set up multiple domains with SSL on one Application Load balancer

Question

I am trying to set up multiple SSL domains on a single application load balancer.  I have multiple Tomcats on the EC2 instance listening on different ports.
I realize that I will need a target group for each application .  Do the target groups need to be instance target groups or application target groups?
Also how do I assign a different SSL cert to each target group?   My certificates are already imported to the AWS certificate manager.
I am assuming that I can define a single target group that would correspond to multiple app servers that are listening on different ports. and then have the  LB feed requests to those instances based on round robin while still maintaining "stickiness" in the LB.
Are these assumptions valid?  And am I headed in the right direction?

thanks
Charlie

Accepted Answer

Hi

**Target Groups:**

Instance target groups are the way to go. Application target groups are for services that register themselves with the load balancer, which isn't the case with your Tomcat instances.

**Assigning SSL Certificates:**

You cannot directly assign certificates to target groups. Instead, configure the ALB listener with multiple SSL certificates using AWS Certificate Manager (ACM).

https://aws.amazon.com/blogs/aws/new-application-load-balancer-sni/

**Multiple Ports and Stickiness:**

* Yes, you can define a single target group with multiple EC2 instances running Tomcats on different ports.
* ALB supports routing based on the Host header in the HTTP request. This allows you to define listener rules that map specific domains to backend instances based on the port they listen on.

https://repost.aws/knowledge-center/elb-alb-stickiness

https://aws.amazon.com/blogs/aws/new-host-based-routing-support-for-aws-application-load-balancers/

set up multiple domains with SSL on one Application Load balancer

Relevant content