Learn how to secure Linode NodeBalancer with Lets Encrypt. Our Linode Support team is here to help you with your questions and concerns.
How to Secure Linode NodeBalancer with Let’s Encrypt
Linode NodeBalancer is a load-balancing service that distributes incoming network traffic across multiple backend servers. This results in reliable and optimal performance of web applications.
Additionally, it can manage traffic for various protocols, like HTTP, HTTPS, and TCP.
Today, we will walk through setting up Let’s Encrypt SSL certificates with Linode NodeBalancer.
The prerequisites for this include
- A Linode account with one or more servers running a web application.
- A NodeBalancer instance.
- Domain names pointing to the NodeBalancer.
- Certbot installed on one of the Linodes.
Configure the Linodes
Ensure the web application is correctly set up on your Linodes and is accessible via HTTP. Let’s Encrypt will validate domain ownership by making HTTP requests to the server.
Install Certbot
On one of the Linodes, install Certbot with these commands:
sudo apt update
sudo apt install certbot
Get Let’s Encrypt Certificate
Then, use Certbot to obtain the SSL certificate. Mention the domain names we want the certificate to cover.
For example:
sudo certbot certonly --standalone -d example.com -d www.example.com
This command generates the Certificates in `/etc/letsencrypt/live/example.com/`.
Transfer Certificates to NodeBalancer
Next, copy the certificate and private key files from the Linode to the NodeBalancer. This step can be done using SCP or any other secure file transfer method.
scp /etc/letsencrypt/live/example.com/fullchain.pem user@nodebalancer:/path/to/fullchain.pem
scp /etc/letsencrypt/live/example.com/privkey.pem user@nodebalancer:/path/to/privkey.pem
Configure NodeBalancer for HTTPS
- Log in to the Linode Manager.
- Then, go to the NodeBalancer section and select the NodeBalancer.
- After that, go to the “Configurations” tab and create or edit an HTTPS configuration.
- Then, upload the SSL certificate and private key files we copied to the NodeBalancer.
- Next, set the backend port (e.g., 80 or 443) and make sure the Linodes are listed as backend nodes.
Set Up Automatic Renewal
Let’s Encrypt certificates are valid for 90 days, so we need to set up automatic renewal. So, create a cron job to renew the certificate on our Linode where Certbot is installed and copy the updated files to the NodeBalancer.
Then, edit the crontab file:
sudo crontab -e
We need to add the following to run the renewal process periodically:
0 0 1 */2 * certbot renew --quiet && scp /etc/letsencrypt/live/example.com/fullchain.pem user@nodebalancer:/path/to/fullchain.pem && scp /etc/letsencrypt/live/example.com/privkey.pem user@nodebalancer:/path/to/privkey.pem
Example Configuration
Here is a brief example of how the NodeBalancer HTTPS configuration might look:
- SSL Certificate: `/path/to/fullchain.pem`
- SSL Key: `/path/to/privkey.pem`
- Algorithm: Choose an SSL/TLS algorithm (e.g., TLSv1.2).
- Backend Nodes: Add the Linodes with the correct backend port.
With the above steps, we can secure our Linode NodeBalancer with Let’s Encrypt SSL certificates.
[Need assistance with a different issue? Our team is available 24/7.]
Conclusion
In brief, our Support Experts demonstrated how to secure Linode NodeBalancer with Let’s Encrypt.
0 Comments