Part 1: Create a working http load balancer
I'v decided to use amazon for hosting my (Ubuntu 14.04 trusty) server (t2.nano (still an overkill, anything with 256 mb ram is sufficient IMHO))
-
you have to create a security profile which opens port 22 for ssh, 80 for http, and 443 for https.
-
ssh into your server.
-
Fetches the updates from the server, downloads nginx, apt-get update & upgrade, sudo apt-get install nginx
-
Backup the config file, it is always considered a good practise to do. cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup
-
Modify the http part of the config file to the code below, the 2 servers are the ones youre sending the load too (the connection to those is http). sudo nano /etc/nginx/nginx.conf
http { upstream myapp1 { server google.com; server yahoo.com; } server { listen 80; location / { proxy_pass http://myapp1; } } }
-
Restart nginx (sudo service nginx restart), if everything is alright then you should have a working loadbalancer which responds with either sth from google or yahoo. Congrats.
Part 2: Generating a cert & assigning it to nginx.
-
Install the certbot script which helps you to get the cert quickly
wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto ./certbot-auto
-
The prompt will guide you through, tho it is recommended to turn off nginx while you do this, so you dont have anything listening on port 80, 443. After you have finished youll have your cert files in /etc/letsencrypt/live/yoururl
-
Modify the nginx conf to use the cert files.
http { upstream myapp1 { server google.com; } server{ listen 443 ssl; server_name beta.daggersandsorcery.com www.daggersandsorcery$ ssl on; ssl_certificate /etc/letsencrypt/live/beta.daggersandsorcery$ ssl_certificate_key /etc/letsencrypt/live/beta.daggersandsor$ location / { proxy_pass http://myapp1; } } }
-
Restart nginx Tradaaaaaaaa.
References:
- http://nginx.org/en/docs/http/load_balancing.html
- https://www.linode.com/docs/websites/nginx/how-to-configure-nginx
- https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04
- https://certbot.eff.org/#ubuntutrusty-nginx
- https://certbot.eff.org/docs/using.html#renewal
I haven't tried this, but it looks to be a real simple version of what I needed, thanks a lot.