Wow this is almost identical to what we use at browserless.io. I’d be curious to hear how switching SSL termination went as that seems to be the hardest “reproducible” part of it, and copying over certificates is kinda scary.
The only thing I think we do differently is nginx’s amplify SaaS product for monitoring load balancers. Those are still kind of painful, but work well with WebSockets, which is hard to find support for.
I'm using Cloudflare's generated certificates now, so there was nothing to copy over. If I recall correctly, I just spun up a new load balancer, pointed a dummy subdomain to it to test the configuration and then changed the actual DNS record when everything was working.
The only thing I think we do differently is nginx’s amplify SaaS product for monitoring load balancers. Those are still kind of painful, but work well with WebSockets, which is hard to find support for.
Thanks for sharing!