you need to learn Load Balancing RIGHT NOW!! (and put one in your home network!)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

okay you need to put a load balancer in your house like right now it's amazing totally free and change the whole game for your home network but what is a load balancer and why would i put this in my house let me show you what i've done if you're like me you got some stuff in your home network like a plex server a nas or network attached storage maybe a few websites and just a ton of stuff right and check this out i put a free load balancer from kemp in my home network and by exposing only one port in my network port 443 i can securely access everything from anywhere plex.networkchuck.com bam goes straight to plex nast.netrockchuck.com bam straight to my ass proxxbox.net.com web.networkchuck.com all of it going through one public ip address one port 443 totally secure every one of these is using an ssl certificate a wild card cert my public ip is completely hidden and i did all this for free and i'm gonna walk you through it i'll walk you through everything from setting up a free domain name and getting a free load balancer from kemp and also yeah you're gonna learn a thing or two about low balancers along the way knowing what low balancing is and how it works and what it's for is key with everything in it and to put one in your house are you kidding me for free and what this thing does is stupid awesome all the features you have for free do it right now and a massive shout out to kemp for sponsoring this video you're going to learn a ton about what they do as far as low balancing in this video but if you want to learn more check it out link below anyways you're going to need some coffee let's get started now this will be a bit of a lengthy tutorial so if you want to follow along a text based blog check it out link below and also don't forget to hack the youtube algorithm today hit that like button subscribe notification bell comment let's hack youtube today ethically of course yeah yeah now we're getting started here we go that's a load balance so here is what you'll need to make this happen the first thing we'll need is a load balancer duh right of course and as i said earlier the one we're going to be using is called kemp or it's from kemp technologies now i've actually used kemp in the wild as a network engineer i deployed a kemp load balance or a physical one and it was awesome and let me tell you it's amazing that we can do this right now for free in our house come on yes you can download this sucker for free in the description below and it's going to be a virtual appliance or a virtual machine you will need to host this on a hypervisor preferably type 1 something like esxi or kvm you can even do proxmox but there's some kind of workarounds you have to do check the link in the description i'm going to set mine up on vmware's esxi esxi it's kind of hard to say the rest of the stuff you need is pretty easy number two a cloudflare account again free i'll walk you through the setup here in a moment you'll also want a domain name if you already have one that's cool if you don't we'll get one set up for free as well through freenom and i'll walk you through that four you will need access to your router's config your home router so you can forward that one port 443 and last but certainly not least you'll need some coffee man because everything in it requires coffee and network check dot coffee check it out and yeah that's pretty much it let's um let's do this now load balancer what is this what does this thing do and why do you need one in your house because you do and we're gonna do that right now but first what's it traditionally used for a load balancer well let's think about a website this is the most common use right here let's say we got a website on a server like we do let's say that website is a networkchuck.coffee which of course is our domain name and every domain name points to what the ip address right so we have our coffee store and people are visiting our website it's not too crazy we're still getting things started things are going great then wait hold on things take off people love my coffee and we get a lot more people visiting our website that i don't know what happened to that guy he's okay though here we go so many people visit our website that we can't handle the load our server can't handle it cpu's crashing rams freaking out we realize pretty quickly that we need another server so let's throw the one in there let's throw a second networkchuck.coffee server in here to handle the load but this by itself will not work because right now all these people are still hitting this one server how do we tell them to use both servers like hey don't go to this one all the time give them a break go to both they're both open you see it won't do that automatically we need something to balance the load a load balancer huh what a great idea let's throw one in there so we say people chill out we've got more than one server here so we throw in our load balancer and in our case it's gonna be a kemp load balancer no i know this may not be applicable to like your home network we'll get to that but for now this is and stuff you want to know for any kind of i.t job and basically life yes you want to balance your life like this it's a great analogy for life and here's what we'll do we'll say instead of going directly to that one server and killing him we say no no no leave him alone and go to our load balancer instead he'll handle everything else he'll make sure that when people visit our website the load is distributed evenly now that's what a load balancer is doing in a nutshell now it does do a lot more we'll cover more about that as we move along and configure more settings but how does that apply to our home network you may not be load balancing