OwnCloud's own corporate cloud with NGINX on the frontend and several backend servers

1. Scheme

We have:

• Frontend - NGINX proxying server for accepting and distributing the load (IP - 1.2.3.4 - external, IP - 192.168.5.10 - internal DMZ) it should also stand behind the firewall for good, but there is a scheme for ease of understanding.
• Two servers with raised ownCloud
• cloud-1 IP - 192.168.1.11
• cloud-2 IP - 192.168.1.12
• NFS-storage IP file storage - 192.168.1.20 for hosting user data with NFS access.

2. Install ownCloud

Actually all actions on the manual and mathematics from repositories.
Ubuntu 12.03 LTS - LAMP system (do not forget the root password when installing LAMP)
To work with LDAP you need to deliver php5-ldap

$sudo apt-get install php5-ldap 

For data storage, we use a separate server with NFS access.
On the NFS storage server we put the nfs server

 $ sudo apt-get install nfs-kernel-server 

We rule / etc / exports by adding the line:

 /var/owncloud 192.168.1.0/24(rw,sync,no_root_squash,no_subtree_check) 

Create a folder and change its rights:

 $sudo mkdir -p /var/owncloud $sudo chown root:www-data /var/owncloud 

Bypass the nfs server:

 $sudo /etc/init.d/nfs-kernel-server restart 

Finished with the store.
On the nfs client servers we set:

 $ sudo apt-get istall nfs-common 

Edit vim /etc/rc.local before exit 0, add the line: (to mount the NFS folder when booting the system, I write to this file because using / etc / fstab caused hard problems to overcome)

 /bin/mount -t nfs -o user,rw,hard 192.168.1.20:/var/owncloud /var/cloud 

Create the / var / cloud folder and change its permissions:

 $sudo mkdir -p /var/cloud 

 $sudo chown root:www-data /var/owncloud 

To check mount

 $sudo mount.nfs 192.168.1.20:/var/owncloud /var/cloud 

Next, we put the actual cloud on two servers.
Download and put the key:

 $wget http://download.opensuse.org/repositories/isv:ownCloud:community/xUbuntu_12.04/Release.key $sudo apt-key add - < Release.key 

Add repositories and set up a cloud.

 $sudo sh -c "echo 'deb http://download.opensuse.org/repositories/isv:/ownCloud:/community/xUbuntu_12.04/ /' >> /etc/apt/sources.list.d/owncloud.list" $sudo apt-get update $sudo apt-get install owncloud 

We go you_ip/owncloud

• Enter the admin “admin”
• We invent a password “password”
• The path where the files of users / var / cloud will be stored (we connect this folder via NFS from the storage)
• Choose MySQL
• MySQL user “root” (or the one you got yourself)
• The root user password (which was entered when installing LAMP or from the created user)
• Database name is “cloud”
• Database server “localhost”

Hit FINISH
And we go under the user created admin in the owncloud web interface.
I rules /var/www/index.html to redirect to the login page on the cloud.

 <html> <head> <meta HTTP-EQUIV="REFRESH" content="0; url=/owncloud/"> </head> </html> 

We do all this on both CLOUD-1 and CLOUD-2 servers.

3. Install and configure NGINX

On the NGINX server

 $sudo apt-get install nginx 

Create a configuration file for the redirect site

 $ sudo vim /etc/nginx/sites-available/cloud 

Rule to such a state.

 upstream myCloud { ip_hash; #    server 192.168.1.11:80; server 192.168.1.12:80; } server { listen 1.2.3.4:443 ssl; #   SSL server_name owncloud.site.org; ssl_certificate /etc/ssl/certs/site.pem; #  ssl_certificate_key /etc/ssl/private/site.key; #   client_max_body_size 200G; #     location / { proxy_pass http://myCloud; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } 

Create link

 $sudo ln -s /etc/nginx/sites-available/owncloud.site.org /etc/nginx/sites-enabled/owncloud.site.org 

Rule the default page by redirecting all SSL requests.

 $sudo vim /usr/share/nginx/www/index.html 

 <html> <head> <meta HTTP-EQUIV="REFRESH" content="0; url=https://owncloud.site.org/cloud/"> </head> </html> 

Permit nginx

 $sudo /etc/init.d/nginx restart 

Now with all requests for owncloud.site.org owncloud.site.org will be redirected to owncloud.site.org/cloud

The SSL session is established between the client and NGINX, between NGINX and cloud servers, the usual HTTP.
')
At this stage you can go to owncloud.site.org owncloud.site.org and should get to the invitation to enter the login-password of one of our cloud1 (2) servers.

