< All Topics

SSL and Load balancer on AWS for NirvaShare

During production deployment, it is essential to have SSL certificate for better security. With AWS Load balancer, in addition to having a proper fail over, it is also easy to enable built -in  SSL certificate provided you own the domain name. In this document, we will configure SSL certificate for both Admin Console and User application along with Load balancer for NirvaShare.

Prerequisites

As  prerequisites you will need to have:

  •  NirvaShare installed in EC2. You can also directly install from AWS Marketplace.
  • Configure the Storage and User Application URL . For details check HERE.
  • You will require access to your AWS console as administrator.
  • Make sure you own the domain name for which SSL certificate will be created.

Process

For NirvaShare, two domains are required, one for Admin Console and another for User facing Application. Sub domain can be used like the below ones.

  • admin.your-domain.com
  • share.your-domain.com

SSL Certificate

  • Login to AWS Console as Administrator.
  • Open the service “Certificate Manager”.
  • Click on the “Request” button to register your domain for which a certificate has to be generated.
  • You will require two certificates one for Admin Console and the other for User Application.
  • Select the “Request a public certificate” radio button.
ssl and load balancer
  • Provide the domain name to let us create a certificate for Admin Console. You can provide something like admin.yourdomain.com
  • For the validation method, select “Email Validation” as this is easier to proceed further. Otherwise the DNS method can also be selected depending on your choice.
  • In case of the Email method, the domain owner will get an email to approve this.
  • Click on Request and make sure the domain owner approves the same email/DNS method for AWS to consider you as authorized person to use this domain for certificate creation.
  • Once approved, AWS will create a certificate for the admin console domain.
  • You have to create one more certificate in a similar way for User application for a domain like share.yourdomain.com.
certificate2

Target Groups

  • Before you configure the load balancer, you need to create target groups. Target groups are basically a cluster of EC2 nodes.
  • Go to EC2 Service and click on Target Groups from the left bottom menu.
  • We need to create two target groups one for Admin Console and another for User Application.
  • Click on Create Target Group and select the target type as “Instances”.
  • Provide target name as “AdminConsole” and port as 8080.
  • Select the VPC, this VPC should be same as your EC2 instance VPC where NirvaShare is installed.
targetGroup
  • Click on Next.
  • From the available list of instances, select the EC2 instance where NirvaShare is installed and click on “Include as pending below” with port as 8080.
  • Click on Create Target Group.
  • Repeat above steps from 4 to 9 and this time for User Application. Provide the name as “UserApplication” and port as 8081.
  • Finally you should have two target groups created.

Load Balancer Configuration

  1. Here we require two load balancers one for Admin Console and another for User Application.
  2. Go to EC2 Service and click on Load Balancers from the left bottom menu.
  3. Click on Create Load Balancer and select type as  “Application Load Balancer”.
  4. Provide a name as “AdminConsole
  5. For scheme, select “internet-facing
  6. Address type as ipv4
  7. For VPC, select the one that is used by the EC2 instance where NirvaShare is installed.
  8. Select preferred availability zones.
  9. You can use the default security group or select one that is appropriate for your environment.
  10. For the listener, select the protocol as HTTPS  with port 443 and target group as AdminConsole.
  11. For SSL certificate select “From ACM” and domain name as admin.yourdomain.com
  12. This will take a couple of minutes to provision.
  13. Repeat the same to create one another load balancer for user application by following steps from 3 to 11 for User application.
  14. Also make sure, you allow in-bound ports 8080 and 8081 in the security group.

Final Verification

  • Copy the DNS name of the admin console from load balancer and open it in browser using HTTPS.
  • This will load the NirvaShare admin console application using HTTPS but with an invalid certificate. The reason being, the certificate is not valid for load balancer DNS name.
  • Now you can open the same with proper admin console domain name that was properly registered with Route 53.

In case if you need any help or assistance, please reach out to our support.

Table of Contents