two coffee servers in your house so where does this come in for you here right here on your home network without a load balancer you're kind of handicapped because if you're a geek like me you've got a lot of stuff in your home network you may have a plex server a nas or network attached storage maybe a website all this stuff is nestled safely inside your home network right and that's good most of the time unless you're not at your house unless you're outside your house and you want to watch some plex maybe you want to give your family access to your stuff maybe you want to get access to your nas from the outside now in most cases your router does a pretty good job at saying no you cannot access anything inside our home network not from the outside it's blocking those ports so if we do want to access our stuff from the outside we have to allow some ports to poke a hole in our home network if you want to access your website you got to poke a hole in there open up port 443. what about our nas man got to open up the port 5001 for synology oh you want to watch a movie while you're out man gotta open up another port for plex we're looking at 32400 so when you access your external ip from the big bad wild internet there is a few holes that you can trickle through to get to your stuff which this works but i don't like this makes me uneasy i hate having holes in my network feels very insecure and you know it is you shouldn't have this many holes in your network not to mention there are limitations like what if i have more than one website let's say you got a couple more websites you see now we got a problem because a website port by default is going to be 443. you can't have port 443 going to various servers in your home it can only point to one internal ip address so you're out of luck there so here is where the load balancer comes in and this is so so good so first let's get rid of all these open ports so insecure cut this crap out uh-uh let's close these ports every one of them in fact the only port i want open is 443 and with that one port 443 we're going to get access to everything in our home network and it's going to be secure it's going to be beautiful and we're going to do that with the load balancer with kemp here mr cam we're going to throw mr kemp inside our home network our load balancer let's tuck him in there nice and safe and secure and again we're only going to forward one port port 443 and we're going to forward that port straight to mr kemp here to our load balancer that's the only thing we're doing no more holes holes are bad and with our magical mr kemp here things will just work after we configure it of course with one port open on your network you will be able to access everything everything i'm not kidding securely how i'll show you we've got some steps to take first and also we're not going to be doing this whole like ip address business we're going to have a domain name if i want to access my plex server i want to type in an ip address i want to type in plex.network which is not the real one by the way and i want it to be secure i want it to be https i wanted to have a certificate i don't want any errors and we're going to do that and it's so amazingly easy oh my gosh here we go but how here we go step one let's configure mr kemp so fire up your favorite web browser i'm gonna go to google.com and just simply search for free load balancer i bet you that kemp's gonna be one of the first ones here it is it's actually called freelowbalancer.com and again it's stupid what this thing does for free i'm talking enterprise grade level stuff in your house here we go their load balancer is actually called the load master and i like that you actually have options on where you can put it you can download it like we're going to do right now you can put it in azure aws that's right you can use this load balancer in the cloud we'll talk more about that here in a second and man i love kemp free forever that's what i'm talking about and one of our only limitations is this 20 megabits per second cap not a big deal honestly and you get all of this we'll talk more about these things here in a moment but first let's download this sucker so we can start playing with it click on download oh real quick by the way while kemp is free for everything we're doing right now like seriously we're not lacking any features they do have a retail version a paid version which you may want to consider if you're a business so if you're a fan of getting 24 7 expert support whenever you need it and also more advanced features like global load balancing more bandwidth which by the way they did hook me up with a retail license for my house and it's awesome so if you can check that out anyways let's continue now you will need a kemp account and i'm gonna get mine signed up real quick for bernard hackwell for hackwell industries and time to download this sucker so here we go first what is my platform i'm gonna be using vmware so i'm gonna download an ovf and then of course you have your other options and then country usf8 and download here we go quick coffee break just a small one now also don't forget to check your email and activate your camp id so we can license our free load balancer anyways my download is done so i'm gonna go ahead and extract my zip file here and jump in there to see what's inside and once more and there it is now right here i'm going to show you how to do this with vmware's esxi so i'm going to access my esxi environment real quick again saying esxi is so awkward anyways i can access my server here get logged in and i'm going to create or register a virtual machine now this should be pretty similar across a lot of hypervisors shouldn't be too crazy i will be deploying from an ovf file so select that click on next and i'm going to drop my files in there where'd they go there they are