WordPress is a very popular blog site platform, can also be used as a content management system (CMS) to use, is one of the world's most widely used blog system. There are many excellent WordPress plugin that makes this open-source product very easily scale to meet different needs.
I am ready to take advantage of a series of articles, to show a variety of products (elastic computing, database, security, etc.) If you use Ali cloud, build a complete WordPress site. content include:
- First, build a foundation web applications
- Second, domain names, email and SMS
- Third, the static and dynamic separation and CDN acceleration
- Fourth, database management and cache
- Fifth, the server scale
- Sixth, Site Security
Fifth, the server scale
After the database for increased cache and read-only instance of these supporting components, in a very long period of time, the site will no longer appear as the database performance problems (after all, the site read write small, relatively simple business scenarios), as the business continued to increase pressure will be on the application server. Extended application server can be longitudinal (upgrade specification), may also be horizontal (parallel processing to increase server), In this article, we will demonstrate how to use the mirror horizontal expansion of ECS. For scale, first ECS need to copy images (which of course requires the application is stateless), and increases at the front end load balancing SLB. In addition, when the number of ECS gradually increased, in order to facilitate the operation and maintenance can often increase a NAT gateway operation and maintenance of the public network as a unified entrance, especially if security is high, even by increasing the need for VPN + fortress machine way to carry out the operation and maintenance activities include authentication and audit.
This part of the organization chart below, based on a version adds:
- SLB load balancing: more than one ECS traffic distribution, thereby extending the application of the system of foreign service capabilities, to avoid single points of failure
- NAT gateway: building a public network traffic entrances and exits in the VPC environment, providing access to the public network exports (SNAT) is a multi-ECS or unified operation and maintenance entrance (DNAT)
ECS using a new image
Scale on the premise that stateless applications, files and databases should be separate storage. Arranged in front of NAS and MySQL are independent, already it has lateral expansion conditions. Way is to scale the copied instance in ECS plurality stateless. ECS approach is to first make a snapshot ( https://help.aliyun.com/document_detail/25455.html ). When it comes to ECS snapshot, in order to ensure business data safety, the general system should be kept for a minimum daily snapshots and snapshot data over the last seven days. "Snapshots are not standardized, two lines of relatives of tears!"
After the snapshot is created, and then use this snapshot to create a custom image ( https://help.aliyun.com/document_detail/25460.html ). Note the difference between a snapshot and mirroring, snapshots are mainly used for data backup, can only be restored to the current ECS instance, can not be cross-regional use; mirroring is mainly used for data migration, you can replace the system disk or create a new instance of the ECS can be cross-regional use.
With mirroring, you can then copy to a new ECS. ECS time to pay attention to create a VPC and VPC old ECS should be consistent, within the network in order to ensure interoperability. Further consideration of the availability, the new ECS can be used in another region, even if a region where the ECS ECS downtime, there is another region may be used. Further, the deployment of high availability across the available area is to be noted, "avalanche effect", i.e. the two ECS load greater than 50% of the cases, when one is down for some reason, the other will be due to overload dang machine, resulting in high availability fail. Therefore, the two ECS availability, average load should not exceed 50%; three ECS availability, average load should not exceed 66%; four ECS availability, average load should not exceed 75%; and so on.
为了让新的ECS可以访问RDS和Redis,需要将其内网IP加入到RDS和Redis的白名单中,这个操作可以参考前两篇(“搭建基础网站应用”和“数据库缓存和管理”)中的设置方法,而NAS和OSS则没有这个安全要求。所有的对应的连接配置也都已经被打包进了镜像当中,一般来说无需再进行配置。
然后我们把之前绑在旧ECS上的EIP解绑,然后绑到新ECS上面试试看。由于是通过镜像复制出来的新ECS,连接的数据库是原有的,所以理论上应该和访问旧ECS应该没有什么区别。
绑定好之后,访问网页试试,正常应该可以成功。如果发现又到了WordPress的配置页,这表示之前配置文件没有正确加载。这个问题很可能是因为NAS加载因为某种问题失败了,可以重启一次新ECS再试试。
用SLB做负载均衡
有了多台ECS,为了保证流量均衡分配到多台ECS上,需要在ECS集群前面增加SLB负载均衡(https://www.aliyun.com/product/slb),这和自己用Nginx搭负载均衡类似,而优势在于能够快速搭建起一主一备的高可用架构,并且运维起来也更方便些。创建SLB的时候要注意使用私网类型,这样才能继续绑定使用之前的EIP,使得对外IP保持不变。另外还要注意使用之前创建的VPC,保证其与后端ECS的内网连通。
创建成功之后,开始配置后端服务器,将前面的新旧两台ECS接入。
前端继续监听HTTP协议,并且仍旧继续使用80端口,使得在横向扩展过程中,不影响业务的对外展现。SLB的调度算法有三种:轮询、加权轮询(WRR)、加权最小连接数(WLC),在后端服务器的处理能力不同的情况下,一般采用加权算法。在此例中,两台后端ECS设置了相同的权重,效果和轮询一样。另外WordPress需要打开保持会话功能,负载均衡监听会把来自同一客户端的访问请求分发到同一台后端ECS上。
设置完成之后,把绑在新ECS上的EIP解绑,然后绑到SLB上面来。
Finally, try from the front page to access the normal. SLB on the console should be able to see the corresponding flow properly!
NAT gateway do maintenance port
SLB + EIP as the user access to the "main entrance" There is no problem, but not for operation and maintenance personnel to carry out the operation and maintenance of the ECS, including SSH (or RDP) and the Internet downloads. In order to carry out the operation and maintenance of the ECS cluster, or are tied to each ECS a EIP, or use NAT gateway ( https://www.aliyun.com/product/nat ) as the operation and maintenance of entrances and exits. The first method is less secure, it is not easy to manage, so usually use NAT gateway programs, provide SSH (or RDP) port mapping for the remote control of operation and maintenance personnel, the ability to use SNAT provided by the external network to download DNAT. In addition, since there is no NAT gateway authentication capability, if you need a more secure way of operation and maintenance, you should also take advantage of the fortress machine ( https://www.aliyun.com/product/bastionhost instead of DNAT function NAT gateway).
We first need to purchase a NAT gateway and two EIP (a DNAT for use, a use for SNAT), then EIP bound to NAT.
Then configure DNAT, will be mapped to the external network (in the 10221 and 10222 corresponding to the old to the new port two respective ECS port 22 of the present embodiment) rear end 22 of the ECS port (SSH).
Try using the maps from the external network port 10221 to control the old ECS, no problem.
Come configured SNAT, this is very simple, only need to bind to the corresponding switch just fine.
Just try to take advantage of the SSH download from ECS, no pressure.