Loadbalancer Configuration
This guide details how to set up the load balancer configuration for Chef Automate and Chef Infra Server.
Load Balancer
Assuming you have DNS configured with domain names:
- Chef Automate: chefautomate.example.com
- Chef Infra Server: chefinfraserver.example.com
Install Nginx
For Debian / Ubuntu :
sudo apt-get update
sudo apt-get install nginx
For Centos or Redhat :
sudo yum install epel-release
sudo yum update
sudo yum install nginx
Configure
- Create new file
/etc/nginx/sites-available/chef-automate-lb.conf
upstream chef-automate-servers {
server 10.1.0.101:443 max_fails=2 fail_timeout=30s;
server 10.1.0.102:443 max_fails=2 fail_timeout=30s;
server 10.1.0.103:443 max_fails=2 fail_timeout=30s;
}
server {
listen 443 ssl;
server_name chefautomate.example.com;
ssl_certificate /etc/letsencrypt/live/chefautomate.example.com/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/chefautomate.example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_pass https://chef-automate-servers;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name chefautomate.example.com;
return 301 https://$server_name$request_uri;
}
- Create new file
/etc/nginx/sites-available/chef-infra-server-lb.conf
upstream chef-infra-servers {
server 10.1.0.101:443 max_fails=2 fail_timeout=30s;
server 10.1.0.102:443 max_fails=2 fail_timeout=30s;
server 10.1.0.103:443 max_fails=2 fail_timeout=30s;
}
server {
listen 443 ssl;
server_name chefinfraserver.example.com;
ssl_certificate /etc/letsencrypt/live/chefinfraserver.example.com/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/chefinfraserver.example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_pass https://chef-infra-servers;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name chefinfraserver.example.com;
return 301 https://$server_name$request_uri;
}
- Enable Sites for Chef Automate and Chef Infra Server
sudo ln -s /etc/nginx/sites-available/chef-automate-lb.conf /etc/nginx/sites-enabled/
sudo ln -s /etc/nginx/sites-available/chef-infra-server-lb.conf /etc/nginx/sites-enabled/
- Test Nginx Config
sudo nginx -t
- Restart Nginx
sudo systemctl restart nginx
Was this page helpful?