Load Balancers

Load balancers allow internal web services to be proxied through the Pritunl Cloud web server. Nodes that have the Load Balancer option enabled will provide access to the load balancer services. The IP address of the internal backend must be accessible to the node, this is typically the instance host IPv4 address or instance public IP address. The instance private IP address will not be accessible by the node.

Configure Load Balancer

First the load balancer must be enabled on the node. This will require configuring DNS names for the admin web console. Once the node load balancer option is enabled it will need to be able to route requests based on the domain of the incoming request. For this example the /etc/hosts file will be used to quickly test the feature. Create a domain for the Pritunl Cloud admin web console and one for the load balancer web service.

sudo nano /etc/hosts
142.250.217.110 cloud.pritunl.com
142.250.217.110 web.pritunl.com

After DNS domains are configured enable the *Load Balancer* option in the node settings. Then set *Admin Domain* and optionally *WebAuth Domain* to the domain from the previous step.

After saving this the web console must be accessed from the admin domain. Open this domain and log in again. If the web console has become inaccessible run the command sudo pritunl-cloud reset-node-web. Next the instance firewall must be updated to allow the node to access the web server. The load balancer allows accessing instances by the public IP or host IP. For this example the instance host IP address will be used. This is a host level network that provides networking between the host and all instances running on that same host. This network is always 198.18.84.0/22 and the host is always 198.18.84.1. For this example a firewall rule in the pod spec will be used to allow 198.18.84.1/32 to access TCP port 80 on the pod deployments.

Next get the host IP for each instance that will be added to the load balancer. This can be done by click Hover to Expand under Networking in the instance settings.

Next in the Load Balancers tab click Create and enable Active. Then set the Datacenter and set External Domains to the web domain from the earlier step. Then add each instance host IP to the Internal Backends and select an Organization. Then set Health Check Path to / then click Create.

After a few seconds the instances should show up with an online status under the Backends status.

The web service should then be available on the external domain. Without any web certificates configured it will show a certificate error. This can be corrected by creating a certificate and adding it to the load balancer.