DOCKER FOR WEB HOSTING 101
DOCKER FOR WEB HOSTING 101PRESENTED BY DAN HEALY, OWNER OF HEALY TECHNOLOGIES
DOCKER FOR WEB HOSTING 101
INTRODUCTION
Master of Science of Information Technology & Systems Engineering
Former senior engineer for Johns Hopkins University’s Enterprise Web Hosting team
Owner and operator of Healy Technologies
https://healytechnologies.com
Senior Systems Engineer for Clever Devices
Loves Docker…no…. Seriously!
DOCKER FOR WEB HOSTING 101
DEMO GOALS
3 HA Websites
3-Node Docker Cluster
2-Node HAProxy Cluster
1 NFS Server
Offsite Syslogging
Nginx Reverse Proxy
DOCKER FOR WEB HOSTING 101
NORMAL OPERATIONS DATA FLOW
1. Website Visitor queries website<x>.healytechdemo.com
2. AWS DNS replies with IP of primary load balancer (LB1)
3. Website Visitor directs HTTP to LB1
4. LB1 proxies traffic to active Docker servers
5. Docker server proxies traffic on port 80 to Nginx container
6. Nginx inspects header for virtual host and proxy pass to website container somewhere on Docker cluster
7. Website container retrieves files from NAS and database from database container
8. Docker will push logs off-site to Loggly
DOCKER FOR WEB HOSTING 101
FAILED LOAD BALANCER DATA FLOW
1. Website Visitor queries website<x>.healytechdemo.com
2. AWS DNS replies with IP of failover load balancer (LB2)
DNS record has 1 minute TTL
3. Website Visitor directs HTTP to LB2
4. LB2 proxies traffic to active Docker servers
5. Remaining data flow same as normal
DOCKER FOR WEB HOSTING 101
FAILED DOCKER SERVER DATA FLOW
1. Website Visitor queries website<x>.healytechdemo.com
2. AWS DNS replies with IP of primary load balancer (LB1) Or LB2 if failed over
3. Website Visitor directs HTTP to LB1
4. LB1 proxies traffic to active Docker servers and not the individual failed Docker server
5. Docker server proxies traffic on port 80 to Nginx container
6. Nginx inspects header for virtual host and proxy pass to website container somewhere on Docker cluster
7. Website container retrieves files from NAS and database from database container
DOCKER FOR WEB HOSTING 101
DEMO PREREQS & GLOBAL SERVER CONFIGURATION
Infrastructure Prerequisites
Six (6) AWS EC2 instances
CentOS 7
Three (3) Docker servers
Two (2) HAProxy servers
One (1) NFS server
All on same IP subnet (zone)
Hosted DNS zone with AWS Route 53
DNS entries already configured with AWS Route 53
Free Trial at loggly.com and obtain customer token
Global Server Configuration (already applied)
Install all updatesyum update -y
Install basic programsyum install nano wget curl zip unzip -y
Add DNS entries to hosts file (DNS on next slide)cat << EOT >> /etc/hosts172.31.61.43 docker1 docker1.healytechdemo.com172.31.63.213 docker2 docker2.healytechdemo.com172.31.60.104 docker3 docker3.healytechdemo.com172.31.56.139 nas nas.healytechdemo.com172.31.60.57 LB1 LB1.healytechdemo.com172.31.50.243 LB2 LB2.healytechdemo.comEOT
Disable SELinux & Rebootsed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config && reboot
ALL CODE WILL BE PROVIDED IN URL AT END OF PRESENTATION
DOCKER FOR WEB HOSTING 101
DNS INFORMATION (ONLY TEMPORARY FOR DEMO)
Hostname Purpose Public IP Private IP
docker1.healytechdemo.com Docker 18.209.26.6 172.31.61.43
docker2.healytechdemo.com Docker 3.208.204.94 172.31.63.213
docker3.healytechdemo.com Docker 3.93.133.36 172.31.60.104
nas.healytechdemo.com NFS file share 3.95.70.36 172.31.56.139
LB1.healytechdemo.com HAProxy 35.169.255.174 172.31.60.57
LB2.healytechdemo.com HAProxy 35.174.95.113 172.31.50.243
URL Record Type Destination
aws-web-cluster.healytechdemo.com A Primary: IP of LB1Secondary: IP of LB2
Website1.healytechdemo.com CNAME aws-web-cluster.healytechdemo.com
Website2.healytechdemo.com CNAME aws-web-cluster.healytechdemo.com
Website3.healytechdemo.com CNAME aws-web-cluster.healytechdemo.com
DOCKER FOR WEB HOSTING 101
CONFIGURE LOAD BALANCERS
Install HAProxy
Backup original config
Insert basic HTTP config
Configure Rsyslog
Start services
View HAProxy Stats webpage
http://lb1.healytechdemo.com:8080/stats
http://lb2.healytechdemo.com:8080/stats
You can view it live too!
