I have two servers, let's call them ServerA and ServerB.
I bought a domain on NameCheap let's call it example.com
Each server has docker containers (Flask Web Apps) running on it on different ports.
Example:
WebApp1 running on port 8080
WebApp2 running on port 8081
.
.
The configuration is the same across both servers.
I then use nginx for a reverse proxy on port 443 each with their own sub domain.
Example:
WebApp1 running on port 8080 will be accessible via test1.example.com
WebApp2 running on port 8081 will be accessible via test2.example.com
.
.
I am using CertBot for the SSL certificates.
My two servers are hosted on OCI (Oracle Cloud) and I build a network load balancer on OCI to balance traffic across my servers.
Below are my configs:
nginx.conf
user nginx;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 800;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# General Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
# gzip on;
# gzip_vary on;
# gzip_min_length 10240;
# gzip_proxied expired no-cache no-store private auth;
# gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
# gzip_disable "MSIE [1-6]\.";
##
# Web Apps configurations
##
include /etc/nginx/sites-enabled/*;
}
/etc/nginx/sites-enabled/test1.example.com
server {
server_name test1.example.com;
location / {
access_log /var/log/nginx/test1/access.log;
error_log /var/log/nginx/test1/error.log;
proxy_pass http://localhost:8080;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/test1.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/test1.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = test1.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name test1.example.com;
listen 80;
return 404; # managed by Certbot
}
Currently, the domain name test1.example.com has an A record to ServerA which is working fine and i can access my WebApp.
But I want the domain to point to my Load Balancer so that i can balance the traffic on both servers. But i can't do that unless i issue SSL certificates on both servers which i can't. Because after issuing test1.example.com on ServerA, doing so on ServerB results in an error by certbot saying that the certificate has already been assigned to ServerA.
Can someone help me out on how i can do that ?
To address the issue you mentioned with SSL certificates and load balancing, there is a viable solution. You can transfer the SSL certificate created on ServerA to ServerB using the Secure Copy Protocol (SCP) to securely copy the certificate and private key.
After creating the certificate on ServerA with Certbot, you can manually or automatically copy the corresponding files (fullchain.pem and privkey.pem) from ServerA to ServerB. Automation can be achieved using a cronjob that runs at regular intervals, such as once a day, to ensure both servers have up-to-date certificates.
Here's an example of the command to copy the certificate files:
Replace "user" with your username on ServerB and "/path/to/certificate/" with the appropriate path where the certificate should be saved on ServerB.
For automated copying, you can create a shell script that executes these commands and set up a cronjob to run this script regularly.
It's important to configure SSH keys correctly for secure and automated communication between the servers. Also, ensure the security of both servers, as the SSL certificate's private key is sensitive information.