CODEWITHSUNDEEP
nginxload-balancingdigital-oceancloudflare
Ray
Ray

Reputation: 1728

Using a load balancer with digital ocean droplets that points to a cloudflare dns

Using digital Ocean, I created a load balancer which is linked to 2 droplets. Both droplets have NGINX installed and when I test the load balancer ip address on a browser, it correctly toggles between droplet 1 and 2.

The issue now is I want to point the load balancer to a subdomain I created on CloudFlare. Lets say my domain is example.com. I wanted to create a subdomain called api.example.com (which is an A record on Cloudflare). This should be simple. I created the A record on Cloudflare and linked it to the digital ocean load balancer ip address.

When I try to see if api.example.com works on the browser, I get a 522 error where the connection times out.

Since my name servers are being managed on Cloudflare and my droplets(virtual machines) are on Digital Ocean, do I need to set up port forwarding from http to https? I don't have much experience here.

Anyone ever encounter this and know the steps to get the subdomain to work?
Do I need to create config nginx site files with server blocks in each droplet and use Lets Encrypt and Certbot?

If so, where does the load balancer ip address fit in. Since I'm doing this on each individual droplet, I'm having a hard time wrapping my head around how to incorporate config for a load balancer since it technically isn't a vm I can log into and install NGINX (as far as I know).

Any help would be greatly appreciated.

Upvotes: 1

Views: 2905

Answers (1)

Ray
Ray

Reputation: 1728

The solution I found to work is in the load balancer settings in Digital Ocean. Set a new port forwarding rule for port 443 and set the SSL to pass through. Once that is done, you will need to go into the /etc/nginx/sites-available and either update the default or create a new .conf file where you define a new server block. In my example below, I created a custom html directory and page in the /var/www folder.

server {

        root /var/www/example.com/html;
        index index.html index.htm index.nginx-debian.html;

        server_name example.com www.example.com;

        location / {
                try_files $uri $uri/ =404;
        }

Once this is done, you need to create a link between sites-enabled folder. For full details on how to create this type of file, I used this as a guide (its a bit outdated but it still works).

Create & Deploy an Express Rest API to a Digital Ocean Server

Once the conf file is created and the server blocks are set up, you can follow this link for SSL passthrough.

How to Configure SSL Passthrough - Digital Ocean

Essentially for this to work correctly, you can use Certbot to create a SSL certificate so Https can work. You can either do this on each Virtual Machine or Digital Ocean has a way to create an image of a droplet. So my advice is to do all your configuration on one droplet and get the https to work correctly (meaning you can go to the site address and not the ip and it works). Another way to do this is document all your steps one on VM and use a devOps tool like Ansible to automate this so you dont have to manually customize each machine.

Once both sites work ( you can test the subdomain against each droplet to test before switching the subdomain to point to the load balancer), you can then set your load balancer ip address back to the cloudflare A record for your domain or subdomain.

SSL pass through from my understanding lets the load balancer pass any SSL certificate checks to each individual droplet associated with the load balancer. So do keep mind that if you are managing one or many certificates for each droplet and if any expire, that droplet wont work. Hopefully this helps.

Upvotes: 1

Related Questions