How to create a Classic Load Balancer in AWS - c06418593
I've used this configuration on the Demoprint server to provide a signed certificate from AWS, and a user-friendly DNS name. These steps can also be followed when PrinterOn is hosting a POC or demo for an end customer which requires a trusted certificate. The DNS configuration requires assistance from IT to update DNS records to reflect the new Load Balancer DNS (eg.DemoprintClassic-439220708.us-east-1.elb.amazonaws.com) I have enabled ports 443 (CPS), 631 (PDG), 632(PDH) & 9444 (Print Preview) Scenarios this would be required: a POC or Demo being hosted on a single server within PrinterOn's AWS Account.
Overview of steps:
- Create your EC2 instance
- Create a Classic Load Balancer for port 443
- Assign additional ports
- Request DNS changes from IT
- Validate
Create your EC2 instance
Begin by launching a new EC2 instance from the printeron-ps AWS account in your chosen region. I recommend installing PSIM and setting your ports appropriately before configuring your load balancer so that you can validate the load balancer is working as you configure it. This Article will not cover setting up PrinterOn Enterprise and editing ports in detail. The Security Group for your EC2 Instance should reflect all ports required for your service. For a single server POC, these are the ports I have been using and where access is allowed from:
| Port | Allowed Source |
| 80 (Allow Load Balancer to use 443 externally and forward into server on port 80) | Anywhere |
| 443 (CPS) | Anywhere |
| 631 (PDG) | Anywhere |
| 632 (PDH) | Anywhere |
| 3389 (RDP) | My IP only |
| 8057 (PONCONF) | Anywhere (customer may choose to lock this down) |
| 9444 (Preview) | Anywhere |
Create a Classic Load Balancer
- Select EC2 from the Compute area
- From the EC2 Menu on the left hand side, click Load Balancers
- Create New Load Balancer
- Choose the Classic type
-
Enter a name for the LB
Use the customer name to identify it - From the Create LB Inside menu, choose the value marked "default vpc" (Might need some help from IT to nail this down better)
-
Set only one port at this stage: 443
Load Balancer Protocol and Port should be HTTPS 443 and the Instance Protocol and Port should be HTTP 80 -
You will next need to select a Subnet for each Availability Zone where you wish traffic to be routed by your load balancer. (Might need some help from IT to nail this down better, not sure if it matters too much which zones are chosen)
NOTE:
Make sure you at least select the Availability zone where your EC2 instance was created! - Click Next to move to Step 2
- Choose the same security group that you used for your EC2 instance, and keep the default VPC Security Group selected too.
- Click Next to move to step 3
- Choose the *.demoprint.com certificate available from ACM. Leave the other settings on this page as default.
- Click Next to move to step 4
- Leave the Ping protocol on HTTP port 80, but change the Ping Path to just "/"
-
Change the Response Timeout to 3 and the Interval to 10
The Health Check determines if requests will be routed to this load balancer. Because we can only check one item, go with CPS. If CPS is not responding, most of the other components probably won't work either! - Click Next to move to step 5
- Choose the EC2 instance for this POC
- Click Next to move to step 6
- Add 2 tags: Key - Project Value - Customer POC & Key - Client Value - [Customer Name] eg. Demoprint
- Click Review and Create
- Click Create
Assign Additional Ports
- Once the Load Balancer has been created, CPS should be available to the outside world if you load the DNS name value into a browser using https eg. https://DemoprintClassic-439220708.us-east-1.elb.amazonaws.com
- From the EC2 Menu on the left hand side, go to the Load Balancers
- Click your newly created Classic LB
- We now need to configure the other component's ports, so click on the Listeners tab
- Click Edit
- Add these other ports:
| Load Balancer Protocol | Load Balancer Port | Instance Protocol | Instance Port |
| HTTPS | 632 | HTTP | 632 |
| HTTPS | 8057 | HTTPS | 8057 |
| HTTPS | 9444 | HTTP | 9444 |
| SSL(Secure TCP) | 631 | TCP | 631 |
Request DNS changes from IT
Send a note to itsupport@printeron.com to request a DNS change for a POC/Demo being hosted in AWS. Provide the Load Balancer's DNS (eg. DemoprintClassic- 439220708.us-east-1.elb.amazonaws.com) and teh DNS you'd like the service to use which will be in the format company.demoprint.com (eg. bpce.demoprint.com)
Validate
Send a test print via CPS https://customerdns
Load https://customerdns:631 - expected result is a Login Prompt from PDG
Load https://customerdns:632 - expected result is an XML response from PDH
Load https://customerdns:8057 - expected result is a Login Prompt from PONCONF
Send a test mobile app submission to confirm the Print Preview is successful
Additional Considerations
- The Security Group set on your Load Balancer must allow for connections from anywhere on all the ports you need the service to respond on. For example, if you've configured the LB for port 80, but the Security Group assigned to your Virtual Server does not allow port 80 connections from anywhere, the Target Group will remain in an unhealthy state, and the LB cannot be used on that port until the security group is updated.
- Consider moving your Print Preview storage folders to the cloud. When I first attempted this, the only way to get my previews to appear properly was to use this method. See How to move Print Preview folder to Amazon S3 Bucket