the two i want are right here the ov f and the virtual disk slide that in there i'll name this the load master click on next storage is good next now this load balancer will have two nicks this will be ethernet zero and ethernet one for most of us on our home network we have one main vlan right so i want to make both of mine my main vlan that's fine then i'll click on next and that should be it click on finish now before we power it on and go crazy there is one more thing we have to do i'm going to jump into my load master virtual machine right here and edit the configuration because the license file of this guy is tied to the mac address we want to make sure that mac address never changes so here on vmware if i go to the network adapter here network adapter 1 right here under mac address it's automatic i want that to be static or manual and i'll just change it to something random and i'll do the same thing for network adapter too just make sure they're different so zero one and zero two that should be good click on save and now let's start the sucker up here we go and coffee break load balancer is booted now we gotta go configure it now right here we'll just go to this ipr this url 1077.1.103 for me and let's get connected yeah yeah yeah license agreement i agree i agree here we go and time to license the sucker which all you have to do is log in with your account that you just set up and then we're golden and click on license now here we go and which one do we want well i want the free one we have one available we're good continue bam license validated we're good to go and we gotta reset the password for the default username set password and get logged in the username will be bow and then that password you just sent and bam here it is our load balancer right here i'm telling you this is so cool because it is enterprise grade this is something you would use in an enterprise it environment to have this in your house and to put that on your resume that you do is amazing i'm gonna get logged back in the first thing we need to configure is a virtual service so go ahead and click on that virtual services now right now you will have nothing so let's go ahead and click on add new now here's some more magic for you we're gonna create a virtual address or a virtual ip address in your network what do i mean watch this so on my home network right now if i ping the ip address 10.7.1.30 it's nothing nothing has 10.7.1.30 belongs to nobody but if i go in here let's say i want my virtual service to have the ip address of 10.7.1.30 it will do that we're creating what's called a vip vip is actually standing for um or stands for virtual ip address this is a very common thing in it and for our project right now this will be the only one we're creating now the port we're going to be using port 443 remember that's the only port we're opening up in our 443 the only port we're opening up in our router you can name it as well i'm going to name mine the door protocol tcp that's fine and i'll go ahead and click on add this virtual service now that was pretty easy so watch this now when i try to ping that ip address it's pinging i just created an ip address out of thin air a virtual ip address why let me show you this vip this virtual ip address will be the portal to every service you have in your network when you want to access plex you go to 10.7.1.30 your nas your website everything 10.7.1.30. let me show you so here we go i'm going to set up my first service behind this load balancer so right now my my nas is located at 10.7.1.21 on port 5001. i'm going to put that behind my kemp load balancer watch this first i'm going to click on real servers so this is virtual ip address we're going to connect it to a real server click on that sucker and then we'll click on add sub virtual service don't click add new sub virtual service click on that here it is right down here and we're gonna go ahead and jump in there real quick so click on modify now if you're tracking with me here we have our virtual service with our vip of 10.7.1.30 then we created a sub virtual service even more virtualized underneath that one here i want to name my nas i'll name it nasty i'll set that nickname you don't have to do that it's just for fun and now let's add our real server so if i scroll down here under real servers i'll add my first rule one so click on add new and the address for my nas was 10.7.1.21 the port i wanted to go to is 5001. that's the portal address for synology and let's go ahead and add that add this real server boom it's added so now from here i want you to click on view or modify services look at this great view of what we just did click on that and there it is if i click on this this link right here it'll expand and show me what's going on but anyways let's test it out real quick i want to open up a new tab here go to https which defaults to 443 right i'll go to 10.7.1.30. here we go where is it going to take us let's find out huh okay what is this oh it took me to my nest what is that that's cool right now i have more than one nast like everyone does so i'm gonna add my other one too so i'm gonna jump back into my virtual service by clicking on modify and i will add a new sub virtual service by clicking on add new right here at the bottom added and then i'll jump into that new service by clicking on modify right down here at the bottom right and same story as last time i'll name this one nasta 2 and then i'll scroll down here to real servers and click on add new to add a new real server add new my other nas is 10.7.1.22 it's also on port 5001 and i'll click add this real server done now there's a problem here and you're probably catching on right like how's chuck gonna make this work this makes zero sense and you're right so if i click on over here back to view modify services i can see that things are looking