Nginx https load balancer with lets encrypt cert (On AWS)

letsencrypt

Part 1: Create a working http load balancer

I’v decided to use amazon for hosting my (Ubuntu 14.04 trusty) server (t2.nano (still an overkill, anything with 256 mb ram is more than sufficent))

  1. you have to create a security profile which opens port 22 for ssh, 80 for http, and 443 for https.
  2. ssh into your server.
  3. Fetches the updates from the server, downloads nginx, apt-get update & upgrade, sudo apt-get install nginx
  4. Backup the config file, it is always considered a good practise to do. cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup
  5. Modify the http part of the config file to the code below, the 2 servers are the ones youre sending the load too (the connection to those is http). sudo nano /etc/nginx/nginx.conf
    http {
        upstream myapp1 {
            server google.com;
            server yahoo.com;
            }
    
        server {
            listen 80;
    
            location / {
                proxy_pass http://myapp1;
            }
        }  
    }
  6. Restart nginx (sudo service nginx restart), if everything is alright then you should have a working loadbalancer which responds with either something from google or yahoo. Congrats.

Part 2: Generating a cert & assigning it to nginx.

  1. Install the certbot script which helps you to get the cert quickly
    wget https://dl.eff.org/certbot-auto
    chmod a+x certbot-auto
    ./certbot-auto
    
  2. The prompt will guide you through, though it is recommended to turn off nginx while you do this, so you dont have anything listening on port 80, 443. After you have finished youll have your cert files in /etc/letsencrypt/live/yoururl
  3. Modify the nginx conf to use the cert files.
    http {
        upstream myapp1 {
            server google.com;
        }
    
            server{
                    listen 443 ssl;
                    server_name beta.daggersandsorcery.com www.daggersandsorcery$
    
                    ssl on;
                    ssl_certificate /etc/letsencrypt/live/beta.daggersandsorcery$
                    ssl_certificate_key /etc/letsencrypt/live/beta.daggersandsor$
    
    
                    location / {
                        proxy_pass http://myapp1;
                    }
            }
    }
    
  4. Restart nginx. Well done, it should be working for you.

Update:

The following script is doing the same thing that I’ve shown you in this article. With the addition of the automatic renewal process with crontab.

References:

1 thought on “Nginx https load balancer with lets encrypt cert (On AWS)”

  1. Hi There! We are looking for experienced people that are interested in from working their home on a full-time basis. If you want to earn $200 a day, and you don’t mind developing some short opinions up, this might be perfect opportunity for you! Simply click the link here NOW!

Leave a Reply

Your email address will not be published. Required fields are marked *