[LINUX] A story about switching a personally developed Web service from a rental server to GCP (Google Cloud Platform)
I run a web service by personal development. I managed to do it with a rental server for 500 yen per month for a long time, but I thought about migrating the server for the following reasons.
・ Middleware cannot be installed freely ・ Cannot scale up ・ Access log cannot be viewed in real time ・ The rental server decides the abolition schedule of TLS1.0 / 1.1 ・ I want to set DKIM to increase the mail arrival rate
I also touched AWS, but I was familiar with BigQuery in my business, so I decided to use Google Cloud Platform.
I usually develop web applications, so I'll just touch the infrastructure lightly, but I'll try to build it after studying.
Constitution
1 load balancer (Cloud Load Balancing)
1 production Web / DB server (Compute Engine, CentOS)
1 Web server for maintenance (Compute Engine, CentOS)
Place an instance of the production Web / DB server and the maintenance Web server behind the load balancer.
Reasons to use a load balancer
I will write the reason for using a load balancer even on a site that is not very large.
Can be operated with one global IP
When migrating from a rental server, all you have to do is change the A record to the IP of the load balancer.
I want to exclude unauthorized requests such as direct IP
If you publish the server, you will receive illegal requests via direct IP. Such access, such as accessing the .git directory or scanning for vulnerability files, prevents requests from coming to your production web server.
Can be scaled such as multiple Web server configurations
DB can be scaled up by making it independent using Cloud SQL etc. and configuring multiple production Web servers.
SSL certificate can be set for the load balancer
The load balancer will be SSL terminated, and the web server behind the load balancer will have HTTP access. I think it's less expensive than decrypting SSL on a web server. You can also concentrate the certificates on the load balancer when you have multiple web servers.
It can be done during maintenance only by distributing the load balancer
For example, when you want to stop the instance of the production Web server and improve the performance, you can easily perform maintenance by directing the distribution of the load balancer to the maintenance server.
mail server
I can't send emails directly from an instance of Compute Engine, so I decided to use an external service that can be used with the Web API.
About operation
SSL certificate renewal
The SSL certificate uses Let's Encrypt. Paste the one created by the certbot certonly command on the web server into the load balancer setting screen. It's a little annoying because I have to do it once every three months.
snap shot
Take snapshots of your instances on a regular basis. Snapshots can be taken while the instance is running. In case of emergency, you can create a new instance from the snapshot.
Automatic package update
Compute Engine CentOS instances have yum-cron automatic package updates enabled by default. Therefore, the security patches of the installed packages will be automatically upgraded.
For example, if you look at the update history of the php package, you can see that it was automatically updated to "5.4.16-46.1.el7_7.x86_64" most recently.
$ sudo yum history package-list php
Loaded plugins: fastestmirror
ID | Action(s) | Package
-------------------------------------------------------------------------------
142 | Updated | php-5.4.16-46.el7.x86_64
142 | Update | 5.4.16-46.1.el7_7.x86_64
57 | Updated | php-5.4.16-45.el7.x86_64
57 | Update | 5.4.16-46.el7.x86_64
10 | Install | php-5.4.16-45.el7.x86_64
history package-list
Summary
Unlike the rental server that protects everything, the cost has increased, but the degree of freedom in development has increased and the service level that can be provided has also increased dramatically.
I would like to gradually find the optimal operation method while touching various things.
Recommended Posts