pretty beautiful like they're all up and that's the cool thing about uh load balancers like kemp is they'll check and make sure your servers are healthy and i'm not talking about just like a ping like ping ping are you up no you can go in there and say use https protocol use http use all kinds of stuff to make sure your service actually thing you're wanting to work is up anyways this right here this isn't going to work by default because if i go to 10.7.1.21 i'm sorry 30. my vip that's going to go to just nasty the first synology it's not going to go to my second one and if i add any other service to this like plex like let me add plex real quick which my flex server is actually on nasty my first nas just on port 32400 and i'll have my proxmox server as well on port 8006 but anyways i got a bunch of stuff added now but how in the world can i access all these individual servers and services by just accessing this one virtual ip address on port 443 i'll show you but you have to wait a second it's amazing it's the advanced power of what a kemp load balancer can do now the next steps are crucial and amazing we're getting our domain and we're setting up ssl on that domain which is amazing and it's all free so check it out we might get a domain like networkshock.com actually it won't be like that it'll be something weird because it'll be free i mean not too weird like it could still be network chuck but it might be like networkchuck.tk or something which for free is totally fine and we're getting that through freenom as i mentioned earlier now for dns by default your domain will be using freenom as its name server which that's fine but we're not going to do that we're going to use cloudflare and i'll show you why cloudflare is amazing it does a ton more than what we're doing with it right now but essentially here's what we're doing instead of having freenom handle our dns like where do we want network tk to point to a website our house whatever cloudflare is going to control that and we're doing this for two very big reasons first security actually both these reasons are security but it's very secure and the second reason is ssl cloudflare will set up a let's encrypt ssl assert for us wildcard and if you have no idea what any of that means you will i'm going to show you and it's amazing let's do this right now so step one we're going to set up our free nom account and get our free nom domain once that is set up and active we'll then go set up a cloudflare account and we'll tell freenom hey use cloudflare's name servers and once cloudflare is completely in control then we'll have some fun let's do this but first we need some cloudflare and we need our domain name so let's go set those up right now now we need a domain name we need something friendly we can use to access our stuff so i'm going to go out to freenom. with this we can actually get a free domain now if you already have one go ahead and use that that's cool but if you don't this is perfect right so let's go ahead and do this right now i'm going to try and create one um let's do hack well and that's it i want to check availability so cool all of these right here are available now if you click on get it now it won't work like watch this i click on get it now and it's like not available but you just said it was available liar so what we can do instead is just by go up by going by going up here and going to hackwell. and i'll just type in hackworld.tk and check availability oh look it's magically there okay whatever just trying to get me to buy a domain trick yeah so i'm gonna uh i have that one selected i'm gonna click checkout again it's free i'm gonna change my period down here from three months to something a lot more like uh as long as i can 12 months for free and then we'll click on use dns use freenom dns service and let's point it to something like i don't know google this is temporary we will come here and change this here in a moment click on continue and we will need to sign up so i'll sign up as bernard here verify my email address and make sure you verify that you only got 24 hours i'm gonna do that right now and then enter in all the domain registration information yes i understand all terms conditions and complete order and we're good confirmation order in hand and i just got to wait for the confirmation email coffee break now to verify that your domain is indeed set up go to services and then my domains here if you see under status active you're golden man now all we have to do is manage the domain so click on that manage gear right there on the right and then click on management tools and then click on name servers here we're going to click on use custom name servers and the name servers we want to use are from cloudflare but we don't have those yet so now let's go set up our cloudflare account so i'm going to navigate out to cloudflare.com and if you don't already have an account go ahead and click on sign up to get well signed up it's completely free by the way create account account created now at the top right now i want to start moving faster because we got a lot to do click on add site at the top right here add site and here we'll put in our site name our domain name that we just set up through freenom or if you have a custom one already go and put it there mine will be hackwell.tk then select your plan now as far as the plan you want you want the free one right the free one gives you everything you want for what we're doing here so make sure you have that selected and click continue now cloudflare will go out and go hey do i have control of this site do i have to control the dns and right now it doesn't so i'll go hey hold on you got to change the name servers for that site so i can control it so then i'll give you the name servers right here so we'll go ahead and copy those and paste those into our freenom portal save that and we need to wait just a bit now it says it can take up to 24 hours super long coffee break it doesn't take that long it took me about i don't know 15 20 minutes i'm not promising that but that's what it took for me and when everything's said and done and working it's gonna look like this great news now let's make this thing awesome let's change some settings real quick the first thing we need is to make sure that your website's gonna be pointing at your house so we're gonna go to dns and change some name records or dns records click on dns now this is your first time ever using dns it's gonna be fun because when you go to a website facebook.com networkchuck.com networkchuck.com youtube.com whatever it is all these sites will have dns records like this a records c names text records all kinds of crazy stuff now what we care about right now is the a record essentially when we type in hackwell.tk where does it go now right now i set mine to 8.8.8.8 on freenom just for a test just to have something there but i want this ip address to be to my house but what's my ip address what's your ip address quick way to find out let's try open up a google window here and just type in what's my ip address now i'm not going to show you mine because i don't want you to know it you really don't want anyone to know your public ip address and that's actually where cloudflare comes in handy it's going to hide your public ip address for you anyways so take that whatever it is copy and we're going to click the edit button right there to edit this first a record hackwell.tk and it's pretty straightforward just uh put in your ip address in the ipv4 address field now what's really cool though is notice we already have the proxy status enabled what that means is it's going to hide your public ip address now normally if it wasn't hidden if i pinged hackworld.tk it would show my real ip address meaning that if you pinged hackwell.tk you would know my ip address i don't want that and you don't want that so proxying it actually hides you safety security yes so anyways make sure it does say proxy click on save and cloudflare is quick it'll change this like super fast and go and change your www a record as well some people type in www.hackle.tk who does that anywhere though who types in www do you it's okay if you do anyways click on edit change the ipv4 address click save and now if i go ping it what i'm not going to see i know for a fact is my public ip address because it's proxied but i should see let's see hackable.tk pinging that sucker oh you gotta spell it right i'll ping hackworld.tk and yes so that is not my public ip address it is an ip address that belongs to cloudflare they're hiding me awesome now we will come back to dns here in a moment to add our services for our house like plex dot hackworld.tk nasty.hackle.tk we'll do all that subdomains that's what that's called by the way but what do you say we get our ssl certificate now by default it's already there so if we go over here and click on ssl or tls this is why i love cloudflare from here go ahead and click on the edge certificates this little tab right here now if you've been in it for a while when you see this you know how powerful this is right here is our universal ssl certificate now ssl certs are normally pretty expensive especially a wild card certificate meaning that like this right here asterisk dot hackwell.tk what that means is that you can have any website plex.hackle.tkcoffee.hackle.tk raspberrypi.tk you can have anything you want and that ssl cert will cover it that's called a wild card cert and those again are not cheap people shell out some serious money for these things this it's free man it's free cloudflare automagically uses let's encrypt a free ssl certificate authority and they just generate it for you you don't have to do anything it's super cool but anyways a few things we want to change right here under the edge certificates tab we're going to scroll down and first always use https yes it will rewrite http to https and we want that if you keep scrolling down here i think everything else is pretty good yeah yeah we're good there a couple more tabs we're going to look at first let's get back to our overview i don't know why i said it like that overview we can change how secure our website or our house is going to be now you can see that cloudflare is kind of sitting in the middle and then we have our origin server and then of course here's our browser which our browser will be you now for what we're doing what do you think this origin server actually is any guesses yeah it's our load balancer it's kemp cloudflare will be having a great relationship with our origin server right here now right now with our flexible encryption what's happening is that cloudflare is protecting the communication between your browser and cloudflare right here but it's not encrypting this right here i don't know about you but i'll take all the encryption i can get secure that stucker encrypt the heck out of it so i'm just gonna go full let's go strict let's go crazy and that's what i want to do click on full when you click on that do it bam we're locked up on all sides secure but it does require us to do something we need to generate a certificate from cloudflare and put it on our server now it's not too crazy it's actually pretty simple watch this i'm going to jump back into my load balancer my load master get logged back in once you're here at the dashboard we're gonna navigate over to the certificates and security section right here on the left click on that and what we want right now is to generate a csr or a certificate signing request what is that let's walk through so go and click on generate a csr and go ahead and fill out some information here now what you put here is not crazy important in fact it doesn't really matter