How to Configure a Service Manually In A Private Server & Creating A Load Balancer In AWS
in this blog you will discover:
- How to create a vpc with private and public subnets
- How to create a private server
- How to install and configure a service on a private server
- How to get access to your private servers in the private subnet
- How to create and connect a load balancer to its target groups
HO HO HO 🎅🏼🎅🏼
Happy new year and merry Christmas in areas. Do you know how the saying goes?
New year new me! but this time it’s the New year and new interesting content!
before we get carried away. let's focus on the purpose of this blog. we can’t lose focus at the beginning of the year!😂
in this blog, I am going to show you. yes, you! how to configure a service manually in a private server & how to create a load balancer in AWS.
now note that the service you wish to use is your choice. either apache2, wildfly, or Nginx. but in the blog, we are going to be using Nginx!
Now you might be wondering “OMG😱 what’s a VPC??”. A VPC is just an isolated private cloud within a public cloud.
now we are going to go to our AWS console to create a VPC with its private and public subnets. oops! what’s a subnet?
A subnet, or subnetwork, is a segmented piece of a larger network. More specifically, subnets are a logical partition of an IP network into multiple, smaller network segments.
The Internet Protocol (IP) is the method for sending data from one computer to another over the internet.
1. How To Create A VPC With Private and Public Subnets
Now we are in our console. if you don’t have an account with AWS you can create one here and get some services for free.
now in the search box above type in VPC and click on VPC to go to your VPC dashboard.
for me, I just recently used it that's why it was on my recently visited.
By default, the dashboard will look something like this. you can click on any side to enter your VPC space.
We are now in. by default again there should be a VPC service available here so you don’t need to worry.
all you need to do is click on the create VPC above.
Now that we are creating our VPC. you will see two options. VPC only and VPC and more. Click on VPC and more.
then your page should look like this. you might be wondering why we used VPC and more.
well let’s just say it’s to make the creation of the Subnets, NAT gateway, route tables, and other needed services easier.
but just using VPC only creates a VPC for you and you will need to create the other services yourself.
and I love the easier way. let’s just say I am lazy 😂
scrolling down. leave all this as default only if you have a particular specification you have to meet.
but for this blog, we are good to go!
Above you Choose the number of Availability Zones (AZ’s) in which to create your NAT GateWay.
now before you click the create VPC. check if the diagram on the right-hand side is the same as the one below.
With one VPC. 4 subnets (2 private and 2 public), 3 route tables, and 3 network connections.
then you can click on the create button.
Then you should see this beautiful page of everything being created for us.
now you see the benefits of the VPC and more options.
When it is done. you go back to your VPC dashboard and you see that our VPC has been created.
you can also check your subnets to see your 4 subnets created.
2. Creating our EC2 Private instance (server)
in this part of the blog, we would need to create an instance and link it to our VPC.
well you can do this for so many reasons. but we are doing it to only allow our load balancer to communicate to the private instances we will create.
so, let’s jump right in!
Still on this same search bar. we type in ec2. then options come out.
Click on the one you see in the image.
This is the Ec2 dashboard where you can check a lot of things running within that dashboard like the running instances.
now we click on instances on the left-hand side.
after clicking on instances. you should see a page that says you should launch an instance. after doing that you will appear on this page above.
the red circled area is where you type in your instance name. you can choose to create multiple instances.
if you look at where the arrow is pointing you should see that it’s one we are creating for this session. you will create the other one.
Scrolling down we see where to pick our specific OS distribution. in this case we are going to be using ubuntu.
and in the version, we will just leave it in the free tier. but if you have a specific version you want to use then you can change that.
but note your free tier might not cover it. which means you will be billed.
Here, you select the instance type. but you can leave it as default.
you can click on the select key pair above to select a key pair that you have created before or if you haven’t created before you can click on create.
When creating it should look like this. put in the name of your key pair above.
make sure you thick the RSA and .pem buttons. then you can create. note that after creating. a file will be downloaded into your system.
make sure you keep that file safe. it’s what we would use to SSH into our private servers.
Now that we are on the network settings. this is where things get interesting. in the vpc segment.
Click on the new vpc we just created on the subnet segment.
Click on one of the private subnets we created. after that by default the IP address will be disabled. leave it like that.
in the security groups below clear the previous name that was there and name it something you can remember.
NOTE: when you are creating the second server you will need to use the second private subnet for the second server and you don’t need to create a new security group you can just click on “select existing security group”.
You can also add a description for your security group. leave the default security group. then you click on launch instance.
NOTE: there will have to be two servers that the load balancer will have to connect to. you need to create the second one.
you can follow the previous guide and instructions.
doing this helps you learn faster. see you in the next block!
3. Creating a Bastion Host
A bastion host is a server whose purpose is to provide access to a private network from an external network.
This is necessary because our subnets are private, hence, the bastion host which is within the same VPC serves as a bridge to establish a connection to the private subnets.
