Nginx Question posted in
The official documentation can be found here.

How to grant internet access to application servers through load balancer – Nginx

I have setup an environment in Jelastic including a load balancer (tested both Apache and Nginx with same results), with public IP and an application server running Univention UCS DC Master docker image (I have also tried a simple Ubuntu 20.04 install).

Now the application server has a private IP address and is correctly reachable from the internet, also I can correctly SSH into both, load balancer and app server.

The one thing I can’t seem to achieve is to have the app server access the internet (outbound traffic).

I have tried setting up the network in the app server and tried a few Nginx load-balancing configurations but to be honest I’ve never used a load balancer before and I feel that configuring load balancing will not resolve my issue (might be wrong).

Of course my intention is to learn load balancing but if someone could just point me in the right direction I would be so grateful.

Question: what needs to be configured in Jelastic or in the servers to have the machines behind the load balancer access the internet?

Thank you for your time.

Cristiano

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I was able to resolve the issue by simply detaching and re-attaching the public IP address to the server, so it was no setup problem just something in Jelastic got stuck..

    Thanks all!

    Edit: Actually to effectively resolve the issue, I have to detach the public IP address from the univention/ucs docker image, attach it to another node in the environment (ie an Ubuntu server I have), then attach the public IP back to the univention docker image. Can’t really figure why but works for me.


  2. 0

    To have the machines access the internet you should add a route in them using your load balancer as a gw like this:

    Destination     GW       Genmask
0.0.0.0         LB @IP   255.255.255.0

    Your VMs firewalls should not block 80 and 443 ports for in/out traffic, using iptables :

    sudo iptables -A INPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate ESTABLISHED -j ACCEPT

    In your load balancer you should masquerade outgoing traffic (change source ip) and forward input traffic to your vms subnet using the LB interface connected to this subnet:

    sudo iptables --table NAT -A POSTROUTING --out-interface eth0 -j MASQUERADE
sudo iptables -A FORWARD -p tcp -dport 80 -i eth0 -o eth1 -j ACCEPT
sudo iptables -A FORWARD -p tcp -dport 443 -i eth0 -o eth1 -j ACCEPT

    You should enable ip forwarding in your load balancer

    echo 1 > /proc/sys/net/ipv4/ip_forward
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search