This page is to document the migration of IIS to nginx
Existing Servers And Host Names
Web Server | Priority | IIS | Tomcat | Migration Status | Comments |
---|---|---|---|---|---|
glast-ground.slac.stanford.edu | 0 | glast-win01,glast-win02 | multiple | Migrated (11/16/2015) | |
web08.slac.stanford.edu | web08 | This is unfortunately used directly by some EXO applications (/logbook a php application). Maybe should use a better name like exo-logbook.slac.stanford.edu | |||
aida.freehep.org | 2 | web08 | scalnx-v03 | ||
aidatld.freehep.org | 2 | web08 | scalnx-v03 | Up | |
exo-data.slac.stanford.edu | 4 | web08 | exolnx-v01 | ||
forum.freehep.org | web08 | N/A fudform application | Dead | Page is up, but forum may be down, returns a blank page (was fhforum.slac.stanford.edu) | |
heprep.freehep.org | 2 | web08 | scalnx-v03 | Up | |
jas.freehep.org | 2 | web08 | scalnx-v03 | ||
java.freehep.org | 1 | web08 | scalnx-v03 | ||
lcsim.org, www.lcsim.org | web08 | scalnx-v03 | lcsim.freehep.org exists as a host name, but the application appears to actually be www.lcsim.org. DNS controlled by Norman Graf. | ||
lelaps.freehep.org | 2 | web08 | scalnx-v03 | Up | |
lp99.freehep.org | web08 | Dead | Down, no DNS record- but IIS is still aware of the Application (checked via telnet web08 80: GET / HTTP/1.1\nHost: lp99.freehep.org\n\n) | ||
lsst-camera.slac.stanford.edu | web08 | lsstlnx-v01, scalnx-v05 (firefly) | Up | ||
pingerlod.slac.stanford.edu | web08 | scalnx-v06 | Up | ||
portal.lsst-desc.org portal.lsstdesc.org | 3 | web08 | scalnx01 | Up | |
sid.slac.stanford.edu | web08 | Dead | Points to exo portal? | ||
srs.slac.stanford.edu | 5 | web08 | scalnx-v01 | Up | |
wired1.freehep.org | 2 | web08 | N/A (on web08) | Dead | Up |
www.freehep.org | 2 | web08 | N/A (on web08) | Up | |
www-sld.slac.stanford.edu www-bes.slac.stanford.edu www-midas.slac.stanford.edu | web08 | N/A (on web08) | Up. Also has www-bes and www-midas, but they all serve the same page. | ||
www-sldnt.slac.stanford.edu | web08 | scalnx-v03/Also on web08? | Peter Rowson has been asking to get this working again. | scalnx-v03, just a blank page | |
xrdmon.slac.stanford.edu | web08 | Dead | Worker defined to be xrootd-mon, Not sure if this is on web08 or some other server? | ||
wired4.freehep.org wired.freehep.org | 2 | web08 | scalnx-v03 | ||
wired2.freehep.org | web08 | Dead | Points to web08. No record in IIS. Not sure how this one works? There is a directory on scalnx-v03 | ||
forum.linearcollider.org | web08 | N/A (web08) | DNS controlled by linearcollider.org |
To Do List
- Ask windows-admin/unix-admin glast-win01,win02 to be shutdown (but not immediately removed)
- Make plan for how to handle cas.slac.stanford.edu (separate CAS at root?)
- Tony should add java.freehep.org to his hosts file to check that it works
- Move java.freehep.org (priority 1)
- Move rest of freehep (priority 2) – target 3/17
- Move rest of priority 3 – target 3/21 – need to make sure we have lsstdesc.org and lsst-desc.org ready
- Move priority 4 – target 3/23
- Get ready for priority 5 moves
- Complete work on setting up php for forum.linearcollider.org
- Consider where php code will live (afs, nfs) and how we will ensure it is backed up
- Talk to Matthias Wittgen about where/how to move EXO logbook stuff
...
nginx configuration workbook
Note: See SCA NGINX Configuration for information on actual configuration.
SSL Configuration
http://nginx.com/resources/admin-guide/nginx-ssl-termination/
...
[List of PHP Applications here]
A Previous migration of fudforum:
Two potential solutions
- PHP applications on nginx reverse proxies
- PHP applications on another server (configured the same as Tomcat servers)
...
sudo yum install php54 php54-php-fpm php54-php-mysqlnd
...
Fudforum
Fudforum saves attachments to disk. I think we need to do an admin dump then import the dump into the new instance when it's done.
http://githubengineeringfudforum.com/rearchitecting-github-pages/
VMs
Hostnames and IPs
sca-nginx01 is deployed on > scalnx12-vmm with 12GB memory and 6 cores
sca-nginx02 is deployed on > scalnx13-vmm with 12GB memory and 6 cores
Both will share the sca-www hostname through the virtual IP address 134.79.129.86.
Management of the Virtual IP address will be handled with keepalived.
Keepalived
keepalived is to be configured on both machines.
keepalived seems to support HTTP status checks.
The following is roughly the configuration for sca-nginx01. The configuration for sca-nginx02, which will be the failover machine, will be nearly identical, but the priority on the vrrp_instance MUST BE LOWER than the priority on the master. The password will be different.
The configuration is located in /etc/keepalived/keepalived.conf
Code Block |
---|
global_defs {
notification_email {
bvan@slac.stanford.edu
}
notification_email_from sca-nginx01@slac.stanford.edu
smtp_server localhost
smtp_connect_timeout 30
}
vrrp_instance VI_1 {
state MASTER
interface eth1
virtual_router_id 85
priority 10
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
134.79.129.86
}
} |