How do you build a high availability network using Always Free Resources?

Available resources from Oracle:

Oracle Always Free Tier includes

  • 4 OCPU ARM server
  • 24GB RAM
  • 200 GB HDD 
  • 10TB outgoing traffic
  • Load Balancer – 10Mb
  • 10GB Object storage

Google Drive – for static resources like images, zip files, documents

Using these resources we will build 4 servers

app1 – web server
app2 – web server, MySQL server
app3 – web server
app4 – web server, MySQL server

Abbreviations used in this article

AbbreviationDescription
VCNVirtual Cloud Network
LBLoad Balancer
MySQLMySQL Database Server
ADAvailability Domain
FDFault Domain
Table 1

Software Stack

During the setup we will use the below software to build our network

SoftwareDescription
NginxWebserver
WordPressWeb application CMS
SquidProxy server for outgoing traffic
MySQLMySQL database server
OSOracle Linux
Table 2

Server Configuration

The server will be configured with specific software for our network

ServerApplications
app1Nginx
Squid
app2Nginx
MySQL
app3Nginx
app4Nginx
MySQL

All 4 servers will have an Nginx webserver to increase the performance of the website

Two of the servers will share Nginx and MySQL services – on those servers we may have a little less performance but overall we are working with limited resources that we want to maximize.

Two of the servers will provide the MySQL database in Master-Master replication mode

app2-app4

/data – folder for all user data files 
/data/www – nginx for web services (required updates to selinux)
/data/db – MySQL database folder (required updates to selinux)

Access to servers is through LB ports 3121-3124 over SSH. (Non standard port)

App1 server is our primary server which we will use for administration actions. 

LB will always send all requests for /wp-admin to app1 server. 

From this server, we will sync the file system with the other servers. It is important to keep all of the servers in sync so file systems like images, plugins for applications work correctly.

For images, documents, zip files, we can use our servers, but this will increase traffic. As we are using Always Free Tier then we want to stay with a low traffic use. Images, zip files will increase traffic usage so if we can use another source for those files it will lower our traffic use.

I will use google drive to provide all images. This way LB (10 MB) will provide only text based content which will increase throughput, decrease outgoing traffic and increase the max number of visitors.

SSH Key

To access the servers you need to provide a public SSH key during the server setup. You also have the option to generate and download keys during the setup process, but it’s easier is to prepare the key and have it ready on your PC.

Generate the SSH key to access the server:

  1. Windows – use putty keygen to generate an RSA key pair and save the public and private keys. Save the OpenSSH format of that key as you need to use that format during the creation of the new VM
  2. Linux – use ssh-keygen -b 2048 -t rsa add a passphrase to increase key security

High Availability Structure

Oracle Cloud is using Regions where their infrastructure was built. The region contains three data centers at least 10 miles apart called Availability Domain (AD). AD are connected with high-speed networks with low latency.
Each AD contains Three Fault Domain (FD).

To build a High available system we need to set servers in different Availability Domains and different Fault Domains.

What are we going to do?

We will create a Virtual Cloud Network, set 4 servers, install nginx, squid, MySQL, install WordPress Blog for website, set replication between servers to synchronize

  1. Setup compartment
  2. Setup VCN with private and public VCN
  3. Setup 4 server

Setting up required resources in Oracle Console

  1. Compartment – App
  2. Virtual Cloud Network – VCN 10.10.0.0/16 (use vizard)
    1. Subnet Public 10.10.1.0/24
  3. VM Instances
    1. ARM 1 OCPU 6 GB RAM 
      1. app1 
        1. AD1/FD1
        2. 10.10.1.11
      2. app2
        1. AD1/FD2
        2. 10.10.1.12
      3. app3
        1. AD2/FD2
        2. 10.10.1.13
      4. app4
        1. AD2/FD3
        2. 10.10.1.14
    2. Select Availability Domain 1 for server app1, app2
    3. Select Availability Domain 2 for servers app3, app4  
    4. Set Network Security Group
  4. LB
    1. Network Security Group
      1. Ingress 
        1. 0.0.0.0/0 port 80
        2. 0.0.0.0/0 port 443
        3. YOUR-IP/32 port 3121,3122,3123,3124 (for ssh access to back end servers)
    2. HTTP backend servers port 80: bk-http
      1. app1
      2. app2 
      3. app3
      4. app4
    3. HTTP admin back end server: bk-admin
      1. app1
    4. Routing Policy 
      1. /wp-admin – direct through bk-admin
      2. /wp-login.php – direct through bk-admin
      3. /.well-known – for Let’s encrypt ssl certificate generation
    5. Rule Set
      1. Redirect HTTP to HTTPS
  5. Security List
    1. Public subdomain
      1. Ingress Rules
        1. Org: 10.10.1.0/24 port: 22, 3128, 3310
        2. Remove 0.0.0.0/0 port 22 rule (secure your network)
      2. Egress Rules
        1. Dest: 10.10.1.0/24 port: 22, 3128, 3306

Start your adventure with OCI by singing to OCI FREE account, you will get $300 credit to try all of the available resources and tools. After one month you will still be able to use the always free resources.

Next Create Compartment


Mariusz Antonik

Working with high availability network supporting high traffic application

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *