Setting up virtual hosting
- Prepare your cloud
- Create a cloud network
- Reserve a static public IP address
- Create security groups
- Import TLS certificates of the sites to Certificate Manager
- Create instance groups for the sites
- Upload the site files to the VMs
- Create backend groups
- Create and configure HTTP routers
- Create an L7 load Balancer
- Configure the DNS for the sites
- Check that the hosting is running properly
- Delete the resources you created
This use case describes how to set up virtual hosting, that is, how to use Yandex Application Load Balancer to host multiple websites with different domain names on the same IP address.
As examples for the use case, we'll have three domain names: site-a.com
, site-b.com
, and default.com
.
To create a virtual hosting:
- Prepare your cloud.
- Create a cloud network.
- Reserve a static public IP address.
- Create security groups.
- Import TLS certificates of the sites to Certificate Manager.
- Create instance groups for the sites.
- Upload the site files to the VMs.
- Create backend groups.
- Create and configure HTTP routers.
- Create an L7 load balancer.
- Configure the DNS for the sites.
- Check that the hosting is running properly.
If you no longer need the resources you created, delete them.
Prepare your cloud
Sign up for Yandex Cloud and create a billing account:
- Go to the management console
and log in to Yandex Cloud or create an account if you do not have one yet. - On the Yandex Cloud Billing
page, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page
Learn more about clouds and folders.
Required paid resources
The cost of virtual hosting includes:
- Fee for continuously running virtual machines (see Yandex Compute Cloud pricing).
- A fee for using a public static IP address (see Yandex Virtual Private Cloud pricing).
Create a cloud network
All resources you have created in the tutorial belong to the same cloud network.
To create a network:
- In the management console
, select Virtual Private Cloud. - Click Create network.
- Specify the Network name:
vhosting-network
. - In the Advanced field, select Create subnets.
- Click Create network.
Reserve a static public IP address
For your virtual hosting to run, you need to assign a static public IP address to the L7 load balancer.
To reserve an address:
- In the management console
, select Virtual Private Cloud. - Go to the IP addresses tab. Click Reserve address.
- In the window that opens, select the
ru-central1-a
availability zone. Click Reserve address.
Create security groups
Security groups include rules that let the load balancer receive incoming traffic and redirect it to the VMs so they can receive the traffic. Two security groups will be created in the use case: the first one for the load balancer and the second one for all VMs.
To create security groups:
-
In the management console
, select Virtual Private Cloud. -
Open the Security groups tab.
-
Create a security group for the load balancer:
-
Click Create group.
-
Enter the Group name:
vhosting-sg-balancer
. -
Select the Network:
vhosting-network
. -
Under Rules, create the following rules using the instructions below the table:
Traffic
directionDescription Port
rangeProtocol Source/
destination typeSource /
destinationOutgoing any All Any CIDR 0.0.0.0/0 Incoming ext-http 80 TCP CIDR 0.0.0.0/0 Incoming ext-https 443 TCP CIDR 0.0.0.0/0 Incoming healthchecks 30080 TCP Load balancer health checks N/A -
Select the Outgoing traffic or Incoming traffic tab.
-
Click Add rule.
-
In the Port range field of the window that opens, specify a single port or a range of ports that traffic will come to or from.
-
In the Protocol field, specify the desired protocol or leave Any to allow traffic transmission over any protocol.
-
In the Purpose or Source field, select the purpose of the rule:
- CIDR: Rule will apply to the range of IP addresses. In the CIDR blocks field, specify the CIDR and masks of subnets that traffic will come to or from. To add multiple CIDRs, click Add CIDR.
- Security group: Rule will apply to the VMs from the current group or the selected security group.
- Load balancer health checks: Rule that allows a load balancer to check the health of VMs.
-
Click Save. Repeat the steps to create all rules from the table.
-
-
Click Save.
-
-
In the same way, create a security group for the VM named
vhosting-sg-vms
with the samevhosting-network
network and the following rules:Traffic
directionDescription Port
rangeProtocol Source type Source Incoming balancer 80 TCP Security group vhosting-sg-balancer
Incoming ssh 22 TCP CIDR 0.0.0.0/0
Import TLS certificates of the sites to Certificate Manager
To let users access the sites using the secure HTTPS protocol (HTTP over TLS), you must have TLS certificates for the sites. To use certificates in the L7 load balancer, import the certificates to Certificate Manager.
If your sites don't have certificates, you can obtain them from Certificate ManagerLet's Encrypt®. You don't need to do anything else after creating certificates this way, because the certificates are imported automatically.
To import an existing certificate for site-a.com
:
- In the management console
, select Certificate Manager. - Click Add certificate and select User certificate.
- Enter the Name for the certificate:
vhosting-cert-a
. - In the Certificate field, click Add certificate. Upload the File with your certificate or enter its Contents and click Add.
