...
As for the choice of nginx, nginx as it has much better performance characteristics in the application of an HTTP reverse proxy, which is necessitated by our migration towards REST APIs which serve up scientific data for many experiments.
Operating NGINX
nginx is installed on both sca-nginx01 and sca-nginx02. You can stop, start, restart, and reload the service at any time. A reload keeps the server up but refreshes it's configuration based on configuration file changes.
To start:
sudo /sbin/service nginx16-nginx start
To stop:
sudo /sbin/service nginx16-nginx stop
To reload:
sudo /sbin/service nginx16-nginx reload
Care should be taken care to verify your configuration before performing a reload.
Configuration
Hosts
sca-www: Domain name tied to a floating IP 134.79.129.86; this is a floating IP address.
...
portal.lsstdesc.org
It also serves up pages for a few historical domains:
...
Code Block |
---|
automounter=autofs %%if ($ENV{HOSTNAME} ne 'scalnx-v03') #limit_login=u-scalnx %%endif network_device=eth0 monitoring=nagios,ganglia iptables sudo_workgroups=scalnx-vmm |
keepalived
keepalived is to be configured on both machines.
The following is roughly the configuration for sca-nginx01. The configuration for sca-nginx02, which will be the failover machine, will be nearly identical, but the priority on the vrrp_instance MUST BE LOWER than the priority on the master. The password will be different.
The configuration is located in /etc/keepalived/keepalived.conf
Code Block |
---|
global_defs {
notification_email { # This should email you when there's a failover, but it's not working right now
bvan@slac.stanford.edu
}
notification_email_from bvan@slac.stanford.edu
smtp_server smtp.slac.stanford.edu
smtp_connect_timeout 30
router_id SCA_WWW # This is the virtual router ID.
}
vrrp_script chk_nginx { # The check script
script "killall -0 nginx" # Could use curl instead or call out to custom script.
interval .2 # execute every .2 seconds
weight 2 # This is subtracted from priority below. Highest point count = master
}
vrrp_instance VI_1 {
state MASTER
interface eth0 # The virtual IP address is assigned to eth0
virtual_router_id 85 # This should be unique per subnet. 85 is fine. If SCS uses keepalived,
# we may need to coordinate/register this with them.
priority 101 # This primary machine should have the highest priority,
# the failover should be at least one point lower.
advert_int 1 # Both of these are for authentication, but it's not really necessary
authentication { # unless we can't trust the computers on the same subnet.
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
134.79.129.86 # This is the sca-www IP address
}
track_script {
chk_nginx # Tell keepalived there is a script it should execute (Defined above)
}
unicast_src_ip 134.79.129.91 # Unicast specific option, this is the IP of the interface keepalived listens on
unicast_peer { # Unicast specific option, this is the IP of the peer instance
134.79.129.92
}
} |
sca-nginx03
This server runs forum.linearcollider.org
...