The best practice is that anyone who needs access to any of the computers inside the VPC must SSH into the bastion host first before doing another SSH to the instance they want to go to.
We would need to create a new instance for the bastion host.
You will create everything exactly the same way but when it comes to the network settings. there would be a slight difference.
select the vpc we have been using. select the public subnet this time not the private. and enable the public IP address.
also, you will need to select your already created key pair. with an existing security group you created for the first and second servers.
then you can click on launch instance.
We open the bastion host instance details and click on connect to connect to the bastion host.
Then right there on the SSH client tab. we copy the command that is shown as an example and paste it on our terminal.
Now, before you paste it to log in. you need to check if the .pem file you downloaded is in the same directory you want login to.
if the file is now there you can use the command below to create the file in the terminal.
nano root-server.pem after creating it. then you can open the downloaded file and copy the whole contents in it and paste it inside this file you created on your local machine
NOTE: the name of the file should match the name of the file you created and downloaded.
With the command I copied from AWS, I am now inside my bastion host. from here we can now login into our private servers.
but like the example, I gave above the .pem file will need to be created inside this server.
Now that I have input the key inside this file I need to change the modification with this command
chmod 400 root-server1.pem
after doing that. I will need to SSH into my private server. note that the IP address at the end is the private IP address of the server.
4. Installation and Configuration of Nginx Server Manually on Private EC2 Instances
Using the following commands; update and install Nginx and login to the root user to set up a static webpage.
sudo apt update; sudo apt install nginx -y; sudo su
For this blog, we are going to display the hostname of each server on the webpage instead of the default Nginx page using a load balancer.
From the root user, run the following commands to display the hostname of your server;
echo "<h1>This is my server2 $(hostname -f)</h1>" > /var/www/html/index.nginx-debian.htmlThen cat your file to confirm that host is being displayed using the;
cat /var/www/html/index.nginx-debian.htmlExit the root user and then enable, start, and confirm the status of the Nginx server using the following commands
sudo systemctl enable nginx; sudo systemctl start nginx; sudo systemctl status nginx
Exit from the first Private server and from your Bastion host ssh into your second server and repeat the whole process to update and install Nginx.
login to the root user and echo your hostname, cat file to confirm the hostname is being displayed, exit root user, and then enable, start, and confirm the status of the Nginx server.
5. Creating your Target Groups
Going back to AWS. we will need to create a target group to connect our load balancer and our IP addresses together.
on your EC2 dashboard. Scroll down until you see target groups. click on it and click on create target groups
Click on instances. and type in your target group name
Select the vpc we created in this blog. leave everything as default. then at the bottom of this page click on next.
Now, select the two private IP addresses. Click on include as pending below. then create a target group.
Currently, there is no load balancer configured for this target group.
Click on the None associated and select the new load balancer.
6. Creating An Application Load Balancer
In this part of the blog, we are going to be creating an application load balancer to communicate with our private servers
Type in the name of the application load balancer. make sure it is on internet facing.
scrolling down. select the vpc we created and click those two boxes and input your first public IP address and the second public address.
in the security group section, we are going to click on create a new security group.
Here you input your security group name. description and on the vpc side you select the vpc we have been using throughout this blog.
When creating your inbound rule create it this way.
there should be two ports 80 and two ports 443.
then on the first port 80.
we will be selecting anywhere IPv4.
on the second port 80, we should be selecting anywhere IPv6.
we do the same for port 443 when you are done. you create the security group.
leave the outbound rule as it is. just click on Create
now we go back to our load balancer and update the security groups we just created.
if you check and it’s not there just reload it with the reload button at the side. after adding our security groups.
we move down to target groups and select the target group we created previously in this blog.
Leave everything as a default. and create the load balancer.
7. Configure Instance Security Group to Face Load Balancer
now going back to our EC2 dashboard. just above our target groups, we will see security groups.
Click on it.
now navigate to the security group you used for your private instance.
Click on edit inbound rule.
edit the inbound rules by adding a new rule.
and on the port type in port 80.
then in the custom space select the security group you used for your load balancer. and click create.
you are good to go!
now go back to your target groups.
as you can see the two servers are both healthy or by any means if they are not.
you can reload the Nginx server in the two private servers with this command
sudo systemctl restart nginx
now we head back to our load balancer and copy the DNS name.
put it on the browser.
yessss!!! it works!
Don’t mind the error mistake that it still shows server 2. look at the IP address itself!!
Resources
Here are some other easier ways to do this if you don’t want to use the manual process:
- How to Configure a Service In A Private Server Using BASH script & Creating A Load Balancer In AWS
- How to Configure A Service In A Private Server Using Ansible & Creating A Load Balancer In AWS
NOTE: if you have any questions or want to add to this blog. you can message me through E-mail.
I reply faster to people that are subscribed to my newsletter!!
Conclusion
If you loved this blog post give it a like, comment, and don’t forget to click on the follow button.
And if you would love to get an update on the two interesting blogs I will be posting this week then you should sign up for my newsletter!!
