In this tutorial series, we are setting up a highly available WordPress web site from scratch.
Part 1 – Introduction, Considerations, and Architecture
Part 2 – Ordering the VPSes
Part 3 – Ansible
Part 4 – Gluster
Part 5 – WordPress install
Part 6 – MariaDB Multi-Master
Part 7 – Round-Robin DNS, Let’s Encrypt, & Conclusion (this article)
All right, folks, we’re in the final leg of our journey! In this concluding part, we’ll setup the HA part of our HA setup.
Let’s start by getting Let’s Encrypt going. This will provide a free HTTPS certificate. One problem we have is that we have three web servers, all of which need to be able to answer with the lowend.party certificate. How can that happen? Gluster magic again.
On each node, stop nginx.
systemctl stop nginx
On node1, move the nginx and letsencrypt directories from /etc to our /gluster filesystem, and then create symlinks.
root@node1:/etc# mv nginx letsencrypt /gluster/ root@node1:/etc# ln -s /gluster/nginx /etc/nginx root@node1:/etc# ln -s /gluster/letsencrypt /etc/letsencrypt
On nodes 2 and 3, we just remove the directories in /etc and make the links because the directories and files are already in /gluster from teh previous step.
root@node2:~# rm -rf /etc/nginx /etc/letsencrypt root@node2:~# ln -s /gluster/nginx /etc/nginx root@node2:~# ln -s /gluster/letsencrypt /etc/letsencrypt
Now I’ll go to my DNS provider (I’m just using Porkbun’s hosted DNS here) and create the A record for node1 (5.78.68.150). For the moment, any browser (or certbot) going to www.lowend.party will just go to node1.
Let’s Encrypt Setup
Now let’s get our cert from Let’s Encrypt.
# certbot --authenticator webroot --installer nginx --webroot-path /web/www.lowend.party -d www.lowend.party Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for www.lowend.party Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/www.lowend.party/fullchain.pem Key is saved at: /etc/letsencrypt/live/www.lowend.party/privkey.pem This certificate expires on 2024-06-01. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. Deploying certificate Successfully deployed certificate for www.lowend.party to /etc/nginx/sites-enabled/www.lowend.party Congratulations! You have successfully enabled HTTPS on https://www.lowend.party - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
And that certificate is installed in our /gluster filesystem, which means it’s on all three nodes, and all three nodes’ Let’s Encrypt is pointed at that shared filesystem.
Round Robin DNS
Round Robin DNS (RRDNS) is a DNS feature that allows us to create multiple records for the same name. The way it works is that every time you query the name (www.lowend.party in this case), the DNS server returns all the records. Nowadays, browsers are smart about RRDNS so they’ll try one randomly. If it doesn’t respond, the browser will go on to a different result.
In our case, we’ll set RRDNS to return the three A records for our nodes.
# nslookup www.lowend.party Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: www.lowend.party Address: 5.78.74.126 Name: www.lowend.party Address: 5.78.68.150 Name: www.lowend.party Address: 5.78.91.194
Now we are in HA mode. If a browser queries www.lowend.party, decides to go to node1, and node1 is down, it’ll try node2 or node3, and this is transparent to the user.
Let’s try it:
Cool. Next I added an article and browsed again:
At this point, we can create content on any node, and it’s served from any node. Success!
I hope you enjoyed this tutorial. I enjoyed updating it from the 2024 iteration, and now am running this as my production setup.
Related Posts:
- The Awesome Curated Universe - December 17, 2024
- Win Authority: Cheap VPS Offers in Seattle ! - December 16, 2024
- I Don’t Have Time to Win the Hutter Prize, So Maybe You’d Like to Snag 500’000€ With My Idea - December 15, 2024
that is awesome solution.
Will woocommerce and all plugins work OK?
Can we manage this setup with rubcloud.io?