{"id":1093,"date":"2021-04-19T10:00:46","date_gmt":"2021-04-19T08:00:46","guid":{"rendered":"https:\/\/devpath.pro\/?p=1093"},"modified":"2021-04-19T10:00:46","modified_gmt":"2021-04-19T08:00:46","slug":"save-yourself-from-a-disaster-5-redundancy-of-web-servers","status":"publish","type":"post","link":"https:\/\/fabiocicerchia.it\/web\/save-yourself-from-a-disaster-5-redundancy-of-web-servers","title":{"rendered":"Save yourself from a disaster #5: Redundancy of Web Servers"},"content":{"rendered":"<p style=\"text-align: center;\">This is the fifth part of the series <a href=\"https:\/\/devpath.pro\/web\/save-yourself-from-a-disaster-redundancy-on-a-budget\/\">Save yourself from a disaster: Redundancy on a budget<\/a>.<\/p>\n<p>How can we make sure our second most important asset is safely secured in case of a disaster?<\/p>\n<p>We could mainly 3 things:<\/p>\n<ul>\n<li>Duplicate VM<\/li>\n<li>Docker<\/li>\n<li>Kubernetes<\/li>\n<\/ul>\n<p><!--more--><\/p>\n<div style=\"border: 1px solid darkyellow; background: lightyellow; padding: 0.5em; line-height: 0.9em;\"><small><strong>Disclaimer<\/strong><br \/>\nThis guide won&#8217;t cover everything, it won&#8217;t be a comprehensive guide, and the steps that are shown need to be carefully reviewed and tested in your development\/pre-production environment. I don&#8217;t take any responsibility for any damage, interruption of service nor leak\/loss of data for the use of the instructions in the ebook (nor from any external website I&#8217;ve mentioned).<\/small><\/div>\n<h2>Duplicate VM<\/h2>\n<p>Nowadays many cloud providers (also virtualization platforms) are giving you the possibility to take a snapshot of the VM and then restore\/clone it. I&#8217;ll not cover it in this tutorial as we&#8217;ll increase the overall cost of the infrastructure. Although, sometimes (based on the application) it can be very time-saving doing a clone of the VM compared to the other method I&#8217;m proposing here below.<\/p>\n<h2>Docker<\/h2>\n<p>We live in 2021, everyone is running containers and wishing to have a k8s cluster to play with. So, let&#8217;s convert the simple applications into containers, there are a lot of already-ready containers on <a href=\"https:\/\/hub.docker.com\/\">Docker Hub.<\/a><\/p>\n<p><strong>Docker Swarm<\/strong><\/p>\n<p>Let&#8217;s start nice and easy, with <a href=\"https:\/\/docs.docker.com\/engine\/swarm\/key-concepts\/\">Docker Swarm<\/a> (which eliminates the extra complexity of Kubernetes) on ONE node (then we can <a href=\"https:\/\/opsani.com\/blog\/scale-up-vs-scale-out-whats-the-difference\">scale out<\/a> as much as we like).<\/p>\n<p>First, <a href=\"https:\/\/dev.vividbreeze.com\/docker-swarm-single-node\/\">setup your nodes<\/a>, I&#8217;m going to use standard images for my dockerized infrastructure, no custom images (for now &#8211; I&#8217;ve got pretty simple configurations). I&#8217;ve picked <a href=\"https:\/\/bitnami.com\/stacks\/containers\">bitnami images<\/a>, as they cover a lot of scenarios and provide pre-packaged images for most of the popular server software (<a href=\"https:\/\/github.com\/bitnami\/bitnami-docker-nginx#why-use-bitnami-images\">more reasons why pick them<\/a>).<\/p>\n<p>If you really want to start using custom images you could publish them publicly for free on Docker Hub (but has got recently <a href=\"https:\/\/www.docker.com\/increase-rate-limits\">some limitations<\/a>) or on <a href=\"https:\/\/canister.io\/solo\">Canister<\/a>. After the announcement from Docker Hub about limiting the rates of pull, AWS decided to offer <a href=\"https:\/\/aws.amazon.com\/about-aws\/whats-new\/2020\/12\/announcing-amazon-ecr-public-and-amazon-ecr-public-gallery\/\">public repositories<\/a> (and they are <a href=\"https:\/\/aws.amazon.com\/ecr\/pricing\/#Data_transferred_from_public_repositories.3A\">almost free<\/a> if you don&#8217;t exceed 500GB\/month when not logged or 5TB\/month when logged).