Contact UsGet started

Fault-tolerant website with load balancing via Yandex Application Load Balancer using the management console

Written by
Updated at March 6, 2025

To create an infrastructure for your website with load balancing in three availability zones with an ALB load balancer using the Yandex Cloud management console:

  1. Get your cloud ready.
  2. Create a cloud network.
  3. Create security groups.
  4. Create an instance group.
  5. Upload the website files.
  6. Create a backend group.
  7. Create an HTTP router.
  8. Create an L7 load balancer.
  9. Configure DNS.
  10. Run a fault tolerance test.

If you no longer need the resources you created, delete them.

Get your cloud ready

Sign up for Yandex Cloud and create a billing account:

  1. Go to the management console and log in to Yandex Cloud or create an account if you do not have one yet.
  2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one.

If you have an active billing account, you can go to the cloud page to create or select a folder for your infrastructure to operate in.

Learn more about clouds and folders.

The infrastructure support cost includes:

Create a cloud network

All the resources created in the use case will belong to the same cloud network.

To create a network:

  1. In the management console, select Virtual Private Cloud.
  2. Click Create network.
  3. Specify the Name of the network: mysite-network.
  4. In the Advanced field, select Create subnets.
  5. Click Create network.

Create security groups

Security groups include rules that allow the load balancer to receive incoming traffic and redirect it to the VMs so they can receive the traffic.

To create security groups for the load balancer and an instance group:

  1. In the management console, select Virtual Private Cloud.

  2. In the left-hand panel, select Security groups.

  3. Create a security group for the load balancer:

    1. Click Create security group.

    2. Name the group, e.g., alb-sg.

    3. Select the network to assign the security group to.

    4. Under Rules, create the following rules using the instructions below the table:

      Traffic
      direction      		 Description Port
      range      		 Protocol Source /
      target type      		 Source /
      target
      Outgoing any All Any CIDR 0.0.0.0/0
      Incoming ext-http 80 TCP CIDR 0.0.0.0/0
      Incoming ext-https 443 TCP CIDR 0.0.0.0/0
      Incoming healthchecks 30080 TCP Load balancer healthchecks
      1. Select the Egress or Ingress tab.
      2. Click Add.
      3. In the Port range field of the window that opens, specify a single port or a port range for traffic to come to or from.
      4. In the Protocol field, specify the appropriate protocol or leave Any to allow traffic transmission over any protocol.
      5. In the Destination name or Source field, select the purpose of the rule:
        • CIDR: Rule will apply to the range of IP addresses. In the CIDR blocks field, specify the CIDR and subnet masks that traffic will come to or from. To add multiple CIDRs, click Add.
        • Security group: Rule will apply to the VMs from the current group or the selected security group.
        • Load balancer healthchecks: Rule allowing a load balancer to health-check VMs.
      6. Click Save. Repeat the steps to create all rules from the table.

    5. Click Save.

  4. Similarly, create a security group named alb-vm-sg for an instance group, with the same network and the following rules:

    Traffic
    direction    		 Description Port
    range    		 Protocol Origin type Source
    Incoming balancer 80 TCP Security group alb-sg
    Incoming ssh 22 TCP CIDR 0.0.0.0/0

Creating an instance group

Your application backends will be deployed on the VM instance of the target group. The target group will be connected to the load balancer to enable requests to the application backend endpoints.

To create an instance group with the minimum configuration:

  1. In the management console, select Compute Cloud.
  2. Open the Instance groups tab and click Create group of virtual machines.
  3. Under Basic parameters:
    • Name the instance group, e.g., website-vm-group.
    • Select the service account from the list or create a new one. To be able to create, update, and delete VMs in the group, assign the editor role to the service account. By default, all operations with security groups are performed on behalf of the service account.
  4. Under Allocation, select three availability zones (ru-central1-a, ru-central1-b, and ru-central1-d) to ensure fault tolerance of your hosting.
  5. Under Instance template, click Define and specify your VM template:

    • Under Boot disk image, navigate to the Marketplace tab, select LEMP and click Use.

    • Under Disks and file storages, specify:

      • Disk Type: HDD
      • Size: 3 GB

    • Under Computing resources, specify:

      • Platform: Intel Cascade Lake
      • Guaranteed vCPU performance: 5%
      • vCPU: 2
      • RAM: 1 GB

    • Under Network settings:

      • Select a cloud network and its subnets.
      • In the Public IP address field, select Auto.
      • Select the alb-vm-sg security group.

    • Under Access, specify the data for accessing the instance:

      • In the Service account field, select the service account to link to the VM.
      • Under Login, enter a username.
      • In the SSH key field, paste the contents of the public key file.

      To establish an SSH connection, you need to create a key pair. For more information, see Connecting to a Linux VM via SSH.

    • Click Save.

  6. Under Scaling, specify the instance group Size: 3.
  7. Under Integration with Application Load Balancer, select Create target group and enter alb-tg as the group name.
  8. Click Create.

It may take a few minutes to create an instance group. As soon as all VMs change their status to RUNNING, you can upload the website files to them.

