388 views
asked in Technology by
NGINX Load Balancer Install, Configure, Self Sign SSL, Tuning and ASP.NET Code for Session Sticky Testing on Ubuntu 24.04 LTS for IIS Servers

1 Answer

answered by

Chirag's Technology Tutorial

*********************************************************************************

*NGINX Load Balancer Install, Configure, Self Sign SSL, Tuning and ASP.NET Code for Session Sticky Testing on Ubuntu 24.04 LTS for IIS Servers*

*********************************************************************************

YouTube Video:

https://youtu.be/GMDPr_dYD0Y

Here's a step-by-step guide for NGINX Load Balancer Install, Configure, Self Sign SSL, Tuning and ASP.NET Code for Session Sticky Testing on Ubuntu 24.04 LTS for IIS Servers.

Part 1: Install HAProxy and Configure

Here's a step-by-step guide to install, configure, and tune an NGINX load balancer with session sticky configuration for IIS servers on Ubuntu 24.04 LTS.

Step 1: Install NGINX

Update Packages:

sudo apt update

Install NGINX:

sudo apt install -y nginx

Start and Enable NGINX:

sudo systemctl start nginx
sudo systemctl enable nginx

Step 2: Configure NGINX as a Load Balancer with Session Sticky

Edit the NGINX Configuration: Open the main NGINX configuration file or create a new one:

sudo nano /etc/nginx/nginx.conf

Define the Load Balancer Configuration: Add the following configuration to set up load balancing with session persistence:

http {
    upstream iis_servers {
        ip_hash;  # Enables sticky sessions by hashing the IP address

        # Define IIS server IPs
        server 192.168.224.133;
        server 192.168.224.134;
    }

    server {
        listen 80;
        server_name 192.168.224.129;

        location / {
            proxy_pass http://iis_servers;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;

            # Ensure long-running connections stay stable
            proxy_connect_timeout 60s;
            proxy_send_timeout 60s;
            proxy_read_timeout 60s;
            send_timeout 60s;
        }
    }
}

ip_hash: Ensures requests from the same IP address are always directed to the same server, providing session stickiness.

proxy_pass: Sends client requests to the specified upstream server.

proxy_set_header: Preserves client request information for better tracking and diagnostics.

Save and Close the File.

Step 3: Test and Reload NGINX Configuration

Test the Configuration:

sudo nginx -t

If no errors are displayed, the configuration is valid.

Reload NGINX:

sudo systemctl reload nginx

Step 4: Adjust Firewall Settings (if necessary)

Ensure that the firewall allows traffic on port 80:

sudo ufw allow 'Nginx HTTP'

Step 5: Tune NGINX for Performance

Open the NGINX Configuration File:

sudo nano /etc/nginx/nginx.conf

Add Tuning Parameters under the http block:

http {
    # Connection and Timeout Tuning 
    keepalive_timeout 65; 
    client_max_body_size 10m;

    # Buffer Settings
    client_body_buffer_size 128k;
    proxy_buffer_size 4k;
    proxy_buffers 4 32k;
    proxy_busy_buffers_size 64k;

    # Logging (Optional)
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;
}

Save and Close the File.

Reload NGINX to apply the tuning settings:

sudo systemctl reload nginx

Step 6: Verify the Load Balancer Functionality

Access http://192.168.224.129 in your browser and confirm that requests are correctly routed to the IIS servers with session stickiness.

http://192.168.224.129

Part 2 : Add a Machine Key to the IIS servers

----------------------------------------------

Adding a machine key to the IIS servers is a method to ensure consistent session persistence across multiple IIS servers. Here’s how to add a machine key to achieve consistent sticky sessions.

Step 1: Configure Machine Key on IIS Servers

Log in to each IIS server (192.168.224.133 and 192.168.224.134).

Open IIS Manager:

Press Windows + R, type inetmgr, and press Enter.

Navigate to the Application Level:

In the left panel, expand the server node, then expand Sites and select your application.

Open the Machine Key Settings:

In the middle panel, double-click Machine Key.

Set Consistent Validation and Decryption Keys:

Under Validation Key and Decryption Key, set both to use a consistent custom key across all IIS servers.

Example:

Validation Key: C6DD094D06688E82ED36C9173CB360A0BE5F6076A9513FBAAA736F8D312F1A2950251A21BDE35672CBA0876399F908FD1BD8AD1BBD6A42DC745E40C55B2C51BF
Decryption Key: 1C3B97FE9EB4EEA7157E042832784B79F2CB35346623FED3

Note: Use a secure, unique key string for production environments. These should match exactly on each IIS server for sticky sessions.

Choose Encryption and Validation Methods:

Set Validation to SHA1 or another preferred encryption method.

Set Decryption to AES.

Apply the Configuration:

Click Apply in the Actions pane to save the changes.

Step 2: Verify Session Stickiness

Restart the IIS Services on both servers:

iisreset

Test Sticky Sessions:

Open a browser and access 

http://192.168.224.129

Login or interact with your application to generate a session, then refresh or navigate across pages to verify session persistence on the same server.

Part 3: Sample Code for Session Sticky test

-------------------------------------------

To test session stickiness, you can use a simple PHP or ASP.NET script that displays the server's IP address and the session ID. This will help confirm that the client is consistently routed to the same server for the duration of the session.

