1. Create Droplets on Digital Ocean
Creating 4 droplets installed Centos 7 server with private networking enable. We assume their ip follow the information below :
- Droplet 1 ( It will be MySQL server ) with ip : 10.130.10.11
- Droplet 2 ( It will be Redis server ) with ip : 10.130.10.12
- Droplet 3 & 4 ( It will be Webserver) with ip : 10.130.10.13 & 10.130.10.14
Next step, we need to config private manual ip for each droplet ( refer link ) :
ifconfig -a # for get ether value of eth1vi /etc/sysconfig/network-scripts/ifcfg-eth1# then entering the value below DEVICE="eth1"HWADDR=e6:76:13:3b:e7:1d # get from ifconfig -a IPADDR=10.130.10.11 # or 10.130.10.12/13/14BOOTPROTO=noneONBOOT="yes"NETMASK=255.255.0.0NM_CONTROLLED="yes"IPV6INIT="no"DEFROUTE="no" # After editing , press ESC then typing : x then enter .# Reboot.2. Install MariaDB Database Server
2.1 Install Maria on Centos 7
sudo yum install mariadb-server sudo systemctl start mariadb sudo systemctl status mariadb sudo systemctl enable mariadb # After installing complete , set root account with password yourpass . # From root account , creates moo account with password yourpass then granting remote access for droplet 3 & 4 . CREATE USER moo@10.130.10.13; GRANT ALL ON mooapp.* TO moo@10.130.10.13 IDENTIFIED BY 'yourpass'; CREATE USER moo@10.130.10.14; GRANT ALL ON mooapp.* TO moo@10.130.10.14 IDENTIFIED BY 'yourpass';2.2 Configuring and opening port Firewall
Notice that we don’t use the firewall is provided by digitalOcean from web dashboard because it’s very simple firewall and we will get more dangerous in load balancer environment .
yum install firewalld systemctl start firewalldsystemctl enable firewalldfirewall-cmd --get-servicesfirewall-cmd --zone=public --add-service=mysql --permanentfirewall-cmd --add-rich-rule 'rule family="ipv4" source address="10.130.10.13" service name="mysql" accept' --permanentfirewall-cmd --add-rich-rule 'rule family="ipv4" source address="10.130.10.14" service name="mysql" accept' --permanentfirewall-cmd --permanent --list-all firewall-cmd --reload2.3 Mysql tuner for increased performance and stability
https://github.com/major/MySQLTuner-perl
key_buffer_size = 25 to 30 percent of the total available memorytable_cache = max_connections x N where N is the number of tables in a typical join
3. Install Redis Cache server ( It will be noSQL server in feature )
sudo yum install epel-release sudo yum install redis -y sudo systemctl start redis.servicesudo systemctl enable redis sudo systemctl status redis.service sudo systemctl restart redis.service vi /etc/redis.conf # then finding and entering the text bellow bind 10.130.10.12requirepass yourpass # press ESC then typing 
then enter sudo yum install firewalld sudo systemctl start firewalldsudo systemctl enable firewalldsudo firewall-cmd --permanent --new-zone=redis sudo firewall-cmd --permanent --zone=redis --add-port=6379/tcpsudo firewall-cmd --permanent --zone=redis --add-source=10.130.10.13 sudo firewall-cmd --permanent --zone=redis --add-source=10.130.10.14 4. Install Nginx server and PHP-FPM and GlusterFS on droplet 3 & 4
Prepare tool Redis-cli and Mysql client for testing remote access from droplet 3&4 to 1 and 2
4.1 Install redis-cli
wget http://download.redis.io/releases/redis-5.0.5.tar.gz tar xvzf redis-5.0.5.tar.gz yum install tcl gcc make redis-cli # How to check remote connection to Redis server cd /root/redis-5.0.5/src./redis-cli -h 10.130.10.12 auth yourpassFLUSHALLset test 1 get test4.2 Install mysql client
yum install mysqlmysql -umoo -pyourpass -h10.130.10.114.3 Install Nginx server
systemctl status nginx systemctl start nginx systemctl enable nginx systemctl restart nginxNginx Default.config Sample
