LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

Setup a Highly Available Wordpress Site From Scratch, 2024 Edition! Part 7: Round-Robin DNS, Let’s Encrypt, & Conclusion

Highly Available WordPress

In this tutorial series, we are setting up a highly available WordPress web site from scratch. 

Part 1 – Introduction, Considerations, and Architecture
Part 2 – Ordering the VPSes 
Part 3 – Ansible
Part 4 – Gluster
Part 5 – WordPress install
Part 6 – MariaDB Multi-Master
Part 7 – Round-Robin DNS, Let’s Encrypt, & Conclusion (this article)

All right, folks, we’re in the final leg of our journey!  In this concluding part, we’ll setup the HA part of our HA setup.

Let’s start by getting Let’s Encrypt going.  This will provide a free HTTPS certificate.  One problem we have is that we have three web servers, all of which need to be able to answer with the lowend.party certificate.  How can that happen?  Gluster magic again.

On each node, stop nginx.

systemctl stop nginx

On node1, move the nginx and letsencrypt directories from /etc to our /gluster filesystem, and then create symlinks.

root@node1:/etc# mv nginx letsencrypt /gluster/
root@node1:/etc# ln -s /gluster/nginx /etc/nginx
root@node1:/etc# ln -s /gluster/letsencrypt /etc/letsencrypt

On nodes 2 and 3, we just remove the directories in /etc and make the links because the directories and files are already in /gluster from teh previous step.

root@node2:~# rm -rf /etc/nginx /etc/letsencrypt
root@node2:~# ln -s /gluster/nginx /etc/nginx
root@node2:~# ln -s /gluster/letsencrypt /etc/letsencrypt

Now I’ll go to my DNS provider (I’m just using Porkbun’s hosted DNS here) and create the A record for node1 (5.78.68.150).  For the moment, any browser (or certbot) going to www.lowend.party will just go to node1.

Let’s Encrypt Setup

Now let’s get our cert from Let’s Encrypt.

# certbot --authenticator webroot --installer nginx --webroot-path /web/www.lowend.party -d www.lowend.party
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for www.lowend.party

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/www.lowend.party/fullchain.pem
Key is saved at: /etc/letsencrypt/live/www.lowend.party/privkey.pem
This certificate expires on 2024-06-01.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for www.lowend.party to /etc/nginx/sites-enabled/www.lowend.party
Congratulations! You have successfully enabled HTTPS on https://www.lowend.party

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

And that certificate is installed in our /gluster filesystem, which means it’s on all three nodes, and all three nodes’ Let’s Encrypt is pointed at that shared filesystem.

Round Robin DNS

Round Robin DNS (RRDNS) is a DNS feature that allows us to create multiple records for the same name.  The way it works is that every time you query the name (www.lowend.party in this case), the DNS server returns all the records.  Nowadays, browsers are smart about RRDNS so they’ll try one randomly.  If it doesn’t respond, the browser will go on to a different result.

In our case, we’ll set RRDNS to return the three A records for our nodes.

# nslookup www.lowend.party
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
Name: www.lowend.party
Address: 5.78.74.126
Name: www.lowend.party
Address: 5.78.68.150
Name: www.lowend.party
Address: 5.78.91.194

Now we are in HA mode.  If a browser queries www.lowend.party, decides to go to node1, and node1 is down, it’ll try node2 or node3, and this is transparent to the user.

Let’s try it:

Wordpress Success 1

Cool.  Next I added an article and browsed again:

Wordpress Success

At this point, we can create content on any node, and it’s served from any node.  Success!

I hope you enjoyed this tutorial.  I enjoyed updating it from the 2024 iteration, and now am running this as my production setup.

raindog308

1 Comment

  1. Ned:

    that is awesome solution.
    Will woocommerce and all plugins work OK?
    Can we manage this setup with rubcloud.io?

    June 5, 2024 @ 1:41 pm | Reply

Leave a Reply

Some notes on commenting on LowEndBox:

  • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
  • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
  • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

Your email address will not be published. Required fields are marked *