Option 1: PHP Code for Session Sticky Testing

Create a PHP file (session_test.php) on each IIS server in the web root directory (e.g., C:\inetpub\wwwroot).

Add the following code:

<?php
session_start();
if (!isset($_SESSION['session_id'])) {
    $_SESSION['session_id'] = session_id();
}
echo "Server IP: " . $_SERVER['SERVER_ADDR'] . "<br>";
echo "Session ID: " . $_SESSION['session_id'] . "<br>";
?>

Access the PHP page via HAProxy, e.g., 

http://192.168.224.129/session_test.php

and refresh the page multiple times.

Expected Result: The Server IP should remain consistent across requests, and the Session ID should stay the same, indicating sticky sessions are working.

Option 2: ASP.NET Code for Session Sticky Testing

Create an ASP.NET page (SessionTest.aspx) on each IIS server in the application folder.

Add the following code:

<%@ Page Language="C#" %>
<%@ Import Namespace="System" %>
<script runat="server">
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["SessionID"] == null)
        {
            Session["SessionID"] = Session.SessionID;
        }
        Response.Write("Server IP: " + Request.ServerVariables["LOCAL_ADDR"] + "<br>");
        Response.Write("Session ID: " + Session["SessionID"] + "<br>");
    }
</script>
<!DOCTYPE html>
<html>
<body>
    <form id="form1" runat="server">
        <div>
            <asp:Literal ID="Literal1" runat="server"></asp:Literal>
        </div>
    </form>
</body>
</html>

Access the ASP.NET page via NGINX, e.g., 

http://192.168.224.129/SessionTest.aspx

Expected Result: Similar to the PHP example, the Server IP should stay the same across requests, with a consistent Session ID, confirming that sticky sessions are active.

This simple script helps verify if session stickiness is working by checking that the requests go to the same backend server.

Part 4 : Self-Signed SSL Certificate

-------------------------------------

If you are using an IP address instead of a domain or testing in a local environment, you can generate a self-signed SSL certificate.

Step-by-Step Process

Generate a Self-Signed Certificate:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt

You’ll be prompted to enter details (like Country, State, etc.), but these are not strictly required for internal testing.

Create a Diffie-Hellman Group:

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Configure NGINX to Use SSL: Edit the NGINX configuration file:

sudo nano /etc/nginx/sites-available/default

Update the configuration as follows:

server {
    listen 443 ssl;
    server_name 192.168.224.129;  # Use your server IP if no domain

    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;

    location / {
        # Proxy or root configuration
    }
}

server {
    listen 80;
    server_name 192.168.224.129;

    return 301 https://$host$request_uri;
}

Test and Reload NGINX:

sudo nginx -t

sudo systemctl reload nginx

After completing these steps, you should be able to access your NGINX server via https://yourdomain.com (or https://your.ip.address for the self-signed option).

https://192.168.224.129

For any doubts and query, please write on YouTube video comments section.

Note : Flow the Process shown in video.

Please, Subscribe and like for more videos:

https://www.youtube.com/@chiragstutorial

Don't forget to, Follow, Like, Share &, Comment

Thanks & Regards,

Chitt Ranjan Mahto "Chirag"

_____________________________________________________________________

Note: All scripts used in this demo will be available in our website.

Link will be available in description.

#chirags 

#chiragstutorial 

#chiragsTechnologytutorial

#chiragsTechnologytutorials

#Technologytutorial 

#Technology 

#Technologycourse 

chirags, chirags tutorial, chirags Technology tutorial, chirags Technology tutorial, Nginx Install, Configure, Self Sign SSL, Tuning and ASP.NET Code for Session Sticky Testing on Ubuntu 24.04 LTS for IIS Servers

Most popular tags

laravel postgresql laravel-10 replication ha postgresql mongodb laravel-11 mongodb database mongodb tutorial ubuntu 24.04 lts streaming-replication mysql database laravel postgresql backup laravel login register logout database mysql php laravel 11 - login with otp valid for 10 minutes. user and admin registration user and admin login multiauth technlogy asp.net asp.net c# mysql master slave replication centos linux laravel sql server schedule backup autobackup postgresql django python haproxy load balancer install self sign ssl laravel 11 gaurds zabbix 7 how to install graylog on ubuntu 24.04 lts | step-by-step asp.net core mvc .net mvc network upload c# ssl integration sql server on ubuntu 22.04 lts mssql server ms sql server sql server user access in postgres mysql password change cent os linux configure replica laravel 11 socialite login with google account google login kubernetes (k8s) install nginx load balancer install install and configure .net 8.0 in ubuntu 24.04 lts php in iis php with iis php tutorial chirags php tutorials chirags php tutorial chirags tutorial laravel 11 guards mongodb sharding metabase business analytics metabase postgresql 16 to postgresql 17 postgresql migration letsencrypt mongodb crud rocky linux laravel custom captcha laravel 11 captcha laravel captcha mongo dll php.ini debian 12 nginx apache nextcloud gitea in ubuntu git gitea npm error node js mysql ndb cluster mysql cluster ssl oracle login register logout in python debian windows shell batch file bat file time stamp date time shopping cart in laravel centos rhel swap memeory rhel 5.5
...