Published on 2024-02-24
Docker WebTechAs of 2022, there are ~1.8 billions websites (unique domain names). 17% of all websites, that is, ~300 million are active. The rest are parked domains or similar. Let's unleash another domain to the internet. š
In this section, we look at how to register for domain name and configure the DNS. There are many services offering for domain name registration. As we are integrating our containerized web application to Amazon Web Service Cloud, we will proceed registering the domain name with AWS.
After logging into AWS Console, head to Route 53. As with every other service available in AWS, we will see the dashboard as our main page. On the sidebar, there is a Domains Section. Under there, we will see Registered Domains. Click on it and proceed to click on āRegister Domainā. Choose the domain name and complete the transaction. It is valid for 1 year with auto-renewal option.
Amazon will complete the domain registration for us, and we will have to verify the authentication via email. By default, Amazon will create two records the NS (Name Server) record and the SOA (Start of Authority) record. See more about DNS in this post.
Request for SSL Certificate and add to domain Amazon provides AWS Certificate Manager (ACM) free of charge.
Letās create a public certificate from Amazon by clicking on Request a certificate. Certificate type: public SSL/TLS certificate Domain name: I suggest adding below format to cater for both root and sub-domain names - {boring-is-good.com}: for root domain name - www.{boring-is-good.com}: previously, we used to have www as sub-domain to state that it is a webpage but this practice is not needed anymore. (Source) - *.{boring-is-good.com}: this is for sub domain names. for example, finance.boring-is-good.com. Validation Method: DNS Validation Key Algorithm: RSA 2048 Tags: Optional
For Validation, we opt for DNS Validation as we have the luxury of managing DNS in Route53. Now, letās view the certificate and understand the components in the certificate. Identifier: Unique Identifier of certificate Status: Issued (Note: the certificate is valid for 1 year) Type: Amazon Issued ARN: Amazon Resource Name. It is a unique identifier assigned to each resource within AWS (Amazon Web Services). ARNs are used to uniquely identify resources such as EC2 instances, S3 buckets, IAM roles, Lambda functions, and more within the AWS ecosystem. Domains: list of domains configured during certificate request They each have CNAME and Value. These CNAME will need to be added to our Domain Name.
Amazon has made it easy for us to create records of CNAME for our Domain. Thereās a Create Records in Route 53 Button, click on it and all the CNAME records in the Domain Section of Certificate will be added to our domain name in Route 53. Otherwise, we can also add them manually in Route 53. No fuss. ;)
Now, if we head over to Route 53 > Hosted Zone > click on Domain, under there, we will see 2 additional records configured. They are from the certificate. So, in total, we will have 4 records pre-created in our DNS configuration for our domain name. NS record, SOA record and two CNAME records from the certificate.
Alternatively, we can create a SSL certificate via Letās Encrypt.
So, we have our domain name and certificate. The next step is to bind the domain name to the load balancer.
Load Balancer Configuration
Go to Load Balancers (EC2 feature) in Amazon Console and click on the load balancer we created before.
- Our Load Balancer is Application Type LB.
- It has its own DNS Name (by Amazon). Public can reach our site by this DNS name but itās not really user friendly which is why we need domain name.
- VPC (Virtual Private Cloud) is the ECS container to which our LB is associated to.
- Availability Zone: we will come back to this later!
Letās look at the listeners. This is where we define which ports and protocol in the LB are opened to the public. Initially, we will have - HTTP: 8000 --> Forward to Target Group which is associated to our ECS container What it means is that, if anyone access our LB with port 8000, LB is going to forward the traffic to target Group defined in ECS
What we want is: - HTTP: 80 --> Redirect to HTTPS: 443 - HTTPS: 443 --> Forward to Target Group which is associated to our ECS container Because we don't want to expose 8000. As per Internet Protocol, we should only open port 443 to the public for security reasons.
In order to get what we want, we need to add the listener to load balancer. Letās go ahead and do it while thinking about the implication of each setting. Choose the certificate when setting up port 443.
Note: Load Balancers are meant for production website with heavy traffic in order to serve the customers better. Our Load Balancer is an Application LB. It is interfacing to the public in front of our web application. There are other types of LB as well. They are meant to provide fault-tolerance to the website. Another important characteristic of Load Balancer is stickiness and its impact on session cookies. Popular Load Balancer in the market is F5 Load Balancer.
Domain Name System Configuration to Load Balancer Okay, now that we have already bind the SSL certificate of our domain name to Load Balancer, we will configure the DNS records of our domain name to add the load balancer DNS.
Goto Route 53 > Hosted Zone > click on Domain and create a record. Record type: A - Routes traffic to an IPv4 address and some AWS resources Alias: yes Route traffic to: Alias to Application and Classic Load Balancer (because we are using our ALB) Region: Choose the region where the Load Balancer exists. Choose the load balancer we have created. Routing policy: simple (there are other options, but for now, simple will do)
That's it. Now, we have tied our LB to DNS. Our LB will do the job of routing the traffic to domain name to ECS. :)