Doc::2015 Hosting Upgrade
Goal
The goal of the 2015 hosting upgrade is to combine the various CS web hosting options into a single hosting cluster. This will make the hosting environment more consistent, easier to maintain, able to handle more load, and more scalable.
Current Environment
Currently, CS web hosting is split among various virtual servers based on function to provide quasi load balancing.
- webcore.cs.vt.edu
- Hosts www.cs.vt.edu, admin.cs.vt.edu, and various internal web sites
- research.cs.vt.edu
- Hosts research related websites
- courses.cs.vt.edu
- Hosts course related websites
- people.cs.vt.edu
- Hosts personal websites
- hosting.cs.vt.edu
- Hosts all other CS websites
Each server is configured similarly, but each functions separately. Many have their own local database server running as well. Each server has it's own local storage used for hosting the pages and needs to be exported separately for user access.
Upgraded Environment
The new environment will consist of a number of load balancers splitting the incoming connections among a number of hosting nodes. All sites will be handled by this one system. This allows spikes in load to be split among the various nodes, and allows for easier expansion. Multiple load balancers are used to split the network load and provide redundancy in case of failure. All hosting nodes will be configured exactly the same and work together. The websites will be stored on our NAS device to allow all nodes to share access. SSL overhead will be handled by the load balancers. A clustered multi-master database server will also run on all the hosting nodes.
Important Changes
Moving to a clustered environment involves certain challenges. To overcome these challenges some changes and limitations will have to be made. This is a list of the expected changes involved.
- OS is going from CentOS 6 to CentOS 7
- apache version will be going from 2.2 to 2.4
- PHP version will be going from 5.3 to 5.4
- All sites will be automatically forwarded to SSL encryption by default. Exceptions may be possible if encryption is not wanted for some reason.
- Some standard ways of redirecting to SSL may not work with the SSL offloading resulting in a loop. Redirecting will longer be necessary since SSL will be the default
- The NAS device does not support ACLs, so ACLs will no longer be supported on /web directories.