Skip to content

Instantly share code, notes, and snippets.

@yodeah

yodeah/gist:e33730290017af3a3f19cf1867f0e1a9

Last active March 23, 2023 06:53
Show Gist options
  • Star 7 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save yodeah/e33730290017af3a3f19cf1867f0e1a9 to your computer and use it in GitHub Desktop.
Save yodeah/e33730290017af3a3f19cf1867f0e1a9 to your computer and use it in GitHub Desktop.
Download ZIP
Nginx https load balancer with lets encrypt cert
Raw
gistfile1.md

Nginx https load balancer with lets encrypt cert

Part 1: Create a working http load balancer

I'v decided to use amazon for hosting my (Ubuntu 14.04 trusty) server (t2.nano (still an overkill, anything with 256 mb ram is sufficient IMHO))

  1. you have to create a security profile which opens port 22 for ssh, 80 for http, and 443 for https.

  2. ssh into your server.

  3. Fetches the updates from the server, downloads nginx, apt-get update & upgrade, sudo apt-get install nginx

  4. Backup the config file, it is always considered a good practise to do. cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup

  5. Modify the http part of the config file to the code below, the 2 servers are the ones youre sending the load too (the connection to those is http). sudo nano /etc/nginx/nginx.conf

    http {
    upstream myapp1 {
        server google.com;
        server yahoo.com;
        }

    server {
        listen 80;

        location / {
            proxy_pass http://myapp1;
        }
    }  
}

  6. Restart nginx (sudo service nginx restart), if everything is alright then you should have a working loadbalancer which responds with either sth from google or yahoo. Congrats.

Part 2: Generating a cert & assigning it to nginx.

  1. Install the certbot script which helps you to get the cert quickly

    wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto

  2. The prompt will guide you through, tho it is recommended to turn off nginx while you do this, so you dont have anything listening on port 80, 443. After you have finished youll have your cert files in /etc/letsencrypt/live/yoururl

  3. Modify the nginx conf to use the cert files.

    http {
    upstream myapp1 {
        server google.com;
    }

        server{
                listen 443 ssl;
                server_name beta.daggersandsorcery.com www.daggersandsorcery$

                ssl on;
                ssl_certificate /etc/letsencrypt/live/beta.daggersandsorcery$
                ssl_certificate_key /etc/letsencrypt/live/beta.daggersandsor$


                location / {
                    proxy_pass http://myapp1;
                }
        }
}

  4. Restart nginx Tradaaaaaaaa.

References:

@marcfielding1
Copy link

I haven't tried this, but it looks to be a real simple version of what I needed, thanks a lot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment