records

and then if we go to root 53 refresh

this okay you see a cname record for the

validation and note that this cname

record is just for validation it doesn't

do anything on the traffic flow

alternatively you can also do email

validation

so don't think that this synonym entry

is doing something to the traffic flow

all right after we added those record so

our certificate is issued

as if we go back to route 53 we don't

need to change anything we can keep this

cnam as is

so we have to go to load balancer

so in load balancer under listeners

now we have to add https

so i'm going to click

add listener

and then select https

action should be forward

uh to the same target group web server

test

okay

and then we have to select a ssl

certificate

for https

so select the certificate test

ipaddress.com click add view listeners

so at this point we should be able to

handle https traffic so i'm going to

create another tab

and now i'm going to give https colon

slash

test ipaddress.com

all right so test ip address is also

working and you can see this lock symbol

that means our website is https

uh but if we go back to http

colonslusstestipaddress.com

see this one still works and we don't

want that so in that case what we need

to do is go back to

our load balancer

and for http 80

click view edit rules

click edit up top

click edit here

and delete this rule

click add action and redirect to

https

443 so basically even if the traffic

comes to port 80 http protocol we're

going to redirect it for https protocol

click update

all right go back to rules okay so for

http 80 we are redirecting it to https

http is all set

so let's go back here test ip address

uh let's refresh this

all right so even if we refreshed http

you could see it redirected me to https

and you could tell it by this lock

symbol another thing to keep in mind so

if i put www.testipaddress.com
so this is not going to work

because in our route 53 we only create a

record for test ipaddress.com

if we want www

to go to the same

destination as test ip address you need

to create another a record dub dub dub

so let me show you that

so click create record simple routing

define simple record

and here you need to put www

and then here select

application load balancer

region

us west

the same load balancer define simple

record create records

all right so now we have two a record

one is for just test ipaddress.com and

another is for www

so now if we

type in www.testipaddress.com

okay so now it works right um

because now dub dub dub is also handled

so this is like a little bit of trick

so what if you want to do instead of www

you want to do alb dot test

dot

all right so similarly you can create

record click next

define simple record

and then alb

select the load balancer choose your

region

choose load balancer define simple

record create records

so now if we type alb dot test ip

address dot com

okay so now our website works but it

says not secure

why why is this not secure alb the test

ip address doesn't work because our

certificate only covers test

ipaddress.com or www.testipaddress.com

it doesn't cover anything else

so if you want alb.testipaddress.com

to be https

you either need to create another

certificate for alb.test.ipaddress.com

or you can create a generic certificate

with asterix dot test ipaddress.com

but sometimes it is not recommended

so that you can actually specify what

exact

prefix you can use with your website

alright folks uh if you want to see more

videos like this please click the

subscribe button only 15 of my viewers

are subscribed uh so help me out here

click the subscribe click the like

button i comment something on the video

it really helps youtube algorithm to

grow my channel

also all my highest rated and

best-selling courses are on discount uh

this week i'll give the link down so

check it out if interested that's it for

this one i'll see you guys and girls in

the next video bye