- If your certificate is issued by a third-party certificate authority, in the Intermediate certificate chain field, click Add chain. Upload the File with the certificate chain or enter its Contents and click Add.
- In the Private key field, click Add private key. Upload the File with the key or enter its Contents and click Add.
- Click Create.
In the same way, import certificates for site-b.com
and default.com
, naming them vhosting-cert-b
and vhosting-cert-default
.
Create instance groups for the sites
Compute Cloud VMs will act as web servers for the two websites: one group of multiple identical VMs for each website. In this use case, the servers will be deployed on the LEMP stack (Linux, NGINX, MySQL, PHP). For more information, see the use case Website on LAMP or LEMP stack.
To create an instance group for site-a.com
:
-
In the management console
, select Compute Cloud. -
Open the Instance groups tab. Click Create group.
-
Enter the instance group name:
vhosting-ig-a
. -
Under Allocation, select multiple availability zones to ensure fault tolerance of your hosting.
-
Under Instance template, click Define.
-
Under Image/boot disk selection, open the Cloud Marketplace tab and click Show more. Select LEMP and click Use.
-
Under Computing resources:
- Select the VM's platform.
- Specify the required number of vCPUs and the amount of RAM.
The minimum configuration is enough for functional website testing:
- Platform: Intel Ice Lake.
- Guaranteed vCPU share: 20%.
- vCPU: 2.
- RAM: 1 GB.
-
Under Network settings, select the Network named
vhosting-network
that you created earlier and its subnets. -
In the Public address field, select Auto.
-
Select the previously created
vhosting-sg-vms
security group. -
Specify data required for accessing the VM:
-
Enter the username in the Login field.
-
In the SSH key field, paste the contents of the public key file.
You need to create a key pair for the SSH connection yourself. See the section about how to connect to VMs via SSH.
Alert
The IP address and host name (FQDN) to connect to the VM are assigned on VM creation. If you selected No address in the Public address field, you won't be able to access the VM from the internet.
-
-
Click Save.
-
Under Scaling, enter the Size of the instance group: 2.
-
Under Integration with Application Load Balancer, select Create target group and specify
vhosting-tg-a
as the group name. Read more about target groups. -
Click Create.
That same way, create a second instance group named vhosting-ig-b
and a target group named vhosting-tg-b
for site-b.com
.
It may take several minutes to create an instance group. Once the group's status changes to RUNNING
and the status of all of its VMs to RUNNING_ACTUAL
, you can upload the website files to them.
Upload the site files to the VMs
To check that your web servers are running properly, upload to the VMs two different index.html
files (with different contents): use one file for the vhosting-ig-a
group VMs and other file for the vhosting-ig-b
group VMs.
<!DOCTYPE html>
<html>
<head>
<title>Site A</title>
</head>
<body>
<p>This is site A</p>
</body>
</html>
<!DOCTYPE html>
<html>
<head>
<title>Site B</title>
</head>
<body>
<p>This is site B</p>
</body>
</html>
To upload a file to a VM:
-
Under Network on the VM page in the management console
, find the VM public IP address. -
Connect to the VM via SSH.
-
Grant your user write access to the
/var/www/html
directory:UbuntuCentOSsudo chown -R "$USER":www-data /var/www/html
sudo chown -R "$USER":apache /var/www/html
-
Upload the website files to the VM via SCP
.Linux/macOSWindowsUse the
scp
command-line utility:scp -r <path_to_file_directory> <VM_username>@<VM_IP_address>:/var/www/html
Use WinSCP
to copy the local file directory to/var/www/html
on the VM.
Repeat these steps for the files you want to upload to each VM in the vhosting-ig-a
and vhosting-ig-b
groups.
Create backend groups
Target groups created together with instance groups must be linked to the backend groups that define the traffic allocation settings.
For the backends, groups will implement health checks: the load balancer will periodically send health check requests to the VMs and expect a response after a certain delay.
To create a backend group for site-a.com
:
- In the management console
, select Application Load Balancer. - Open the Backend groups tab. Click Create backend group.
- Enter the Name for the backend group:
vhosting-bg-a
. - Under Backends, click Add.
- Enter the Name of the backend:
vhosting-backend-a
. - In the Target group field, select the
vhosting-tg-a
group. - Specify the Port that the backend VMs will use to receive incoming traffic from the load balancer:
80
. - Click Add health check.
- Enter the Port that the backend VMs will use to accept health check connections from the load balancer:
80
. - Enter the Path to be accessed by the load balancer's health checks:
/
. - Click Create.
That same way, create the second backend group named vhosting-bg-b
for site-b.com
. In the group, create the vhosting-backend-b
backend and link the vhosting-tg-b
target group to it.
