Setting up virtual hosting

This use case describes how to set up virtual hosting, i.e., how to use Yandex Application Load Balancer to host multiple websites with different domain names on the same IP address.

As examples, we are going to use these three domain names: site-a.com, site-b.com, and default.com.

To create a virtual hosting:

1. Prepare your cloud.
2. Create a cloud network.
3. Reserve a static public IP address.
4. Create security groups.
5. Import TLS certificates of the sites to Yandex Certificate Manager.
6. Create instance groups for websites.
7. Upload the site files to the VMs.
8. Create backend groups.
9. Create and configure HTTP routers.
10. Create an L7 load balancer.
11. Configure DNS for the sites.
12. Test the hosting.

If you no longer need the resources you created, delete them.

Prepare your cloudPrepare your cloud

Sign up for Yandex Cloud and create a billing account:

1. Go to the management console and log in to Yandex Cloud or create an account if you do not have one yet.
2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one.

If you have an active billing account, you can go to the cloud page to create or select a folder for your infrastructure to operate in.

Learn more about clouds and folders.

Required paid resourcesRequired paid resources

The cost of virtual hosting includes:

• Fee for continuously running VMs (see Yandex Compute Cloud pricing).
• Fee for using a public static IP address (see Yandex Virtual Private Cloud pricing).
• Fee for using computing resources of the L7 load balancer (see Application Load Balancer pricing).
• Fee for public DNS queries and DNS zones if using Yandex Cloud DNS (see Cloud DNS pricing).

Create a cloud networkCreate a cloud network

All the resources created in the use case will belong to the same cloud network.

To create a network:

Reserve a static public IP addressReserve a static public IP address

For your virtual hosting to run, you need to assign a static public IP address to the L7 load balancer.

To reserve an IP address:

Create security groupsCreate security groups

Security groups include rules that allow the load balancer to receive incoming traffic and redirect it to the VMs so they can receive the traffic. In this use case, we will create two security groups: one for the load balancer and another one for all VMs.

To create security groups:

Import TLS certificates of the sites to Certificate ManagerImport TLS certificates of the sites to Certificate Manager

To enable user access to the sites using the secure HTTPS protocol (HTTP over TLS), you must have TLS certificates for the sites. To use certificates in the L7 load balancer, import the certificates to Certificate Manager.

If your sites do not have certificates, you can obtain them from Certificate Manager Let's Encrypt^®. You do not need to do anything else after creating certificates this way, because the certificates are imported automatically.

To import an existing certificate for site-a.com:

Similarly, import the certificates for site-b.com and default.com, their names being vhosting-cert-b and vhosting-cert-default, respectively.

Create instance groups for the sitesCreate instance groups for the sites

Compute Cloud VMs will act as web servers for the two websites: one group of multiple identical instances for each website. In this use case, the servers will be deployed based on the LEMP stack (Linux, NGINX, MySQL®, PHP). For more information, see this tutorial on LAMP or LEMP-based website.

To create an instance group for site-a.com:

Follow the same steps to create a second instance group named vhosting-ig-b and a target group named vhosting-tg-b for site-b.com.

It may take a few minutes to create an instance group. As soon as the group changes its status to RUNNING and the status all its VMs to RUNNING_ACTUAL, you can upload the website files to them.

Upload the site files to the VMsUpload the site files to the VMs

To test your web servers, upload index.html files with different contents to the VMs: one content version for the vhosting-ig-a instance group VMs, and another for the vhosting-ig-b instance group VMs.

<!DOCTYPE html>
<html>
  <head>
    <title>Site A</title>
  </head>
  <body>
    <p>This is site A</p>
  </body>
</html>

<!DOCTYPE html>
<html>
  <head>
    <title>Site B</title>
  </head>
  <body>
    <p>This is site B</p>
  </body>
</html>

To upload a file to a VM:

1. Go to the VM page of the management console. In the Network section, find the VM's public IP address.

2. Connect to the VM over SSH.

3. Grant your user write access to the /var/www/html directory:

   Ubuntu

   CentOS

   sudo chown -R "$USER":www-data /var/www/html
   

   sudo chown -R "$USER":apache /var/www/html
   

4. Upload the website files to the VM via SCP.

   Linux/macOS

   Windows

   Use the scp command-line utility:

   scp -r <path_to_file_directory> <VM_username>@<VM_IP_address>:/var/www/html
   

   Use WinSCP to copy the local file directory to /var/www/html on the VM.

