# Load balancer
The HTTP/s load balancer terminates HTTPS (TLS) for clients. It is configured with a certificate from your cloud provider or another CA, completes the TLS handshake, forwards traffic to Fabricate's application container, and exposes the application to the internet.
## AWS ALB
If you use AWS, you can create an Application Load Balancer with a TLS certificate in front of your Fabricate instance.
You can either:
* Use a free SSL/TLS certificate from AWS Certificate Manager
* Bring your own certificate
To configure the ALB:
1. In AWS Certificate Manager (ACM), issue a certificate for your hostname, such as `fabricate.example.com` , using a DNS or Email challenge.
2. Create new target group (at **EC2 / Load Balancing / Target Groups**) with:
* Protocol `HTTP`
* Port `3000`
* Health check path `/up`
3. Register the used Amazon EC2 instance in that target group.
4. Create a new application load balancer under **EC2 / Load Balancing / Load balancers** with:
* HTTPS (443) forwarding to the target group
* Optional HTTP (80) redirecting to HTTPS
* Previously issued ACM certificate for your domain
* Previously created target group with the Amazon EC2 instance
5. Allow `443` on the ALB security group.
6. Allow `3000` on the instance only from the ALB security group.
7. Point DNS for your hostname to the ALB CNAME / A / AAAA.
In Fabricate's **.env** file, set `FABRICATE_HOST` to the public hostname that the ALB serves. Do not include the internal application port.
For example:
```bash
FABRICATE_HOST="fabricate.example.com"
```
## Caddy
If you run Fabricate on a single VPS, you can use Caddy to terminate TLS on the server.
To configure Caddy:
1. Create an `A` or `AAAA` record for your Fabricate hostname that points to the server IP address.
2. Allow inbound TCP `80` and `443`.
3. Add a `caddy` service to your Docker Compose setup:
```yaml
services:
caddy:
image: caddy:latest
restart: unless-stopped
ports:
- '80:80'
- '443:443'
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- caddy_data:/data
- caddy_config:/config
extra_hosts:
- 'host.docker.internal:host-gateway'
networks:
- fabricate_internal
volumes:
caddy_data:
caddy_config:
```
4. In the same directory, create a `Caddyfile` configuration with a proxy to the `http://web:3000` container.\
\
Caddy uses ACME HTTP change to automatically issue and renew the certificate for your domain.
```
fabricate.example.com {
reverse_proxy http://web:3000
tls {
protocols tls1.2 tls1.3
}
}
```
5. Set `FABRICATE_HOST` in **.env** file to the public hostname:
```bash
FABRICATE_HOST="fabricate.example.com"
```
## Nginx
If you run Fabricate behind nginx, then on the `/cable` path, you must enable websocket connection upgrades.
For example:
```
location /cable {
proxy_pass fabricate;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
```
## Other load balancers / proxies
Other load balancer / proxy options include:
* Google Cloud Load Balancer
* Traefik
* Envoy
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.tonic.ai/fabricate/self-hosting-fabricate/configuring-fabricate/load-balancer.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.