Setting up virtual hosting
- Prepare your cloud
- Create a cloud network
- Reserve a static public IP address
- Create security groups
- Import TLS certificates of the sites to Certificate Manager
- Create instance groups for the sites
- Upload the site files to the VMs
- Create backend groups
- Create and configure HTTP routers
- Create an L7 load Balancer
- Configure the DNS for the sites
- Test the hosting
- Delete the resources you created
This use case describes how to set up virtual hosting, i.e., how to use Yandex Application Load Balancer to host multiple websites with different domain names on the same IP address.
As examples, we are going to use these three domain names: site-a.com
, site-b.com
, and default.com
.
To create a virtual hosting:
- Prepare your cloud.
- Create a cloud network.
- Reserve a static public IP address.
- Create security groups.
- Import TLS certificates of the sites to Yandex Certificate Manager.
- Create instance groups for websites.
- Upload the site files to the VMs.
- Create backend groups.
- Create and configure HTTP routers.
- Create an L7 load balancer.
- Configure the DNS for the sites.
- Test the hosting.
If you no longer need the resources you created, delete them.
Prepare your cloud
Sign up for Yandex Cloud and create a billing account:
- Go to the management console
and log in to Yandex Cloud or create an account if you do not have one yet. - On the Yandex Cloud Billing
page, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page
Learn more about clouds and folders.
Required paid resources
The cost of virtual hosting includes:
- Fee for continuously running VMs (see Yandex Compute Cloud pricing).
- Fee for using a public static IP address (see Yandex Virtual Private Cloud pricing).
- Fee for using computing resources of the L7 load balancer (see Application Load Balancer pricing).
- Fee for public DNS queries and DNS zones if using Yandex Cloud DNS (see Cloud DNS pricing).
Create a cloud network
All the resources created in the use case will belong to the same cloud network.
To create a network:
- In the management console
, select Virtual Private Cloud. - Click Create network.
- Specify the network Name:
vhosting-network
. - In the Advanced field, select Create subnets.
- Click Create network.
Reserve a static public IP address
For your virtual hosting to run, you need to assign a static public IP address to the L7 load balancer.
To reserve an IP address:
- In the management console
, select Virtual Private Cloud. - In the left-hand panel, select
IP addresses. Click Reserve address. - In the window that opens, select the
ru-central1-a
availability zone. Click ** Reserve**.
Create security groups
Security groups include rules that allow the load balancer to receive incoming traffic and redirect it to the VMs so they can receive the traffic. In this use case, we will create two security groups: one for the load balancer and another one for all VMs.
To create security groups:
-
In the management console
, select Virtual Private Cloud. -
In the left-hand panel, select
Security groups. -
Create a security group for the load balancer:
-
Click Create security group.
-
Enter the group Name:
vhosting-sg-balancer
. -
Select the Network:
vhosting-network
. -
Under Rules, create the following rules using the instructions below the table:
Traffic
directionDescription Port range Protocol Source /
destinationCIDR blocks Outgoing
any
All
Any
CIDR
0.0.0.0/0
Incoming
ext-http
80
TCP
CIDR
0.0.0.0/0
Incoming
ext-https
443
TCP
CIDR
0.0.0.0/0
Incoming
healthchecks
30080
TCP
Load balancer healthchecks
— -
Select the Egress or Ingress tab.
-
Click Add rule.
-
In the Port range field of the window that opens, specify a single port or a range of ports that traffic will come to or from.
-
In the Protocol field, specify the appropriate protocol or leave
Any
to allow traffic transmission over any protocol. -
In the Destination name or Source field, select the purpose of the rule:
CIDR
: Rule will apply to the range of IP addresses. In the CIDR blocks field, specify the CIDR and masks of subnets that traffic will come to or from. To add multiple CIDRs, click Add CIDR.Security group
: Rule will apply to the VMs from the current group or the selected security group.Load balancer healthchecks
: Rule allowing a load balancer to health check VMs.
-
Click Save. Repeat the steps to create all the rules from the table.
-
Click Save.
-
-
In the same way, create a security group for the VM named
vhosting-sg-vms
with the samevhosting-network
network and the following rules:Traffic
directionDescription Port range Protocol Source CIDR blocks Incoming
balancer
80
TCP
Security group
vhosting-sg-balancer
Incoming
ssh
22
TCP
CIDR
0.0.0.0/0
Import TLS certificates of the sites to Certificate Manager
To enable user access to the sites using the secure HTTPS protocol (HTTP over TLS), you must have TLS certificates for the sites. To use certificates in the L7 load balancer, import the certificates to Certificate Manager.
If your sites do not have certificates, you can obtain them from Certificate Manager Let's Encrypt®. You do not need to do anything else after creating certificates this way, because the certificates are imported automatically.
To import an existing certificate for site-a.com
:
- In the management console
, select Certificate Manager. - Click Add certificate and select the User certificate option.
