Loadbalancer in OCI

Loadbalancer in OCI

June 9, 2024 | seedling, permanent

tags :

Load Balancer in OCI #

Setting up SSL Certificate #

ref

Terraform configs to setup Load balancer with SSL cert

# sentry

resource "oci_load_balancer" "sentry_nginx_lb"
  shape          = "flexible"
  compartment_id = var.compartment_ocid
  is_private = false

  subnet_ids = [
    var.public_subnet_ocid
     # var.private_subnet_ocid
  ]

  shape_details
    #Required
    maximum_bandwidth_in_mbps = var.load_balancer_shape_details_maximum_bandwidth_in_mbps
    minimum_bandwidth_in_mbps = var.load_balancer_shape_details_minimum_bandwidth_in_mbps


  display_name = "sentry-nginx-lb"



resource "oci_load_balancer_certificate" "sentry_nginx_ssl_cert"
  load_balancer_id    = oci_load_balancer.sentry_nginx_lb.id
  certificate_name    = "sentry-ssl-cert"
  private_key         = file("/etc/letsencrypt/live/sentry.azmx.sa/privkey.pem")
  public_certificate  = file("/etc/letsencrypt/live/sentry.azmx.sa/fullchain.pem")


# backend set
resource "oci_load_balancer_backend_set" "sentry_nginx_backend_set"
  name             = "sentry-nginx-backend-set"
  load_balancer_id = oci_load_balancer.sentry_nginx_lb.id
  policy           = "ROUND_ROBIN"

  health_checker
    port                = 80
    protocol            = "TCP"
    # protocol            = "HTTP"
    response_body_regex = ".*"
    url_path            = "/actuator/health"




resource "oci_load_balancer_backend" "sentry_nginx_backend"
  count = length(var.sentry_nginx_instance)
  load_balancer_id = oci_load_balancer.sentry_nginx_lb.id
  backendset_name  = oci_load_balancer_backend_set.sentry_nginx_backend_set.name
  ip_address       = var.sentry_nginx_instance[count.index].private_ip
  port             = 80
  backup           = false
  drain            = false
  offline          = false
  weight           = 1



resource "oci_load_balancer_listener" "sentry_nginx_listener"
  load_balancer_id         = oci_load_balancer.sentry_nginx_lb.id
  name                     = "LB-HTTP-listner"
  default_backend_set_name = oci_load_balancer_backend_set.sentry_nginx_backend_set.name
  port                     = 80
  protocol                 = "HTTP"

  connection_configuration
    idle_timeout_in_seconds = 2




# SSL Listener
resource "oci_load_balancer_listener" "sentry_nginx_ssl_listener"
  load_balancer_id         = oci_load_balancer.sentry_nginx_lb.id
  name                     = "LB-SSL-Listener"
  default_backend_set_name = oci_load_balancer_backend_set.sentry_nginx_backend_set.name
  port                     = 443
  protocol                 = "HTTP"  # Correct protocol
  ssl_configuration
    certificate_name         = oci_load_balancer_certificate.sentry_nginx_ssl_cert.certificate_name
    verify_depth             = 1
    verify_peer_certificate  = false
      # without TLS, this.3 ssl handshake is not working
    protocols                = ["TLSv1.2", "TLSv1.3"]


  connection_configuration
    idle_timeout_in_seconds  = 2  # This should be an integer, not a string

No notes link to this note

Calendar June 9, 2024

Go to random page

Previous Next