Dedicated Load Balancer Tutorial
Prerequisites
This tutorial follows the configuration presented in the VPC Tutorial so it assumes that you either completed those instructions or created a VPC and configured it similarly to the example.
It is also recommended for you to be familiar with the CloudHub architecture.
Overview
This tutorial walks you through the creation of a dedicated load balancer configuring an SSL endpoint for 2-way SSL authentication and mapping lists.
| This feature will eventually be built into the Runtime Manager UI, however currently it’s only available as a service that can be used via the Anypoint Command Line Interface. |
Each load balancer can be associated with one or more SSL endpoints. Such endpoints are identified by their certificate names.
Certificates are an important component of your dedicated load balancer. When creating a load balancer, at least one SSL endpoint needs to be configured, meaning that each load balancer needs to have at least one certificate associated to it.
Understanding how to manage certificates, is therefore quite useful when managing dedicated load balancers.
Provide a Certificate
Create a custom self-signed certificate for the domain lb-tutorial-cert.
|
Keep in mind that self-signed certificates are usually set for testing purposes or specific internal usages. You should not use this self-signed certificate in production. There are plenty of useful tutorials for creating a self-signed certificate. The following guide shows you how to create a self-signed certificate to use in this example. |
-
In your terminal type,
cdto yourDocumentsfolder:> cd /Users/myuser/Documents/ -
Run an openssl request for a new self signed certificate, valid for 10 years:
> openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem -
After hitting return, you’ll be prompted to complete a few details for your certificate.
As a guide, pass the following values:1 2 3 4 5 6 7
Country Name (2 letter code) [AU]: US State or Province Name (full name) [Some-State]: California Locality Name (eg, city) []:San Francisco Organization Name (eg, company) [Internet Widgits Pty Ltd]:MuleSoft Organizational Unit Name (eg, section) []: VPC Tutorial Common Name (e.g. server FQDN or YOUR name) []: lb-tutorial-cert Email Address []:max@mule.com
You created a certificate and private key pair, with a common name lb-tutorial-cert.
Create a Load Balancer
A load balancer can be created using the load-balancer create command.
cloudhub load-balancer create (1)
vpc-tutorial (2)
lb-tutorial (3)
/Users/myuser/Documents/cert.pem /Users/myuser/Documents/key.pem (4)
--http on (5)
--verificationMode on-
Pass
vpc-tutorialas the vpc name in which you want to create the load balancer.
In order to keep consistency among tutorials, we are using components created in the VPC tutorial. -
Name the load balancer
lb-tutorial.
The load balancer’s name must be unique.
Each load balancer has an internal domain name:internal-<lb-name>.lb.anypointdns.netwhere<lb-name>is the name you set here. -
Pass the path to a
.pemfile certificate and its key
We are using the self-signed certificate created earlier, along with its private key:cert.pemandkey.pem.
The certificate that you upload to the Load Balancer must be contained in one pem encoded and unencrypted file.
Your private key file needs to be passphraseless. -
Set the option for the http method to
on.
This sets the load balancer to accept all http requests and forwards it to your default SSL endpoint. In this case, the only ssl endpoint configured islb-tutorial-cert -
Set the option for the verificationMode to
on
This instructs the SSL endpoint to always verify the certificate
When the operation succeeds, the CLI returns an acknowledgement similar to the following:
Created Load balancer lb-tutorial with Common Name lb-tutorial-certIn order to display the details of the newly created load balancer, use the load-balancer describe command:
cloudhub load-balancer describe lb-tutorialThe output gives you the load balancer details:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
┌──────────────────────────────┬──────────────────────────────────┐
│ Name │ lb-tutorial │
├──────────────────────────────┼──────────────────────────────────┤
│ Domain │ lb-qa.anypointdns.net │
├──────────────────────────────┼──────────────────────────────────┤
│ State │ STARTED │
├──────────────────────────────┼──────────────────────────────────┤
│ VPC │ vpc-tutorial │
├──────────────────────────────┼──────────────────────────────────┤
│ IPs │ 52.44.115.136, 52.44.110.254 │
├──────────────────────────────┼──────────────────────────────────┤
│ Common Name │ lb-test │
├──────────────────────────────┼──────────────────────────────────┤
│ TLSv1 │ Disabled │
├──────────────────────────────┼──────────────────────────────────┤
│ Proxy mappings │ │
├──────────────────────────────┼──────────────────────────────────┤
│ Whitelisted IPs │ 0.0.0.0/0 │
└──────────────────────────────┴──────────────────────────────────┘
Now that your VPC has a dedicated load balancer, create a URL mapping list to redirect traffic from your load balancer, to your specific application domain name:
> cloudhub load-balancer mappings add (1)
lb-tutorial (2)
0 (3)
/{app}/ (4)
{app} (5)
/-
Set
lb-tutorialas the target for this new mapping rule -
Set the index priority for this mapping rule to
0
This rule now has the first priority. -
Set the input URL as
/{app}/
This rule uses patterns so that every value passed as{app}in the load balancer’s domain name:lb-tutorial.lb.anypointdns.net/{app}gets mapped to the URL set as the output URL. -
Set the output URL to
{app}
So that the domainlb-tutorial.lb.anypointdns.net/{app}gets mapped to{app}.cloudub.io/using the pattern{app}to match your application’s name. -
Set the appURI to
/to redirect to the initial path of your application.
|
By default your load balancer listens external requests on https and communicates with your workers internally through http. |
Update an Existing Load Balancer
It is possible to edit the Whitelists, Mapping Rules and SSL Endpoints from the Anypoint Platform CLI.
Remove the existing configuration using load-balancer whitelist remove, load-balancer mappings remove and load-balancer ssl-endpoint remove respectively and add the new configurations.
Update an Existing Load Balancer Using the CloudHub API
Although it is not possible to update certain load balancer values through the Anypoint Platform CLI, you can use the Cloudhub API to programmatically manage and update your load balancer:
-
Log in to the CloudHub services passing your credentials to
https://anypoint.mulesoft.com/#/signin. -
Use the
organizations/{orgId}/vpcs/{vpcId}/loadbalancers/{lbId}endpoint to update your load balancer.
| You can use the API Reference to understand how to interact with the API’s resources. |
For example, to update the httpmode of the load balancer, you need to send a PATCH request to the anypoint.mulesoft.com/cloudhub/api/organizations/{orgId}/vpcs/{vpcId}/loadbalancers/{lbId} endpoint with a JSON payload:
|
You can query your Your |
1
2
3
4
5
6
7
[
{
"op": "replace",
"path": "/httpMode",
"value": "redirect"
}
]
