[LINUX] A story about switching a personally developed Web service from a rental server to GCP (Google Cloud Platform)

I run a web service by personal development. I managed to do it with a rental server for 500 yen per month for a long time, but I thought about migrating the server for the following reasons.

・ Middleware cannot be installed freely ・ Cannot scale up ・ Access log cannot be viewed in real time ・ The rental server decides the abolition schedule of TLS1.0 / 1.1 ・ I want to set DKIM to increase the mail arrival rate

I also touched AWS, but I was familiar with BigQuery in my business, so I decided to use Google Cloud Platform.

I usually develop web applications, so I'll just touch the infrastructure lightly, but I'll try to build it after studying.

Constitution

1 load balancer (Cloud Load Balancing) 1 production Web / DB server (Compute Engine, CentOS) 1 Web server for maintenance (Compute Engine, CentOS) network.png Place an instance of the production Web / DB server and the maintenance Web server behind the load balancer.

Reasons to use a load balancer

I will write the reason for using a load balancer even on a site that is not very large.

Can be operated with one global IP

When migrating from a rental server, all you have to do is change the A record to the IP of the load balancer.

I want to exclude unauthorized requests such as direct IP

If you publish the server, you will receive illegal requests via direct IP. Such access, such as accessing the .git directory or scanning for vulnerability files, prevents requests from coming to your production web server.

Can be scaled such as multiple Web server configurations

DB can be scaled up by making it independent using Cloud SQL etc. and configuring multiple production Web servers.

SSL certificate can be set for the load balancer

The load balancer will be SSL terminated, and the web server behind the load balancer will have HTTP access. I think it's less expensive than decrypting SSL on a web server. You can also concentrate the certificates on the load balancer when you have multiple web servers.

It can be done during maintenance only by distributing the load balancer

For example, when you want to stop the instance of the production Web server and improve the performance, you can easily perform maintenance by directing the distribution of the load balancer to the maintenance server.

mail server

I can't send emails directly from an instance of Compute Engine, so I decided to use an external service that can be used with the Web API.

About operation

SSL certificate renewal

The SSL certificate uses Let's Encrypt. Paste the one created by the certbot certonly command on the web server into the load balancer setting screen. It's a little annoying because I have to do it once every three months.

snap shot

Take snapshots of your instances on a regular basis. Snapshots can be taken while the instance is running. In case of emergency, you can create a new instance from the snapshot.

Automatic package update

Compute Engine CentOS instances have yum-cron automatic package updates enabled by default. Therefore, the security patches of the installed packages will be automatically upgraded.

For example, if you look at the update history of the php package, you can see that it was automatically updated to "5.4.16-46.1.el7_7.x86_64" most recently.

$ sudo yum history package-list php
Loaded plugins: fastestmirror
ID     | Action(s)      | Package                                              
-------------------------------------------------------------------------------
   142 | Updated        | php-5.4.16-46.el7.x86_64                             
   142 | Update         |     5.4.16-46.1.el7_7.x86_64                         
    57 | Updated        | php-5.4.16-45.el7.x86_64                             
    57 | Update         |     5.4.16-46.el7.x86_64                             
    10 | Install        | php-5.4.16-45.el7.x86_64                             
history package-list

Summary

Unlike the rental server that protects everything, the cost has increased, but the degree of freedom in development has increased and the service level that can be provided has also increased dramatically.

I would like to gradually find the optimal operation method while touching various things.

Recommended Posts

A story about switching a personally developed Web service from a rental server to GCP (Google Cloud Platform)
A story about operating a GCP instance from Discord
The story of switching the Azure App Service web system from Windows to Linux
From python to running instance on google cloud platform
How to connect to Cloud SQL PostgreSQL on Google Cloud Platform from a local environment with Java
A story that contributes to new corona analysis using a free trial of Google Cloud Platform
Send a message from the server to your Chrome extension using Google Cloud Messaging for Chrome
A story about a GCP beginner building a Minecraft server on GCE
A story about everything from data collection to AI development and Web application release in Python (3. AI development)
WEB scraping with python and try to make a word cloud from reviews
Continue to challenge Cyma's challenges using the OCR service of Google Cloud Platform