View AWS Route53 Health Check
LB1&2>yum install haproxy –ymv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.orig
# Insert basic HTTP config – too long for here
sed -i 's/$ModLoad imudp/ModLoad imudp/g' /etc/rsyslog.confsed -i 's/$UDPServerRun 514/UDPServerRun 514/g' /etc/rsyslog.conf
cat << EOT >> /etc/rsyslog.d/haproxy.conflocal2.=info /var/log/haproxy-access.log #For Access Loglocal2.notice /var/log/haproxy-info.log #For Service Info -Backend, loadbalancerEOT
service rsyslog restartservice haproxy restartchkconfig haproxy on
DOCKER FOR WEB HOSTING 101
CONFIGURE NFS SERVER & MOUNT SHARED DIRECTORY
Install NFS Server
Start NFS Server
Create DATA directory
Create test file (test.txt)
Add DATA directory to list of NFS exports
Export share
Mount DATA on all Docker servers
nas>yum install nfs-utils -yservice nfs-server startchkconfig nfs-server onmkdir /datatouch /data/test.txtecho '/data *(rw,sync,no_root_squash,no_subtree_check)' > /etc/exportsexportfs –ra
docker1&2&3>mkdir /datals /dataecho 'nas:/data /data nfs4 rw,sync,hard,intr,noatime 0 0' >> /etc/fstabmount /datals /data
DOCKER FOR WEB HOSTING 101
CONFIGURE DOCKER SERVERS & SWARM
Install Docker
Start Docker
Test Docker
Create Swarm
Add remaining Docker servers to Swarm as managers
Create Docker network
docker1&2&3>yum install -y yum-utils device-mapper-persistent-data lvm2 -yyum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repoyum install docker-ce docker-ce-cli containerd.io -yservice docker startchkconfig docker ondocker run hello-world
docker1>docker swarm initdocker swarm join-token manager# Copy docker join command
docker2&3># Paste docker join command from above
docker (any)>docker network create -d overlay --attachable healydemo-overlay
DOCKER FOR WEB HOSTING 101
CREATE NGINX REVERSE PROXY
Create directory for Nginx
Copy /etc/nginx from container into DATA
Create Docker Compose file (preconfigured)
Deploy Nginx with Docker Stack
View Nginx default page
http://lb1.healytechdemo.com
http://lb2.healytechdemo.com
http://docker1.healytechdemo.com
http://docker2.healytechdemo.com
http://docker3.healytechdemo.com
docker(any)>mkdir -p /data/services/nginx/appdocker run -v /data/services/nginx/app:/tmp/ nginx cp -R /etc/nginx /tmpcat << EOT >> /data/services/nginx/docker-compose.ymlversion: '3'services:frontend:
image: nginx:latestports:
- 80:80volumes:
- /data/services/nginx/app/nginx:/etc/nginxnetworks:
- healydemo-overlaydeploy:
replicas: 1resources:
limits:memory: 128M
networks:healydemo-overlay:
external: trueEOTdocker stack deploy nginx -c /data/services/nginx/docker-compose.yml
DOCKER FOR WEB HOSTING 101
CREATE WEBSITES
Create directory for website1
Create Docker Compose file (preconfigured)
Deploy website1 with Docker Stack
Inspect running Docker containers
Repeat for website 2
Repeat for website 3
Inspect running Docker containers
docker(any)>mkdir -p /data/services/website1/php/htmlmkdir -p /data/services/website1/mysql/cat << EOT >> /data/services/website1/docker-compose.ymlversion: '3'services:php:image: wordpress:latest
environment:WORDPRESS_DB_HOST: website1_mysqlWORDPRESS_DB_USER: wp_userWORDPRESS_DB_PASSWORD: password4UWORDPRESS_DB_NAME: wp_db
