1. Create Droplets on Digital Ocean
Creating 4 droplets installed Centos 7 server with private networking enable. We assume their ip follow the information below :
- Droplet 1 ( It will be MySQL server ) with ip : 10.130.10.11
- Droplet 2 ( It will be Redis server ) with ip : 10.130.10.12
- Droplet 3 & 4 ( It will be Webserver) with ip : 10.130.10.13 & 10.130.10.14
Next step, we need to config private manual ip for each droplet ( refer link ) :
ifconfig
-a
# for get ether value of eth1
vi
/etc/sysconfig/network-scripts/ifcfg-eth1
# then entering the value below
DEVICE=
"eth1"
HWADDR=e6:76:13:3b:e7:1d
# get from ifconfig -a
IPADDR=10.130.10.11
# or 10.130.10.12/13/14
BOOTPROTO=none
ONBOOT=
"yes"
NETMASK=255.255.0.0
NM_CONTROLLED=
"yes"
IPV6INIT=
"no"
DEFROUTE=
"no"
# After editing , press ESC then typing : x then enter .
# Reboot.
2. Install MariaDB Database Server
2.1 Install Maria on Centos 7
sudo
yum
install
mariadb-server
sudo
systemctl start mariadb
sudo
systemctl status mariadb
sudo
systemctl
enable
mariadb
# After installing complete , set root account with password yourpass .
# From root account , creates moo account with password yourpass then granting remote access for droplet 3 & 4 .
CREATE USER moo@10.130.10.13;
GRANT ALL ON mooapp.* TO moo@10.130.10.13 IDENTIFIED BY
'yourpass'
;
CREATE USER moo@10.130.10.14;
GRANT ALL ON mooapp.* TO moo@10.130.10.14 IDENTIFIED BY
'yourpass'
;
2.2 Configuring and opening port Firewall
Notice that we don’t use the firewall is provided by digitalOcean from web dashboard because it’s very simple firewall and we will get more dangerous in load balancer environment .
yum
install
firewalld
systemctl start firewalld
systemctl
enable
firewalld
firewall-cmd --get-services
firewall-cmd --zone=public --add-service=mysql --permanent
firewall-cmd --add-rich-rule
'rule family="ipv4" source address="10.130.10.13" service name="mysql" accept'
--permanent
firewall-cmd --add-rich-rule
'rule family="ipv4" source address="10.130.10.14" service name="mysql" accept'
--permanent
firewall-cmd --permanent --list-all
firewall-cmd --reload
2.3 Mysql tuner for increased performance and stability
https://github.com/major/MySQLTuner-perl
3. Install Redis Cache server ( It will be noSQL server in feature )
sudo
yum
install
epel-release
sudo
yum
install
redis -y
sudo
systemctl start redis.service
sudo
systemctl
enable
redis
sudo
systemctl status redis.service
sudo
systemctl restart redis.service
vi
/etc/redis
.conf
# then finding and entering the text bellow
bind 10.130.10.12
requirepass yourpass
# press ESC then typing then enter
sudo
yum
install
firewalld
sudo
systemctl start firewalld
sudo
systemctl
enable
firewalld
sudo
firewall-cmd --permanent --new-zone=redis
sudo
firewall-cmd --permanent --zone=redis --add-port=6379
/tcp
sudo
firewall-cmd --permanent --zone=redis --add-
source
=10.130.10.13
sudo
firewall-cmd --permanent --zone=redis --add-
source
=10.130.10.14
4. Install Nginx server and PHP-FPM and GlusterFS on droplet 3 & 4
Prepare tool Redis-cli and Mysql client for testing remote access from droplet 3&4 to 1 and 2
4.1 Install redis-cli
wget http:
//download
.redis.io
/releases/redis-5
.0.5.
tar
.gz
tar
xvzf redis-5.0.5.
tar
.gz
yum
install
tcl gcc
make
redis-cli
# How to check remote connection to Redis server
cd
/root/redis-5
.0.5
/src
.