Repeat the above steps for the files you want to upload to each VM in the vhosting-ig-a and vhosting-ig-b groups.

Create backend groupsCreate backend groups

Target groups created together with instance groups must be linked to the backend groups that define the traffic allocation settings.

For the backends, groups will implement health checks: the load balancer will periodically send health check requests to the VMs and expect a response after a certain delay.

To create a backend group for site-a.com:

1. In the management console, select Application Load Balancer.
2. In the left-hand panel, select Backend groups. Click Create backend group.
3. Enter the backend group Name: vhosting-bg-a.
4. Under Backends, click Add.
5. Enter the backend Name: vhosting-backend-a.
6. In the Target groups field, select the vhosting-tg-a group.
7. Specify Port backend VMs will use to receive incoming traffic from the load balancer at: 80.
8. Click Add health check.
9. Specify Port the backend VMs will use to accept health check connections: 80.
10. Specify Path the load balancer will use for health checks: /.
11. Click Create.

Follow the same steps to create a second backend group named vhosting-bg-b for site-b.com. In this group, create the vhosting-backend-b backend and link the vhosting-tg-b target group to it.

Create and configure HTTP routersCreate and configure HTTP routers

Backend groups must be linked to HTTP routers that define the HTTP request routing rules. In this use case, you will create two routers for the main sites (site-a.com and site-b.com) and the default router for default.com, which will respond to each request with the 404 Not Found HTTP status code.

Create HTTP routers for sitesCreate HTTP routers for sites

To create an HTTP router for site-a.com:

Follow the same steps to create the vhosting-router-b HTTP router for site-b.com and link the vhosting-bg-b backend group to it.

Create the "default" HTTP routerCreate the "default" HTTP router

To create an HTTP router for default.com:

Create an L7 load balancerCreate an L7 load balancer

To create a load balancer:

Configure DNS for the sitesConfigure DNS for the sites

The site-a.com, site-b.com, and default.com domain names must be linked to the L7 load balancer's IP address via DNS records.

To configure DNS for site-a.com:

1. In the management console, select Application Load Balancer.

2. Copy the IP address of the load balancer that you created.

3. On the site of your DNS hosting provider, go to the DNS settings.

4. Create or edit an A record for site-a.com so that it refers to the copied IP address:

   site-a.com. A <L7_load_balancer_IP_address>
   

   If you use Yandex Cloud DNS, follow this guide to configure the record:

   Configuring DNS records for Cloud DNS

   Management console

   1. In the management console, select Cloud DNS.
   2. If you do not have a public DNS zone, create one:
      1. Click Create zone.
      2. Specify the zone Name: vhosting-dns-a.
      3. In the Zone field, enter the website's domain name with a trailing dot: site-a.com..
      4. Select a Type of the zone: Public.
      5. Click Create.
   3. Create a record in the zone:
      1. In the list of zones, click vhosting-dns-a.
      2. Click Create record.
      3. Leave the Name field empty for the record to match the site-a.com domain name (rather than a name with a subdomain, e.g., www.site-a.com).
      4. Select the record Type: A.
      5. In the Data field, paste the copied IP address of the load balancer.
      6. Click Create.

Follow the same steps to configure DNS for site-b.com and default.com, using the same IP address.

You can test your sites 15-20 minutes after you have configured DNS.

Test the hostingTest the hosting

To test the hosting, open each of the three sites in your browser:

• For https://site-a.com and https://site-b.com, you should see the pages you uploaded to the VMs.
• For https://default.com, you should see the 404 Not Found error page configured when creating the HTTP router.

Delete the resources you createdDelete the resources you created

To shut down the hosting and stop paying for the created resources:

1. Delete the non-billable resources that block the deletion of billable resources:
   1. Delete the vhosting-alb L7 load balancer.
   2. Delete the vhosting-router-a, vhosting-router-b, and vhosting-router-default HTTP routers.
   3. Delete the vhosting-bg-a and vhosting-bg-b backend groups.
2. Delete the vhosting-ig-a and vhosting-ig-b instance groups.
3. Delete the static public IP address that you reserved.
4. If you used Yandex Cloud DNS, delete the DNS records and delete the DNS zone.