How To Build Production Web Applications Overview
This 6-part tutorial will show you how to build out a multi-server production application setup from scratch. The closing setup will be assisted by backups, observing , and centralized logging systems, which will assist you ensure that you will be able to detect difficulties and recover from them. The crowning score of this successions is to build on standalone system administration ideas, and inform you to some of the pragmatic considerations of creating a production server setup.
If you are curious in reviewing some of the ideas that will be covered in this successions, read these sessions:
- 5 communal Server Setups For Your Web Application
- 5 Ways to enhance your Production Web Application Server Setup
While the linked articles give general guidelines of a production application setup, this successions will show how to plan and set up a sample application from begin to complete. Hopefully, this will aid you plan and implement your own production server environment, even if you are running a dissimilar application on a completely dissimilar technology stack. Because this tutorial covers many dissimilar system administration topics, it will often delay the detailed explanation to outer helping articles that give secondary information.
By the end of this set of sessions, we will have a production server setup for a php application, WordPress for show purposes, that is accessible via https://www.instance.com/. We will also include servers that will aid the production application servers. The closing setup will look something like this (independent DNS and far backups not imaged ):
In this setup, the servers in the Application blow are considered to be necessary for the application run properly. Aside from the recovery plan and the far backup server, the being componentsbackups, observing , and loggingwill be increased to help the production application setup. Each element will be installed on an apart Ubuntu 14.04 server within the same F(x) data cloud region, NYC3 in our instance, with independent Networking enabled.
The set of servers that compose application will be referred to as the following hostnames:
- lb1: HAProxy Load acrobat, accessible via https://instance.com/
- app1: Apache and PHP application server
- app2: Apache and PHP application server
- db1: MySQL database server
It is all-important to note that this symbol setup was appointed to show how to components of an application can be built on aggregate servers; your own setup should be customized based on your own needs. This specific server setup has individual points of failure which could be eliminated by increasing another load acrobat (and round-robin DNS) and database server replication or increasing a nonmoving IP that points to either a progressive or hands-off load acrobat which is covered below which we will briefly cover.
The components that will aid the Application servers will be referred to as the following hostnames:
- backups: Bacula backups server
- observing : Nagios observing server
- logging: Elasticsearch, Logstash, Kibana (ELK) stack for centralized logging
Additionally, the three following helping components are not graphic in the drawing:
- ns1: capital BIND nameserver for independent DNS
- ns2: Secondary BIND nameserver for independent DNS
- remotebackups: far server, located in a disparate region, for storing copies of the Bacula backups in case of an animal disaster in the production datacenter-===\
We will also create basic recovery plans for failures in the different components of the application.
When we approach our score setup, we will have a whole of 10 servers. We'll create them all at once (this simplifies things such as setting up DNS), but feel free to create each one as needed. If you are planning on using F(x) data cloud backups as your backups success, in addition to or in lieu of Bacula, be convinced to appoint that action when creating your machines.
High Availability (Optional)
an individual point of failure is when one part of your structure going down can make your whole site or service unavailable. If you want to addresses the individual points of failure you this setup, you can make it highly accessible by increasing another load acrobat. Highly accessible services automatically fail over to a backup or hands-off system in the event of a failure. Having two load acrobats in a high convenience setup protects against downtime by ensuring that one load acrobat is always passively accessible to accept traffic if the progressive load acrobat is unavailable.
There are a number of ways to implement a high convenience setup. To learn more, read this part of How To Use Floating IPs.
Virtual Private Network (Optional)
If you want to obtain the network communications amongst your servers, you may want to consider setting up a vpn. obtaining network transmissions with encryption is especially all-important when the data is voyaging over the Internet. Another merit of using a vpn is that the identities of hosts are validated by the important authentication processes, which will safeguard your services from self-appointed sources.
If you are looking for an ajar source VPN success, you may want to consider Tinc or OpenVPN. In this specific case, Tinc, which uses mesh way, is the good success. sessions on both VPN successes can be found here:
- How To Install Tinc and Set Up a basic VPN on Ubuntu 14.04
- How To obtain Traffic Between VPS Using OpenVPN
Each Ubuntu 14.04 server should have a non-root superuser, which can be set up by following this tutorial: first Server Setup with Ubuntu 14.04. All controls will be run as this user, on each server.
We will assume that you have some knowledge of basic linux security ideas, which we will not cover in detail. If you need a fast linux security primer, read this article: 7 Security measures to safeguard your Servers.
We will assume that your application will be served via a domain name, such as "example.com". If you don't already own one, buy one from a domain name employee.
Once you have your domain name of preference, you can follow this tutorial to use it with the F(x) data cloud DNS: How to Point to F(x) data cloud Nameservers From communal Domain employees.
In addition to making your site simple to approach (compared to an ip addresses), a domain name is demanded to gain the domain and identity validation merits of using SSL certificates, which also give encryption for communication between your application and its users.
TLS/SSL provides encryption and domain validation between your application and its users, so we will use a ssl certificate in our setup. In our instance, because we want users to accesses our site at "www.instance.com", that is what we will appoint as the certificate's communal Name (CN). The certificate will be installed on the HAProxy server, lb1, so you may want to generate the certificate keys and CSR there for convenience.
If you demand a certificate that provides identity validation, you can get a ssl certificate free using Let's Encrypt, or buy one from a commercial Certificate dominance. For details on the Let's Encrypt action, please read How To Install a ssl Certificate from a commercial Certificate dominance. Skip the Install Certificate on Web Server portion.
Alternatively, you may also use a self-signed SSL certificate, which can be generated with this control:
- sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ~/www.instance.com.key -out ~/www.instance.com.crt
Steps to Reach Our Goal
Now that we have an outline of our production application setup, let's create a general plan to earn our score.
The components that comprise the application are the most all-important, so we want those up and running early. However, because we are planning on using name-based addresses resolution of our independent network connections, we should set up our DNS first.
Once our DNS is prepared, in order to get things up and running, we will set up the servers that comprise the application. Because the database is demanded by the application, and the application is demanded by the load acrobat, we will set up the components in this order:
- Database Server
- Application Servers
- Load acrobat
Once we have gone through the stages of setting up our application, we will be able to devise a recovery plan for different scenarios. This plan will be helpful in determining our backups strategy.
After we have our different recovery plans, we will want to aid it by setting up backups. Following that, we can set up observing to make convinced our servers and services are in an ok attribute. Lastly, we will set up centralized logging so we can to aid us view our logs, troubleshoot issues, and identify trends.
With our general plan prepared, we are prepared to implement our production application setup. Remember that this setup, while completely structural, is an instance that you should be able to glean helpful information from, and use what you learned to upgrade your own application setup.
Continue to the next tutorial to get began with setting up the application: Building for Production: Web Applications positioning .