Configuring Nginx Plus For HA On AWS Cloud

Nginx Plus can be run in a 2 node HA cluster as a replacement for ELBs. Please see my previous previous post on situations where it might make sense to use Nginx Plus instead of AWS ELB services.

Below are the steps for launching an Nginx Plus cluster in Classic EC2:

  1. Before you begin, create an IAM role for the nginx-cluster with the right permissions (IAM policy). The EC2 instances which you launch must belong the right IAM group else the cluster software will fail to work. The IAM rules are as below:
    {
     "Statement": [
       {
         "Action": [
           "ec2:AssociateAddress"
         ],
         "Effect": "Allow",
         "Resource": "*"
       }
     ]
    }
    {
     "Statement": [
       {
         "Action": [
           "ec2:DisassociateAddress"
         ],
         "Effect": "Allow",
         "Resource": "*"
       }
     ]
    }
    {
     "Version": "2012-10-17",
     "Statement": [
       {
         "Effect": "Allow",
         "Action": "ec2:Describe*",
         "Resource": "*"
       }
     ]
    }
    
  2. Launch the 2 EC2 instances preferably across different AZs and under the newly created IAM role
  3. Allocate an EIP for Classic EC2
  4. Once the 2 instances are launched, SSH to them and install python-boto, nginx-ha and ec2-api-tools
  5. Finally run nginx-ha-setup and complete the setup

Please note that the configuration for Nginx itself on both nodes has to be managed by outside of the cluster framework. Use a tool like Puppet or Ansible to ensure that /etc/nginx/ is in sync on both nodes.

In my testing Nginx Plus HA would not work inside VPC. I ran into the following error.

Oct 25 04:57:01 [22087] nx1 cib: info: cib_process_request: Completed cib_apply_diff operation for section status: OK (rc=0, origin=nx1/crmd/13, version=0.20.6) elastic-ip(ha-eip)[22760]: 2014/10/25_04:57:04 ERROR: Disassociation of a.b.c.d from i-bxxxxxxx failed: Client.InvalidParameterValue: You must specify an association id when unmapping an address from a VPC instance

Shanker Balan

Shanker Balan is a devops and infrastructure freelancer with over 14 years of industry experience in large scale Internet systems. He is available for both short term and long term projects on contract. Please use the Contact Form for any enquiry.

More Posts - Website

Follow Me:
TwitterLinkedIn

Published by

Shanker Balan

Shanker Balan is a devops and infrastructure freelancer with over 14 years of industry experience in large scale Internet systems. He is available for both short term and long term projects on contract. Please use the Contact Form for any enquiry.

Leave a Reply