Wednesday, October 27, 2021

[SOLVED] Do I need AWS Load balancer with nginx in AWS ECS?

Issue

I'm using Docker in AWS ECS. I have one EC2 machine with docker agent from AWS ECS, and the ECS task contains of 3 containers:

  • nginx container
  • application-nodejs container
  • staticfiles-nodejs-application container.

I want to support very huge traffic. Do I need to setup AWSLoad Balancer? or my setting for nginx upstream is enough?

nginx conf example:

upstream appwww {                                                                                            
    server app-www:3000;                                                                                     
}                                                                                                             

server {                                                                                                      
    server_name  my.home.net;                                                                       

     location / {                                                                                             
        proxy_pass http://appwww;                                                                            
        proxy_http_version 1.1;                                                                               
        proxy_set_header Upgrade $http_upgrade;                                                               
        proxy_set_header Connection 'upgrade';                                                                
        proxy_set_header Host $host;                                                                          
        proxy_cache_bypass $http_upgrade;                                                                     
    }                                                                                                         

    listen 443 ssl http2; # managed by Certbot                                                                      
    ssl_certificate......; # managed by Certbot            
    ssl_certificate_key........ # managed by Certbot          
    include /.......# managed by Certbot                                     
    ssl_dhparam /.....pem; # managed by Certbot                                       

}                                                                                                             


server {                                                                                                      
    if ($host = my.host.net) {                                                                      
        return 301 https://$host$request_uri;                                                                 
    } # managed by Certbot                                                                                    


    listen       80;                                                                                          
    server_name  my.host.net;                                                                       
    return 404; # managed by Certbot                                                                          
}                                                                                                          

Edit

I draw the currect architecture and I want to add LoadBalancer, where should I put it? auto scale fits to this drawing? should I use one or more ec2 machines? multi containers? multi upstream?

enter image description here


Solution

I suggest you start with using the load balancer, because:

  • you can configure SSL at the load balancer and terminate SSL at the load balancer
  • you can protect yourself from malicious attacks by configuring the load balancer to integrate with AWS WAF

  • you could easily add more targets in the future

  • the absence of load balancer requires you to configure SSL at the application level

  • it supports health check.

  • you get free ACM certificate to use with load balancer
  • easy to renew SSL certs every year

Note: consider using AWS S3 and cloudfront to serve your static content

introducing load balancer to your existing architecture

The application load balancer supports host based routing now, which means it makes it possible to use multiple domains (or sub domains) pointing to multiple websites. In addition to host based routing its also supporting path based routing. for e.g while mydomain.com/web1 pointing to website1 , mydomain.com/web2 can point to website2.

I can't think of a reason why you would need to use nginx (unless I am missing something).

So answering to your question, I would do this way.

  • introduce an application load balancer
  • deploy multiple containers via ECS (Fargate)
  • for each service, i will have a target group dedicated to manage scaling and health checks.
  • finally, I would do host based routing, s1.mydomain.com, s2.mydomain.com each pointing to different target groups (one per service)

Reference: https://aws.amazon.com/blogs/aws/new-host-based-routing-support-for-aws-application-load-balancers/

Hope this helps.



Answered By - Arun K