SSL and Load balancer on AWS for NirvaShare
On a production deployment, it is essential to have SSL certificate for better security. With AWS Load balancer, in addition to having a proper fail over, it is also easy to enable built -in SSL certificate provided you own the domain name. In this document, we will configure SSL certificate for both AdminConsole and User application along with Load balancer for NirvaShare.
As prerequisites you will need to have:
- Make sure NirvaShare is installed in EC2. You can also directly install from AWS Marketplace
- Configure the Storage and User Application URL . For details check HERE
- You will require access to your AWS console as administrator.
- Make sure you own the domain name for which SSL certificate will be created.
For NirvaShare, two domains are required, one for AdminConsole and other for User facing Application. Sub domain can be used like the below ones.
- Login to AWS Console as Administrator.
- Open the service “Certificate Manager”
- Click on the “Request” button to register your domain for which a certificate has to be generated.
- You will require two certificates one for Admin Console and the other for User Application.
- Select the “Request a public certificate” radio button
- Provide the domain name, let us create a certificate for AdminConsole, you can provide something like admin.yourdomain.com
- For the validation method, select “Email Validation” as this is easier to proceed further. Otherwise the DNS method can also be selected depending on your choice.
- In case of the Email method, the domain owner will get an email to approve this.
- Click on Request and make sure the domain owner approves the same email/DNS method for AWS to consider you as authorized person to use this domain for certificate creation.
- Once approved, AWS will create a certificate for the admin console domain.
- You have to create one more certificate in a similar way for User application for a domain something like share.yourdomain.com.
- Before you configure the load balancer, you need to create a target groups. Target group are basically a cluster of EC2 nodes.
- Go to EC2 Service and click on Target Groups from the left bottom menu.
- We need to create two target groups one for AdminConsole and other for UserApplication.
- Click on Create Target Group and select the target type as “Instances”
- Provide target name as “AdminConsole” and port as 8080
- Select the VPC, this vpc should be same as your EC2 instance vpc where NirvaShare is installed.
- Click on Next
- From the available list of instances, select the EC2 instance where NirvaShare is installed and click on “Include as pending below” with port as 8080
- Click on Create Target Group
- Repeat above steps from 4 to 9 and this time for User Application. Provide the name as “UserApplication” and port as 8081
- Finally you should have two target groups created.
Load Balancer Configuration
- Here we require two load balancers one for AdminConsole and other for UserApplication.
- Go to EC2 Service and click on Load Balancers from the left bottom menu.
- Click on Create Load Balancer and select type as “Application Load Balancer”
- Provide a name as “AdminConsole”
- For scheme, select “internet-facing”
- Address type as ipv4
- For vpc, select the one that is used by the EC2 instance where NirvaShare is installed.
- Select preferred availability zones.
- You can use the default security group or select one that is appropriate for your environment.
- For the listener, select the protocol as HTTPS with port 443 and target group as AdminConsole
- For SSL certificate select “From ACM” and domain name as admin.yourdomain.com
- This will take a couple minutes to provision.
- Repeat the same to create one another load balancer for user application by following steps from 3 to 11. This time for User application
- Also make sure, you allow in-bound ports 8080 and 8081 in the security group.
- Copy the DNS name of the admin console from load balancer and open it in browser using HTTPS.
- This should load the NirvaShare admin console application using HTTPS but with a invalid certificate. The reason being, the certificate is not valid for load balancer dns name
- Now you can open the same with proper admin console domain name that was properly registered with Route 53.
In case if you need any help or assistance, please reach out to our support.