<\/p>\n<p><strong>Docker Compose<\/strong><\/p>\n<p>This is an example of a WordPress website configured with docker-compose:<\/p>\n<pre>version: \"3.9\"\n\nservices:\n  wordpress:\n    image: wordpress:5.7.0\n    ports:\n      - 8000:80\n    deploy:\n      replicas: 1\n      restart_policy:\n        condition: on-failure\n    extra_hosts:\n      - \"host.docker.internal:host-gateway\"\n    environment:\n      WORDPRESS_DB_HOST: host.docker.internal:3306\n      WORDPRESS_DB_USER: ***\n      WORDPRESS_DB_PASSWORD: ***\n      WORDPRESS_DB_NAME: ***\n    volumes:\n      - \/path\/to\/wp-content:\/var\/www\/html\/wp-content\n    healthcheck:\n      test: [\"CMD\", \"curl\", \"-f\", \"http:\/\/localhost\"]\n      interval: 30s\n      timeout: 10s\n      retries: 3\n<\/pre>\n<p><strong>Ingress<\/strong><\/p>\n<p>When using Docker Swarm with lots of containers and services (which bounds a dedicated port), you&#8217;ll need an ingress system to sort the requests to the right service. You could use one of the 2 most used solutions: <a href=\"https:\/\/www.nginx.com\/blog\/docker-swarm-load-balancing-nginx-plus\/\">Nginx<\/a> or <a href=\"https:\/\/dockerswarm.rocks\/traefik\/\">Traefik<\/a>.<br \/>\nI decided to use a simple <a href=\"https:\/\/hub.docker.com\/r\/bitnami\/nginx\/\">bitnami\/nginx<\/a> with a custom config (pretty straightforward <a href=\"http:\/\/nginx.org\/en\/docs\/http\/load_balancing.html\">proxy<\/a>):<\/p>\n<pre>version: \"3.9\"\n\nservices:\n  client:\n    image: bitnami\/nginx:1.19.8\n    ports:\n      - 80:8080\n      - 443:8443\n    deploy:\n      replicas: 2\n      restart_policy:\n        condition: on-failure\n    extra_hosts:\n      - \"host.docker.internal:host-gateway\"\n    volumes:\n      - \/root\/docker-compose\/nginx\/lb.conf:\/opt\/bitnami\/nginx\/conf\/server_blocks\/lb.conf:ro\n      - \/etc\/letsencrypt:\/etc\/letsencrypt\n<\/pre>\n<p><strong>TLS Termination<\/strong><\/p>\n<p>This is the tricky part. If you have already bought the certificates (eg. from <a href=\"https:\/\/www.ssls.com\/\">SSLs<\/a>) you&#8217;re good for 1 year (at least). If you don&#8217;t want to buy them and want to rely on <a href=\"https:\/\/letsencrypt.org\/\">Let&#8217;s Encrypt<\/a>, you&#8217;ll need to be ready to sweat a bit to set it up. Setting it up on one node is pretty simple, but if you need to replicate it on multiple nodes then you need to <a href=\"https:\/\/community.letsencrypt.org\/t\/how-should-we-manage-same-certs-on-multiple-servers\/85495\/2\">start being creative<\/a>.<\/p>\n<p>One proposed solution would be having a primary node that generates (or renews) the certificate(s) and then it&#8217;ll spread them to the other servers:<\/p>\n<pre>rsync -e \"ssh -i $HOME\/.ssh\/somekey\" -auv --progress \/etc\/letsencrypt\/ syncerssl@&lt;IP2&gt;:\/etc\/letsencrypt\nrsync -e \"ssh -i $HOME\/.ssh\/somekey\" -auv --progress \/etc\/letsencrypt\/ syncerssl@&lt;IP3&gt;:\/etc\/letsencrypt\n<\/pre>\n<h2>Kubernetes<\/h2>\n<p><span style=\"font-weight: 400;\">Kubernetes is more complex and require more time to configure it, but once done there could be no vendor lock-in for you (as many providers are offering managed k8s), also it is more extensible (but more complex than swarm).