I'm currently running an EKS cluster where I've configured ingress resources using the NGINX ingress controller. My Network Load Balancer (NLB) is set to private, and I'm also using a private Route 53 zone. I'm looking for guidance on how to configure HTTPS for my endpoints through the NGINX controller. I've attempted to set it up with Let's Encrypt certificates via cert-manager, but I've encountered issues since my Route 53 zone is private. Unfortunately, I can't switch to using the ALB controller with the AWS cert manager right now, so I need a solution that works with the NGINX controller.
4 Answers
Have you thought about using Let's Encrypt with a DNS-01 challenge? You can set it up to validate a public DNS zone even if it’s not in use, then apply that certificate to your private zone. Just make sure your public and private zones match.
I have to say that choosing the ALB to handle SSL termination makes things a lot simpler. But if you're sticking with NGINX, you can create a TLS secret in your cluster to use the certificates directly. Check out the NGINX ingress guide on managing TLS for detailed steps. Just a heads-up, trying to set it up without Let's Encrypt can be quite tricky. If you're using EKS, integrating AWS certificates might save you a lot of hassle.
If you're aiming to terminate TLS on your NLB behind a private domain, you might need to set up a private Certificate Authority (CA) in AWS. After that, you can attach a certificate issued by your private CA to the NLB via service annotations. It’s a bit complex, but it should work.
Consider using Let's Encrypt with the DNS challenge method? It might work for you, but I'm unsure if it functions correctly with private zones. From what I gather, it usually doesn’t.
Related Questions
How To Get Your Domain Unblocked From Facebook
How To Find A String In a Directory of Files Using Linux