Setting up virtual hosting

This tutorial describes how to set up virtual hosting: use Yandex Application Load Balancer to host multiple websites with different domain names at the same IP address.

As examples, we are going to use these three domain names: site-a.com, site-b.com, and default.com.

To set up virtual hosting:

1. Get your cloud ready.
2. Create a cloud network.
3. Reserve a static public IP address.
4. Create security groups.
5. Import TLS certificates of the websites to Yandex Certificate Manager.
6. Create instance groups for websites.
7. Upload the website files to the VMs.
8. Create backend groups.
9. Create and configure HTTP routers.
10. Create an L7 load balancer.
11. Configure DNS for the websites.
12. Test the hosting.

If you no longer need the resources you created, delete them.

Get your cloud readyGet your cloud ready

Sign up in Yandex Cloud and create a billing account:

1. Navigate to the management console and log in to Yandex Cloud or register a new account.
2. On the Yandex Cloud Billing page, make sure you have a linked billing account with an ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one and link a cloud to it.

If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure to operate in.

Learn more about clouds and folders.

Required paid resourcesRequired paid resources

The cost of virtual hosting includes:

• Fee for continuously running VMs (see Yandex Compute Cloud pricing).
• Fee for using a public static IP address (see Yandex Virtual Private Cloud pricing).
• Fee for using the computing resources of the L7 load balancer (see Application Load Balancer pricing).
• Fee for public DNS queries and DNS zones if using Yandex Cloud DNS (see Cloud DNS pricing).

Create a cloud networkCreate a cloud network

All resources created in this tutorial will belong to the same cloud network.

To create a network:

Reserve a static public IP addressReserve a static public IP address

For your virtual hosting to run, you need to assign a static public IP address to the L7 load balancer.

To reserve an IP address:

Create security groupsCreate security groups

Security groups include rules that allow the load balancer to receive inbound traffic and redirect it to the VMs so they can receive it. In this tutorial, we will create two security groups: one for the load balancer and another one for all VMs.

To create security groups:

Import TLS certificates of the websites to Certificate ManagerImport TLS certificates of the websites to Certificate Manager

To access the websites using the secure HTTPS protocol (HTTP over TLS), you must have TLS certificates issued for them. To use the certificates in the L7 load balancer, import them to Certificate Manager.

If your websites do not have certificates, you can use Certificate Manager to get them from Let's Encrypt^®. You do not need to do anything else after creating certificates this way, because the certificates are imported automatically.

To import an existing certificate for site-a.com:

Similarly, import the certificates for site-b.com and default.com named vhosting-cert-b and vhosting-cert-default, respectively.

Create instance groups for the websitesCreate instance groups for the websites

Compute Cloud VMs will act as web servers for the two websites: one group of multiple identical instances for each website. In this tutorial, the LEMP stack (Linux, NGINX, MySQL®, PHP) will be installed on the servers. For more information, see LAMP or LEMP-based website.

To create an instance group for site-a.com:

Follow the same steps to create a second instance group named vhosting-ig-b and a target group named vhosting-tg-b for site-b.com.

It may take a few minutes to create an instance group. As soon as the group changes its status to RUNNING, and all its VMs to RUNNING_ACTUAL, you can upload the website files to them.

Upload the website files to the VMsUpload the website files to the VMs

To test your web servers, upload index.html files with different contents to the VMs: one content version for the vhosting-ig-a instance group VMs, and another for the vhosting-ig-b instance group VMs.

<!DOCTYPE html>
<html>
  <head>
    <title>Site A</title>
  </head>
  <body>
    <p>This is site A</p>
  </body>
</html>

<!DOCTYPE html>
<html>
  <head>
    <title>Site B</title>
  </head>
  <body>
    <p>This is site B</p>
  </body>
</html>

To upload a file to a VM:

1. Go to the VM page in the management console. In the Network section, find the VM's public IP address.

2. Connect to the VM over SSH.

3. Grant your user write permissions for the /var/www/html directory:

   Ubuntu

   CentOS

   sudo chown -R "$USER":www-data /var/www/html
   

   sudo chown -R "$USER":apache /var/www/html
   

4. Upload the website files to the VM via SCP.

   Linux/macOS

   Windows

   Use the scp command line utility:

   scp -r <path_to_directory_with_files> <VM_user_name>@<VM_IP_address>:/var/www/html
   

   Use WinSCP to copy the local file directory to /var/www/html on the VM.

