201 - Webserver
Building a base
Read the Docs
If you want to get a better idea about the objects that we will be working with in this module, you can review the docs here:
Objectives
The purpose of this module is to demonstrate how to create networking, security, and configuration of multiple webservers using Tuono.
Terminology
Subnet
A subnet is Availability Zone-scoped, and represents a subset of the VPC CIDR range. An example may be 10.0.0.0/24. VMs are directly attached to to subnet.
Network Access Control List (NACL)
A NACL is a logical firewall object that contains the required rules for the 'firewall'. The NACL is attached directly VPC object, and is a function of the VPC not the VM.
Security Groups
AWS security groups act as a firewall at the instance level allowing you to control inbound and outbound traffic.
Instance
A virtual environment that runs a specific AMI operating system. You can select various Instance types which determine cost and sizing.
NIC
Connects the VM to the network
Allows the user to pass scripts to perform automated tasks to configure the instance
Webserver Concepts
This 200 level lab builds on concepts from our Hands-On Lab 100. If you are unfamiliar with our core concepts you should start with reviewing the schema from our HOL-100 Webserver lab.
This section focuses on the new blueprint schema that deploys and configures webserver infrastructure preparing for a deploy of an application load balancer.
Service Schema
A service allows you to declare traffic flow between different cloud resources. When services are defined they declare the type of network traffic allowed into the resource or direct traffic flow and also automatically configures resources that use the service such as a load balancer.
Here we define a service called internal-http and specify the service to allow port 8080.
service:
internal-http: # traffic for the web service internally
port: 8080
protocol: httpFirewall Schema
The firewall can consume protocols as well as services. This firewall combines a defined protocol called web-server as well as the defined internal-http service.
firewall:
fw-external-access:
rules:
- protocols: web-server
to: self
- services : internal-http
to: selfVM Schema
We use count in our VM schema to indicate we want to deploy 2 webservers. We can then apply the count as a variable to increment the name of the deployed VM's.
vm:
webserver-(( count )):
count: 2
cores: 1
memory: 1 GB
image: bionicNICs
The VMs we are going to create are going to have a public network interface attached, allowing us to access the server with a public IP. We then define the subnet we will use and associate it with the firewall we defined that includes opening port 8080 defined by the service described above.
The provides defines the service internal-http which indicates this VM will be listening for connections and behaving as a server on port 8080. This directs us to setup this VM as a load balancer target and configure appropriate routing policies.
nics:
external:
ips:
- private:
type: dynamic
public:
type: dynamic
firewall: fw-external-access
subnet: subnet-walkthrough
provides: internal-httpUserdata
We will continue to use cloud-init to install and configure NGINX on our stock ubuntu image. For this example, using sed, we replace the default port that NGINX listens on from the default port 80 to port 8080.
userdata:
type: cloud-init
content: |
#cloud-config
package_upgrade: false
packages:
- nginx
users:
- name: (( admin_username ))
groups:
- sudo
sudo: ALL=(ALL) NOPASSWD:ALL
ssh_authorized_keys:
- (( admin_public_key ))
runcmd:
- sudo su
- echo '(( your_caption ))<br><br>webserver-((count))' > /var/www/html/index.nginx-debian.html
- sed -i 's/listen 80 default_server;/listen 8080 default_server;/' /etc/nginx/sites-enabled/default
- sed -i 's/listen \[\:\:\]\:80 default_server;/listen \[\:\:\]\:8080 default_server;/' /etc/nginx/sites-enabled/default
- systemctl restart nginxLast updated
Was this helpful?