How to build an infrastructure environment on Alibaba Cloud Edge Node Service (ENS) - ENS

This topic describes how to build an infrastructure environment for edge nodes.ENS You can learn about how to create virtual private clouds (VPCs) and vSwitches on an edge node, how to create computing instances, how to use Edge Load Balancer (ELB) to distribute traffic, and how to use SNAT and edge IP addresses (EIPs) for traffic proxy.ENS Cloud Architect Design Tools (CADT) is available in this deployment solution.

Prerequisites

An Alibaba Cloud account is created and real-name verification is completed. You can log on to the Alibaba Cloud console and go to the Account Center page to check whether real-name verification has been completed.

Procedure

Activate ENS

Activate the service

Go to the ENS homepage, click Contact Sales, fill in the ENS Enquiry Form, and submit. You can also contact your business manager to activate ENS.

Configure resources

Contact your account manager to configure necessary resources and edge nodes before sales.

Grant RAM users permissions

Important

An Alibaba Cloud account has access permissions on all API operations. We recommend that you use a Resource Access Management (RAM) user to call specific API operations or perform routine O&M.

Create a RAM user.
1. Log on to the RAM console.
2. In the left-side navigation pane, choose Identities > Users.
3. On the Users page, click Create User.
4. On the Create User page, specify the Logon Name and Display Name parameters, and set the Access Mode parameter to Console Access.
5. Click OK.
  After you create a RAM user, record the logon name and password of the RAM user. When you call API operations, you must use the RAM user to log on to OpenAPI Explorer.
Grant the required permissions to the RAM user.
1. Access the RAM user list.
2. On the Users page, find the RAM user and click Add Permissions in the Actions column.
3. Enter ENS in the search box and select the AliyunENSFullAccess and AliyunCADTFullAccess policies.
Click Grant permissions.

Create a VPC and a vSwitch

You can specify the internal CIDR block and vSwitch to create a VPC and a vSwitch based on the network planning.

Log on to the ENS console.
In the left-side navigation pane, choose Network Management > Networks.
On the Networks page, click Create Network.
On the Create Network page, configure the Network and vSwitch sections.
Confirm the information and click Create.
- On the Networks page, view the Status of the network that you created.
- On the vSwitch page, view the Status of the vSwitch that you created.

Create an ENS instance

Log on to the ENS console.
In the left-side navigation pane, choose Resources and Images > Instances.
On the Instances page, click Create Instance. For more information, see Create an instance.
Note
When you create an instance, select the network and vSwitch created in the preceding steps.
After you complete the payment, you can view the instance on the Instances page.

Use an ELB instance to distribute traffic

Create an edge load balancer (ELB) instance.
Note
When you create an ELB instance, make sure that it is in the same region as the created ENS instance.
1. Log on to the ENS console.
2. In the left-side navigation pane, choose ELB > CLB.
3. On the CLB page, click Create Instance.
4. Configure the parameters and click Confirm.
On the CLB page, view the created ELB instance and make sure that the ELB instance is in the Running state.
Configure a backend server for the ELB instance.
1. On the CLB page, find the ELB instance that you want to manage and click Add Backend Server in the Actions column.
2. On the Default Server Group tab, click Add, configure the parameters, and then click Next.
3. Configure the weight for the backend server and click Add.
  Note
  An ENS instance that has a higher weight receives more requests.
Associate an edge EIP with the ELB instance. For more information, see Associate an EIP.
1. On the CLB page, choose > Associate Public IP Address in the Actions column.
2. In the dialog box that appears, select the edge EIP that you created and click OK. If you have not created an EIP, create one. For more information, see Create and manage edge EIPs.
3. If a public IP address is displayed in the Service Address column of the ELB instance, the edge EIP is associated.
Configure a listener for the ELB instance. For more information, see Configure a listener.
1. On the CLB page, click Listener Configuration in the Actions section.
2. On the Listener tab, click Add Listener.
3. In the Basic Information step, configure the parameters and click Next.
4. In the Health Check step, configure the health check parameters and click Next.
5. In the Confirm step, confirm the information and click Create.

Verify that Internet traffic can be distributed to the ENS instance by the ENS.

Prepare the Go environment.

Update the system package list and install Go.