Repeat the above steps for the files you want to upload to each VM in the vhosting-ig-a and vhosting-ig-b groups.

Create backend groupsCreate backend groups

Target groups created together with instance groups must be linked to the backend groups that define the traffic allocation settings.

For the backends, the groups will implement health checks: the load balancer will periodically send health check requests to the VMs and expect a response for a certain period.

To create a backend group for site-a.com:

1. In the management console, select Application Load Balancer.
2. In the left-hand panel, select Backend groups. Click Create backend group.
3. Enter the backend group Name: vhosting-bg-a.
4. Under Backends, click Add.
5. Enter the backend Name: vhosting-backend-a.
6. In the Target groups field, select the vhosting-tg-a group.
7. Specify Port the backend VMs will use to receive incoming traffic from the load balancer: 80.
8. Click Add health check.
9. Specify Port the backend VMs will use to accept health check connections: 80.
10. Specify the Path the load balancer will use for health checks: /.
11. Click Create.

Follow the same steps to create a second backend group named vhosting-bg-b for site-b.com. In this group, create the vhosting-backend-b backend and link the vhosting-tg-b target group to it.

Create and configure HTTP routersCreate and configure HTTP routers

Backend groups must be linked to HTTP routers that define the HTTP request routing rules. In this tutorial, you will create two routers for the main sites (site-a.com and site-b.com) and the default router for default.com, which will respond to each request with the 404 Not Found HTTP status code.

Create HTTP routers for the websitesCreate HTTP routers for the websites

To create an HTTP router for site-a.com:

Follow the same steps to create the vhosting-router-b HTTP router for site-b.com and link the vhosting-bg-b backend group to it.

Create the default HTTP routerCreate the default HTTP router

To create an HTTP router for default.com:

Create an L7 load balancerCreate an L7 load balancer

To create a load balancer:

Configure DNS for the websitesConfigure DNS for the websites

The site-a.com, site-b.com, and default.com domain names must be mapped to the L7 load balancer IP address using DNS records.

To configure DNS for site-a.com:

1. In the management console, select Application Load Balancer.

2. Copy the IP address of the load balancer that you created.

3. On the website of your DNS hosting provider, navigate to the DNS settings.

4. Create or edit the A record for site-a.com so that it points to the copied IP address:

   site-a.com. A <L7_load_balancer_IP_address>
   

   If you use Yandex Cloud DNS, follow this guide to configure the record:

   Configuring DNS records for Cloud DNS

   Management console

   1. In the management console, select Cloud DNS.
   2. If you do not have a public DNS zone, create one:
      1. Click Create zone.
      2. Specify the zone Name: vhosting-dns-a.
      3. In the Zone field, enter the website domain name with a trailing dot: site-a.com..
      4. Select a Type of the zone: Public.
      5. Click Create.
   3. Create a record in the zone:
      1. In the list of zones, click vhosting-dns-a.
      2. Click Create record.
      3. Leave the Name field empty for the record to match the site-a.com domain name (rather than a name with a subdomain, e.g., www.site-a.com).
      4. Select the record Type: A.
      5. In the Data field, paste the the load balancer’s IP address you copied.
      6. Click Create.

Follow the same steps to configure DNS for site-b.com and default.com using the same IP address.

You can test your websites 15-20 minutes after you have configured DNS.

Test the hostingTest the hosting

To test the hosting, open each of the three websites in your browser:

• For https://site-a.com and https://site-b.com, you should see the pages you uploaded to the VMs.
• For https://default.com, you should see the 404 Not Found error page configured when creating the HTTP router.

Delete the resources you createdDelete the resources you created

To shut down the hosting and stop paying for the resources you created:

1. Delete the non-billable resources that block the deletion of billable resources:
   1. Delete the vhosting-alb L7 load balancer.
   2. Delete the vhosting-router-a, vhosting-router-b, and vhosting-router-default HTTP routers.
   3. Delete the vhosting-bg-a and vhosting-bg-b backend groups.
2. Delete the vhosting-ig-a and vhosting-ig-b instance groups.
3. Delete the static public IP address that you reserved.
4. If you used Yandex Cloud DNS, delete the DNS records and delete the DNS zone.