Chirag's Technology Tutorial
*********************************************************************************
*NGINX Load Balancer Install, Configure, Self Sign SSL, Tuning and ASP.NET Code for Session Sticky Testing on Ubuntu 24.04 LTS for IIS Servers*
*********************************************************************************
YouTube Video:
Here's a step-by-step guide for NGINX Load Balancer Install, Configure, Self Sign SSL, Tuning and ASP.NET Code for Session Sticky Testing on Ubuntu 24.04 LTS for IIS Servers.
Part 1: Install HAProxy and Configure
Here's a step-by-step guide to install, configure, and tune an NGINX load balancer with session sticky configuration for IIS servers on Ubuntu 24.04 LTS.
Step 1: Install NGINX
Update Packages:
sudo apt update
Install NGINX:
sudo apt install -y nginx
Start and Enable NGINX:
sudo systemctl start nginx
sudo systemctl enable nginx
Step 2: Configure NGINX as a Load Balancer with Session Sticky
Edit the NGINX Configuration: Open the main NGINX configuration file or create a new one:
sudo nano /etc/nginx/nginx.conf
Define the Load Balancer Configuration: Add the following configuration to set up load balancing with session persistence:
http {
upstream iis_servers {
ip_hash; # Enables sticky sessions by hashing the IP address
# Define IIS server IPs
server 192.168.224.133;
server 192.168.224.134;
}
server {
listen 80;
server_name 192.168.224.129;
location / {
proxy_pass http://iis_servers;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Ensure long-running connections stay stable
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
send_timeout 60s;
}
}
}
ip_hash: Ensures requests from the same IP address are always directed to the same server, providing session stickiness.
proxy_pass: Sends client requests to the specified upstream server.
proxy_set_header: Preserves client request information for better tracking and diagnostics.
Save and Close the File.
Step 3: Test and Reload NGINX Configuration
Test the Configuration:
sudo nginx -t
If no errors are displayed, the configuration is valid.
Reload NGINX:
sudo systemctl reload nginx
Step 4: Adjust Firewall Settings (if necessary)
Ensure that the firewall allows traffic on port 80:
sudo ufw allow 'Nginx HTTP'
Step 5: Tune NGINX for Performance
Open the NGINX Configuration File:
sudo nano /etc/nginx/nginx.conf
Add Tuning Parameters under the http block:
http {
# Connection and Timeout Tuning
keepalive_timeout 65;
client_max_body_size 10m;
# Buffer Settings
client_body_buffer_size 128k;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
# Logging (Optional)
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
}
Save and Close the File.
Reload NGINX to apply the tuning settings:
sudo systemctl reload nginx
Step 6: Verify the Load Balancer Functionality
Access http://192.168.224.129 in your browser and confirm that requests are correctly routed to the IIS servers with session stickiness.
http://192.168.224.129
Part 2 : Add a Machine Key to the IIS servers
----------------------------------------------
Adding a machine key to the IIS servers is a method to ensure consistent session persistence across multiple IIS servers. Here’s how to add a machine key to achieve consistent sticky sessions.
Step 1: Configure Machine Key on IIS Servers
Log in to each IIS server (192.168.224.133 and 192.168.224.134).
Open IIS Manager:
Press Windows + R, type inetmgr, and press Enter.
Navigate to the Application Level:
In the left panel, expand the server node, then expand Sites and select your application.
Open the Machine Key Settings:
In the middle panel, double-click Machine Key.
Set Consistent Validation and Decryption Keys:
Under Validation Key and Decryption Key, set both to use a consistent custom key across all IIS servers.
Example:
Validation Key: C6DD094D06688E82ED36C9173CB360A0BE5F6076A9513FBAAA736F8D312F1A2950251A21BDE35672CBA0876399F908FD1BD8AD1BBD6A42DC745E40C55B2C51BF
Decryption Key: 1C3B97FE9EB4EEA7157E042832784B79F2CB35346623FED3
Note: Use a secure, unique key string for production environments. These should match exactly on each IIS server for sticky sessions.
Choose Encryption and Validation Methods:
Set Validation to SHA1 or another preferred encryption method.
Set Decryption to AES.
Apply the Configuration:
Click Apply in the Actions pane to save the changes.
