Hosting on the edge of the world 2
The first article about my small hosting was published in 2010.
Since that time, almost 2 years have passed, servers have been added and changed, the structure has changed, technologies have changed. At the moment I am preparing for the move to Novosibirsk and decided to reveal the cards and tricks of my small hosting.
The article will be of interest to specialists in our vast territories, where there is still no normal “external” Internet, for those who want to build a hosting with load sharing on relatively inexpensive equipment.
Mainly, hosting “Romashka” is distinguished by a kind of implementation of the Bind and Nginx DNS server bundles.
Bind uses a wonderful thing, like view. It allows different pre-designated recipients to report certain DNS records. For example, if the request came from the 1.2.3.0/24 zone, then somehost.host would give the address 1.2.3.4. If from zone 2.3.4.0/24, then the address is 2.3.4.5.
Yakutsk is divided into two main areas: Backbon (group of providers) and Peering (Rostelecom). Between them the traffic is 7 kopecks per 1 Mb. Therefore, if the server is located in one zone, then it will be paid for clients from the second zone. Local hosters struggled with 7 kopecks by introducing www2.some.host and other crutches. This method is transparent to the user.
An example of the named.conf.local config:
acl rtk {
1.2.3.0/24;
};
acl bbn {
2.3.4.0/24;
};
view "bbn" {
match-clients {bbn; };
')
zone "host.net" {
type master;
file "/etc/bind/bbn/db.host.net"; };
include "/etc/bind/named.conf.default-zones";
};
view "rtk" {
match-clients {rtk; };
zone "host.net" {
type master;
file "/etc/bind/rtk/db.host.net"; };
include "/etc/bind/named.conf.default-zones";
};
view "any" {
match-clients {any; };
zone "host.net" {
type master;
file "/etc/bind/any/db.host.net"; };
include "/etc/bind/named.conf.default-zones";
};
Zone files are standard, but separated into different directories.
One of the downsides is manually editing the files. I have not seen sane admin to control the view.
This trick can be used to display certain structures of the left address instead of our current one. But I did not tell you that;)
At first Nginx with us stood as a frontend to heavy Apache. Then the idea of ​​Nginx was born to put it on separate servers. The proxy server caches static media content (mp3, avi, flv, jpg, png, etc.), and sends other requests (php, css, etc.) to Apache.
At the moment, the main servers with files and databases are stored in an unknown to almost anyone. Between them and the frontend, Hamachi raised VPN tunnels. Why so hard?
Now our little hosting is independent of providers. We changed the communication channel, updated DNS records, reconfigured VPNs, and now even blocking by IP address is not a problem for us. Profit! ;)
Sample config sites-enabled / host.name:
server {
listen 80;
server_name
www.host.net host.net;
access_log /var/log/nginx/host.net.access.log;
error_log /var/log/nginx/host.net.error.log;
location / {
proxy_pass 5.6.7.8 : 80 /;
proxy_set_header Host $ host;
proxy_set_header X-Real-IP $ remote_addr;
proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for;
#proxy_redirect off;
}
location ~ *. (jpg | png | gif | jpeg | mp3 | mp4 | wav | mov | avi) $ {
proxy_cache_valid 200 20000m;
expires 30d;
proxy_pass 5.6.7.8 : 80;
proxy_set_header Host $ host;
proxy_set_header X-Real-IP $ remote_addr;
proxy_cache pagecache;
}
Do not forget to enable rpath on Apache.
The system sometimes fails due to clumsy hands (I forgot to update the serial in all files, I made a mistake with the address in the config, etc.). But it works and is pleased with several projects.
UPD Proxy0 may not be. From the edge frontend, requests can go directly to the root servers, which are generally located behind NAT.
Since that time, almost 2 years have passed, servers have been added and changed, the structure has changed, technologies have changed. At the moment I am preparing for the move to Novosibirsk and decided to reveal the cards and tricks of my small hosting.
The article will be of interest to specialists in our vast territories, where there is still no normal “external” Internet, for those who want to build a hosting with load sharing on relatively inexpensive equipment.
Mainly, hosting “Romashka” is distinguished by a kind of implementation of the Bind and Nginx DNS server bundles.
Bind
Bind uses a wonderful thing, like view. It allows different pre-designated recipients to report certain DNS records. For example, if the request came from the 1.2.3.0/24 zone, then somehost.host would give the address 1.2.3.4. If from zone 2.3.4.0/24, then the address is 2.3.4.5.
Yakutsk is divided into two main areas: Backbon (group of providers) and Peering (Rostelecom). Between them the traffic is 7 kopecks per 1 Mb. Therefore, if the server is located in one zone, then it will be paid for clients from the second zone. Local hosters struggled with 7 kopecks by introducing www2.some.host and other crutches. This method is transparent to the user.
An example of the named.conf.local config:
acl rtk {
1.2.3.0/24;
};
acl bbn {
2.3.4.0/24;
};
view "bbn" {
match-clients {bbn; };
')
zone "host.net" {
type master;
file "/etc/bind/bbn/db.host.net"; };
include "/etc/bind/named.conf.default-zones";
};
view "rtk" {
match-clients {rtk; };
zone "host.net" {
type master;
file "/etc/bind/rtk/db.host.net"; };
include "/etc/bind/named.conf.default-zones";
};
view "any" {
match-clients {any; };
zone "host.net" {
type master;
file "/etc/bind/any/db.host.net"; };
include "/etc/bind/named.conf.default-zones";
};
Zone files are standard, but separated into different directories.
One of the downsides is manually editing the files. I have not seen sane admin to control the view.
This trick can be used to display certain structures of the left address instead of our current one. But I did not tell you that;)
Nginx
At first Nginx with us stood as a frontend to heavy Apache. Then the idea of ​​Nginx was born to put it on separate servers. The proxy server caches static media content (mp3, avi, flv, jpg, png, etc.), and sends other requests (php, css, etc.) to Apache.
At the moment, the main servers with files and databases are stored in an unknown to almost anyone. Between them and the frontend, Hamachi raised VPN tunnels. Why so hard?
Now our little hosting is independent of providers. We changed the communication channel, updated DNS records, reconfigured VPNs, and now even blocking by IP address is not a problem for us. Profit! ;)
Sample config sites-enabled / host.name:
server {
listen 80;
server_name
www.host.net host.net;
access_log /var/log/nginx/host.net.access.log;
error_log /var/log/nginx/host.net.error.log;
location / {
proxy_pass 5.6.7.8 : 80 /;
proxy_set_header Host $ host;
proxy_set_header X-Real-IP $ remote_addr;
proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for;
#proxy_redirect off;
}
location ~ *. (jpg | png | gif | jpeg | mp3 | mp4 | wav | mov | avi) $ {
proxy_cache_valid 200 20000m;
expires 30d;
proxy_pass 5.6.7.8 : 80;
proxy_set_header Host $ host;
proxy_set_header X-Real-IP $ remote_addr;
proxy_cache pagecache;
}
Do not forget to enable rpath on Apache.
Total
The system sometimes fails due to clumsy hands (I forgot to update the serial in all files, I made a mistake with the address in the config, etc.). But it works and is pleased with several projects.
UPD Proxy0 may not be. From the edge frontend, requests can go directly to the root servers, which are generally located behind NAT.
Source: https://habr.com/ru/post/148288/
All Articles