Application Load Balancer is used to bring traffic to the ECS tasks in the public subnets.
If you need SSL, you will need to create an SSL certificate in ACM – Amazon Certificate Manager. You can either
- request a certificate from Amazon (free)
- import a certificate that you own
Certificate Manager > Request a certificate
While requesting a certificate, you may go for a wildcard certificate that protects your domain and all subdomains, like this:
Application Load Balancer
Create a Target Group with type = IP
EC2 > Target groups > Create
IP Addresses > Name: wp-fargate > Protocol: HTTP > Port: 80 > Selct VPC > Protocol version: HTTP1
Select wp-fargate > Health Check Settings > Edit > Path: /wp-includes/images/blank.gif > Create target group
There is no need to specify targets; ECS will manage that for you.
I had to give a more specific path so as to get the health check working all the time. If you give just /, it will return a 302 error. If you give /index.php also, it gives the same error until WordPress web installer is run.
Now create the App Load Balancer. Once you get the DNS name of the ALB, you may add a CNAME record to your DNS zone, but only for subdomains. But if you are hosting a main domain, Route 53 configuration is needed.
You cannot add an A record pointing to an AWS ALB.
EC2 > Load balancers > Create > Application Load Balancer > Name: wp-stack-alb > Security Policy: TLS-1-1
Listeners > Add > HTTPS:443
Select VPC > Tick AZ’s > Next
Certificate Type > Choose a certificate from ACM > *.mvcloud.xyz
Security Group > select wp-stack-alb-sg
Configure Routing > Select the Existing target group wp-fargate > Review and Create.
There is one more step, which is to add a redirect to the HTTP listener of the ALB so that all HTTP requests will get redirected to HTTPS, as shown in the below image.
Select the ALB > Listeners > HTTP > View / Edit rules
Create a Route 53 Alias record for wpstack.mvcloud.xyz pointing to the ALB.
Or create an A record in your domain registrar pointing to the DNS name of the ALB.
wpstack.mvcloud.xyz > wp-stack-alb-15*********8.ap-southeast-1.elb.amazonaws.com
Route 53 > Hosted Zones > Select zone > Create record > Type: A > Name: wpstack > Alias: on
Route traffic to > Alias to Application load balancer > Choose region > Choose ALB