How to Build a Safe, Stable and Efficient Internet Platform Architecture
Building a relatively complete Internet platform architecture can be broadly summarized as: high availability, high scalability, high performance, and high security.
high availability
High availability can be divided into hardware high availability and software high availability. The most fundamental principle is to solve single point problems.
High availability of hardware: Servers, network equipment, etc. should avoid single point problems
- The server power supply should be dual power supply, the server network card should be bound with dual network cards as much as possible, the server should reserve a certain number of spare machines, and the server disk should be configured with RAID.
- Core network devices such as firewalls and switches at the core layer should be redundant in active and standby mode. Now mainstream network devices can perform heartbeat detection through HSRP or VRRP. Once a device fails, the standby will automatically take over the current service.
- The use of data storage center: It can effectively solve the problem of big data storage and data redundancy.
High availability of software: APPs of software applications, such as WEB, should remove single points, and also solve the problem of load balancing.
- Hardware load balancing devices such as F5
- Software load balancing, software seven-layer reverse proxy such as the popular NGINX, four-layer LVS, HA software keepalive, heartbeat, etc.
- Platform load balancing, refer to some load balancing scheduling platforms, such as: AWS, Alibaba Cloud, Baidu Cloud, etc.
- High availability of source code: A version management control system (such as git) should be used to control the development and release of the code. If the code has major bugs, it can be rolled back at any time. For example, a specific stable version can be branched to save.
- The core resources of the enterprise come from the database, so the database must eliminate a single point. Taking MySQL as an example, you can do MySQL master-slave replication, one master with multiple slaves, dual masters with multiple slaves, or a cluster.
- In order to better go to a single point, the load balancing scheduler, cache database, and file server should all be clustered, but such maintenance will be much larger.
High scalability
- The extension grasps the key problems, prioritizes the performance of the key problems, and determines the minimum feature set. It is to determine the core and smallest feature set first, and to ensure performance.
- When modeling data, you can consider not using foreign key indexes. In terms of database performance, this is still useful when you have to split tables and databases.
- The primary key id is not applicable as a table association. This is also considering the possibility of sub-table and sub-library in the future. The solution can be uuid for foreign keys.
- When considering the division of modules, the changes of the system in the next 2 to 5 years should also be considered. Single instance, cluster, distributed, distributed + cluster can be used.
也可以参考如下:
http://blog.jobbole.com/86118/
高性能
- 合理规划网络架构及网络性能优化。
- 操作系统优化: 内核优化,文件系统优化等。
- 改用文件服务器,可以同时提高性能和高可用性,同时也解决了同步和更新问题。
- 应用程序优化:nginx,tomcat等应用的性能优化。可以用nginx做反向代理和静态文件服务器,也可以用nginx做负载均衡,但是用云平台会更方便简单,而且也有记录流量。
- 代码优化,经常做review,double check,尽量优化逻辑和循环,减少IO。
- 数据库优化:读写分离,设计主从数据库,确定数据库的读写比例;选择相应的存储引擎;SQL优化;适当增加索引,提高查询速度;多explain SQL,以达到索引的有效;性能参数优化;横向纵向分表;业务分库。
- 缓存机制:如CDN缓存静态页面或者图片,memcache,Redis,MongoDB等nosql可用于缓存数据库的热数据。也可选择将热数据缓存到读写速度比较快的SSD硬盘或闪存卡,提升IOPS性能。
- 页面静态化:应该设计静态服务器,用于访问静态内容,提高性能,可以用nginx。
- 对于图片较多的网站,也可将图片服务器实行多域名加载
高安全性
- 网络安全:ACL,VLAN,QOS,防攻击,账号安全管理,使用https。
- 系统安全: iptables; tcpwrapper;账户安全管理;密钥;RSA加密认证;给真正的服务器做反向代理,并且只允许代理服务器的访问,例如给每个server加入nginx做反向代理服务器,server只允许这个nginx访问,以得到隐藏真实server的效果。
- 应用程序及代码安全:数据加密;加入用户权限管理;session有效性验证;可以加入自己的验证流程。
- 数据库安全:访问数据库IP权限管理,只允许server访问;账号管理;增删改查权限管理。