/redis-cli
-h 10.130.10.12
auth yourpass
FLUSHALL
set
test
1
get
test
4.2 Install mysql client
yum
install
mysql
mysql -umoo -pyourpass -h10.130.10.11
4.3 Install Nginx server
systemctl status nginx
systemctl start nginx
systemctl
enable
nginx
systemctl restart nginx
server {
listen
80
default_server;
listen [::]:
80
default_server;
root /usr/share/nginx/html/app/webroot;
# Add index.php to the list
if
you are using PHP
index index.php ;
access_log /usr/share/nginx/log/access.log;
error_log /usr/share/nginx/log/error.log;
server_name _;
// ssl on;
// ssl_certificate /etc/nginx/ssl/ssl-bundle.crt;
// ssl_certificate_key /etc/nginx/ssl/yourkey.key;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
# With php-fpm (or other unix sockets):
try_files $uri =
404
;
include
/etc/nginx/fastcgi_params;
fastcgi_pass unix:/
var
/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ /\.ht {
deny all;
}
}
4.4 Install PHP-FPM
sudo
yum
install
epel-release yum-utils
sudo
yum
install
http:
//rpms
.remirepo.net
/enterprise/remi-release-7
.rpm
sudo
yum-config-manager --
enable
remi-php71
yum
install
php-fpm php-intl php-zip php-gd php-xml php-mysql php-mbstring php-redis php-curl php-xmlrpc php-json php-cli
systemctl
enable
php-fpm.service
systemctl start php-fpm.service
systemctl restart php-fpm.service
systemctl status php-fpm.service
vi
/etc/php-fpm
.d
/www
.conf
# user = apache to user = nginx
# group = apache to group = nginx
# listen.owner = nobody to listen.owner = nginx
# listen.group = nobody to listen.group = nginx
# And, lastly, change listen = 127.0.0.1:9000 to listen = /var/run/php-fpm/php-fpm.sock
systemctl restart php-fpm.service
4.5 Install GlusteFS
Refer link
yum -y
install
centos-release-gluster
yum -y
install
glusterfs-server
service glusterd start
systemctl
enable
glusterd
vi
/etc/hosts
10.130.10.13 node1.domain.com node1
10.130.10.14 node2.domain.com node2
# press ESC then typing then enter
# On droplet 3
gluster peer probe node2
gluster peer status
# On droplet 4
gluster peer probe node1
gluster peer status
gluster volume create shareddata replica 2 transport tcp node1:
/shared-folder
node2:
/shared-folder
force
gluster volume start shareddata
gluster volume info
# On droplet 3
gluster volume start shareddata
gluster volume info
# Mount
# On droplet 3
mkdir
/mnt/glusterfs
echo
"node1:/shareddata /mnt/glusterfs/ glusterfs defaults,_netdev 0 0"
>>
/etc/fstab
mount
-a
df
-h
ln
-s
/mnt/glusterfs/app/webroot/uploads
/usr/share/nginx/html/app/webroot
ln
-s
/mnt/glusterfs/app/Config/plugins
/usr/share/nginx/html/app/Config
# On droplet 4
mkdir
/mnt/glusterfs
echo
"node2:/shareddata /mnt/glusterfs/ glusterfs defaults,_netdev 0 0"
>>
/etc/fstab
mount
-a
df
-h
ln
-s
/mnt/glusterfs/app/webroot/uploads
/usr/share/nginx/html/app/webroot
ln
-s
/mnt/glusterfs/app/Config/plugins
/usr/share/nginx/html/app/Config
4.6 SELinux issues denies save files in webroot and remote mysql connection
chcon -R -t httpd_sys_content_t
/usr/share/nginx/html
chcon -R -t httpd_sys_content_rw_t
/usr/share/nginx/html
chcon -R -t httpd_sys_content_rw_t
/usr/share/nginx/log
# For remote connect mysql
setsebool -P httpd_can_network_connect 1
4.7 Configuring firewall
sudo
yum
install
firewalld
sudo
systemctl start firewalld
sudo
systemctl
enable
firewalld
sudo
firewall-cmd --permanent --add-service=
ssh
sudo
firewall-cmd --permanent --add-service=http
sudo
firewall-cmd --permanent --add-service=https
sudo
firewall-cmd --reload
# GlusterFS configiruation
sudo
firewall-cmd --permanent --new-zone=glusterd
sudo
firewall-cmd --zone=glusterd --add-port=24007-24008
/tcp
--permanent
sudo
firewall-cmd --zone=glusterd --add-port=24009
/tcp
--permanent
sudo
firewall-cmd --zone=glusterd --add-service=nfs --add-service=samba --add-service=samba-client --permanent
sudo
firewall-cmd --zone=glusterd --add-port=111
/tcp
--add-port=139
/tcp
--add-port=445
/tcp
--add-port=965
/tcp
--add-port=2049
/tcp
--add-port=38465-38469
/tcp
--add-port=631
/tcp
--add-port=111
/udp
--add-port=963
/udp
--add-port=49152-49251
/tcp
--permanent
sudo
firewall-cmd --permanent --zone=glusterd --add-
source
=10.130.10.14 ( on droplet 3)
sudo
firewall-cmd --permanent --zone=glusterd --add-
source
=10.130.10.13 ( on droplet 4)
sudo
firewall-cmd --reload