In a previous post I showed how to setup a highly available Loadbalancer using HAProxy, keepalived and Pound for SSL termination. In this post I'll demonstrate the same setup using Nginx [1].
The reason Nginx is a good load balancing solution for simpler setups is that it supports SSL termination out of the box and scales pretty well both horizontally and vertically. For what it lacks in features as compared to HAProxy, it makes up with better simplicity and extendibility through the use of modules.
First let's install it:
The config file should look similar to this:
The actual load balancing configuration is outsourced in the /etc/nginx/lb.conf file:
Line 4 enables IP session persistence.
Line 5 and 6 specify the back-end nodes that the traffic will be routed to.
Lines 10 and 16 make Nginx listen on ports 80 and 443.
Line 12 redirects all insecure traffic arriving on port 80 to port 443.
Lines 17, 18 and 19 specify the certificate and private key files that the load balancer will use for terminating the SSL sessions.
Line 23 inserts the original client IP in the X-Forwarded-For header of the HTTP packet that the back-end nodes can use to identify where the original request came from.
To generate a self signed cert and private key for use in your test environment perform the following:
Line 2 generates the Private Key.
Line 3 generates a CSR (Certificate Signing Request).
Lines 4 and 5 remove the passphrase from the key.
Line 6 generates the Self-Signed Certificate
Now you are ready to start the service:
The logs are located in /var/log/nginx.
Follow the steps in my previous post to make this a highly available service using keepalived.
