This post should explain how to setup an SSL site that’s load balanced across your web nodes using Cloud Load Balancers, and nginx on your web heads. This assumes you know how to setup the following:
- Nginx with an SSL vhost
- Verify that the vhost is working, by using an ssh tunnel
- Test that your load balancer is communicating with all your nodes.
- You have a load balancer working on port 80 (non https) already
Now, log in to your Rackspace Cloud account, and go to the Load Balancers section.
- Click on Add new Load balancer
- Enter a name for the load balancer, sitename-ssl is a good convention
- For the Protocol select HTTPS
- For Virtual Ip select Shared Virtual Ip
- Select which existing load balancer you want to share the ip with.
- Select the nodes it needs to point to
You’re done. Now, say you have a cluster of SSL nodes, and port 443 on the internal ip is already taken, then you need to tell nginx to listen on a port that’s not 443. Let’s pick 543 as an example here. You’d follow similar steps above, except:
- Add a new load balancer, this gives you a unique ip address, that goes to your normal http nodes
- Add a second HTTPS load balancer as above, up to the part where you select the nodes, here you’d change the port from 443 on the node, to port 543.