- Enter a Name for the certificate:
vhosting-cert-a
. - In the Certificate field, click Add certificate. Upload the File with your certificate or enter its Content and click Add.
- If your certificate is issued by a third-party certificate authority, click Add chain in the Intermediate certificate chain field. Upload the File with the certificate chain or enter its Content and click Add.
- In the Private key field, click Add private key. Upload the File with the key or enter its Content and click Add.
- Click Create.
In the same way, import certificates for site-b.com
and default.com
, naming them vhosting-cert-b
and vhosting-cert-default
.
Create instance groups for the sites
Compute Cloud VMs will act as web servers for the two websites: one group of multiple identical instances for each website. In this use case, the servers will be deployed on a LEMP stack (Linux, NGINX, MySQL, PHP). For more information, see the Website on a LAMP or LEMP stack use case.
To create an instance group for site-a.com
:
-
In the management console
, select Compute Cloud. -
In the left-hand panel, select
Instance groups. Click Create group of virtual machines. -
Enter the instance group name:
vhosting-ig-a
. -
Under Allocation, select multiple availability zones to ensure fault tolerance of your hosting.
-
Under Instance template, click Define.
-
Under Image/boot disk selection, open the Marketplace tab and click Show all Marketplace products. Select LEMP and click Use.
-
Under Computing resources:
- Choose a VM platform.
- Specify the required number of vCPUs and the amount of RAM.
This minimum configuration is enough for functional website testing:
- Platform:
Intel Ice Lake
- Guaranteed vCPU performance:
20%
- vCPU:
2
- RAM:
1 GB
-
Under Network settings, select the Network named
vhosting-network
that you created earlier and its subnets. -
In the Public address field, select
Auto
. -
Select the previously created
vhosting-sg-vms
security group. -
Specify the VM access data:
-
Enter the username in the Login field.
-
In the SSH key field, paste the contents of the public key file.
You need to create a key pair for the SSH connection yourself. To learn how, see Connecting to a VM via SSH.
Alert
Once created, the VM gets an IP address and a host name (FQDN) for connections. If you selected
No address
in the Public address field, you will not be able to access the VM from the internet. -
-
Click Save.
-
Under Scaling, enter a Size for the instance group:
2
. -
Under Integration with Application Load Balancer, select Create target group and enter
vhosting-tg-a
as the group name. You can read more about target groups here. -
Click Create.
Follow the same steps to create a second instance group named vhosting-ig-b
and a target group named vhosting-tg-b
for site-b.com
.
It may take a few minutes to create an instance group. When the group status changes to RUNNING
and the status of all its VMs to RUNNING_ACTUAL
, you can upload the website files to them.
Upload the site files to the VMs
To check that your web servers are running properly, upload two different index.html
files (with different contents) to the VMs: use one file for the vhosting-ig-a
instance group, and the other file for the vhosting-ig-b
instance group.
<!DOCTYPE html>
<html>
<head>
<title>Site A</title>
</head>
<body>
<p>This is site A</p>
</body>
</html>
<!DOCTYPE html>
<html>
<head>
<title>Site B</title>
</head>
<body>
<p>This is site B</p>
</body>
</html>
To upload a file to a VM:
-
Go to the VM page of the management console
. In the Network section, find the VM's public IP address. -
Connect to the VM over SSH.
-
Grant your user write access to the
/var/www/html
directory:UbuntuCentOSsudo chown -R "$USER":www-data /var/www/html
sudo chown -R "$USER":apache /var/www/html
-
Upload the website files to the VM via SCP
.Linux/macOSWindowsUse the
scp
command-line utility:scp -r <path_to_file_directory> <VM_username>@<VM_IP_address>:/var/www/html
Use WinSCP
to copy the local file directory to/var/www/html
on the VM.
Repeat these steps for the files you want to upload to each VM in the vhosting-ig-a
and vhosting-ig-b
groups.
Create backend groups
Target groups created together with instance groups must be linked to the backend groups that define the traffic allocation settings.
For the backends, groups will implement health checks: the load balancer will periodically send health check requests to the VMs and expect a response after a certain delay.
To create a backend group for site-a.com
:
- In the management console
, select Application Load Balancer. - In the left-hand panel, select
Backend groups. Click Create backend group. - Enter a Name for the backend group:
vhosting-bg-a
. - Under Backends, click Add.
- Enter a Name for the backend:
vhosting-backend-a
. - In the Target groups field, select the
vhosting-tg-a
group. - Specify the Port that the backend VMs will use to receive incoming traffic from the load balancer:
80
. - Click Add health check.
- Specify the Port that the backend VMs will use to accept health check connections:
80
. - Enter the Path to be accessed by the load balancer for health checks:
/
. - Click Create.
Follow the same steps to create the second backend group named vhosting-bg-b
for site-b.com
. In the group, create the vhosting-backend-b
backend and link the vhosting-tg-b
target group to it.
