Webservers Pool
1. Introduction
The webservers pool is the public (internet) entry point of the infrastructure. These are replicated servers with the same functions.
These servers interface with two networks: the internet service provider's network and the cluster-gateway network.
These machines do not have direct access to the main network of the proto box (box-network) for security reasons.
These internet servers receive requests from the internet and then forward them to the proxy servers (gateway-pool).
Position in the infrastructure:
2. Roles
The webservers primarily have three functions:
- Application server with Nginx
- Management and renewal of the certificate used with Certbot and Let's Encrypt
- Routing to the internet with Netplan
3. Networking
This group interfaces with two networks:
- public-network
For routing traffic to the internet. - gateway-network
For accessing cluster services.
4. Volumes
The webserver group has a shared volume that allows sharing configuration files such as:
- Certificates
- Nginx configurations
5. High Availability
High availability is essential at this level, and any point of failure must be excluded.
For this, two floating IPs are created:
- public-floatingIP: Used to replicate the IP for incoming requests.
- private-floatingIP: Manages the replication of the internal IP (cluster-gateway) to route outgoing traffic with high availability.
6. Security
The security of this group is primarily based on:
- iptables:
- Incoming ports:
- 80
- 443
- Incoming ports:
- Certificates
7. Applications
- Nginx as the application server.
- Certbot for certificate management.
- KeepAlived for floating IPs.
- GlusterFS for clustering volumes.
8. Installation
The installation of these servers is automated by the framework. They only need to be assigned in the group vars of the webservers_pool.
webservers_pool:
vars:
output_interface: public-gateway
input_interface: cluster-gateway
# Declaration of floating IPs
vips:
# internet-floatingIP
public-gateway:
virtual_router_id: 1
vip: 192.168.0.33
# internal-floatingIP
cluster-gateway:
virtual_router_id: 2
vip: 192.168.2.254
hosts:
webserver-1:
public-gateway:
# used for configuring KeepAlived
priority: 200
state: MASTER
cluster-gateway:
# used for configuring KeepAlived
priority: 100
state: BACKUP
webserver-2:
public-gateway:
# used for configuring KeepAlived
priority: 100
state: BACKUP
cluster-gateway:
# used for configuring KeepAlived
priority: 200
state: MASTER
9. Summary
| Application | Status |
|---|---|
| Installation and commissioning | DONE |
| Nginx | DONE |
| Certbot | DONE |
| Keepalived | DONE |
| GlusterFS | TODO |