DEV Community

Hari Bantwal
Hari Bantwal

Posted on

HTTPS Enablement with DNS Registrar: AWS Route 53, DNS Management: Cloudflare, Loadbalancer:OCI

The post below describes SSL enablement for a domain registered with AWS Route 53, DNS management in Cloudflare, and the setup of load balancers and compute instances hosted on Oracle Cloud Infrastructure (OCI).

The background involves three actors due to the domain's previous use for other purposes. Keeping the status quo helps understand the complexities involving multiple actors. The DNS management part can be shifted to either AWS or OCI, reducing the number of actors in the value chain to two.

Image description

Starting Point.

  1. bantwal.ch domain obtained from AWS Route 53
  2. NS Records in AWS Route 53 pointing to Cloudflare
  3. OCI Instance instance-web-1 and instance-web-2 serves Apache webserver on http://PUBLICIP:80

Objective
1) LoadBalancer in OCI pointing to OCI Instance instance-web-1 and instance-web-2
2) Associate domain bantwal.ch to Loadbalancer
3) Enable HTTPS access for bantwal.ch

Steps

1) Create Load Balancer on the regional subnet, add backend instance-web-1 and instance-web-2, add HTTP listener

Image description

2) Navigate to the browser and do http test on public ip of Loadbalancer

Image description

Objective 1: Done

3) Domain Registrar setting at AWS Route 53

Image description

DNS NS records pointing to Cloudflare

4) DNS Management in CloudFlare

Image description

DNS A record pointing to the loadbalancer created in Step 1

SSL TLS Setting is Cloudflare is set to OFF

Image description

5) Navigate to the browser and do DNS Test

Image description

Objective 2: Done

6) Get the Certificate from CA Authority.

This example uses
SSL for Free

Image description

7) Verification of domain

This example uses DNS CNAME entry in Registar/DNS Management.

Image description

Copy the values. And verify the domain.

Image description

Image description

Download the Certificate

8)Create Certificate object in OCI

Image description

Upload the files from the zip file downloaded in previous step.

Image description

Image description

9)Create HTTPS Listener in Load Balancer

Image description

10) Add the HTTPS Port to the stateful Ingress on Load Balancer Subnet

Image description

11) Access the site using SSL

Image description

12) Verify the Certificate details on the browser

Image description

Objective 3: Done

Top comments (0)