Shared hosting SSL on EC2 (or services who use ec2, like Engine Yard)
Because SSL encrypts http headers, there's no reasonable way to do virtual hosting without using multiple IP addresses, which you can't do on EC2. Some day, decades down the road, when people stop using IE6 we can move on to SNI, until then we need to find another way.
To get around this you can use a cheap VPS with multiple IP addresses to forward requests to your applications on EC2 with each application running on a different port. HAProxy is the perfect tool for this job. Here is an example from my config:
# forward all normal traffic frontend http bind :80 default_backend ec2 backend ec2 server production 123.123.123.123:80 # handle ssl for one ip frontend application1_https mode tcp bind 123.123.123.1:443 default_backend application1_ssl backend application1_ssl mode tcp server application1_ssl_1 123.123.123.123:444 # handle ssl for second ip frontend application2_httpsmode tcp bind 123.123.123.2:443 default_backend application2_ssl backend application2_ssl mode tcp server application2_ssl_1 123.123.123.123:445
The drawback to this is that your application will be unable to get the remote ip address via the normal routes. It will appear as if the proxy is making all the requests. This can be a deal breaker, especially if you are capturing financial information. You can either set the address in the user session or you can put SSL in front of HAProxy, using something like stunnel.