0

I have a dockerized python flask application, and an ngnix docker instance in front acting as a forward proxy. Both containers are deployed on AWS EC2, and using a Route53 DNS entry, traffic is routed to the nginx which then passes over the request to the python flask server.

I now want to switch to https, and discovered here that deploying https using Letsencrypt in docker is non trivial and frankly, quite messy.

I am considering putting an AWS loadbalancer in front of the whole setup, and enabling https on the load balancer instead. This would imply load balancer talks to ngnix, and ngnix passes requests over to Python flask.

Is there a better way to do this? Is the nginx now superfluous? Do you foresee issues with this setup?

Improve this question
2
  • 1
    If you use your load balancer to provide SSL, expose directly Flask port :80 so the LB reach Flask Commented Feb 27, 2020 at 16:40
  • This looks like a solution for nginx with certbot: github.com/staticfloat/docker-nginx-certbot Commented Feb 29, 2020 at 17:08

1 Answer 1

Reset to default
1

Yes, you can use ELB for offloading SSL.

I don't see any issues with this setup. Actually, I would recommend this for the following reason:

HTTPS is an encrypted protocol, and encryption required high CPU utilization to perform the needed mathematical computations.Since most web applications are CPU bounded, you should avoid processing SSL at your servers and let the load balancer do it for you.

Since the communication between the load balancer and your instances is on AWS internal network, you can rest assured that it is secure and can use HTTP for this.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.