# Update the package list for Debian- or Ubuntu-based OSs. Skip this command for other distributions.
sudo apt-get update

# Use the package management tool to install Go.
# For Debian- or Ubuntu-based OSs:
sudo apt-get install golang
# For Red Hat or CentOS-based OSs:
sudo yum install golang

Verify the installation.

go version

# The system displays information similar to the following content:
go version go1.18.3 linux/amd64

Configure environment variables:

Edit the ~/.profile or ~/.bashrc file and add the path of Go to the PATH environment variable.

echo 'export PATH=$PATH:/usr/local/go/bin' >> ~/.profile
source ~/.profile

# Or
echo 'export PATH=$PATH:/usr/local/go/bin' >> ~/.bashrc
source ~/.bashrc

Create a working directory.

We recommend creating a working directory for better organization of your Go projects. Example: ~/go.

mkdir -p ~/go/{bin,src,pkg}

echo 'export GOPATH=~/go' >> ~/.profile
echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.profile
source ~/.profile

# Or
echo 'export GOPATH=~/go' >> ~/.bashrc
echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bashrc
source ~/.bashrc

Deploy a simple web service on the ENS instance. You can access the service through local port 8080 and obtain a response.

package main

import (
    "fmt"
    "net/http"
)

func helloHandler(w http.ResponseWriter, r *http.Request) {
    fmt.Fprintf(w, "Hello\n")
}

func main() {
    http.HandleFunc("/", helloHandler)
    fmt.Println("Starting server on :8080")
    if err := http.ListenAndServe(":8080", nil); err != nil {
        fmt.Println(err)
    }
}

Run the following command to compile the preceding code and run it in the background.
```
go build -o webserver main.go
nohup ./webserver &
```
Access the service through the local port 8080 port to verify that the service is running as expected.
```
curl http://127.0.0.1:8080/
```

Deploy Nginx on the ENS instance and modify the Nginx configurations.

Install and start Nginx. In this example, CentOS is used as an example.
```
sudo yum install epel-release
sudo yum install nginx

sudo systemctl start nginx
```
Edit nginx.conf to forward requests to different service addresses to different service ports. In most cases, the configuration file locates in /etc/nginx/nginx.conf or /etc/nginx/sites-available/default.
According to the previous configuration, the listening port and the backend server listening port of the ELB instance are both 80.

Add the following segment to nginx.conf so that the backend server listens to requests from the EIP associated with the ELB instance to port 80 and forwards the requests to the local port 8080.

server {
    listen 80; # Listen to port 80.
    server_name your_domain_or_ip; # Replace your_domain_or_ip with your domain name or IP address.

    location / {
        proxy_pass http://127.0.0.1:8080; # Forward the request to the local port 8080.
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Verify that the modified configuration is syntactically correct.

sudo nginx -t

# If the following content is returned, the syntax verification is passed.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Restart Nginx for the updated configuration to take effect.
```
sudo systemctl reload nginx 
```

Run the curl command to access <EIP>:80 over Internet to verify whether the service can be accessed.

Use a NAT gateway to allow an ENS instance to access the Internet

Create a NAT gateway. For more information, see Create and manage edge NAT gateways.
1. In the left-side navigation pane, choose Network Management > NAT Gateways.
2. On the NAT Gateways page, click Create NAT Gateway to create a NAT gateway on the same node as the ELB instance.
Associate an edge EIP to the NAT gateway. Then, the edge EIP is used to access the Internet, which corresponds to the SNAT entry, and is used to be accessed from the Internet, which corresponds to the DNAT entry.
1. Associate an EIP with the NAT gateway.
  1. In the Actions column, choose > Associate Public IP Address.
  2. In the dialog box that appears, select the edge EIP and click OK.
    Note
    Before you associate a public IP address, make sure that you have created an edge EIP on the same node.
2. Configure a SNAT entry for the NAT gateway.
  1. In the Actions column, choose > Configure SNAT.
  2. On the Configure SNAT page, configure the parameters and click OK.
3. Verify that the NAT gateway can be used to access the Internet.
  Run the dig command.
  Note
  Do not run the ping command to test the connectivity. Using the ping command to access the Internet may fail if you do not perform additional configurations. Reasons:
  - ENS security groups contain different inbound rules by default. If an instance is added to a security group and no allow rules are configured for the instance, the response packet of the ping command is blocked.
  - NAT gateways of ENS do not provide the session persistence feature for the ICMP protocol.