<\/span><\/p>\n<p>If you have already a Docker Swarm cluster and want to migrate try following these guides:<\/p>\n<ul>\n<li><a href=\"https:\/\/ralph.blog.imixs.com\/2019\/11\/17\/from-docker-swarm-to-kubernetes-in-the-easy-way\/\"><span style=\"font-weight: 400;\">From Docker-Swarm to Kubernetes \u2013 the Easy Way!<\/span><\/a><\/li>\n<li><a href=\"https:\/\/kubernetes.io\/docs\/tasks\/configure-pod-container\/translate-compose-kubernetes\/\"><span style=\"font-weight: 400;\">Translate a Docker Compose File to Kubernetes Resources<\/span><\/a><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Remember to either use a dockerized database or rely on cloud-native managed solutions.\u00a0<\/span><\/p>\n<hr \/>\n<p>The next post will be about Redundancy of DNS, Stay Tuned.<\/p>\n<p style=\"text-align: center; text-decoration: underline; color: darkblue; font-weight: bold;\">Check out the whole version of this post in the <a style=\"color: #000080; text-decoration: underline;\" href=\"https:\/\/leanpub.com\/savefromdisaster\">ebook.<br \/>\n<img decoding=\"async\" style=\"height: 100px;\" src=\"https:\/\/d2sofvawe08yqg.cloudfront.net\/savefromdisaster\/small\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is the fifth part of the series Save yourself from a disaster: Redundancy on a budget. How can we make sure our second most important asset is safely secured in case of a disaster? We could mainly 3 things: Duplicate VM Docker Kubernetes<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"categories":[14],"tags":[122,123,124,125],"aioseo_notices":[],"author_meta":{"display_name":"fabio","author_link":"https:\/\/fabiocicerchia.it\/author\/fabio"},"featured_img":null,"coauthors":[],"tax_additional":{"categories":{"linked":["<a href=\"https:\/\/fabiocicerchia.it\/category\/web\" class=\"advgb-post-tax-term\">Web<\/a>"],"unlinked":["<span class=\"advgb-post-tax-term\">Web<\/span>"]},"tags":{"linked":["<a href=\"https:\/\/fabiocicerchia.it\/category\/web\" class=\"advgb-post-tax-term\">disaster recovery<\/a>","<a href=\"https:\/\/fabiocicerchia.it\/category\/web\" class=\"advgb-post-tax-term\">ovh<\/a>","<a href=\"https:\/\/fabiocicerchia.it\/category\/web\" class=\"advgb-post-tax-term\">redundancy<\/a>","<a href=\"https:\/\/fabiocicerchia.it\/category\/web\" class=\"advgb-post-tax-term\">sbg2<\/a>"],"unlinked":["<span class=\"advgb-post-tax-term\">disaster recovery<\/span>","<span class=\"advgb-post-tax-term\">ovh<\/span>","<span class=\"advgb-post-tax-term\">redundancy<\/span>","<span class=\"advgb-post-tax-term\">sbg2<\/span>"]}},"comment_count":"0","relative_dates":{"created":"Posted 3 years ago","modified":"Updated 3 years ago"},"absolute_dates":{"created":"Posted on April 19, 2021","modified":"Updated on April 19, 2021"},"absolute_dates_time":{"created":"Posted on April 19, 2021 10:00 am","modified":"Updated on April 19, 2021 10:00 am"},"featured_img_caption":"","series_order":"","_links":{"self":[{"href":"https:\/\/fabiocicerchia.it\/wp-json\/wp\/v2\/posts\/1093"}],"collection":[{"href":"https:\/\/fabiocicerchia.it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fabiocicerchia.it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fabiocicerchia.it\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fabiocicerchia.it\/wp-json\/wp\/v2\/comments?post=1093"}],"version-history":[{"count":0,"href":"https:\/\/fabiocicerchia.it\/wp-json\/wp\/v2\/posts\/1093\/revisions"}],"wp:attachment":[{"href":"https:\/\/fabiocicerchia.it\/wp-json\/wp\/v2\/media?parent=1093"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fabiocicerchia.it\/wp-json\/wp\/v2\/categories?post=1093"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fabiocicerchia.it\/wp-json\/wp\/v2\/tags?post=1093"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}