Load Balancer Solution With Nginx and SSL/TLS

This project deploys an Nginx Load Balancer solution for our tooling website and secures it using SSL/TLS

This project consists of two parts:

• Configure Nginx as a Load Balancer
• Register a new domain name and configure secured connection using SSL/TLS certificates

Part 1 - Configure Nginx As A Load Balance

1. Create an EC2 VM based on Ubuntu Server 20.04
2. Update /etc/hosts file for local DNS with Web Servers’ names (e.g. Web1 and Web2) and their local IP addresses.
3. Install Nginx

sudo apt update
sudo apt install nginx

4. Configure Nginx as a load balancer to point traffic to the resolvable DNS names of the webservers

sudo vi /etc/nginx/nginx.conf

#insert following configuration into http section

 upstream myproject {
    server Web1 weight=5;
    server Web2 weight=5;
  }

server {
    listen 80;
    server_name www.domain.com;
    location / {
      proxy_pass http://myproject;
    }
  }

#comment out this line
#       include /etc/nginx/sites-enabled/*;

5. Save and exit
6. Restart Nginx and check the status

sudo system status nginx

● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset:>
     Active: active (running) since Sun 2021-06-06 13:25:35 UTC; 8s ago
       Docs: man:nginx(8)
    Process: 13476 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_proc>
    Process: 13487 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (>
   Main PID: 13488 (nginx)
      Tasks: 2 (limit: 1160)
     Memory: 1.9M
     CGroup: /system.slice/nginx.service
             ├─13488 nginx: master process /usr/sbin/nginx -g daemon on; master>
             └─13489 nginx: worker process

Jun 06 13:25:35 ip-172-31-23-93 systemd[1]: Starting A high performance web ser>
Jun 06 13:25:35 ip-172-31-23-93 systemd[1]: Started A high performance web serv>
lines 1-15/15 (END)

Part 2 - Register a new domain name and configure secured connection using SSL/TLS certificates

1. Register a new domain name with any registrar of your choice in any domain zone(I used freenom)
2. Assign an Elastic IP address to your EC2 nginx-lb instance.(You'll find this under Network & Security)in your EC2 dashboard.
3. Update A record in your registrar(freenom) to point to Nginx LB instance using Elastic IP address.
4. Configure Nginx to recognize your new domain name by updating nginx.conf with server_name www.<your-domain-name.com> instead of server_name www.domain.com
5. To install certbot, make sure snapd is running

sudo systemctl status snapd

6. Install certbot

sudo snap install --classic certbot

7. For the certificate to be issued, run

sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --nginx

Follow the screen prompts are choose the approprate options for you. 8. Test secured access to your Web Solution by trying to reach https://<your-domain-name.com>

9. By default, LetsEncrypt certificate is valid for 90 days, so it is recommended to renew it at least every 60 days or more frequently. This can be tested by running

sudo certbot renew --dry-run

10. We can automate the renwal process by setting up a cronjob

crontab -e

Select a prefered editor and add the following line:

* */12 * * *   root /usr/bin/certbot renew > /dev/null 2>&1