How to Set Up an Alibaba Cloud Load Balancer with Nginx and SSL

What is a Load Balancer Instance

A load balancer instance provides a public IP address that forwards traffic to a pool of backend ECS servers. For example, a website www.abc.com originally points to an ECS at 1.1.1.1; after creating a load balancer, the public IP becomes 2.2.2.2.

Domain Resolution

Bind the domain www.abc.com to the load balancer IP ( 2.2.2.2) using an A record.

Backend Server Port Configuration

Common mistake: sending plain HTTP requests to an HTTPS port results in # 400 Bad Request and the message “The plain HTTP request was sent to HTTPS port”. Remember that the backend listens on port 80 and does not need SSL configuration.

Backend is HTTP, listening on port 80; no SSL needed on the backend.

Database Configuration Issue

It is recommended to use Alibaba Cloud RDS or a publicly accessible database.

Step‑by‑Step Alibaba Cloud SLB Creation

Open the SLB console at https://slb.console.aliyun.com/slb/cn-shenzhen/slbs.

Alibaba Cloud allocates a public IPv4 address, e.g., 47.112.81.140.

Domain Configuration

Original domain jlslb.herbeauty.top already has an A record pointing to 120.77.41.244.

Update the A record to point to the new load balancer IP 47.112.81.140.

Creating an ECS Snapshot and Custom Image

Create a snapshot of the source host.

In the snapshot list, create a custom image (select default security group, optionally include data‑disk snapshot).

On the ECS console, note the image ID/name of the newly created image.

Create a new ECS instance using the custom image (pay‑as‑you‑go, select the custom image, confirm creation, then view the instance).

Load Balancer Configuration

Prepare a health‑check virtual host on the backend server (IP 120.77.41.244) with an Nginx configuration file SLB_helth_8778.conf:

server {
    listen 8778;
    server_name 120.77.41.244;
    location / {
        root /var/www/SLB;
        index index.html index.htm;
    }
}

If using Docker, ensure the container port mapping matches the host port.

Verify access via http://120.77.41.244:8778/helth.html.

Listener and SSL Setup

Choose protocol HTTPS and listener port 443.

Upload an SSL certificate (free from https://freessl.cn/ or Alibaba Cloud’s free one‑year domain certificate) and select it in the load balancer.

Select the default backend server group, set backend port to 80, keep weight default.

Configure health check: port 8778, path /helth.html, then submit.

How to test if the configuration succeeded?

Set the weight of the snapshot‑based host to 0 and give higher weight to other instances; then access the service to confirm proper routing.

Backend Server Settings

Backend servers do not need SSL certificates.

Backend domain remains jlslb.herbeauty.top.

Use the configuration file:

server {
    server_name jlslb.herbeauty.top;
    set $base /var/www/juhepay;
    root $base;
    location / {
        if (!-e $request_filename) {
            rewrite ^(.*)$ /index.php?s=$1 last;
        }
        break;
    }
    location ~ \.php$ {
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        fastcgi_pass lnmp-php:9000;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_index index.php;
        fastcgi_buffers 8 16k;
        fastcgi_buffer_size 32k;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

Remember to restart the Nginx server after changes.

Access Control

Create an Access Control blacklist in region A.

Configure the blacklist under the “More” section of the listener settings.