-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathloadbalancer-setup
More file actions
executable file
·64 lines (57 loc) · 2.39 KB
/
loadbalancer-setup
File metadata and controls
executable file
·64 lines (57 loc) · 2.39 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/bin/bash
# update apt, upgrade system and install nginx
echo -e "\e[34mUpdating apt & system and installing nginx ...\e[0m"
sudo apt update && sudo apt upgrade -y
sudo apt install nginx -y
# enabling port forwarding, masquerading and giving the private VMs access to internet thro VM1
# Uncommenting net.ipv4.ip_forward=1 in /etc/sysctl.conf
echo -e "\e[34mEnabling IP forwarding in sysctl...\e[0m"
sudo sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
# Applying the changes immediately without rebooting
sudo sysctl -p
# allowing packets to/from private VMs to be passed thro VM1 to/from the internet
echo -e "\e[34mChanging default forward policy to ACCEPT...\e[0m"
if grep -q 'DEFAULT_FORWARD_POLICY="DROP"' /etc/default/ufw; then
sudo sed -i 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/' /etc/default/ufw
fi
# Adding NAT rules to UFW before.rules if not already present
if ! sudo grep -q "*nat" /etc/ufw/before.rules; then
echo -e "\e[34mAdding NAT rules to UFW before.rules...\e[0m"
sudo sed -i '1i # NAT rules\n*nat\n:POSTROUTING ACCEPT [0:0]\n-A POSTROUTING -s 192.168.10.0/24 -o ens33 -j MASQUERADE\nCOMMIT\n' /etc/ufw/before.rules
fi
sudo ufw reload
# configure firewall
echo -e "\n\e[34mConfiguring firewall ...\e[0m"
echo "Checking firewall status ..."
sudo ufw status
echo "Enabling ssh (22), http (80) and https (443) ports ..."
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw --force enable
echo -e "✅ \e[32mSuccessfully activated the firewall and allowed ssh, http and https ports\e[0m"
sudo ufw status
# setup nginx loadbalancer
echo -e "\e[34mSetting up Nginx Loadbalancer ...\e[0m"
sudo tee /etc/nginx/sites-available/nginx-facts-loadbalancer > /dev/null <<EOF
upstream webapp-servers {
server webserver1;
server webserver2;
}
server {
# load-balancer server's hostname(nginxloadbalancer.lab) and public IP (192.168.100.207)
server_name nginxloadbalancer.lab 192.168.100.207;
location / {
proxy_pass http://webapp-servers;
}
location /api/facts {
proxy_pass http://webapp-servers;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
}
}
EOF
sudo ln -sf /etc/nginx/sites-available/nginx-facts-loadbalancer /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
echo -e "✅ \e[32mnginx-facts website's loadbalancer successfully setup\e[0m\n"