Setting Up a Load Balancing Environment for Your Website – Part 3 of 3

Setting Up a Load Balancing Environment for Your Website – Part 3 of 3

Part 3 – Setting Up SSL with Load Balancing

This is a continuation of Part 2 of this series. Please read part 1 for context and part 2 for the initial setup.

This article makes the assumption that you know how to generate CSR’s and getting SSL certificates from a certificate authority.

Obtain SSL Certificates

First, acquire SSL certificates for your domain from a trusted certificate authority (CA). This typically involves generating a certificate signing request (CSR) and submitting it to the CA for issuance. Once you receive the SSL certificates, make sure you have the following files:

  • SSL certificate file (e.g., example.com.crt)
  • Private key file (e.g., example.com.key)
  • CA certificate file (if applicable)

Install SSL Certificates

Copy the SSL certificate, private key, and CA certificate (if applicable) to a directory on your Debian server, such as /etc/ssl/certs/. Ensure that the private key file has restricted permissions (e.g., 600) to maintain security.

Enable SSL Module in Nginx

Open the Nginx configuration file for editing:

sudo nano /etc/nginx/nginx.conf

Within the http block, add the following lines to enable SSL:

http {
    # ...

    # Enable SSL
    ssl_certificate /etc/ssl/certs/example.com.crt;
    ssl_certificate_key /etc/ssl/certs/example.com.key;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
}

Replace example.com.crt and example.com.key with the actual paths to your SSL certificate and private key files, respectively.

Save the changes and exit the text editor.

Configure HTTPS Server Block

Open the Nginx configuration file for your website:

sudo nano /etc/nginx/sites-available/example.com

Within the file, modify the server block to enable HTTPS:

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /etc/ssl/certs/example.com.crt;
    ssl_certificate_key /etc/ssl/certs/example.com.key;

    location / {
        proxy_pass http://backend;
    }
}

Replace example.com with your actual domain name.

To force HTTPS and ensure that all traffic is redirected to the secure HTTPS version of your website, you can edit the server block for port 80 to the following:

server {
    listen 80;
    server_name example.com;
    return 301 https://example.com$request_uri;
}

Save the changes and exit the text editor.

Test Nginx Configuration

Before proceeding, validate the Nginx configuration for any syntax errors:

sudo nginx -t

If there are no errors, proceed to the next step. Otherwise, review your configuration file for any mistakes.

Start/Restart Nginx

Start or restart Nginx for the changes to take effect:

sudo systemctl restart nginx

Test SSL Configuration

Access your website using HTTPS (e.g., https://example.com) and verify that the SSL connection is secure. You can use online SSL checkers or browser tools to inspect the SSL certificate and ensure it is properly installed.

That’s it! You have now set up a load balancer with SSL support on Debian using Nginx. Remember to periodically renew your SSL certificates before they expire to maintain secure connections.

Other Parts of this Series

Insert math as
Block
Inline
Additional settings
Formula color
Text color
#333333
Type math using LaTeX
Preview
\({}\)
Nothing to preview
Insert