Build a scalable, load balancing for moosocial on DigitalOcean

1. Create Droplets on Digital Ocean

Creating 4 droplets installed Centos 7 server  with private networking enable. We assume their ip follow the information below :

  • Droplet 1 ( It will be MySQL server ) with ip : 10.130.10.11
  • Droplet 2 ( It will be Redis server ) with ip : 10.130.10.12
  • Droplet 3 & 4 ( It will be Webserver) with ip : 10.130.10.13 & 10.130.10.14

Next step, we need to config private manual ip for each droplet ( refer link ) :

ifconfig -a   # for get ether value of eth1
vi /etc/sysconfig/network-scripts/ifcfg-eth1
# then entering the value below
DEVICE="eth1"
HWADDR=e6:76:13:3b:e7:1d  # get from ifconfig -a
IPADDR=10.130.10.11       # or 10.130.10.12/13/14
BOOTPROTO=none
ONBOOT="yes"
NETMASK=255.255.0.0
NM_CONTROLLED="yes"
IPV6INIT="no"
DEFROUTE="no"
 
# After editing , press ESC then typing : x then enter .
# Reboot.

2. Install MariaDB Database Server

2.1 Install Maria on Centos 7

sudo yum install mariadb-server
sudo systemctl start mariadb
sudo systemctl status mariadb
sudo systemctl enable mariadb
 
# After installing complete , set root account with password BJDHbOkoeqOOcYBNdLKU3XFnVrf5HXrFeSE9O7J .
# From root account , creates moo account with password pOkoeqOcYBNdLKU3XFnVIrf5HXrFeSE9O7J then granting remote access for droplet 3 & 4 .
 
CREATE USER moo@10.130.10.13;
GRANT ALL ON mooapp.* TO moo@10.130.10.13 IDENTIFIED BY 'pOkoeqOcYBNdLKU3XFnVIrf5HXrFeSE9O7J';
 
CREATE USER moo@10.130.10.14;
GRANT ALL ON mooapp.* TO moo@10.130.10.14 IDENTIFIED BY 'pOkoeqOcYBNdLKU3XFnVIrf5HXrFeSE9O7J';

2.2 Configuring and opening port Firewall

Notice that we don’t use the firewall is  provided by digitalOcean from web dashboard because it’s very simple firewall and we will get more dangerous in load balancer environment .

yum install firewalld
systemctl start firewalld
systemctl enable firewalld
firewall-cmd --get-services
firewall-cmd --zone=public --add-service=mysql --permanent
firewall-cmd --add-rich-rule 'rule family="ipv4" source address="10.130.10.13" service name="mysql" accept' --permanent
firewall-cmd --add-rich-rule 'rule family="ipv4" source address="10.130.10.14" service name="mysql" accept' --permanent
firewall-cmd --permanent --list-all
firewall-cmd --reload

2.3 Mysql tuner for increased performance and stability

https://github.com/major/MySQLTuner-perl

key_buffer_size = 25 to 30 percent of the total available memorytable_cache = max_connections x N  where N is the number of tables in a typical join

3. Install Redis Cache server ( It will be noSQL server in feature )

sudo yum install epel-release
sudo yum install redis -y
sudo systemctl start redis.service
sudo systemctl enable redis
sudo systemctl status redis.service
sudo systemctl restart redis.service
 
vi /etc/redis.conf # then finding and entering the text bellow
 
bind 10.130.10.12
requirepass o3rojmVIRja97qL/1iwPD1QMxoQcF/mDkg0bw81PreWpO8GviSTRsNYFlOXBDnW/6ez7VJql3S/muanq
 
# press ESC then typing :x then enter
sudo yum install firewalld
sudo systemctl start firewalld
sudo systemctl enable firewalld
sudo firewall-cmd --permanent --new-zone=redis
sudo firewall-cmd --permanent --zone=redis --add-port=6379/tcp
sudo firewall-cmd --permanent --zone=redis --add-source=10.130.10.13
sudo firewall-cmd --permanent --zone=redis --add-source=10.130.10.14

4. Install Nginx server and PHP-FPM and GlusterFS on droplet 3 & 4

Prepare tool Redis-cli and Mysql client for testing remote access from droplet 3&4 to 1 and 2

4.1 Install redis-cli

wget http://download.redis.io/releases/redis-5.0.5.tar.gz
tar xvzf redis-5.0.5.tar.gz
yum install tcl gcc
make redis-cli
 
# How to check remote connection to Redis server
cd /root/redis-5.0.5/src
./redis-cli -h 10.130.10.12
auth o3rojmVIRja97qL/1iwPD1QMxoQcF/mDkg0bw81PreWpO8GviSTRsNYFlOXBDnW/6ez7VJql3S/muanq
FLUSHALL
set test 1
get test