server {listen 80 default_server;listen [::]:80 default_server;root /usr/share/nginx/html/app/webroot;# Add index.php to the list if you are using PHPindex index.php ;access_log /usr/share/nginx/log/access.log;error_log /usr/share/nginx/log/error.log;server_name _;// ssl on;// ssl_certificate /etc/nginx/ssl/ssl-bundle.crt;// ssl_certificate_key /etc/nginx/ssl/yourkey.key;location / {try_files $uri $uri/ /index.php?$args;}location ~ \.php$ {# With php-fpm (or other unix sockets):try_files $uri =404;include /etc/nginx/fastcgi_params;fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;}location ~ /\.ht {deny all;}}4.4 Install PHP-FPM
sudo yum install epel-release yum-utils sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpmsudo yum-config-manager --enable remi-php71yum install php-fpm php-intl php-zip php-gd php-xml php-mysql php-mbstring php-redis php-curl php-xmlrpc php-json php-cli systemctl enable php-fpm.service systemctl start php-fpm.service systemctl restart php-fpm.service systemctl status php-fpm.service vi /etc/php-fpm.d/www.conf# user = apache to user = nginx # group = apache to group = nginx # listen.owner = nobody to listen.owner = nginx # listen.group = nobody to listen.group = nginx # And, lastly, change listen = 127.0.0.1:9000 to listen = /var/run/php-fpm/php-fpm.sock systemctl restart php-fpm.service4.5 Install GlusteFS
Refer link
yum -y install centos-release-gluster yum -y install glusterfs-server service glusterd start systemctl enable glusterd vi /etc/hosts10.130.10.13 node1.domain.com node110.130.10.14 node2.domain.com node2# press ESC then typing then enter # On droplet 3 gluster peer probe node2 gluster peer status # On droplet 4gluster peer probe node1 gluster peer status gluster volume create shareddata replica 2 transport tcp node1:/shared-folder node2:/shared-folder forcegluster volume start shareddatagluster volume info# On droplet 3gluster volume start shareddatagluster volume info# Mount # On droplet 3mkdir /mnt/glusterfsecho "node1:/shareddata /mnt/glusterfs/ glusterfs defaults,_netdev 0 0" >> /etc/fstabmount -adf -hln -s /mnt/glusterfs/app/webroot/uploads /usr/share/nginx/html/app/webrootln -s /mnt/glusterfs/app/Config/plugins /usr/share/nginx/html/app/Config# On droplet 4mkdir /mnt/glusterfsecho "node2:/shareddata /mnt/glusterfs/ glusterfs defaults,_netdev 0 0" >> /etc/fstabmount -adf -hln -s /mnt/glusterfs/app/webroot/uploads /usr/share/nginx/html/app/webrootln -s /mnt/glusterfs/app/Config/plugins /usr/share/nginx/html/app/Config4.6 SELinux issues denies save files in webroot and remote mysql connection
chcon -R -t httpd_sys_content_t /usr/share/nginx/htmlchcon -R -t httpd_sys_content_rw_t /usr/share/nginx/htmlchcon -R -t httpd_sys_content_rw_t /usr/share/nginx/log# For remote connect mysql setsebool -P httpd_can_network_connect 14.7 Configuring firewall
sudo yum install firewalld sudo systemctl start firewalldsudo systemctl enable firewalldsudo firewall-cmd --permanent --add-service=sshsudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --permanent --add-service=httpssudo firewall-cmd --reload# GlusterFS configiruationsudo firewall-cmd --permanent --new-zone=glusterd sudo firewall-cmd --zone=glusterd --add-port=24007-24008/tcp --permanent sudo firewall-cmd --zone=glusterd --add-port=24009/tcp --permanent sudo firewall-cmd --zone=glusterd --add-service=nfs --add-service=samba --add-service=samba-client --permanent sudo firewall-cmd --zone=glusterd --add-port=111/tcp --add-port=139/tcp --add-port=445/tcp --add-port=965/tcp --add-port=2049/tcp --add-port=38465-38469/tcp --add-port=631/tcp --add-port=111/udp --add-port=963/udp --add-port=49152-49251/tcp --permanent sudo firewall-cmd --permanent --zone=glusterd --add-source=10.130.10.14 ( on droplet 3) sudo firewall-cmd --permanent --zone=glusterd --add-source=10.130.10.13 ( on droplet 4) sudo firewall-cmd --reload
