Load balancing with nginx
Run containers⌗
Clone the Dockerfile
wget https://raw.githubusercontent.com/onyxcherry/OnyxcherryOTP/master/Dockerfile
Download python-3.8.5 image
docker pull python:3.8.5-slim-buster
Build (with sudo) an image
docker build -t onyxcherryotp .
Run two containers on different ports
docker run --name onyxcherryotp_one -d -p 127.0.0.1:5001:5777 -e TESTING=True onyxcherryotp
docker run --name onyxcherryotp_two -d -p 127.0.0.1:5002:5777 -e TESTING=True onyxcherryotp
If you
TESTING=Truepass to my Flask app, you could bypass the reCAPTCHA and so on.
Modify templates⌗
Run shell inside the container
docker exec -it -u root onyxcherryotp_one /bin/bash
Inside the container install text editor and edit app/templates/index.html
root@container$ apt install nano
root@container$ nano app/templates/index.html
- change something, e.g. OnyxcherryOTP in
<h3>to OnyxcherryOTP First - save changes
- exit the container
- do that for the another container
Restart the containers
Nginx⌗
- install nginx
- create file /etc/nginx/sites-avaible/onyxcherryotp.local.conf
- paste below to the file
upstream otp {
server localhost:5001;
server localhost:5002;
}
server {
listen 80;
server_name onyxcherryotp.local;
access_log /var/log/nginx/onyxcherryotp.local.log;
location / {
proxy_pass http://otp;
}
}
We had already run the containers so they are listening at ports 5001 and 5002 now.
We have defined upstream called otp so type docker containers’ ports to it.
Link the new server configuration
sudo ln -s /etc/nginx/sites-available/onyxcherryotp.local.conf /etc/nginx/sites-enabled/
Nginx are listening defaultly at :80 so make sure it isn’t public or change the nginx default port.
Check if nginx config is valid
sudo nginx -t
and if everything is correct, reload
sudo nginx -s reload
Domain⌗
Add this to /etc/hosts (edit with sudo):
127.0.0.1 onyxcherryotp.local
Go to the onyxcherryotp.local in a web browser and click F5 several times.
You should see OnyxcherryOTP First and something you specified, alternately.
SSL⌗
Install mkcert
> requires Go 1.13+
git clone https://github.com/FiloSottile/mkcert && cd mkcert
go build -ldflags "-X main.Version=$(git describe --tags)"
Generate (root) certificate and key
mkcert -install
Generate SSL certificate for the domain
mkcert onyxcherryotp.local
Change listen 80; to listen 443 ssl; in /etc/nginx/sites-available/onyxcherryotp.local.conf
Add
ssl_certificate /home/sammy/mkcert/onyxcherryotp.local.pem;
ssl_certificate_key /home/sammy/mkcert/onyxcherryotp.local-key.pem;
in the server block.
Condider moving these files or simply pass your cert and key localization.
Check if nginx config is valid
sudo nginx -t
and if everything is correct, reload
sudo nginx -s reload
Go to https://onyxcherryotp.local in the web browser.
Redirection⌗
Additionaly you could add a redirection from http to https.
Add
server {
listen 80;
server_name onyxcherryotp.local;
return 301 https://onyxcherryotp.local$request_uri;
}
to the same file.
Check if nginx config is valid
sudo nginx -t
and if everything is correct, reload
sudo nginx -s reload
Go to http://onyxcherryotp.local. You should be redirected to https version.
A weird problem⌗
I did above steps on my VPS and observed that no path (excluding /) had been loading.
upstream balancing {
server localhost:5001;
server localhost:5002;
}
server {
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
listen 80;
listen [::]:80;
server_name balancing.wisniewski.app;
ssl_certificate /etc/letsencrypt/live/balancing.wisniewski.app/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/balancing.wisniewski.app/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
access_log /var/log/nginx/balancing.wisniewski.app.log;
location / {
proxy_pass http://balancing;
}
}
I have changed SSL/TLS option in Cloudflare Dash to Full (strict) so I expected working well at 443 only.
I have added
listen 80;
listen [::]:80;
and seen loaded website!
Seriously, I do not know why it has started working.