at all unless you're like an official company and then for common names put in hackwell.tk or whatever you have for your domain and then also understand ucc names we want to add alternate domains for example our wildcard so do asterisk dot hackwell dot tk or whatever yours is so askrisk dot your domain name that way it covers everything and then click on create acsr so here we have two boxes full of crazy gobbledygook we're gonna need both of those just hang tight leave that there let's mosey on back over to our cloudflare account again this is super quick and easy don't worry from here still on the ssl tls section we're going to click on origin server click on that and then click on create a certificate click and then right here are options we're going to click on use my own private key and csr to generate a cert bam now for this first box it wants our csr which we have right over here on our load balancers this first box right here all you got to do is copy everything inside of this everything every bit of it copy and paste that right in there and then that's pretty much it as i scroll down that's all i want i'm going to click on create and there's my cert right there now here's what i'll do i'll just click on that ctrl c or it's already been copied copied all that stuff just like we did before and we're going to save that in a file now i prefer using notepad for this just paste that in there whoa what is that font it doesn't matter i'm going to click on file save as just going to throw it on my desktop i'm going to change the type to all files and i'm going to name this hackwell.pem.pem is the type you want to use doesn't matter what you really name it that's fine and click on save now we're almost there go back to your little balancer page that second box that we haven't really talked about yet that's our private key so whereas this one right here we just copied from cloudflare that's our public key over here is our private key and we'll need to save that so go ahead and click on all that all that private stuff copy it and do the same thing open up a notepad paste that in there and save that file save as choose that to all files and i'll say hack well crave just for private dot key and save so now last step i think we're going to click on ssl certificates right here we're going to actually upload the cert we just generated so click on ssl certificates and we'll click on import a certificate because we just added one it's awesome import choose your certificate file that was a public key we just generated choose file i named mine where'd it go where'd you go hackwell.pem i'll open that and then the private key choose file that's hackwillpriv.key it does require a certificate identifier just what it is i'll just say cloudflare origin and click on save oh it doesn't like that cloudflare origin there we go no spaces save and certificate successfully installed and the last thing we need i promise last thing for the ssl part we need our root certificate for cloudflare i've got a link below simply click that link and download it and then right here on the load master page click on add intermediate certificate at intermediate choose that file you just downloaded i'll name it cloudflare root add certificate now as far as ssl goes this is it that's good we're awesome so let's get back to our camp load balancer here and we're going to go to our virtual services here on the left and then click on view modify services there is one thing we got to change we have to make sure that this service is actually using our new certificate so click on modify right here and then click on ssl properties click that drop down and then click on ssl acceleration heck yeah i want that enabled it says oh you don't have a cert there that's fine we're going to add one right here we have the one we uploaded to our server the origin server we're going to scoot that over set certificates golden and then one more box i want you to check i want you to check the re-encrypt option this will further encrypt traffic between your kenpo load balancer and whatever server is going to whether it's your nas your web server plex it's going to encrypt everything so go ahead and click on re-encrypt now that should do it so now here's where we're at we have our domain hackwell.tk when we visit that website it goes to cloudflare and the cloudflare points to our actual ip address but it keeps it hidden keeps it secure people can't find us and also cloudflare has our backs with ssl and a wild card at that which is amazing so now the only thing left is to open up our port 443 to go to our load balancer now this will be different based on whatever you have in your house what kind of router now i'm rocking unify the dream machine pro i'll do mine real quick but you'll need to consult your router documentation on how to forward a port it's called poor forwarding look it up so i'll go ahead and add my port forwarding rule to forward port 443 to 10.7.1.30 the vip of my virtual service on my load master and that's it apply changes so now let's test it out real quick check this out so let's let's test out our website i'm going to open up a new tab here and go to hackwell.tk and let's see what happens yes it worked okay so that's working but how do we set up all these other services like this and this is what makes load balancers kind of amazing so we have our load balancer right here and the most common type of load balancing is network load balancing or layer three essentially what we've already done traffic comes into 10.7.1.30 our vip low balancer goes oh it's for this website and it will distribute that traffic to these servers configured also it's ip addresses 10.7.1.102 for example and maybe another one again focusing on the layer 3 aspect of things don't know what that is have no idea what i'm talking about check out this video