How do you build a high availability network using Always Free Resources?
Available resources from Oracle:
Oracle Always Free Tier includes
- 4 OCPU ARM server
- 24GB RAM
- 200 GB HDD
- 10TB outgoing traffic
- Load Balancer – 10Mb
- 10GB Object storage
Google Drive – for static resources like images, zip files, documents
Using these resources we will build 4 servers
app1 – web server
app2 – web server, MySQL server
app3 – web server
app4 – web server, MySQL server
Abbreviations used in this article
| Abbreviation | Description |
|---|---|
| VCN | Virtual Cloud Network |
| LB | Load Balancer |
| MySQL | MySQL Database Server |
| AD | Availability Domain |
| FD | Fault Domain |
Software Stack
During the setup we will use the below software to build our network
| Software | Description |
|---|---|
| Nginx | Webserver |
| WordPress | Web application CMS |
| Squid | Proxy server for outgoing traffic |
| MySQL | MySQL database server |
| OS | Oracle Linux |
Server Configuration
The server will be configured with specific software for our network
| Server | Applications |
|---|---|
| app1 | Nginx Squid |
| app2 | Nginx MySQL |
| app3 | Nginx |
| app4 | Nginx MySQL |
All 4 servers will have an Nginx webserver to increase the performance of the website
Two of the servers will share Nginx and MySQL services – on those servers we may have a little less performance but overall we are working with limited resources that we want to maximize.
Two of the servers will provide the MySQL database in Master-Master replication mode
app2-app4
/data – folder for all user data files
/data/www – nginx for web services (required updates to selinux)
/data/db – MySQL database folder (required updates to selinux)
Access to servers is through LB ports 3121-3124 over SSH. (Non standard port)
App1 server is our primary server which we will use for administration actions.
LB will always send all requests for /wp-admin to app1 server.
From this server, we will sync the file system with the other servers. It is important to keep all of the servers in sync so file systems like images, plugins for applications work correctly.
For images, documents, zip files, we can use our servers, but this will increase traffic. As we are using Always Free Tier then we want to stay with a low traffic use. Images, zip files will increase traffic usage so if we can use another source for those files it will lower our traffic use.
I will use google drive to provide all images. This way LB (10 MB) will provide only text based content which will increase throughput, decrease outgoing traffic and increase the max number of visitors.
SSH Key
To access the servers you need to provide a public SSH key during the server setup. You also have the option to generate and download keys during the setup process, but it’s easier is to prepare the key and have it ready on your PC.
Generate the SSH key to access the server:
- Windows – use putty keygen to generate an RSA key pair and save the public and private keys. Save the OpenSSH format of that key as you need to use that format during the creation of the new VM
- Linux – use ssh-keygen -b 2048 -t rsa add a passphrase to increase key security
High Availability Structure
Oracle Cloud is using Regions where their infrastructure was built. The region contains three data centers at least 10 miles apart called Availability Domain (AD). AD are connected with high-speed networks with low latency.
Each AD contains Three Fault Domain (FD).
To build a High available system we need to set servers in different Availability Domains and different Fault Domains.
What are we going to do?
We will create a Virtual Cloud Network, set 4 servers, install nginx, squid, MySQL, install WordPress Blog for website, set replication between servers to synchronize
- Setup compartment
- Setup VCN with private and public VCN
- Setup 4 server
Setting up required resources in Oracle Console
- Compartment – App
- Virtual Cloud Network – VCN 10.10.0.0/16 (use vizard)
- Subnet Public 10.10.1.0/24
- VM Instances
- ARM 1 OCPU 6 GB RAM
- app1
- AD1/FD1
- 10.10.1.11
- app2
- AD1/FD2
- 10.10.1.12
- app3
- AD2/FD2
- 10.10.1.13
- app4
- AD2/FD3
- 10.10.1.14
- app1
- Select Availability Domain 1 for server app1, app2
- Select Availability Domain 2 for servers app3, app4
- Set Network Security Group
- ARM 1 OCPU 6 GB RAM
- LB
- Network Security Group
- Ingress
- 0.0.0.0/0 port 80
- 0.0.0.0/0 port 443
- YOUR-IP/32 port 3121,3122,3123,3124 (for ssh access to back end servers)
- Ingress
- HTTP backend servers port 80: bk-http
- app1
- app2
- app3
- app4
- HTTP admin back end server: bk-admin
- app1
- Routing Policy
- /wp-admin – direct through bk-admin
- /wp-login.php – direct through bk-admin
- /.well-known – for Let’s encrypt ssl certificate generation
- Rule Set
- Redirect HTTP to HTTPS
- Network Security Group
- Security List
- Public subdomain
- Ingress Rules
- Org: 10.10.1.0/24 port: 22, 3128, 3310
- Remove 0.0.0.0/0 port 22 rule (secure your network)
- Egress Rules
- Dest: 10.10.1.0/24 port: 22, 3128, 3306
- Ingress Rules
- Public subdomain
Start your adventure with OCI by singing to OCI FREE account, you will get $300 credit to try all of the available resources and tools. After one month you will still be able to use the always free resources.
Next Create Compartment
0 Comments