Serverless App Engine:Bind an NLB instance to an application and generate a fixed access address

Background

By default, SAE applications cannot be accessed over the Internet. Accessing through VPC is still unstable, as private IP address may change. Bind a public or private NLB instance to your application can solve this. By binding an NLB instance, you can access the application using a fixed domain name, and balance traffic across different zones and SAE instances.

• Before binding an NLB instance, see How it works and Limits of the Network Load Balancer (NLB) service.

• Using the NLB service in SAE will incur additional fees.

  Important

  For deletion, if you only delete the NLB instance from the SAE side without deleting it from the SLB side, the NLB instance on the SLB side will continue to incur fees. For specific steps to delete an NLB instance from the SLB side, see Delete an NLB instance.

Solution

SAE applications support binding with either public or private NLB instances. You can bind different network types of NLB instances with your SAE application.

• Bind a private NLB instance: This is to provide a fixed access address (DNS name) for the SAE service and distribute traffic through algorithms (such as round robin). Include microservice internal communication, database access, and corporate intranet access.

• Bind a public NLB instance: By default, SAE does not support direct access from the Internet. By binding a public NLB instance you can provide a fixed public access entry point. Enable it to handle traffic from the Internet. The process is shown below.

  

Step 1: Add an NLB instance to an application

1. Log on to the SAE console. In the left-side navigation pane, choose Applications > Applications. On the page that appears, select a region in the top navigation bar and a namespace from the Namespace drop-down list, and then click the desired application name.

2. On the Basic information page of the target application, find the Application Access Settings section, and click Add NLB Access on the NLB-based Access tab.

   

3. In the Add NLB Access panel, configure the parameters and click OK.

   Note

   SAE supports creating a new NLB instance or binding an existing NLB instance.

   • Create a new NLB instance: The SAE system automatically purchases an NLB instance for you. View detailed information of the instance in the Server Load Balancer console.

   • Bind an existing NLB instance: Create an NLB instance in advance on the Instances page of the Server Load Balancer Management Console by creating an NLB instance. If you want to create a private NLB instance, we recommend that the NLB instance and the SAE application use the same VPC. If not, you need to configure the network yourself to ensure they can communicate. For example, you can use Alibaba Cloud's Cloud Enterprise Network or other network connectivity products to achieve cross-VPC communication.

   Create a new NLB instance

   1. For Instance Source, select Create Instance.

   2. For Network Type, select from Public Network and Private Network.

      • Public Network: System will automatically create a public NLB instance and allocate an Elastic IP Address and a VIP for each zone.

      • Private Network: System will automatically create a private NLB instance and allocate a VIP for each zone.

   3. Select the zones of the virtual switches based on requirements. To ensure high availability, select at least 2 or more zones.

      The virtual private cloud (VPC) is fixed to the VPC of the target application.

   4. Supported protocol types are TCP, UDP, and TCPSSL.

      Protocol Type	Configuration Item	Example Value
      TCP	Listener Port: Used to receive requests and forward them to backend servers. Container Port: Used to listen on, defined by the program.	Listener Port: 80 Container Port: 8080 (default port for Web services)
      UDP
      TCPSSL	Listener Port: Used to receive requests and forward them to backend servers. Container Port: Used to listen on, defined by the program. Select SSL Certificate: Select an uploaded SSL certificate.	Listener Port: 80 Container Port: 8080 (default port for Web services) Select SSL Certificate: Select a purchased SSL certificate. If you haven't purchased an SSL certificate yet, see the Purchase certificate.

   

   Bind an existing NLB instance

   1. For Instance Source, select Existing vSwitch.

   2. In the dropdown list for NLB Instance, select an NLB instance.

      If you haven't created an NLB instance, click Create NLB Instance, and then create an NLB instance on Instance in the SLB console.

   3. Select from TCP, UDP, and TCPSSL.

      Protocol Type	Configuration Item	Example Value
      TCP	Listener Port: Used to receive requests and forward them to backend servers. Container Port: Used to listen on, defined by the program.	Listener Port: 80 Container Port: 8080 (default port for Web services)
      UDP
      TCPSSL	Listener Port: Used to receive requests and forward them to backend servers. Container Port: Used to listen on, defined by the program. Select SSL Certificate: Select an uploaded SSL certificate.	Listener Port: 80 Container Port: 8080 (default port for Web services) Select SSL Certificate: Select a purchased SSL certificate. If you haven't purchased an SSL certificate yet, see the Purchase an official certificate.

   

4. After the instance is created, view the status in the Application Access Settings section.

   If you want to add multiple NLB instances, click Add NLB access and follow the above steps to continue adding NLB instances.

   

   Important

   SAE side may overwrite the configuration in the SLB console if you configured listening rules first on the SLB, and vice versa. To avoid conflicts, we recommend that you configure listening rules for NLB instances only on the SAE side.

   Do the following on the instance.

   • Add listener: Click Add Listener, select Listener Protocol, and configure parameters.

   • Modify container port: Click Edit in the Actions column of the NLB instance. In the Edit NLB Access panel, modify the Container Port.

   • Delete a listener or NLB instance: Click Delete in the Actions column of the NLB instance. In the pop up dialog box, click Confirm to delete.

     If you added multiple listening rules for the same NLB instance, delete will only remove the corresponding rule. If you delete the last listening rule, the system will automatically delete the NLB instance.

   • View NLB instance: Click the NLB instance name to go to the NLB Instance Details page. You can view detailed information about the instance. This includes the Elastic IP(EIP) and Virtual IP(VIP) for each zone, DNS Name of the NLB instance, and other information.

     

     Use the DNS Name or EIP of the NLB instance for access test.

Step 2: Configure domain name resolution

In actual business scenarios, we recommend that you use your custom domain name and point it to the DNS name through CNAME resolution.

1. Click the name of the created NLB instance in the Application Access. Go to the NLB instance details page in the console.

   

2. On the NLB Instance Details page in the Server Load Balancer SLB console, copy the DNS Name.

   The DNS name provided by the NLB instance will be used as the record value when configuring domain name resolution.

   

3. Log on to the Domain Name Resolution console and add a CNAME record.

   Note

   For domain names not registered with Alibaba Cloud, add the domain name to the Cloud DNS console first before domain name resolution.

   1. On the authoritative domain name resolution page, find the target domain name and click Configure DNS in the Actions column.

   2. On the Configure DNS page, click Add Record.

   3. In the Add DNS Record panel, configure the following information to complete the CNAME resolution configuration, and then click OK.

      

      Configuration Item	Example	Description
      Record Type	CNAME	Select CNAME from the dropdown list. A CNAME record will point your custom domain name to the DNS name provided by the NLB instance.
      Host Record	www	Enter the domain prefix. For specific explanations of host records, see the host record description in the console.
      Resolution Request Source	Default	Select Default. DNS can identify the region and carrier attributes(the IP of the carrier's LocalDNS). When adding DNS records, you can set different record value returns for requests from different regions and carrier lines.
      Record Value	nlb-****.com	Enter the DNS name provided by the NLB instance. It is the domain name that the CNAME points to.
      TTL Period	10	Select the default value provided by the console. Specify a TTL value for the CNAME record to be cached on the DNS server.

Step 3: Test

Enter your custom domain name in the browser to perform an access test. For example, http://domain-name.

Resource cleanup (optional)