4.2 Install mysql client

yum install mysql
mysql -umoo -ppOkoeqOcYBNdLKU3XFnVIrf5HXrFeSE9O7J -h10.130.10.11

4.3 Install Nginx server

systemctl status nginx
systemctl start nginx
systemctl enable nginx
systemctl restart nginx
Nginx Default.config Sample
server {
listen 80 default_server;
listen [::]:80 default_server;
root /usr/share/nginx/html/app/webroot;
# Add index.php to the list if you are using PHP
index index.php ;
access_log /usr/share/nginx/log/access.log;
error_log /usr/share/nginx/log/error.log;
server_name _;
// ssl on;
// ssl_certificate /etc/nginx/ssl/ssl-bundle.crt;
// ssl_certificate_key /etc/nginx/ssl/moobookasia.key;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
# With php-fpm (or other unix sockets):
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index   index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ /\.ht {
deny all;
}
}

4.4 Install PHP-FPM

sudo yum install epel-release yum-utils
sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
sudo yum-config-manager --enable remi-php71
yum install php-fpm php-intl php-zip php-gd php-xml php-mysql php-mbstring php-redis php-curl php-xmlrpc php-json php-cli
 
systemctl enable php-fpm.service
systemctl start php-fpm.service
systemctl restart php-fpm.service
systemctl status php-fpm.service
 
vi /etc/php-fpm.d/www.conf
# user = apache to user = nginx
# group = apache to group = nginx
# listen.owner = nobody to listen.owner = nginx
# listen.group = nobody to listen.group = nginx
# And, lastly, change listen = 127.0.0.1:9000 to listen = /var/run/php-fpm/php-fpm.sock
 
systemctl restart php-fpm.service

4.5 Install GlusteFS

Refer link

yum -y install centos-release-gluster
yum -y install glusterfs-server
service glusterd start
systemctl enable glusterd
 
vi /etc/hosts
10.130.10.13 node1.domain.com node1
10.130.10.14 node2.domain.com node2
# press ESC then typing :x then enter
 
# On droplet 3
gluster peer probe node2 
gluster peer status
 
# On droplet 4
gluster peer probe node1
gluster peer status
gluster volume create shareddata replica 2 transport tcp node1:/shared-folder node2:/shared-folder force
gluster volume start shareddata
gluster volume info
# On droplet 3
gluster volume start shareddata
gluster volume info
# Mount
# On droplet 3
mkdir /mnt/glusterfs
echo "node1:/shareddata    /mnt/glusterfs/  glusterfs       defaults,_netdev        0 0" >> /etc/fstab
mount -a
df -h
ln -s /mnt/glusterfs/app/webroot/uploads /usr/share/nginx/html/app/webroot
ln -s /mnt/glusterfs/app/Config/plugins /usr/share/nginx/html/app/Config
# On droplet 4
mkdir /mnt/glusterfs
echo "node2:/shareddata    /mnt/glusterfs/  glusterfs       defaults,_netdev        0 0" >> /etc/fstab
mount -a
df -h
ln -s /mnt/glusterfs/app/webroot/uploads /usr/share/nginx/html/app/webroot
ln -s /mnt/glusterfs/app/Config/plugins /usr/share/nginx/html/app/Config

4.6 SELinux issues denies save files in webroot and remote  mysql connection

chcon -R -t httpd_sys_content_t /usr/share/nginx/html
chcon -R -t httpd_sys_content_rw_t /usr/share/nginx/html
chcon -R -t httpd_sys_content_rw_t /usr/share/nginx/log
# For remote connect mysql
setsebool -P httpd_can_network_connect 1

4.7 Configuring firewall

sudo yum install firewalld
sudo systemctl start firewalld
sudo systemctl enable firewalld
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
# GlusterFS configiruation
sudo firewall-cmd --permanent --new-zone=glusterd
sudo firewall-cmd --zone=glusterd --add-port=24007-24008/tcp --permanent
sudo firewall-cmd --zone=glusterd --add-port=24009/tcp --permanent
sudo firewall-cmd --zone=glusterd --add-service=nfs --add-service=samba --add-service=samba-client --permanent
sudo firewall-cmd --zone=glusterd --add-port=111/tcp --add-port=139/tcp --add-port=445/tcp --add-port=965/tcp --add-port=2049/tcp --add-port=38465-38469/tcp --add-port=631/tcp --add-port=111/udp --add-port=963/udp --add-port=49152-49251/tcp --permanent
sudo firewall-cmd --permanent --zone=glusterd --add-source=10.130.10.14 ( on droplet 3)
sudo firewall-cmd --permanent --zone=glusterd --add-source=10.130.10.13 ( on droplet 4)
sudo firewall-cmd --reload
Last Updated On July 18, 2019