right here or over here i never know where to point i'll tell you all about it now where things get more powerful and that's what we're going to do right now is when we look beyond layer 3. you see modern load balancers like kemp can go layer 4 to layer 7. they're often called layer 7 load balancers and what that means is instead of relying on the layer 3 information just looking at ip address stuff we can look at things like hey what url do they type in and we can load balance off that what do i mean so for example let's say plex right now if we go to hackwell.tk it's not working it will not go to plex it'll go to nasty every time but what if we could have the load balancer go okay when plex dot hackwell.tk is typed in and it arrives here it will look inside there and go oh this is for plex.aqua.tk i know what this is for it's going to go to the plex server which was 10.7.1.21 on port 32 400. this is called content filtering and it's amazing let's try it real quick actually so first we need plex.hackle.tk to actually be live a thing so let's go to cloudflare real quick scroll up to the top here and click on dns i told you we'd be back here we're going to change some dns settings now it's super simple we're going to click on add a new record and under name i'll put in plex and that's it notice it filled in for me plex.hackle.tk and i'll put in that same public ip address as the other dns entries and that's it click on save and if we open up our command prompt here i'm just going to verify it's a thing so i'll ping plex.hackwell.tk it's already there man cloudflare is quick so now here's where the magic happens let's go to our low balancer and we're going to go to rules and checking expand that right there and then click on content rules and then click on create new this is going to be the rule that says when we see plex.hackle.tk come in we're going to actually do something with that let's do it i'm going to name this plex i'm going to change the header field to host because it's actually looking inside the application header the layer 7 information again if you know what i'm talking about check out this video right here but it's using that information to make forwarding decisions that's awesome anyways so we're going to take advantage of that we're going to match the string anything beginning with so i'll use that little up arrow caret thing anything beginning with plex.hackwell.tk i'm going to click on ignore case i don't care if you type in capital p and that's it i'm going to click on create rule it's created and now we have to add that to our service i'll go back to our view modify services and then click on modify right here and then under advanced properties we're going to enable content switching that's what we're doing and it's so freaking cool so go ahead and click on enable yeah it's enabled and then to add this rule to our particular service which is plex we're going to scroll down to our sub services notice it's like hey we don't have any rules here what do we do we're going to click on plex first and we're going to change the rule right here from default to plex click on add and theoretically that should be it if i click on back i can scroll down here and see that it is added what do you say we test it out let's open up a new tab man i think it's crossed plex dot hackwell dot tk here we go yes oh i do have to log in with plex but whatever dude boom just like that notice this holy crap plex.hackle.tk ssl like i didn't do anything in this plex server i don't do anything to it it's all being handled by cloudflare and kemp it's not only forwarding to one server it's forwarding to the specific port on that server so look at this sorry i'm getting too excited it's coming in on port 443 and going to port 32400 and kemp is handling all of that let's set up the rest oh i can't wait to see the rest of the stuff isn't this cool though i mean holy crap home lab on steroids let's keep going i'm going to go in here and add some more dns records for all the other stuff i have i'll say proxmox save esxi i want to have that in there too save and i do have a website too i want to name this web save oh i forgot about my second nas nasty2 save so we got some stuff here let's go configure that in kemp let's get to our content rules and add those rules i'll do those real quick same story as a lot as the plex server here all right created all my rules now time to add them to my services nasty nasta 2 proxmox and i'm going to add my other services as well i forgot to add those suckers esxi and of course my website which by the way this is actually kind of cool my website actually has two servers i'm gonna load balance these suckers you ready oh yeah so i'll name the subservice web set the nickname and when i add the real servers i'm going to add two servers 10.7.1.152 is the first one 443 is perfect add and then i'll add another and the other one is 10.7.1.106. add so now if i look back at this subservice i've got two real servers and notice the weight of them is equal so it'll equally low balance the low between these i could change the weight and make one higher it would go to that one all the time anyways and i'll show you how that works here in a moment so i want to go back i'm going to add my rule for my website web and now everything should be working let's test a few out this is so cool let's try uh proxmox hackwell.tk oh wait what's going on oh i know i know check it out okay i forgot about this if i go to view modify services once more notice that everything looks healthy except for proxmox why is he sick what's wrong with them well it's using https to make sure he's healthy so if i click on modify and i go into that sub service of proxmox i scroll down here to the real servers again it's using http https but it's not liking that so i want to change that to let's just say icmp ping