Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Setting up virtual hosting

Written by
Updated at May 7, 2025

This scenario describes how to set up virtual hosting: use Yandex Application Load Balancer to host multiple websites with different domain names at the same IP address.

As examples, we are going to use these three domain names: site-a.com, site-b.com, and default.com.

To create a virtual hosting:

  1. Prepare your cloud environment.
  2. Create a cloud network.
  3. Reserve a static public IP address.
  4. Create security groups.
  5. Import TLS certificates of the sites to Yandex Certificate Manager.
  6. Create instance groups for websites.
  7. Upload the site files to the VMs.
  8. Create backend groups.
  9. Create and configure HTTP routers.
  10. Create an L7 load balancer.
  11. Configure DNS for the sites.
  12. Test the hosting.

If you no longer need the resources you created, delete them.

Prepare your cloud environment

Sign up in Yandex Cloud and create a billing account:

  1. Navigate to the management console and log in to Yandex Cloud or register a new account.
  2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one and link a cloud to it.

If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure to operate in.

Learn more about clouds and folders.

The cost of virtual hosting includes:

Create a cloud network

All the resources created in the use case will belong to the same cloud network.

To create a network:

  1. In the management console, select Virtual Private Cloud.
  2. Click Create network.
  3. Specify the Name of the network: vhosting-network.
  4. In the Advanced field, select Create subnets.
  5. Click Create network.

Reserve a static public IP address

For your virtual hosting to run, you need to assign a static public IP address to the L7 load balancer.

To reserve an IP address:

  1. In the management console, select Virtual Private Cloud.
  2. In the left-hand panel, select IP addresses. Click Reserve address.
  3. In the window that opens, select the ru-central1-d availability zone. Click ** Reserve**.

Create security groups

Security groups include rules that allow the load balancer to receive incoming traffic and redirect it to the VMs so they can receive the traffic. In this use case, we will create two security groups: one for the load balancer and another one for all VMs.

To create security groups:

  1. In the management console, select Virtual Private Cloud.

  2. In the left-hand panel, select Security groups.

  3. Create a security group for the load balancer:

    1. Click Create security group.

    2. Specify the group Name: vhosting-sg-balancer.

    3. Select Network: vhosting-network.

    4. Under Rules, create the following rules:

      Traffic
      direction      		 Description Port range Protocol Source /
      target      		 CIDR blocks
      Outgoing any All Any CIDR 0.0.0.0/0
      Incoming ext-http 80 TCP CIDR 0.0.0.0/0
      Incoming ext-https 443 TCP CIDR 0.0.0.0/0
      Incoming healthchecks 30080 TCP Load balancer healthchecks

    5. Select the Egress tab for an outbound rule or Ingress tab for an inbound rule.

    6. Click Add.

    7. In the Port range field of the window that opens, specify a single port or a range of ports that will be open for inbound or outbound traffic.

    8. In the Protocol field, specify the required protocol or specify Any to allow traffic over any protocol.

    9. In the Destination name or Source field, select the purpose of the rule:

      • CIDR: Rule will apply to the range of IP addresses. In the CIDR blocks field, specify the CIDR and masks of subnets that traffic will come to or from. To add multiple CIDRs, click Add.
      • Security group: Rule will apply to the VMs from the current group or the selected security group.
      • Load balancer healthchecks: Rule allowing a load balancer to health check VMs.

    10. Click Save. Repeat the steps to create all the rules from the table.

    11. Click Save.

  4. Similarly, create a security group for the VM named vhosting-sg-vms with the same vhosting-network and the following rules:

    Traffic
    direction    		 Description Port range Protocol Source CIDR blocks
    Incoming balancer 80 TCP Security group vhosting-sg-balancer
    Incoming ssh 22 TCP CIDR 0.0.0.0/0

Import TLS certificates of the sites to Certificate Manager

To enable user access to the sites using the secure HTTPS protocol (HTTP over TLS), you must have TLS certificates for the sites. To use certificates in the L7 load balancer, import the certificates to Certificate Manager.

If your sites do not have certificates, you can obtain them from Certificate Manager Let's Encrypt®. You do not need to do anything else after creating certificates this way, because the certificates are imported automatically.

To import an existing certificate for site-a.com:

  1. In the management console, select Certificate Manager.
  2. Click Add certificate and select the User certificate option.
  3. Specify the certificate's Name: vhosting-cert-a.
  4. In the Certificate field, click Add certificate. Upload the File with your certificate or enter its Content and click Add.
  5. If your certificate is issued by a third-party certificate authority, click Add chain in the Intermediate certificate chain field. Upload the File with the certificate chain or enter its Content and click Add.
  6. In the Private key field, click Add private key. Upload the File with the key or enter its Content and click Add.
  7. Click Create.

Similarly, import the certificates for site-b.com and default.com, their names being vhosting-cert-b and vhosting-cert-default, respectively.

Create instance groups for the sites

Compute Cloud VMs will act as web servers for the two websites: one group of multiple identical instances for each website. In this scenario, the servers will be deployed based on the LEMP stack (Linux, NGINX, MySQL®, PHP). For more information, see this tutorial on LAMP or LEMP-based website.

To create an instance group for site-a.com:

  1. In the management console, select Compute Cloud.

  2. In the left-hand panel, select Instance groups. Click Create group of virtual machines.

  3. Enter the instance group name: vhosting-ig-a.

  4. Under Allocation, select multiple availability zones to ensure fault tolerance of your hosting.

  5. Under Instance template, click Define.

  6. Under Boot disk image, open the Marketplace tab and click Show all Marketplace products. Select LEMP and click Use.

  7. Under Computing resources:

    • Choose a VM platform.
    • Specify the required number of vCPUs and the amount of RAM.

    This minimum configuration is enough for functional website testing:

    • Platform: Intel Ice Lake
    • Guaranteed vCPU performance: 20%
    • vCPU: 2
    • RAM: 1 GB

  8. Under Network settings, select the Network named vhosting-network you created earlier and its subnets.

  9. In the Public address field, select Auto.

  10. Select the vhosting-sg-vms security group created earlier.

  11. Specify the VM access data:

    • Under Login, enter the username.

    • In the SSH key field, paste the contents of the public key file.

      You need to create a key pair for the SSH connection yourself. To learn how, see Connecting to a VM via SSH.

    Alert

    Once created, the VM gets an IP address and a host name (FQDN) for connections. If you selected No address in the Public address field, you will not be able to access the VM from the internet.

  12. Click Save.

  13. Under Scaling, specify the instance group Size: 2.

  14. Under Integration with Application Load Balancer, select Create target group and enter vhosting-tg-a as the group name. You can read more about target groups here.

  15. Click Create.

Follow the same steps to create a second instance group named vhosting-ig-b and a target group named vhosting-tg-b for site-b.com.

It may take a few minutes to create an instance group. As soon as the group changes its status to RUNNING and the status all its VMs to RUNNING_ACTUAL, you can upload the website files to them.

ig-running

Upload the site files to the VMs

To test your web servers, upload index.html files with different contents to the VMs: one content version for the vhosting-ig-a instance group VMs, and another for the vhosting-ig-b instance group VMs.

Example of the index.html file for the vhosting-ig-a group
<!DOCTYPE html>
<html>
  <head>
    <title>Site A</title>
  </head>
  <body>
    <p>This is site A</p>
  </body>
</html>
Example of the index.html file for the vhosting-ig-b group
<!DOCTYPE html>
<html>
  <head>
    <title>Site B</title>
  </head>
  <body>
    <p>This is site B</p>
  </body>
</html>

To upload a file to a VM:

  1. Go to the VM page in the management console. In the Network section, find the VM's public IP address.

  2. Connect to the VM over SSH.

  3. Grant your user write permissions for the /var/www/html directory:

    sudo chown -R "$USER":www-data /var/www/html

    sudo chown -R "$USER":apache /var/www/html

  4. Upload the website files to the VM via SCP.

    Use the scp command line utility:

    scp -r <path_to_directory_with_files> <VM_user_name>@<VM_IP_address>:/var/www/html

    Use WinSCP to copy the local file directory to /var/www/html on the VM.

Repeat the above steps for the files you want to upload to each VM in the vhosting-ig-a and vhosting-ig-b groups.

Create backend groups

Target groups created together with instance groups must be linked to the backend groups that define the traffic allocation settings.

For the backends, groups will implement health checks: the load balancer will periodically send health check requests to the VMs and expect a response after a certain delay.

To create a backend group for site-a.com:

  1. In the management console, select Application Load Balancer.
  2. In the left-hand panel, select Backend groups. Click Create backend group.
  3. Enter the backend group Name: vhosting-bg-a.
  4. Under Backends, click Add.
  5. Enter the backend Name: vhosting-backend-a.
  6. In the Target groups field, select the vhosting-tg-a group.
  7. Specify Port backend VMs will use to receive incoming traffic from the load balancer at: 80.
  8. Click Add health check.
  9. Specify Port the backend VMs will use to accept health check connections: 80.
  10. Specify Path the load balancer will use for health checks: /.
  11. Click Create.

Follow the same steps to create a second backend group named vhosting-bg-b for site-b.com. In this group, create the vhosting-backend-b backend and link the vhosting-tg-b target group to it.

Create and configure HTTP routers

Backend groups must be linked to HTTP routers that define the HTTP request routing rules. In this use case, you will create two routers for the main sites (site-a.com and site-b.com) and the default router for default.com, which will respond to each request with the 404 Not Found HTTP status code.

Create HTTP routers for sites

To create an HTTP router for site-a.com:

  1. In the management console, select Application Load Balancer.
  2. In the left-hand panel, select HTTP routers. Click Create HTTP router.
  3. Specify the HTTP router Name: vhosting-router-a.
  4. Click Add virtual host.
  5. Specify the virtual host Name: vhosting-host-a.
  6. In the Authority field, specify the site domain name: site-a.com.
  7. Click Add route.
  8. Specify the route Name: vhosting-route-a.
  9. In the Backend group field, select the vhosting-bg-a group.
  10. Click Create.

Follow the same steps to create the vhosting-router-b HTTP router for site-b.com and link the vhosting-bg-b backend group to it.

Create the "default" HTTP router

To create an HTTP router for default.com:

  1. In the management console, select Application Load Balancer.

  2. In the left-hand panel, select HTTP routers. Click Create HTTP router.

  3. Specify the HTTP router Name: vhosting-router-default.

  4. Click Add virtual host.

  5. Specify the virtual host Name: vhosting-host-default.

  6. In the Authority field, specify the site domain name: default.com.

  7. Click Add route.

  8. Specify the route Name: vhosting-route-a.

  9. In the Action field, select Response.

  10. In the HTTP status code field, select 404 Not Found.

  11. In the Response body field, click Select. Select the Text method and enter the following in the Content field:

    404 Not Found

This is the default site.

    Click Add.

  12. Click Create.

Create an L7 load balancer

To create a load balancer:

  1. In the management console, select Application Load Balancer.
  2. Click Create L7 load balancer.
  3. Enter the load balancer Name: vhosting-alb.
  4. Under Network settings, select the vhosting-sg-balancer security group you created earlier.
  5. Create a listener to redirect HTTP requests to HTTPS:
    1. Under Listeners, click Add listener.
    2. Enter the listener Name: vhosting-listener-http.
    3. Under Public IP address, select List for type and the IP address you reserved earlier.
    4. In the Protocol field, select Redirect to HTTPS.
  6. Create an HTTPS request listener:
    1. Click Add listener again.
    2. Enter the listener Name: vhosting-listener-https.
    3. Under Public IP address, select List for type and the IP address you reserved earlier.
    4. In the Protocol field, select HTTPS.
    5. Under Main listener, select vhosting-cert-default for certificate and vhosting-router-default for HTTP router.
    6. Add an SNI match for site-a.com:
      1. Click Add SNI match.
      2. Specify the Name for the SNI match: vhosting-sni-a.
      3. In the Server names field, specify site-a.com.
      4. Select vhosting-cert-a for certificate and vhosting-router-a for HTTP router.
    7. Follow the same steps to add an SNI match for site-b.com with vhosting-sni-b as its name, site-b.com as the server name, the vhosting-cert-b certificate, and the vhosting-router-b HTTP router.
  7. Click Create.

Configure DNS for the sites

The site-a.com, site-b.com, and default.com domain names must be linked to the L7 load balancer IP address using DNS records.

To configure DNS for site-a.com:

  1. In the management console, select Application Load Balancer.

  2. Copy the IP address of the load balancer that you created.

  3. On the site of your DNS hosting provider, go to the DNS settings.

  4. Create or edit an A record for site-a.com so that it refers to the copied IP address:

    site-a.com. A <L7_load_balancer_IP_address>

    If you use Yandex Cloud DNS, follow this guide to configure the record:

    Configuring DNS records for Cloud DNS
    1. In the management console, select Cloud DNS.
    2. If you do not have a public DNS zone, create one:
      1. Click Create zone.
      2. Specify the zone Name: vhosting-dns-a.
      3. In the Zone field, enter the website's domain name with a trailing dot: site-a.com..
      4. Select a Type of the zone: Public.
      5. Click Create.
    3. Create a record in the zone:
      1. In the list of zones, click vhosting-dns-a.
      2. Click Create record.
      3. Leave the Name field empty for the record to match the site-a.com domain name (rather than a name with a subdomain, e.g., www.site-a.com).
      4. Select the record Type: A.
      5. In the Data field, paste the copied IP address of the load balancer.
      6. Click Create.

Follow the same steps to configure DNS for site-b.com and default.com, using the same IP address.

You can test your sites 15-20 minutes after you have configured DNS.

Test the hosting

To test the hosting, open each of the three sites in your browser:

Delete the resources you created

To shut down the hosting and stop paying for the created resources:

  1. Delete the non-billable resources that block the deletion of billable resources:
    1. Delete the vhosting-alb L7 load balancer.
    2. Delete the vhosting-router-a, vhosting-router-b, and vhosting-router-default HTTP routers.
    3. Delete the vhosting-bg-a and vhosting-bg-b backend groups.
  2. Delete the vhosting-ig-a and vhosting-ig-b instance groups.
  3. Delete the static public IP address that you reserved.
  4. If you used Yandex Cloud DNS, delete the DNS records and delete the DNS zone.
Previous
Terraform
Next
Overview