1

How to Use Nginx to Act as a Load Balancer

The following article explains how to install Nginx as a Load balancer, allowing access to Pyramid using HTTPS and redirect request between multiple web servers. 

Prerequisites

  • You must already have your SSL certificate on your server (chain.pem and privkey.pem / .crt and .rsa files). You can buy an SSL certificate from a reputable source for your Pyramid site or create a self-signed one (not recommended).
    If you have only pfx file, please refer to the following article on how to extract the private key and chains from the pfx file.
  • Port 443 must be open inwards on both the server (that you Nginx is installed on), firewall and any external firewalls.

1) Install Nginx as follows (we assume the install is being done on Ubuntu but any Linux version that Nginx supports can be used.)

sudo apt-get update
sudo apt-get install nginx

2) Create the folder called "certs" and then copy across your two certificate files to this folder.

cd /etc/nginx/
sudo mkdir certs

3) Configure Nginx by running the following commands:

sudo unlink /etc/nginx/sites-enabled/default
cd /etc/nginx/sites-available/
sudo nano reverse-proxy.conf

The last command will open a text file, and the below should be pasted into it.
(Edit the names of the "chain.pem" and "privkey.pem" to the names of your certificate files.)
If the Pyramid web server is not running on the same server, then change localhost to the name of the server on which the Pyramid web service is running.
Update the "yourServername.mycompany.com" to the DNS site name that will be used to browse Pyramid

upstream backend{
      server <pyramid_server_1>:8181;
      server <pyramid_server_2>:8181;
   }

   # This server accepts all traffic to port 80 and passes it to the upstream.
   # Notice that the upstream name and the proxy_pass need to match.

   server {
  listen 443 ssl;
    ssl_certificate /home/master/fullchain.crt;
    ssl_certificate_key /home/master/privkey.key;
    server_name yourServername.mycompany.com;
    access_log /var/log/nginx/nginx.vhost.access.log;
    error_log /var/log/nginx/nginx.vhost.error.log;

      location / {
          proxy_pass https://backend;
      }
   }

4) Enable the site 

sudo ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf

5) Test to make sure there are no errors and restart Nginx 

sudo nginx -t
sudo service nginx restart

6) Test to see if you can browse to your site using SSL and if relevant that any Pyramid Pulse servers can connect to your Pyramid instance. 

Reply

null
Login to reply

Content aside

  • 1 Likes
  • yesterdayLast active
  • 26Views
  • 1 Following
Related Articles
How to Use Nginx to Act as a Load Balancer
Extract Private Key and Chain Files from PFX Certificate for Nginx HTTPS
How to configure Nginx to act as a reverse proxy to support SSL
Log4J Remedies
Log4J Security Vulnerability & Pyramid
Issue when running a model that has JSON nodes that connect to HTTPS data source
How to update the Pyramid repository credentials.
Example of how to use the new Embed framework in Pyramid 2020.11 onwards
How to get Console logs and HAR logs from the Chrome browser DevTools
No proxy account was set for user (2020.10)
Security Notice: Linux Installations 2020.00-2020.05
Using Keystore Management Tool To Configure LDAPS or Content Migration Wizard in SSL Environments
Can't log in to pyramid?
Firewall Settings for Pyramid
Example of how to authenticate and embed Pyramid content.
How to change the default internal Pyramid website port
How to create a Pyramid website in IIS after an install.
Browser Settings for Windows Authentication
Cannot access Pyramid using IIS
How to enable SSL on Pyramid website and forward all HTTP request to HTTPS