Skip to main content

Loadbalancer Configuration

[edit on GitHub]

Warning

Chef Automate 4.x will not be available for download before the end of September 2022. We are working on making the upgrade process a seamless experience. Until then, you can download Chef Automate 3.0.49. Please get in touch with support for more information.

This guide details how to set up the load balancer configuration for Chef Automate and Chef Infra Server.

Load Balancer

Assuming you have DNS configured with domain names:

  • Chef Automate: chefautomate.example.com
  • Chef Infra Server: chefinfraserver.example.com

Install Nginx

For Debian / Ubuntu :

sudo apt-get update
sudo apt-get install nginx

For Centos or Redhat :

sudo yum install epel-release
sudo yum update
sudo yum install nginx

Configure

  1. Create new file /etc/nginx/sites-available/chef-automate-lb.conf
upstream chef-automate-servers {
   server 10.1.0.101:443 max_fails=2 fail_timeout=30s;
   server 10.1.0.102:443 max_fails=2 fail_timeout=30s;
   server 10.1.0.103:443 max_fails=2 fail_timeout=30s;
}

server {
   listen 443 ssl;
   server_name chefautomate.example.com;
   ssl_certificate /etc/letsencrypt/live/chefautomate.example.com/cert.pem;
   ssl_certificate_key /etc/letsencrypt/live/chefautomate.example.com/privkey.pem;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

   location / {
      proxy_pass https://chef-automate-servers;
      proxy_set_header Host $host;
   }
}

server {
   listen 80;
   server_name chefautomate.example.com;
   return 301 https://$server_name$request_uri;
}
  1. Create new file /etc/nginx/sites-available/chef-infra-server-lb.conf
upstream chef-infra-servers {
   server 10.1.0.101:443 max_fails=2 fail_timeout=30s;
   server 10.1.0.102:443 max_fails=2 fail_timeout=30s;
   server 10.1.0.103:443 max_fails=2 fail_timeout=30s;
}

server {
   listen 443 ssl;
   server_name chefinfraserver.example.com;
   ssl_certificate /etc/letsencrypt/live/chefinfraserver.example.com/cert.pem;
   ssl_certificate_key /etc/letsencrypt/live/chefinfraserver.example.com/privkey.pem;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

   location / {
      proxy_pass https://chef-infra-servers;
      proxy_set_header Host $host;
   }
}

server {
   listen 80;
   server_name chefinfraserver.example.com;
   return 301 https://$server_name$request_uri;
}
  1. Enable Sites for Chef Automate and Chef Infra Server
sudo ln -s /etc/nginx/sites-available/chef-automate-lb.conf /etc/nginx/sites-enabled/
sudo ln -s /etc/nginx/sites-available/chef-infra-server-lb.conf /etc/nginx/sites-enabled/
  1. Test Nginx Config
sudo nginx -t
  1. Restart Nginx
sudo systemctl restart nginx

Was this page helpful?

×









Search Results