Create and configure HTTP routers
Backend groups must be linked to HTTP routers that define the HTTP request routing rules. In this use case, you'll create two routers for the "main" sites (site-a.com
and site-b.com
) and the "default" router for the default.com
site, which will respond to each request with the 404 Not Found
HTTP status code.
Create HTTP routers for sites
To create an HTTP router for site-a.com
:
- In the management console
, select Application Load Balancer. - Open the HTTP routers tab. Click Create HTTP router.
- Enter the Name of the HTTP router:
vhosting-router-a
. - Click Add virtual host.
- Enter the Name of the virtual host:
vhosting-host-a
. - In the Authority field, specify the site's domain name:
site-a.com
. - Click Add route.
- Enter the Name of the route:
vhosting-route-a
. - In the Backend group field, select the
vhosting-bg-a
group. - Click Create.
That same way, create the vhosting-router-b
HTTP router for site-b.com
and link the vhosting-bg-b
backend group to it.
Create the "default" HTTP router
To create an HTTP router for the default.com
site:
-
In the management console
, select Application Load Balancer. -
Open the HTTP routers tab. Click Create HTTP router.
-
Enter the Name of the HTTP router:
vhosting-router-default
. -
Click Add virtual host.
-
Enter the Name of the virtual host:
vhosting-host-default
. -
In the Authority field, specify the site's domain name:
default.com
. -
Click Add route.
-
Enter the Name of the route:
vhosting-route-a
. -
In the Action field, select Response.
-
In the HTTP status code field, select
404 Not Found
. -
In the Response body field, click Select. Select the Text method, then in the Contents field, enter:
404 Not Found This is the default site.
Click Add.
-
Click Create.
Create an L7 load Balancer
To create a load balancer:
-
In the management console
, select Application Load Balancer. -
Click Create L7 load balancer.
-
Enter the Name of the load balancer:
vhosting-alb
. -
Under Network settings, select the
vhosting-sg-balancer
security group that you created previously. -
Create a listener to redirect HTTP requests to HTTPS:
- Click Add listener under Listeners.
- Enter the Name of the listener:
vhosting-listener-http
. - Under Public IP address settings, select the List type and the IP address reserved previously.
- In the Protocol field, select Redirect to HTTPS.
-
Create an HTTPS request listener:
-
Click Add listener again.
-
Enter the Name of the listener:
vhosting-listener-https
. -
Under Public IP address settings, select the List type and the IP address reserved previously.
-
In the Protocol field, select HTTPS.
-
Under Main listener, select the
vhosting-cert-default
certificate and thevhosting-router-default
HTTP router. -
Add an SNI match for
site-a.com
:- Click Add SNI match.
- Specify the Name for the SNI match:
vhosting-sni-a
. - In the Server names field, enter
site-a.com
. - Select the
vhosting-cert-a
certificate and thevhosting-router-a
HTTP router.
-
That same way, add an SNI match for
site-b.com
: with the namevhosting-sni-b
, server namesite-b.com
, certificatevhosting-cert-b
, and HTTP routervhosting-router-b
.
-
-
Click Create.
Configure the DNS for the sites
The domain names site-a.com
, site-b.com
, and default.com
must be linked to the L7 load balancer IP address using DNS records.
To configure the DNS for site-a.com
:
-
In the management console
, select Application Load Balancer. -
Copy the IP address of the load balancer that you created.
-
On the site of your DNS hosting provider, go to the DNS settings.
-
Create or edit the A record for
site-a.com
so that it links to the copied IP address:site-a.com. A <L7 load balancer IP address>
If you use Cloud DNS, follow these instructions to configure the record:
Instructions for configuring DNS records for Cloud DNSManagement console-
In the management console
, select Cloud DNS. -
If you don't have a public DNS zone, create one:
- Click Create zone.
- Enter the Name of the zone:
vhosting-dns-a
. - In the Zone field, enter the site's domain name with a dot at the end:
site-a.com
. - Select the zone Type: Public.
- Click Create.
-
Create a record in the zone:
- In the list of zones, click
vhosting-dns-a
. - Click Create record.
- Leave the Name field empty so that the record matches the
site-a.com
domain name (rather than a name with a subdomain, for example,www.site-a.com
). - Select the record Type: A.
- In the Value field, paste the copied IP address of the load balancer.
- Click Create.
- In the list of zones, click
-
That same way, configure the DNS for site-b.com
and default.com
using the same IP address.
Wait 15-20 minutes after setting up the DNS and check that the sites are running properly.
Check that the hosting is running properly
To make sure that the hosting is running properly, open each of the three sites in your browser:
https://site-a.com
andhttps://site-b.com
: the pages you uploaded to the VMs should be displayed.https://default.com
: the404 Not Found
error page configured when creating the HTTP router should be displayed.
Delete the resources you created
To shut down the hosting and stop paying for the created resources: