Here is a new article written by our guest blogger, Charles Lacroix. This time he shares with us his test results on load-balancing with Smart Servers.
I recently had the occasion do a lot of tests on my Smart Servers. I installed several webmail software, I tested email relaying via the private network. I also experimented with reverse proxy and load balancing with lighttpd, nginx and varnish-cache. I enjoyed experimenting with mod_security and memcached. I also looked at graphs and monitoring solutions through various software sush as mrtg, cacti, monit, munin and nagios. Among all these interesting topics, deciding what I was going to blog on became a daunting task! I really enjoyed playing with mod_proxy and the private network connected to the Smart Server, so let’s go with that.
My scenario is quite simple: I have a customer who occasionally uses too many resources to be alone on his server. You know, those famous political columnist, they appears at the 6:00 pm news and boom! at 6:02 he receives a huge amount of traffic, the server slows down, people see that the site is behaving oddly, and become aggressive reload button clickers, believing it will help.
The setup I configured includes three servers. Ideally, it would take more than that, especially if the goal is to become redundant and failproof. Whether it’s a hardware failure, a network failure, an electrical failure or simply an update that goes wrong, the result is the same: A website DOWN= an unhappy customer!
On my back-end I had two web servers that could easily be hosted anywhere on the web. Here we use the Smart Server because the objective is to test and to use their private network. This adds a security layer so web 1 and web 2 don’t need to be directly accessible on the internet. In our case, the server is acting as load-balancing made of ProxyPass. This setup works quite well when the customer doesn’t do too many changes to his site, read: uploads images, changes the template, updates!
I isolated the /wp-admin/ directory so that it always falls on the same server, the proxy in my case and I configured a little cron with rsync to synchronize files every 10 minutes. At the moment, this scenario satisfies me, even though it is far from being ideal or perfect. There would be a way to automate a synchronization of files on all servers, but I have not really tried solutions such as FAM or DRBD.
Basically, I installed the standard wordpress on the server that makes the ProxyPass. Then I configured the site and installed the extensions and templates. I configured a SQL DB on this server, in our case it is also the proxy but it would be ideal to isolate it on its server or to an external database service like Xeround. In my WordPress, apache, mysql and memcached configurations, I always specify the internal private network IPs since all my servers at iWeb are Smart Servers. This eliminates traffic on the public network. It makes the setup much safer.
All servers have experienced a basic hardening that I have already given the outlines. They have iptables on both network interfaces and they not relay traffic between the two networks interfaces. They have the memcached service configured on the private network. It seems we never have enough of this cache.
On the web 1 and the web 2, I configured Apache to listen on the private network only, no ftp, bd or sql. I almost blocked all the traffic on the public network and I only authorized protocols used on the private network.
On the server facing Internet, I configured mysql to listen on the private network only, Apache and vsftpd, them, to listen to the public network. I set up the ssh keys so one can easily synchronize my DocumentRoot rsync. I then allowed time to receive the files. Minutes later, after the passage of cron, I end up with a beautiful WordPress installation! To add a web 3, 4, etc. becomes a child’s play.
On my servers, web 1 and web 2 I have a similar configuration using port 488 since it is already authorized in SeLinux.
This is the configuration I used on the proxy server:
If you have any comments or questions for Charles, you can post them in the comments section below.
You too can share your tests and configurations with the community! Contact us!
About Charles Lacroix: Self-educated and always looking for new challenges, Charles Lacroix is a Linux consultant at djj-consultants.com. He is drawn by computer secirity and by everything related to the Web. This article has originally been published on his blog horizonlinux.org and is published here with his authorization. Thank you Charles for sharing with the Community!