DOCKER FOR WEB HOSTING 101 - healytechnologies.com · Nginx inspects header for virtual host and...

DOCKER FOR WEB HOSTING 101

DOCKER FOR WEB HOSTING 101PRESENTED BY DAN HEALY, OWNER OF HEALY TECHNOLOGIES


INTRODUCTION

Master of Science of Information Technology & Systems Engineering

Former senior engineer for Johns Hopkins University’s Enterprise Web Hosting team

Owner and operator of Healy Technologies

https://healytechnologies.com

Senior Systems Engineer for Clever Devices

Loves Docker…no…. Seriously!


DEMO GOALS

3 HA Websites

3-Node Docker Cluster

2-Node HAProxy Cluster

1 NFS Server

Offsite Syslogging

Nginx Reverse Proxy


NORMAL OPERATIONS DATA FLOW

1. Website Visitor queries website<x>.healytechdemo.com

2. AWS DNS replies with IP of primary load balancer (LB1)

3. Website Visitor directs HTTP to LB1

4. LB1 proxies traffic to active Docker servers

5. Docker server proxies traffic on port 80 to Nginx container

6. Nginx inspects header for virtual host and proxy pass to website container somewhere on Docker cluster

7. Website container retrieves files from NAS and database from database container

8. Docker will push logs off-site to Loggly


FAILED LOAD BALANCER DATA FLOW


2. AWS DNS replies with IP of failover load balancer (LB2)

DNS record has 1 minute TTL


4. LB2 proxies traffic to active Docker servers

5. Remaining data flow same as normal


FAILED DOCKER SERVER DATA FLOW


2. AWS DNS replies with IP of primary load balancer (LB1) Or LB2 if failed over


4. LB1 proxies traffic to active Docker servers and not the individual failed Docker server

5. Docker server proxies traffic on port 80 to Nginx container

6. Nginx inspects header for virtual host and proxy pass to website container somewhere on Docker cluster

7. Website container retrieves files from NAS and database from database container


DEMO PREREQS & GLOBAL SERVER CONFIGURATION

Infrastructure Prerequisites

Six (6) AWS EC2 instances

CentOS 7

Three (3) Docker servers

Two (2) HAProxy servers

One (1) NFS server

All on same IP subnet (zone)

Hosted DNS zone with AWS Route 53

DNS entries already configured with AWS Route 53

Free Trial at loggly.com and obtain customer token

Global Server Configuration (already applied)

Install all updatesyum update -y

Install basic programsyum install nano wget curl zip unzip -y

Add DNS entries to hosts file (DNS on next slide)cat << EOT >> /etc/hosts172.31.61.43 docker1 docker1.healytechdemo.com172.31.63.213 docker2 docker2.healytechdemo.com172.31.60.104 docker3 docker3.healytechdemo.com172.31.56.139 nas nas.healytechdemo.com172.31.60.57 LB1 LB1.healytechdemo.com172.31.50.243 LB2 LB2.healytechdemo.comEOT

Disable SELinux & Rebootsed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config && reboot

ALL CODE WILL BE PROVIDED IN URL AT END OF PRESENTATION


DNS INFORMATION (ONLY TEMPORARY FOR DEMO)

Hostname Purpose Public IP Private IP

docker1.healytechdemo.com Docker 18.209.26.6 172.31.61.43



nas.healytechdemo.com NFS file share 3.95.70.36 172.31.56.139

LB1.healytechdemo.com HAProxy 35.169.255.174 172.31.60.57

LB2.healytechdemo.com HAProxy 35.174.95.113 172.31.50.243

URL Record Type Destination

aws-web-cluster.healytechdemo.com A Primary: IP of LB1Secondary: IP of LB2

Website1.healytechdemo.com CNAME aws-web-cluster.healytechdemo.com




CONFIGURE LOAD BALANCERS

Install HAProxy

Backup original config

Insert basic HTTP config

Configure Rsyslog

Start services

View HAProxy Stats webpage

http://lb1.healytechdemo.com:8080/stats

http://lb2.healytechdemo.com:8080/stats

You can view it live too!

View AWS Route53 Health Check

LB1&2>yum install haproxy –ymv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.orig

# Insert basic HTTP config – too long for here

sed -i 's/$ModLoad imudp/ModLoad imudp/g' /etc/rsyslog.confsed -i 's/$UDPServerRun 514/UDPServerRun 514/g' /etc/rsyslog.conf

cat << EOT >> /etc/rsyslog.d/haproxy.conflocal2.=info /var/log/haproxy-access.log #For Access Loglocal2.notice /var/log/haproxy-info.log #For Service Info -Backend, loadbalancerEOT

service rsyslog restartservice haproxy restartchkconfig haproxy on


CONFIGURE NFS SERVER & MOUNT SHARED DIRECTORY

Install NFS Server

Start NFS Server

Create DATA directory

Create test file (test.txt)

Add DATA directory to list of NFS exports

Export share

Mount DATA on all Docker servers

nas>yum install nfs-utils -yservice nfs-server startchkconfig nfs-server onmkdir /datatouch /data/test.txtecho '/data *(rw,sync,no_root_squash,no_subtree_check)' > /etc/exportsexportfs –ra

docker1&2&3>mkdir /datals /dataecho 'nas:/data /data nfs4 rw,sync,hard,intr,noatime 0 0' >> /etc/fstabmount /datals /data


