SRE | Hetzner Load balancing Nginx, Keepalived

Nginx Layer

This is High Availability layer running floating network stack, Keepalived for heartbeat (health monitor) and Nginx Load Balancers.

Floating network stack is powered by Hetzner Cloud. It is configured using Keepalived service running on all nodes and Hetzner API. Whenever master node failure is detected, backup nodes establish new master with the same IP address.

Master Node

    
    # /etc/keepalived/keepalived.conf 
    vrrp_instance VI_1 {
        state MASTER
        interface ens10
        virtual_router_id 101
        unicast_src_ip 192.168.1.2

        unicast_peer {
            192.168.1.3
        }

        priority 101
        advert_int 3
        
        authentication {
            auth_type PASS
            auth_pass 1111
        }
        
        virtual_ipaddress {
            X.X.X.X label eth0:10
        }
        
        notify_master /etc/keepalived/master.sh
    }
    

    #!/bin/bash
    HCLOUD_PATH=/home/user/scripts/hcloud
    $HCLOUD_PATH/hcloud floating-ip assign <ipName> <master_hostname>
    /sbin/ip addr add X.X.X.X dev eth0:10

Backup Node


    # /etc/keepalived/keepalived.conf
    vrrp_instance VI_1 {
        state MASTER
        interface ens10
        virtual_router_id 101 
        unicast_src_ip 192.168.1.3 

        unicast_peer {
            192.168.1.2
        }

        priority 100
        advert_int 3
        
        authentication {
            auth_type PASS
            auth_pass 1111
        }

        virtual_ipaddress {
            X.X.X.X label eth0:10
        }

        notify_master /etc/keepalived/master.sh
    }				
    

    #!/bin/bash
    HCLOUD_PATH=/home/user/scripts/hcloud
    $HCLOUD_PATH/hcloud floating-ip assign <ipName> <backup_hostname>
    /sbin/ip addr add X.X.X.X dev eth0:10

DNS Config

Configure your DNS zone file to have one record pointing to floating IP address: ha.your-domain.rs.

Nginx Load Balancer

Nginx is used as Load Balancer, Web Server, Cache. Using floating IP, this service is no longer single point of failure. Run on Master and Backup nodes and serve web apps in backend.

This configuration will bring great flexibility in terms of backend technologies and security. Backend servers can be protected in private subnet, not available from the Internet. This will also improve handling of SSL certificates, since they can be deployed in Nginx, not in all backend servers.


    # Default server configuration
    #
    http {
        index index.html;

        sendfile on;
        tcp_nopush on;

        # Backend pool of servers for load balancing
        upstream backend {
            server 192.168.1.2:3000;
            server 192.168.1.3:4000;
        }

        # Load Balancer
        server {
            listen 5005;

            location / {
                proxy_pass http://backend;
            }
        }
    }