I have a proxy server (nginx) which has the following responsibilities:
- proxies to different backends depending on resource requested
- enforces rate limiting and IP blacklisting
- handles rewrites and url transformations
- does SSL termination, has multiple certs & keys
The problem is it's a single point of failure, that's why I'm looking into Amazon ECS to achieve high availability and scalability.
Here's my setup:
- Amazon ECS - EC2 instances (not Fargate) using an ALB
- ALB will be my main entry point, traffic would be HTTPS
- Traffic will then be forwarded to the proxy server (running tasks) which will handle SSL termination
- Amazon ECR - This will hold my proxy server image, updated on rule
changes
- so far, I've built a simple nginx service with self-signed certs for testing
So my question is:
What is a good approach to deploy the SSL certs & keys to the task containers?
I'm not very familiar with AWS services, but I'd prefer to use an existing AWS solution.