Upload the website files

To test the web server, upload the website files to each VM. You can use the index.html file from this archive as an example.

For each VM in the created group, do the following:

  1. On the Virtual machines tab, click the VM name in the list.

  2. Copy Public IPv4 address from the Network section.

  3. Connect to the VM over SSH.

  4. Grant your user write permissions for the /var/www/html directory:

    sudo chown -R "$USER":www-data /var/www/html

  5. Upload the website files to the VM via SCP.

    Use the scp command line utility:

    scp -r <path_to_directory_with_files> <VM_user_name>@<VM_IP_address>:/var/www/html

    Use WinSCP to copy the local file directory to /var/www/html on the VM.

Create a backend group

You must link the target group created with the VM group to the backend group that defines traffic allocation settings.

For the backends, the groups will implement health checks: the load balancer will periodically send health check requests to the VMs and expect a response for a certain period.

To create a backend group:

  1. Select Application Load Balancer in the folder where the instance group was created.
  2. Open the Backend groups tab.
  3. Click Create backend group.
  4. Name the backend group, e.g., website-bg.
  5. Under Backends, click Add.
  6. Name the backend, e.g., backend-1.
  7. In the *Target groups field, select the alb-tg target group you created earlier.
  8. Specify Port the backend VMs will use to receive incoming traffic from the load balancer: 80.
  9. Click Add health check.
  10. Specify Port the backend VMs will use to accept health check connections: 80.
  11. Specify Path the load balancer will use for health checks: /.
  12. Click Create.

Create an HTTP router

The backend group should be linked to an HTTP router that defines HTTP routing rules.

To create an HTTP router and add a route to it:

  1. Open the HTTP routers tab.
  2. Click Create HTTP router.
  3. Name the router, e.g., website-router.
  4. Click Add virtual host.
  5. Name the virtual host, e.g., alb-host.
  6. In the Authority field, enter the website's domain name: alb-example.com.
  7. Click Add route.
  8. Enter a name, e.g., route-1.
  9. In the Backend group field, select website-bg, which you created earlier.
  10. Leave all other settings unchanged and click Create.

Create an L7 load balancer

To create a load balancer:

  1. Open the Load balancers tab.
  2. Click Create L7 load balancer.
  3. Name the load balancer, e.g., website-alb.
  4. Under Network settings, select the network your VM group is connected to and the previously created security group, alb-sg.
  5. Under Allocation, select the subnets for the load balancer's nodes in each availability zone and enable inbound traffic.
  6. Under Listeners, click Add listener.
  7. Name the listener, e.g., alb-listener.
  8. Under Public IP address, enable outbound traffic.
  9. Set 80 as the port.
  10. In the HTTP router field, select the previously created website-router.
  11. Click Create.

Configure DNS

You need to link the alb-example.com domain name you want to use for your website to the load balancer's IP address using DNS records.

  1. In the management console, select Application Load Balancer.

  2. Copy the IP address of the load balancer that you created.

  3. On the site of your DNS hosting provider, go to the DNS settings.

  4. Create or edit the A record and CNAME record for alb-example.com:

    alb-example.com. A <L7_load_balancer_IP_address>
alb-example.com. CNAME

    If you use Yandex Cloud DNS, follow this guide to configure the records:

    Configuring DNS records for Cloud DNS

    To get access to public zone domain names, you need to delegate the domain. Specify the addresses of the ns1.yandexcloud.net and ns2.yandexcloud.net servers in your account on your registrar's website.

    1. In the management console, select Cloud DNS.
    2. If you do not have a public DNS zone, create one:
      1. Click Create zone.
      2. Specify the zone Name: alb-zone.
      3. In the Zone field, enter the website's domain name with a trailing dot: alb-example.com..
      4. Select a Type of the zone: Public.
      5. Click Create.
    3. Create an A record in the zone:
      1. Click Create record.
      2. Name: Leave empty.
      3. Type: Leave set to A.
      4. TTL (record time to live): Keep the default value.
      5. Data: Enter the public IP address of the website-alb load balancer.
      6. Click Create.
    4. Create a CNAME record:
      1. Click Create record.
      2. Name: www.
      3. Type: Select CNAME.
      4. TTL (record time to live): Keep the default value.
      5. Data: Enter alb-example.com.
      6. Click Create.

Run a fault tolerance test

  1. In the management console, select Compute Cloud.

  2. Go to the page of the VM from the previously created group.

  3. Copy Public IPv4 address from the Network section.

  4. Connect to the VM over SSH.

  5. Stop the web service to simulate a failure on the web server:

    sudo service nginx stop

  6. Open your website in a browser. The website should open, even though one of the web servers has failed.

  7. After the check is complete, restart the web service:

    sudo service nginx start

How to delete the resources you created

To stop paying for the resources you created:

  1. Delete the non-billable resources that block the deletion of billable resources:
    1. Delete the website-alb L7 load balancer.
    2. Delete the website-router HTTP router.
    3. Delete the website-bg backend group.
  2. Delete the website-vm-group instance group.
  3. If you used Yandex Cloud DNS, delete the DNS records and delete the DNS zone.

See also

Previous
Overview
Next
Terraform