In this project, we will configure an Nginx server as a load balancer and also configure secure connection using SSL/TSL certificates
The project architecture
Requirements include:
- An Nginx server(UBUNTU 20.04 was used)- The load balancer
- A new domain name registration and configuration of secured connection using SSL/TLS certificates
Create an EC2 VM based on Ubuntu Server 20.04 LTS and name it Nginx LB
Open the following ports: Port 80(for HTTP connections); and TCP port 443(for secured HTTPS connections)
Update /etc/hosts file for local DNS with Web Servers’ names with their local server names and IP addresses (WEB1 and WEB2)
Install nginx
sudo apt update
sudo apt install nginx
Configure Nginx webserver Load Balancer with server names configured in /etc/hosts
sudo vi /etc/nginx/nginx.conf
Populate the file with the following
#insert following configuration into http section
upstream myproject {
server Web1 weight=5;
server Web2 weight=5;
}
server {
listen 80;
server_name www.domain.com;
location / {
proxy_pass http://myproject;
}
}
#comment out this line
# include /etc/nginx/sites-enabled/*;
Restart Nginx and check the status to be sure it is up and running
sudo systemctl restart nginx
sudo systemctl status nginx
We must register a domain name in order to get a valid SSL certificate.
Register for domain name in any of these Domain name registrar: Godaddy.com, Domain.com, Bluehost.com or any other Registrar of your choice
Assign an Elastic IP to the Nginx LB server and associate the domain name with this Elastic IP. This is because a static IP is better when assigning an instance to a domain
To create elastic IP:
Open the Amazon EC2 console
In the navigation pane, choose Network & Security, Elastic IPs
Choose Allocate Elastic IP address
For Public IPv4 address pool
Amazon's pool of IPv4 addresses
Choose Allocate
Update A record in your registrar to point to Nginx LB using Elastic IP address
Associate an Elastic IP address with an instance:
Open the Amazon EC2 console
In the navigation pane, choose Elastic IPs
Select the Elastic IP address to associate and choose Actions, Associate Elastic IP address
For Resource type, choose Instance
For instance, choose the instance with which to associate the Elastic IP address. You can also enter text to search for a specific instance
Choose Associate.
To learn more about elastic IPs click here
Check that the Web Servers can be reached from the browser using new domain name using HTTP protocol –
http://<your-domain-name.com>
Configure Nginx to recognize your new domain name. Update etc/nginx/nginx.conf file. Change server_name www.domain.com to server_name www.<your-domain-name.com>.
Install certbot and request for an SSL/TLS certificate
Make sure snapd service is active and running
sudo systemctl status snapd
Install certbot
sudo snap install --classic certbot
Request your certificate: Ensure to have edited Nginx configuration file above because certbot to ask you to select the domain the certificate will be issued for an this has to have been updated in the configuration file for nginx
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --nginx
Test secured access to your Web Solution by trying to reach
https://<your-domain-name.com>
Click on the padlock icon and you can see the details of the certificate issued for your website.> Note that TCP port 443 must be open to access HTTPS connection
Now, Set up periodical renewal of your SSL/TLS certificate
Test renewal command in dry-run mode
sudo certbot renew --dry-run
Let us configure a cronjob to run the command twice a day
crontab -e
Add the following line
* */12 * * * root /usr/bin/certbot renew > /dev/null 2>&1
Change the setting to suit the duration you would prefer
We have just implemented an Nginx Load Balancing Web Solution with secured HTTPS connection with periodically updated SSL/TLS certificates.