Step 2: Verify Session Stickiness
Restart the IIS Services on both servers:
iisreset
Test Sticky Sessions:
Open a browser and access
http://192.168.224.129
Login or interact with your application to generate a session, then refresh or navigate across pages to verify session persistence on the same server.
Part 3: Sample Code for Session Sticky test
-------------------------------------------
To test session stickiness, you can use a simple PHP or ASP.NET script that displays the server's IP address and the session ID. This will help confirm that the client is consistently routed to the same server for the duration of the session.
Option 1: PHP Code for Session Sticky Testing
Create a PHP file (session_test.php) on each IIS server in the web root directory (e.g., C:\inetpub\wwwroot).
Add the following code:
<?php
session_start();
if (!isset($_SESSION['session_id'])) {
$_SESSION['session_id'] = session_id();
}
echo "Server IP: " . $_SERVER['SERVER_ADDR'] . "<br>";
echo "Session ID: " . $_SESSION['session_id'] . "<br>";
?>
Access the PHP page via HAProxy, e.g.,
http://192.168.224.129/session_test.php
and refresh the page multiple times.
Expected Result: The Server IP should remain consistent across requests, and the Session ID should stay the same, indicating sticky sessions are working.
Option 2: ASP.NET Code for Session Sticky Testing
Create an ASP.NET page (SessionTest.aspx) on each IIS server in the application folder.
Add the following code:
<%@ Page Language="C#" %>
<%@ Import Namespace="System" %>
<script runat="server">
protected void Page_Load(object sender, EventArgs e)
{
if (Session["SessionID"] == null)
{
Session["SessionID"] = Session.SessionID;
}
Response.Write("Server IP: " + Request.ServerVariables["LOCAL_ADDR"] + "<br>");
Response.Write("Session ID: " + Session["SessionID"] + "<br>");
}
</script>
<!DOCTYPE html>
<html>
<body>
<form id="form1" runat="server">
<div>
<asp:Literal ID="Literal1" runat="server"></asp:Literal>
</div>
</form>
</body>
</html>
Access the ASP.NET page via NGINX, e.g.,
http://192.168.224.129/SessionTest.aspx
Expected Result: Similar to the PHP example, the Server IP should stay the same across requests, with a consistent Session ID, confirming that sticky sessions are active.
This simple script helps verify if session stickiness is working by checking that the requests go to the same backend server.
Part 4 : Self-Signed SSL Certificate
-------------------------------------
If you are using an IP address instead of a domain or testing in a local environment, you can generate a self-signed SSL certificate.
Step-by-Step Process
Generate a Self-Signed Certificate:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
You’ll be prompted to enter details (like Country, State, etc.), but these are not strictly required for internal testing.
Create a Diffie-Hellman Group:
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Configure NGINX to Use SSL: Edit the NGINX configuration file:
sudo nano /etc/nginx/sites-available/default
Update the configuration as follows:
server {
listen 443 ssl;
server_name 192.168.224.129; # Use your server IP if no domain
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
location / {
# Proxy or root configuration
}
}
server {
listen 80;
server_name 192.168.224.129;
return 301 https://$host$request_uri;
}
Test and Reload NGINX:
sudo nginx -t
sudo systemctl reload nginx
After completing these steps, you should be able to access your NGINX server via https://yourdomain.com (or https://your.ip.address for the self-signed option).
https://192.168.224.129
For any doubts and query, please write on YouTube video comments section.
Note : Flow the Process shown in video.
Please, Subscribe and like for more videos:
https://www.youtube.com/@chiragstutorial
Don't forget to, Follow, Like, Share &, Comment
Thanks & Regards,
Chitt Ranjan Mahto "Chirag"
_____________________________________________________________________
Note: All scripts used in this demo will be available in our website.
Link will be available in description.
#chirags
#chiragstutorial
#chiragsTechnologytutorial
#chiragsTechnologytutorials
#Technologytutorial
#Technology
#Technologycourse
chirags, chirags tutorial, chirags Technology tutorial, chirags Technology tutorial, Nginx Install, Configure, Self Sign SSL, Tuning and ASP.NET Code for Session Sticky Testing on Ubuntu 24.04 LTS for IIS Servers