CONFIGURE DOCKER SERVERS & SWARM

Install Docker

Start Docker

Test Docker

Create Swarm

Add remaining Docker servers to Swarm as managers

Create Docker network

docker1&2&3>yum install -y yum-utils device-mapper-persistent-data lvm2 -yyum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repoyum install docker-ce docker-ce-cli containerd.io -yservice docker startchkconfig docker ondocker run hello-world

docker1>docker swarm initdocker swarm join-token manager# Copy docker join command

docker2&3># Paste docker join command from above

docker (any)>docker network create -d overlay --attachable healydemo-overlay


CREATE NGINX REVERSE PROXY

Create directory for Nginx

Copy /etc/nginx from container into DATA

Create Docker Compose file (preconfigured)

Deploy Nginx with Docker Stack

View Nginx default page

http://lb1.healytechdemo.com

http://lb2.healytechdemo.com

http://docker1.healytechdemo.com



docker(any)>mkdir -p /data/services/nginx/appdocker run -v /data/services/nginx/app:/tmp/ nginx cp -R /etc/nginx /tmpcat << EOT >> /data/services/nginx/docker-compose.ymlversion: '3'services:frontend:

image: nginx:latestports:

- 80:80volumes:

- /data/services/nginx/app/nginx:/etc/nginxnetworks:

- healydemo-overlaydeploy:

replicas: 1resources:

limits:memory: 128M

networks:healydemo-overlay:

external: trueEOTdocker stack deploy nginx -c /data/services/nginx/docker-compose.yml


CREATE WEBSITES

Create directory for website1


Deploy website1 with Docker Stack

Inspect running Docker containers

Repeat for website 2

Repeat for website 3

Inspect running Docker containers

docker(any)>mkdir -p /data/services/website1/php/htmlmkdir -p /data/services/website1/mysql/cat << EOT >> /data/services/website1/docker-compose.ymlversion: '3'services:php:image: wordpress:latest

environment:WORDPRESS_DB_HOST: website1_mysqlWORDPRESS_DB_USER: wp_userWORDPRESS_DB_PASSWORD: password4UWORDPRESS_DB_NAME: wp_db

volumes:- /data/services/website1/php:/var/www/html

networks:- healydemo-overlay

deploy:replicas: 1resources:limits:memory: 128M

mysql:image: mysql:5.7volumes:- /data/services/website1/mysql:/var/lib/mysql

environment:MYSQL_USER: wp_userMYSQL_PASSWORD: password4UMYSQL_DATABASE: wp_dbMYSQL_RANDOM_ROOT_PASSWORD: '1'

networks:- healydemo-overlay

deploy:replicas: 1resources:limits:memory: 256M

networks:healydemo-overlay:external: true

EOTdocker stack deploy website1 -c /data/services/website1/docker-compose.yml


CREATE NGINX CONFIGURATIONS

Create Nginx config for website1

Repeat for website2

Repeat for website3

Test Nginx config

Reload Nginx config

Visit each website and complete WordPress installation

http://website1.healytechdemo.com



docker(any)>cat << EOT >> /data/services/nginx/app/nginx/conf.d/website1.confserver {

listen 80;server_name website1.healytechdemo.com;location / {

resolver 127.0.0.11 valid=10s;set \$upstream website1_php;proxy_pass http://\$upstream;proxy_set_header Host \$host;proxy_set_header X-Real-IP \$remote_addr;proxy_set_header X-Forwarded-Host \$host;proxy_set_header X-Forwarded-Server \$host;proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto \$scheme;

}}EOT

# Backslashes are only used here because I’m running this from bash.# The backslashes don’t exist in the Nginx config file


CONFIGURE SYSLOG

Create directory for Logspout


Deploy Logspout with Docker Stack

Visit any website to generate traffic

View traffic logs at loggly.com

docker(any)>mkdir -p /data/services/logspoutcat << EOT >> /data/services/logspout/docker-compose.ymlversion: "3"

networks:logging:

services:logspout:image: gliderlabs/logspoutnetworks:- logging

volumes:- /etc/hostname:/etc/host_hostname:ro- /var/run/docker.sock:/var/run/docker.sock

environment:SYSLOG_STRUCTURED_DATA: "6bf9b8b0-98c4-4df1-a0d6-f1eccb21cf60@41058"tag: "aws-web-cluster"

command: syslog+tcp://logs-01.loggly.com:514deploy:mode: global

EOTdocker stack deploy logspout -c /data/services/logspout/docker-compose.yml


DOCKER FAILURE TESTING

Inspect containers running on docker2 and note running website

Using AWS EC2, shutdown docker2

Visit website noted from above

Inspect containers running on docker1 and docker3

Inspect Docker nodes

Using AWS EC2, startup docker2

Inspect Docker nodes

docker2>docker ls# Note which website(s) may be running on this node

# Shutdown docker2 from AWS EC2

Docker1>Docker ls

Docker3>Docker lsDocker node ls

# Startup docker2 from AWS EC2

Docker node ls


LOAD BALANCER FAILURE TESTING

Perform nslookup for website1

Using AWS EC2, shutdown LB1

Visit website1

Using AWS Route 53, view Health Check

Perform nslookup for website1

Visit website1


DISCUSSION: BEST PRACTICES FOR PRODUCTION


QUESTIONS?ASK AWAY!

All code can be found here for easy reference

https://healytechnologies.com/docker-for-web-hosting-101/


THANK YOU

EMAIL ME BELOW IF YOU WANT TO CHAT MORE, OR IF YOU HAVE ANY QUESTIONS AFTER THE DEMO.

[email protected]

DOCKER FOR WEB HOSTING 101 - healytechnologies.com · Nginx inspects header for virtual host and...

Documents

Transcript of DOCKER FOR WEB HOSTING 101 - healytechnologies.com · Nginx inspects header for virtual host and...