DSB-May-2022

DSB-May-2022

Discoverix Sdn Bhd work logs for May 2022

ยท

3 min read

DSB Log May 2022

Author: Ahmad Afiq Azmi


What I Learn ๐Ÿ“š

Nginx

  1. Reverse Proxy

Example Reverse Proxy HTTP and HTTPS

# /etc/nginx/conf.d/<filename>.conf

server {
    listen 80;
    listen [::]:80;
    server_name <domain_name>;
    return 302 https://$server_name$request_uri; # Redirect HTTP request to HTTPS
}

server {

    # SSL configuration

    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl_certificate         /etc/ssl/cert.pem; # SSL Certificate
    ssl_certificate_key     /etc/ssl/key.pem; # Private Key
    ssl_client_certificate /etc/ssl/cloudflare.crt; # Cloudflare Certificate
    ssl_verify_client on;

    server_name <domain_name>;

        # For website
    location / {
        proxy_pass  http://<ip_address>:<port>;
        proxy_set_header Host   $host;
        proxy_set_header X-Forwarded-For    $remote_addr;
    }

        # For Websocket
    location /ws/ {
        proxy_pass http://<ip_address>:<port>;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
    }

}
  1. Websocket
  2. High Availability using Active-Passive using Keepalived

Example config for HA Active-Passive using Keepalived

MASTER NODE

# /etc/keepalived/keepalived.conf

global_defs {
    # Keepalived process identifier
    lvs_id nginx_DH
}
# Script used to check if nginx is running
vrrp_script check_nginx {
    script "killall -0 nginx"
    interval 2
    weight 2
}

# Virtual interface
# The priority specifies the order in which the assigned interface to take over$
vrrp_instance VI_01 {
    state MASTER
    interface ens18 # Check interface name 'ip a'
    priority 200 # Higher value than BACKUP node
    virtual_router_id 33 # Same ID with peer node
    unicast_src_ip <this_host_ip_address>

        # List of all peer IP Address
    unicast_peer {
        <peer_ip_address>
    }

    authentication {
        auth_type PASS
        auth_pass <your_password>
    }

    # The virtual ip address shared between the two or more loadbalancers
    virtual_ipaddress {
        <virtual_ip_address>
    }
    track_script {
        check_nginx
    }

    notify_master /etc/keepalived/master.sh
}

BACKUP NODE

# /etc/keepalived/keepalived.conf

global_defs {
    # Keepalived process identifier
    lvs_id nginx_DH
}
# Script used to check if nginx is running
vrrp_script check_nginx {
    script "killall -0 nginx"
    interval 2
    weight 2
}

# Virtual interface
# The priority specifies the order in which the assigned interface to take over$
vrrp_instance VI_01 {
    state BACKUP
    interface ens18 # Check interface name 'ip a'
    priority 100 # Lower value than MASTER node
    virtual_router_id 33 # Same ID with peer node
    unicast_src_ip <this_host_ip_address>

    # List of all peer IP Address
    unicast_peer {
        <peer_ip_address>
    }

    authentication {
        auth_type PASS
        auth_pass <your_password>
    }

    # The virtual ip address shared between the two or more loadbalancers
    virtual_ipaddress {
        <virtual_ip_address>
    }
    track_script {
        check_nginx
    }

    notify_master /etc/keepalived/master.sh
}
  1. SSL/TLS Termination
  2. Install Nginx on AlmaLinux

Here how I install Nginx on AlmaLinux

sudo dnf install nginx

# Start nginx and enable on bootup
sudo systemctl start nginx
sudo systemctl enable nginx

# Test configuration
sudo nginx -t

# Reload configuration
sudo nginx -s reload

# Open port 80 and 443
sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --zone=public --add-service=https --permanent
sudo firewall-cmd --reload

Node.js

  1. Dockerizing Node.js

Cloudflare

  1. Create DNS Records pointing to Static IP
  2. Create DNS CNAME for domain to be route into static IP
  3. Create SSL/TLS Certificate and enable Full(Strict) Mode

Scale Websocket Application

  1. Demonstrate how to scale websockets connection to multiple servers using a load balancer such as HAProxy

What I Do ๐Ÿ’ป

Testing Nginx inside Proxmox VE with Cloudflare integration for SSL/TLS Termination. Understand the core concept layer 4 and layer 7 reverse proxy.


Problem Encountered and Solution ๐Ÿž

Yeah nothing to see here.


References ๐ŸŒ

Greate Youtube Channel Learning Backend Engineer Stuff and Network Infrastructure. Hussein Nasser

  1. Use NGINX as a Reverse Proxy | Linode
  2. How to Configure NGINX | Linode
  3. How to Install and Use NGINX on AlmaLinux 8 | Linode
  4. Dockerizing a Node.js web app | Node.js
  5. How to Configure Nginx as Reverse Proxy for Nodejs App
  6. Scaling Websockets with Redis, HAProxy and Node JS - High-availability Group Chat Application
  7. How to Setup Cloudflare Dynamic DNS
  8. A quick guide to free HTTPS with Cloudflare and Nginx
  9. How To Set Up Highly Available HAProxy Servers with Keepalived and Floating IPs on Ubuntu 14.04
ย