Skip to content

Project10.md

Latest commit

 

History

History
97 lines (61 loc) · 3.55 KB

Project10.md

File metadata and controls

97 lines (61 loc) · 3.55 KB

LOAD BALANCER SOLUTION WITH NGINX AND SSL/TLS

SSL and its newer version, TSL – is a security technology that protects connection from MITM attacks by creating an encrypted session between browser and Web server. Here we will refer this family of cryptographic protocols as SSL/TLS – even though SSL was replaced by TLS, the term is still being widely used.

SSL/TLS uses digital certificates to identify and validate a Website. A browser reads the certificate issued by a Certificate Authority (CA) to make sure that the website is registered in the CA so it can be trusted to establish a secured connection.

CONFIGURE NGINX AS A LOAD BALANCER

  • Create an EC2 VM based on Ubuntu Server 20.04 LTS and name it Nginx LB (do not forget to open TCP port 80 for HTTP connections, also open TCP port 443 – this port is used for secured HTTPS connections)
  • Update /etc/hosts file for local DNS with Web Servers’ names (e.g. Web1 and Web2) and their local IP addresses
  • Install and configure Nginx as a load balancer to point traffic to the resolvable DNS names of the webservers
sudo apt update
sudo apt install nginx
  • Open the default nginx configuration file

sudo vi /etc/nginx/nginx.conf

#insert following configuration into http section

 upstream myproject {
    server Web1 weight=5;
    server Web2 weight=5;
  }

server {
    listen 80;
    server_name www.domain.com;
    location / {
      proxy_pass http://myproject;
    }
  }

#comment out this line
#       include /etc/nginx/sites-enabled/*;

image

  • To check the state of nginx , if succesfully configured

sudo nginx -t

  • I made a mistake, I edit the /etc/hosts in a wrong way
  • This really take my time to figure out

image

image

My Load balancer is working !!!!!!!!!!!!

image

image

image

  • Install certbot and request for an SSL/TLS certificate, Make sure snapd service is active and running

sudo systemctl status snapd

image

  • Install certbot

sudo snap install --classic certbot

  • To activate the ssl certificate
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --nginx

image

image

image

  • Set up periodical renewal of your SSL/TLS certificate
  • By default, LetsEncrypt certificate is valid for 90 days, so it is recommended to renew it at least every 60 days or more frequently.
  • You can test renewal command in dry-run mode

sudo certbot renew --dry-run

  • To do so, lets edit the crontab file with the following command:

crontab -e

  • Add following line:

* */12 * * * root /usr/bin/certbot renew > /dev/null 2>&1