AWS load balancing Docker hosts and pain with HTTPS

In my continuous effort to make my setup as redundant as possible, the next step is to add a load balancer. I ran into a few problems while setting it up, allowing me to share my experience.

  1. It is not possible to have the apex record of a domain point to a CNAME.
  2. Moving the domain names of a service that runs HTTPS requires great care.

I added a network load balancer to sit in front of my Docker hosts to allow them to be fall over for each other. After that, I moved datadriven-investment.com to www.datadriven-investment.com because of the problem with apex DNS record mentioned above.

Continue reading “AWS load balancing Docker hosts and pain with HTTPS”

WordPress load times below 100ms

To improve the load time from the previous article, we must look to caching. I have always been fascinated by technology that allows us to serve pages very VERY fast. So in this article, I am going to explore a few different options for making WordPress load faster using caching.

It is not feasible to make software like WordPress load in less than 100ms, just loading the front page on this blog takes around 400ms which is already fast for a WordPress site. So we need a caching system in front of it to improve the load time.

Continue reading “WordPress load times below 100ms”

Let’s Encrypt selfcontained inside Docker

This article extends the setup explained in the previous article.

Briefly, the setup consists of a load balancer, an HTTP server, and a PHP-fpm backend, all running in a Docker Swarm environment as explained here.

Previously the load balancer was bound to the manager node in the Docker swarm because it needed access to the Let’s Encrypt certificate files. To prepare for a fully replicated and fault tolerant design, this needs to be fixed so it can run from any node.

Because of the mesh network in Docker swarm, the load balancer does not need to run on the manager node where the external IP is bound. It can run on any host; the mesh network will route the request to the right container. But that requires us to replicate the Let’s Encrypt certificates and make sure they can be renewed and reloaded independently of which host the load balancer is running. This article explains how I changed that and moved renewal into Docker.

Continue reading “Let’s Encrypt selfcontained inside Docker”

Setting up HTTPS on Nginx using Let’s Encrypt

There are many reasons for running a website on HTTPS instead of the regular HTTP. One reason is that Google Chrome soon will start to mark HTTP sites as insecure, possibly spooking your visitors. It is also a signal to your visitors that the communication between them and your website is protected.

In this article, I will describe how to set up Let’s Encrypt which provides free HTTPS certificates. It is part of a continuous effort to make the setup, described in the earlier articles, best-practice. I also offer some background information about HTTPS certificates for the interested reader.

Continue reading “Setting up HTTPS on Nginx using Let’s Encrypt”

Nginx and WordPress performance optimization 78% load time improvement

Apparently, performance on a website is essential. Slow sites are a pain for all visitors, and often slow sites put excessive load on the servers as well. To improve the performance of a website, a few tools will help us to pinpoint areas to enhance. It is a combination of settings in Nginx and WordPress. It builds on the setup described in this article but you can use the advice standalone. Most of the optimizations are useful on any web platform, not just WordPress, and Nginx.

Continue reading “Nginx and WordPress performance optimization 78% load time improvement”

Docker setup – part 8: Docker on multiple servers

This article builds on the platform described in the last seven parts, a WordPress setup running on AWS using Docker. In this article, we will look into how to improve uptime and scalability for the service by replicating it across multiple servers. To allow for replication, several challenges need to be solved. How to handle this is covered in this article, including comments on a few problems I found like Docker nodes running out of memory and how to fix it. And network problems in Docker swarm mode.

Continue reading “Docker setup – part 8: Docker on multiple servers”

Docker setup – part 7: Monitor uptime / status page

When running a blog or webshop, uptime monitoring becomes essential. We usually do not visit our own site 24/7, so we need some help to make sure we are notified if anything breaks. There exist many different tools for this. But one tool that I think solves this very cheap and easy is uptime robot, it is a hosted monitor service that monitors uptime for our site. How this work is explained in this article, and I will also touch on a few alternatives.

Continue reading “Docker setup – part 7: Monitor uptime / status page”

Docker setup – part 6: redundant php-fpm server

Redundant PHP-fpm service

Now the service stack has a load balancer, redundant Nginx web servers, but the PHP-fpm server is still only a single service. Most of the processing happens in the PHP-fpm server when serving a page request. The part prohibiting us from replicating the PHP-fpm service is that session data is stored in the local filesystem on the server. So if we just replicated the PHP-fpm server without replicating the sessions it would not work.

In this part, we will do the necessary changes to support a redundant PHP-fpm service.

Continue reading “Docker setup – part 6: redundant php-fpm server”

Docker setup – part 5: cleanup

In this part the original thought was to setup the php-fpm server to be redundant and fix the problem with the db backup not running. It ended up being more of a cleanup of the setup. But I did learn many things about docker in the process.

We will cover the following things

  • How to remove a service from the docker swarm
  • Setting up a job scheduler in docker to run the backup jobs, for both files and database

Continue reading “Docker setup – part 5: cleanup”

Docker setup – part 4: setting up redundant http services and docker build speedup

The setup needs to be able to scale better than it is capable of currently. Right now the http1 and http2 are defined as two services instead of the same service with two replicas. Also the build process is a bit slow, primarily because it needs to compile php for every build. I did not succeed with this part, but I did learn a lot about the docker build cache. More about that later. I also managed to fix a few other things that bothered me. Like the php file upload limit, and updating wordpress since v4.9.1 was released since my previous deployment.

Continue reading “Docker setup – part 4: setting up redundant http services and docker build speedup”