You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docker-for-aws/load-balancer.md
+39-2Lines changed: 39 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -93,14 +93,51 @@ $ docker service create \
93
93
yourname/your-image:latest
94
94
```
95
95
96
+
### HTTPS vs SSL load balancer protocols
97
+
98
+
Docker for AWS version 17.07.0 and later also support the `HTTPS` listener protocol when using ACM certificates.
99
+
100
+
Use the `HTTPS` protocol if your app relies on checking the [X-Forwarded-For](http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/x-forwarded-headers.html) header for resolving the client IP address. Note that the client IP is also available with `SSL` by using the [Proxy Protocol](http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-proxy-protocol.html#proxy-protocol), but many apps and app frameworks don't support this.
101
+
102
+
The only valid options are `HTTPS` and `SSL`. Specifying any other value will cause `SSL` to be selected. For backwards compatibility the default protocol is `SSL`.
103
+
104
+
#### A HTTPS listener on port 443
105
+
106
+
```none
107
+
com.docker.aws.lb.arn="arn:...@HTTPS:443"
108
+
```
109
+
110
+
#### A SSL (TCP) listener on port 443
111
+
112
+
```none
113
+
com.docker.aws.lb.arn="arn:...@443"
114
+
```
115
+
116
+
```none
117
+
com.docker.aws.lb.arn="arn:...@SSL:443"
118
+
```
119
+
120
+
#### A HTTPS listener on port 443, and a SSL (TCP) listener on port 8080
121
+
122
+
```none
123
+
com.docker.aws.lb.arn="arn:...@HTTPS:443,8080"
124
+
```
125
+
126
+
#### A SSL (TCP) listener on port 443 and 8080
127
+
128
+
Since BAD isn't a valid option, it will revert back to a SSL (TCP) port for 443.
129
+
130
+
```none
131
+
com.docker.aws.lb.arn="arn:...@BAD:443,8080"
132
+
```
133
+
96
134
### Add a CNAME for your ELB
97
135
98
136
Once you have your ELB setup, with the correct listeners and certificates, you need to add a DNS CNAME that points to your ELB at your DNS provider.
99
137
100
138
### ELB SSL limitations
101
139
102
-
- There can only be one SSL certificate per ELB, so that means you can only have one label per swarm. If you add more than one `com.docker.aws.lb.arn` label per swarm the last one loaded overwrites the other one.
103
-
- If you remove the service that has the `com.docker.aws.lb.arn` label, it is removed from the ELB.
140
+
- If you remove the service that has the `com.docker.aws.lb.arn` label, that listener and certificate is removed from the ELB.
104
141
- If you edit the ELB config directly from the dashboard, the changes are removed after the next update.
0 commit comments