just ping him see if he's up and if he's up he's healthy we should be able to get to him cool so it looks healthy now let's try it again proxmox.hyper.tk oh man look look at that look at that so that's a demonstration of how when kemp monitors your server for health if it's not up it's not going to send traffic to it it's like no no this guy is not healthy dude let's try something else let's try esxi dot hackwell.tk oh my god this is so cool look at this again i can't emphasize more that using having ssl set up is awesome because like this doesn't have a legit certificate on it it's self-signed which means if i just went to the ip address of it right 10.77.1.13 i'm getting this not secure nasty up here certificate's invalid it's the same server but if i go to esxi dot hackwell.tk nice safe and secure with a valid certificate how cool is that finally let's try my web server web.hackwell.tk look at that yes this is a website running on my home network it's got a self-signed cert nothing special on it but kemp is handling everything this is actually two servers but you wouldn't know the difference i mean if as i refresh this you can't tell but if i change the details of one of the websites just to make sure we're looking at a different site a different server rather let's see what happens yes load balancing see notice this is different on the second server now let's say i shut that server down that we're connected to shut down yes let's see what happens bam automatically failed over to the other server notice it's the text changed that's what happened now what we're doing here at the load balancer is perfect for a home lab right we can securely access all of our stuff externally and yeah it's secure like kemp right here has a built-in web application firewall if i scroll here through my service settings right here bam got my waff web application firewall if i select that what's happening oh it's doing some all kinds of rules to protect us again this is a free option i mean if you paid for this there'd be a lot more right but look at all you get for free it's doing all this stuff now we just did a lot i know i know but it's possibly the geekiest thing you can do in your home lab and it's amazing so quick recap here's what we did and why we set up a load balancer in our home network with a vip the one ip that can connect us to every single service in our home network we open up only one port just one 443 we then get a free domain from freenom hackwell.tk this domain's name servers is being managed by cloudflare cloudflare is doing two things for us it's hiding our ip address and it's handling our ssl certificates our wildcard cloudflare points to our real ip and then the magic happens on our load balancer it uses layer 7 load balancing to look at the url and see oh this is plex.tv or tk we're seeing that too plex nasty nasty too the web everything this is so freaking cool now i do want to know that the ssl part just so you know i'm having cloudflare handle it for us because for the home lab it works but you could do the same thing on kemp on the load balancer kim will actually generate ssl certs and it integrates directly with let's encrypt the free ssl cert provider and what that means is that the load balancer would be an ssl offloader new word what is that it means that instead of each individual server handling security and ssl and having to manage each individual one it's all centrally managed by kemp the load balancer and that's normally what you'll see in a real enterprise environment now in our case right here we're having cloudflare handle that and it's awesome now again i know this was a lot i hope you had plenty of coffee you can tell that this was a multi-day thing for me mainly because my computer died if you saw it on twitter it just kept dying i replaced the power supply anyways i digress this was super cool it's in my home lab right now now i changed the url so you can't hack me but this is something i legit do right now in my home environment i wanted to show you i had to show you so if you followed along and did this man let me know what you think and yeah again it's a long process i do have a write-up below again so if you want to check that out follow along and be able to copy stuff do that and again huge shout out to kemp for sponsoring this video and also for having an amazing free load balancer what the heck is that like why it's awesome i love that you can put an enterprise grade load balancer in your house for free pretty much use every feature they have now when you go into the enterprise environment and deploy a low balancer in a company it works the same way so you know how a low balancer works you know what to do you know all the knobs to twist and push and all kinds of stuff that's huge anyways guys that is all i have today thank you for sticking with me and watching this entire thing if you want to learn more about kemp and all that they do link below and yeah of course don't forget to hack that youtube algorithm like this video subscribe comment what is the other one oh notification bell do all that please you gotta hack youtube today ethically of course and if you need coffee or a shirt or any kind of merch i've got some stuff for you too link below and yeah that's all i have i'll catch you guys next time you

Info

Channel: NetworkChuck

Views: 466,096

Rating: undefined out of 5

Keywords: Kemp, load balance, load balancer, network load balancing, home network, plex, virtual load balancing, free load balancer, kemp load balancer, how to home network, load balancing, what is load balancing, what is load balancing in microservices, amazon web services, what is load balancing in networking, what is load balancing router, what is load balancing in server

Id: LlbTSfc4biw

Channel Id: undefined

Length: 42min 42sec (2562 seconds)

Published: Fri Jun 18 2021