Skip to content

Virtual Server Preparation

HTTP access

Note

loc.io - the basic domain of location.

To create HTTP access, the user needs to perform the following steps:

  1. Order a service in Compute (for example, CentOS 8.3).

  2. Set up VPN access in the VPN service.

  3. Connect to the virtual machine, for example, via SSH (ssh root@1.1.1.1).

  4. Install a web server:

    • Install a web server (example: apache):
    sudo yum install -y httpd
    
    • Start the web server:
    sudo systemctl enable httpd —now
    
    • Check if the web server is running:
    sudo systemctl status httpd
    

    Command Output Example

    httpd.service - The Apache HTTP Server
        Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
        Active: active (running) since Wed 2022-05-25 10:34:11 +03; 7s ago
        Docs: man:httpd.service(8)
    Main PID: 103004 (httpd)
        Status: "Started, listening on: port 80"
        Tasks: 213 (limit: 23512)
        Memory: 26.4M
    CGroup: /system.slice/httpd.service
                ├─103004 /usr/sbin/httpd -DFOREGROUND
                ├─103005 /usr/sbin/httpd -DFOREGROUND
                ├─103006 /usr/sbin/httpd -DFOREGROUND
                ├─103007 /usr/sbin/httpd -DFOREGROUND
                └─103008 /usr/sbin/httpd -DFOREGROUND
    
    May 25 10:34:11 alb-demo1.pt35.cmp.loc.io systemd[1]: Starting The Apache HTTP Server...
    May 25 10:34:11 alb-demo1.pt35.cmp.loc.io systemd[1]: Started The Apache HTTP Server.
    May 25 10:34:11 alb-demo1.pt35.cmp.loc.loc.io httpd[103004]: Server configured, listening on: port 80
    
    • Auxiliary commands for running a web server

    • Reload configuration (when changing configuration files):

    sudo systemctl reload httpd  
    
    • Restart the web server:
    sudo systemctl restart httpd
    
    • Check web server operation:
      Add any text to the /var/www/html/index.html file, for example: “Hello from alb-demo1.pt35.cmp.loc.icdc.io”:

      Example

      [root@alb-demo1 ~]# curl http://localhost
      Hello from alb-demo1.pt35.cmp.loc.io
      
  5. Setting up the system Firewall.
    By default, the system Firewall blocks all HTTP and HTTPS traffic that comes from the outside on ports 80 and 443. To disable blocking, you need to add the HTTP and HTTPS services to the firewall rules. For that you need to run the commands:

    sudo firewall-cmd —permanent —zone=public —add-service=http
    sudo firewall-cmd —permanent —zone=public —add-service=https
    In order for the rules to apply, you need to reload the firewall configuration:
    sudo firewall-cmd —reload
    

    Check that the rules are set:

    sudo firewall-cmd —list-all
    
    public (active)
      target: default
      icmp-block-inversion: no
      interfaces: eth0
      sources: 
      services: cockpit dhcpv6-client http https ssh
      ports: 
      protocols: 
      forward: no
      masquerade: no
      forward-ports: 
      source-ports: 
      icmp-blocks: 
      rich rules: 
    
  6. Create a public route in the Load Balancer service.

    To do this, click Create Route and fill in the parameters (example):

  7. After creating a public route, for correct operation, the user needs to specify in the DNS Domains tab that the Hostname alb-demo1.pt35.cmp.loc.io refers to the public host (or IP address) of the account balancer, which is indicated on the page with all web routes.
    In this case, it is pt35.alb.loc.io:

    To add an entry to DNS, go to the DNS domains tab.
    Select the required DNS Domains (pt35.cmp.loc.io):

    Create a CNAME record in it:

    Check that the public route is working. In the address bar of your browser, enter http://alb-demo1.pt35.cmp.loc.io

HTTPS access (automatic certificate issuance)

Edge-termination

  1. When creating a route, the user needs to check the Secure Route checkbox and select the type of TLS Termination - Edge.

  2. Insecure Traffic:

    • Allow - automatic redirection from HTTP to HTTPS will not occur,
    • Redirect - automatic redirect to HTTPS.
  3. If the TLS certificate is not selected (None), the LetsEncrypt certificate will be generated.

    Check that the public route is working.
    In the address bar of your browser, enter http://alb-demo1.pt35.cmp.loc.io

Re-encrypt-termination

If HTTPS is used on the destination virtual server, then this option must be selected.

  1. When creating such a route, the user needs to check the Secure Route checkbox and the type of TLS Termination - Re-encrypt.

  2. Insecure Traffic:

    • Allow - automatic redirection from HTTP to HTTPS will not occur,
    • Redirect - automatic redirect to HTTPS.
  3. If the TLS certificate is not selected (None), the LetsEncrypt certificate will be generated.

Passthrough-termination

  1. When creating a route, the user must check the Secure Route checkbox and select the type of TLS Termination - Passthrough.

  2. Insecure Traffic:

    • Allow - automatic redirection from HTTP to HTTPS will not occur,
    • Redirect - automatic redirect to HTTPS.

HTTPS access using your own certificates

Upload your certificate in the certificate upload dialog box.

When creating a route, you can specify the added certificate in the TLS Certificate field. Within 90 seconds, it will be added to the route.