After all the settings we get the cluster but:
When a user sets up his profile and performing actions with applications on the cloud-1 server, all this data is stored in the MySQL database of the cloud-1 server. The next time you log in, it will go to another cloud-2 cluster server where there are no actions or settings.
To eliminate this, it needs the synchronization of MySQL databases between the cloud-1 and cloud-2 servers. Moreover, the MySQL standard replication configuration is a master - slave, i.e. changes to master are replicated to slave but not vice versa. We need two equal master - master servers.

Option: it is possible to configure two or more clouds to work with one MySQL database on a separate database server, but in this case you need to keep another server only for MySQL databases, which complicates the scheme a little and if you introduce another cloud, you need to make a database backup and Recover after installation (so as not to wipe the data). Which way to go is your choice.

4. Configuring master-master mysql replication

On cloud1

 # vim /etc/mysql/my.cnf 

add lines

 [mysqld] #Replication log-bin=mysql-bin binlog_format=mixed server-id = 1 /*     */ slave-compressed = 1 binlog-do-db = cloud /*     */ #bind-address = 127.0.0.1 /*        */ 

On cloud2

 # vim /etc/mysql/my.cnf 

add lines

 [mysqld] #Replication log-bin=mysql-bin binlog_format=mixed server-id = 2 /*     */ slave-compressed = 1 binlog-do-db = cloud /*     */ #bind-address = 127.0.0.1 /*        */ 

We get the user to replicate on both servers.
On cloud1
repl2 user with access from IP 192.168.1.11 and password u_pass (must have rights to the cloud base and privileges SELECT, RELOAD, SUPER, REPLICATION SLAVE)

 mysql> grant replication slave on *.* to 'repl2'@192.168.1.12 identified by 'u_pass'; 

On cloud2
repl1 user with access from IP 192.168.1.12 and password u_pass (must have rights to the cloud base and privileges SELECT, RELOAD, SUPER, REPLICATION SLAVE)

 mysql> grant replication slave on *.* to 'repl2'@192.168.1.11 identified by 'u_pass'; 

Further we bring both bases in an identical state:
On cloud1

 mysql> FLUSH TABLES WITH READ LOCK; mysql> show master status; +------------------+----------+--------------+------------------+ | File | Position | Binlog_Do_DB | Binlog_Ignore_DB | +------------------+----------+--------------+------------------+ | mysql-bin.000009 | 107 | cloud | | +------------------+----------+--------------+------------------+ 1 row in set (0.00 sec) 

Making a dump of the cloud database

 #mysqldump -u root -p cloud > /home/user/cloud.sql mysql> UNLOCK TABLES; 

Copy to cloud-2

 $scp /home/user/cloud.sql user@192.168.1.12:/home/user/cloud.sql 

On cloud2
further we set up the slave;

 mysql> USE cloud; mysql> SOURCE /home/user/cloud.sql mysql> CHANGE MASTER TO MASTER_LOG_FILE='mysql-bin.000009'; mysql> CHANGE MASTER TO MASTER_LOG_POS=107; mysql> stop slave; mysql> CHANGE MASTER TO MASTER_HOST='192.168.5.11', MASTER_USER='repl2', MASTER_PASSWORD='u_pass'; 

 mysql> start slave; mysql> show slave status/G; 

There must be something like this:

On cloud1
Since the bases are now the same to do a dump and restore it is not necessary.
We need to configure cloud-1 as a slave to cloud-2

 mysql> USE cloud; mysql> stop slave; mysql> CHANGE MASTER TO MASTER_HOST='192.168.5.12', MASTER_USER='repl1', MASTER_PASSWORD='u_pass'; mysql> start slave; mysql> show slave status/G; 

The output should be similar to cloud-2.

The parameters ... must be YES on cloud-1 and cloud-2.
Slave_IO_Running: Yes
Slave_SQL_Running: Yes

At this stage there is a small problem , you can log in as a local user to the cloud-1 server and cloud-2 says that the password is not correct (or vice versa) :(. The reason is SALT :)
There is a file /var/www/owncloud/config/config.php in which there is a variable

 'passwordsalt' => '6d84a4d8cb3cf5439c05647ceb45682a', 

and each cloud server will have a different value. You need to copy this value from the server to which you can go and paste it where it is impossible.

To check, go to 192.168.1.11 and 192.168.1.12 under one user and create an event on the calendar server cloud-1 and on the cloud-2 it should appear automatically (F5).
We have at the exit:

• NGINX in frontend for dynamic load sharing
• Several servers in the backend to increase the speed of return with the influx of users

5. Customers

• For Linux, Windows and MacOC - free (minus - you can not specify several different folders for synchronization)
• For Android and iPhon / iPad - $ 0.99

Something like that :)

6. References

www.opennet.ru/tips/info/1205.shtml
www.mysql.ru/docs/man/Replication_HOWTO.html
habrahabr.ru/post/86496
google.com