Skip to content

Load balancer guide

This manual is intended to provide basic configuration.

The tools used have much greater capabilities and the issues discussed are more complicated than they may seem at first glance eye.

This manual aims to present the configuration of a website server (apache2) using the Ubuntu 22.04 distribution.

To complete the task, it is necessary to purchase a DNS name in the global DNS system or use a name in the man.poznan.pl domain, which is automatically generated for each external IP address.

Preparing the environment:

In the OpenStack web panel, creating two instances that will have an external floating IP address added. A security group should be created for the instance that will allow traffic on ports 443 and 80.

Example configuration:

In order to configure the above assumptions, the instructions will be helpful: Security group configuration
Basic creation of a new virtual machine instance and network configuration
Instance Access

What name can I use in the domain man.poznan.pl?

You should run, for example, the nslookup tool and check what A record is returned using the IP address of our instance:

If the servers are to use the load balancing mechanism, we generate the SSL certificate for the name that will be generated for the load balancer's IP address.

System Configuration:

For clarity, I will divide the servers into system A and system B.

System Configuration A:

apt

sudo su –
apt update
apt upgrade
apt install mc apache2 certbot python3-certbot-apache
  • Creating a directory and an index.html file with the site content.
mkdir /var/www/mojastrona
echo SerwerA > /var/www/mojastrona/index.html
  • Create site configuration file for http. Next, you need to configure the redirection from http to https.

config

touch  /etc/apache2/sites-enabled/strona.domena.pl.conf
mcedit  /etc/apache2/sites-enabled/strona.domena.pl.conf

<VirtualHost *:80>
DocumentRoot /var/www/mojastrona
ServerName www.manual.pietaadmin.pl
ServerAlias manual.pietaadmin.pl
ServerAdmin admin@pietaadmin.pl
</VirtualHost>
  • DNS Zone Configuration:

  • Restart apache, systemctl, restart apache2 and verify the operation of the website.

  • https configuration:

Activation of the SSL module

a2enmod ssl
systemctl restart apache2

Configuration and generation of an SSL certificate for 90 days and the redirection of http traffic to https will be automatic taken after issuing the command:

certbot --apache -d www.manual.pietaadmin.pl -d manual.pietaadmin.pl

  • Verification

System Configuration B:

apt

sudo su –
apt update
apt upgrade
apt install mc apache2
  • Creating a directory and an index.html file with the website content. For the purposes of configuration and verification of correct operation, the content will be different. Ultimately, these will be identical files.
mkdir /var/www/mojastrona
echo SerwerB > /var/www/mojastrona/index.html

You need to copy the files from system A to system B. Files to copy:

/etc/apache2/sites-enabled/strona.domena.pl.conf
/etc/apache2/sites-enabled/strona.domena.pl-le-ssl.conf
Cały katalog:
/etc/letsencrypt/archive/www.manual.pietaadmin.pl/

This task can be automated using the rdiff tool → Directory backup over the network

  • Activation of SSL and Rewrite modules
a2enmod ssl
a2enmod rewrite
systemctl restart apache2

Files for SSL were saved in the location /etc/ssl/www

Example configuration of the remaining files:

root@www-lb-manual-2:/etc/apache2# cat /etc/apache2/sites-enabled/strona.domena.pl.conf
<VirtualHost *:80>

DocumentRoot /var/www/mojastrona
ServerName www.manual.pietaadmin.pl
ServerAlias manual.pietaadmin.pl
ServerAdmin admin@pietaadmin.pl
RewriteEngine on
RewriteCond %{SERVER_NAME} =manual.pietaadmin.pl [OR]
RewriteCond %{SERVER_NAME} =www.manual.pietaadmin.pl
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>


root@www-lb-manual-2:/etc/apache2# cat /etc/apache2/sites-enabled/strona.domena.pl-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>

DocumentRoot /var/www/mojastrona
ServerName www.manual.pietaadmin.pl
ServerAlias manual.pietaadmin.pl
ServerAdmin admin@pietaadmin.pl
SSLCertificateFile /etc/ssl/www/fullchain.pem
SSLCertificateKeyFile /etc/ssl/www/privkey.pem
</VirtualHost>
</IfModule>

Configuration of the load-balancer mechanism.

For the BST region, configuration must be performed from the web panel: https://openstack.man.poznan.pl/horizon/auth/login/

In the OpenStack web panel Project -->Network -->Load Balancers -->Create

  • We indicate the internal subnet of our servers and add the name:

  • In order

  • Then

  • In the next step, select servers and add a port.

  • In the last traffic jam

  • We wait until the status is Online Active and add a floating IP address from the external network.
  • Finally, point the DNS names to the load balancer's floating IP address.

Please note that the free lets encrypt SSL certificate is valid for 90 days.

You need to configure automatic renewal. You can also use a paid SSL certificate.