volumes:- /data/services/website1/php:/var/www/html
networks:- healydemo-overlay
deploy:replicas: 1resources:limits:memory: 128M
mysql:image: mysql:5.7volumes:- /data/services/website1/mysql:/var/lib/mysql
environment:MYSQL_USER: wp_userMYSQL_PASSWORD: password4UMYSQL_DATABASE: wp_dbMYSQL_RANDOM_ROOT_PASSWORD: '1'
networks:- healydemo-overlay
deploy:replicas: 1resources:limits:memory: 256M
networks:healydemo-overlay:external: true
EOTdocker stack deploy website1 -c /data/services/website1/docker-compose.yml
DOCKER FOR WEB HOSTING 101
CREATE NGINX CONFIGURATIONS
Create Nginx config for website1
Repeat for website2
Repeat for website3
Test Nginx config
Reload Nginx config
Visit each website and complete WordPress installation
http://website1.healytechdemo.com
http://website2.healytechdemo.com
http://website3.healytechdemo.com
docker(any)>cat << EOT >> /data/services/nginx/app/nginx/conf.d/website1.confserver {
listen 80;server_name website1.healytechdemo.com;location / {
resolver 127.0.0.11 valid=10s;set \$upstream website1_php;proxy_pass http://\$upstream;proxy_set_header Host \$host;proxy_set_header X-Real-IP \$remote_addr;proxy_set_header X-Forwarded-Host \$host;proxy_set_header X-Forwarded-Server \$host;proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto \$scheme;
}}EOT
# Backslashes are only used here because I’m running this from bash.# The backslashes don’t exist in the Nginx config file
DOCKER FOR WEB HOSTING 101
CONFIGURE SYSLOG
Create directory for Logspout
Create Docker Compose file (preconfigured)
Deploy Logspout with Docker Stack
Visit any website to generate traffic
View traffic logs at loggly.com
docker(any)>mkdir -p /data/services/logspoutcat << EOT >> /data/services/logspout/docker-compose.ymlversion: "3"
networks:logging:
services:logspout:image: gliderlabs/logspoutnetworks:- logging
volumes:- /etc/hostname:/etc/host_hostname:ro- /var/run/docker.sock:/var/run/docker.sock
environment:SYSLOG_STRUCTURED_DATA: "6bf9b8b0-98c4-4df1-a0d6-f1eccb21cf60@41058"tag: "aws-web-cluster"
command: syslog+tcp://logs-01.loggly.com:514deploy:mode: global
EOTdocker stack deploy logspout -c /data/services/logspout/docker-compose.yml
DOCKER FOR WEB HOSTING 101
DOCKER FAILURE TESTING
Inspect containers running on docker2 and note running website
Using AWS EC2, shutdown docker2
Visit website noted from above
Inspect containers running on docker1 and docker3
Inspect Docker nodes
Using AWS EC2, startup docker2
Inspect Docker nodes
docker2>docker ls# Note which website(s) may be running on this node
# Shutdown docker2 from AWS EC2
Docker1>Docker ls
Docker3>Docker lsDocker node ls
# Startup docker2 from AWS EC2
Docker node ls
DOCKER FOR WEB HOSTING 101
LOAD BALANCER FAILURE TESTING
Perform nslookup for website1
Using AWS EC2, shutdown LB1
Visit website1
Using AWS Route 53, view Health Check
Perform nslookup for website1
Visit website1
DOCKER FOR WEB HOSTING 101
DISCUSSION: BEST PRACTICES FOR PRODUCTION
DOCKER FOR WEB HOSTING 101
QUESTIONS?ASK AWAY!
All code can be found here for easy reference
https://healytechnologies.com/docker-for-web-hosting-101/
DOCKER FOR WEB HOSTING 101
THANK YOU
EMAIL ME BELOW IF YOU WANT TO CHAT MORE, OR IF YOU HAVE ANY QUESTIONS AFTER THE DEMO.