Create and configure HTTP routers
Backend groups must be linked to HTTP routers that define the HTTP request routing rules. In this use case, you will create two routers for the "main" sites (site-a.com
and site-b.com
) and the "default" router for the default.com
site, which will respond to each request with the 404 Not Found
HTTP status code.
Create HTTP routers for sites
To create an HTTP router for site-a.com
:
- In the management console
, select Application Load Balancer. - In the left-hand panel, select
HTTP routers. Click Create HTTP router. - Enter a Name for the HTTP router:
vhosting-router-a
. - Click Add virtual host.
- Enter a Name for the virtual host:
vhosting-host-a
. - In the Authority field, specify the site domain name:
site-a.com
. - Click Add route.
- Enter a Name for the route:
vhosting-route-a
. - In the Backend group field, select the
vhosting-bg-a
group. - Click Create.
Follow the same steps to create the vhosting-router-b
HTTP router for site-b.com
and link the vhosting-bg-b
backend group to it.
Create the "default" HTTP router
To create an HTTP router for the default.com
site:
-
In the management console
, select Application Load Balancer. -
In the left-hand panel, select
HTTP routers. Click Create HTTP router. -
Enter a Name for the HTTP router:
vhosting-router-default
. -
Click Add virtual host.
-
Enter a Name for the virtual host:
vhosting-host-default
. -
In the Authority field, specify the site domain name:
default.com
. -
Click Add route.
-
Enter a Name for the route:
vhosting-route-a
. -
In the Action field, select
Response
. -
In the HTTP status code field, select
404 Not Found
. -
In the Response body field, click Select. Select the
Text
method and enter the following in the Content field:404 Not Found This is the default site.
Click Add.
-
Click Create.
Create an L7 load Balancer
To create a load balancer:
- In the management console
, select Application Load Balancer. - Click Create L7 load balancer.
- Enter a Name for the load balancer:
vhosting-alb
. - Under Network settings, select the
vhosting-sg-balancer
security group that you created earlier. - Create a listener to redirect HTTP requests to HTTPS:
- Under Listeners, click Add listener.
- Enter a Name for the listener:
vhosting-listener-http
. - Under Public IP address, select the
List
type and the IP address you reserved earlier. - In the Protocol field, select
Redirect to HTTPS
.
- Create an HTTPS request listener:
- Click Add listener again.
- Enter a Name for the listener:
vhosting-listener-https
. - Under Public IP address, select the
List
type and the IP address you reserved earlier. - In the Protocol field, select
HTTPS
. - Under Main listener, select the
vhosting-cert-default
certificate and thevhosting-router-default
HTTP router. - Add an SNI match for
site-a.com
:- Click Add SNI match.
- Enter a Name for the SNI match:
vhosting-sni-a
. - In the Server names field, enter
site-a.com
. - Select the
vhosting-cert-a
certificate and thevhosting-router-a
HTTP router.
- Follow the same steps to add an SNI match for
site-b.com
: with the namevhosting-sni-b
, server namesite-b.com
, certificatevhosting-cert-b
, and HTTP routervhosting-router-b
.
- Click Create.
Configure the DNS for the sites
The site-a.com
, site-b.com
, and default.com
domain names must be mapped to the L7 load balancer IP address using DNS records.
To configure the DNS for site-a.com
:
-
In the management console
, select Application Load Balancer. -
Copy the IP address of the load balancer that you created.
-
On the site of your DNS hosting provider, go to the DNS settings.
-
Create or edit the A record for
site-a.com
so that it points to the copied IP address:site-a.com. A <L7_load_balancer_IP_address>
If you use Yandex Cloud DNS, follow this guide to configure the record:
Configuring DNS records for Cloud DNSManagement console- In the management console
, select Cloud DNS. - If you do not have a public DNS zone, create one:
- Click Create zone.
- Enter a Name for the zone:
vhosting-dns-a
. - In the Zone field, enter the site domain name with a dot at the end:
site-a.com.
- Select a Type of the zone:
Public
. - Click Create.
- Create a record in the zone:
- In the list of zones, click
vhosting-dns-a
. - Click Create record.
- Leave the Name field empty so that the record matches the
site-a.com
domain name (rather than a name with a subdomain, such aswww.site-a.com
). - Select the record Type: A.
- In the Data field, paste the copied IP address of the load balancer.
- Click Create.
- In the list of zones, click
- In the management console
Follow the same steps to configure the DNS for site-b.com
and default.com
using the same IP address.
Wait 15-20 minutes after setting up the DNS and check that the sites are up and running.
Test the hosting
To test the hosting, open each of the three sites in your browser:
https://site-a.com
andhttps://site-b.com
: The pages you uploaded to the VMs should be displayed.https://default.com
: The404 Not Found
error page configured when creating the HTTP router should be displayed.
Delete the resources you created
To shut down the hosting and stop paying for the created resources: