I currently have a single server with a Django stack. I have nginx with an SSL certificate for HTTPS. I want to scale the web layer by putting an nginx load balancer in front, and adding IP addresses to the upstream module config as I spin up new droplets to handle the load. Pretty straightforward to set up, but I can't figure out how to make it work with SSL enabled. I tried the following:
Enabled SSL in both the load balancer droplet and each one of the web app droplets. This doesn't work because the SSL certificate in the web app droplets was created with a specific domain name. The load balancer fails to connect to the web app because it can't verify the SSL certificate because it is using an IP address and not a FQDN, e.g 1.2.3.4 not web1.example.com
Then I tried enabling SSL only on the load balancer. The load balancer can communicate via HTTP with the web app droplets, but then that traffic would not be secure over a public network.
I'm at a loss. Could you provide some advice in how to proceed? Do I need to set up a private network between the load balancer and the web app droplets? If so, how? Is there any other techniques using SSL certificates, or DNS configuration settings perhaps?
I'm using Ubuntu 12.10 x64. Not on AWS so no access to VPC or security groups. All VMs have a public IP, hence the need to make the connection between load balancer and web app nodes as secure as possible.
Any help would be appreciated!
