nginx plus on aws
Post on 25-Jan-2015
416 Views
Preview:
DESCRIPTION
TRANSCRIPT
NGINX Plus on AWS
Scott Ward— Solutions Architectscotward@amazon.com
NGINX on AWS
NGINX – Usage on AWS and best practices
Who is AWS?
© 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
A broad and deep platform that helps customers
build sophisticated, scalable applications© 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
A Culture of Innovation: Experiment Often & Fail Without Risk
Who is using AWS and what are they using it for?
Startups on AWS
http://aws.amazon.com/solutions/case-studies/
Enterprises on AWS
http://aws.amazon.com/solutions/case-studies/
Infrastructure
Foundation Services
Regions Availability Zones
Storage(Object, Block and Archive)
NetworkingSecurity & Access Control
Platform Services
Databases
Relational
NoSQL
Caching
Analytics
Hadoop
Real-time
Data warehouse
App Services
Queuing
Orchestration
App streaming
Transcoding
Search
Deployment & Management
Containers
Dev/ops Tools
Resource Templates
Mobile Services
Identity
Sync
Mobile Analytics
Notifications
EnterpriseApplications
Virtual Desktops
Data Workflows
Usage Tracking
Monitoring and Logs
Compute(VMs, Auto-scaling and Load Balancing)
CDN and Points of Presence
Collaboration and Sharing
10 regions26 availability zones52 edge locations
Infrastructure
AWS Services Overview
Amazon EC2 – Virtual Servers & resizable compute capacity
Auto Scaling – Scale compute resources up and down
Elastic Load Balancing – Load balancer for compute in-stances
Amazon Elastic Block Storage (EBS) – Block storage for EC2
AWS Service Overview
AWS Identity and Access Management – AWS Account Access Controls
Amazon Route 53 – Scalable Domain Name System
Amazon CloudWatch – Resource and Application Monitoring
NGINX on AWS
NGINX
Who is using NGINX on AWS• Startups, Enterprises, Government Agencies• Example: NASA/JPL Mars Curiosity Mission
NGINX – NASA/JPL
Where NGINX fits
Installing NGINX Plus on AWS
• Launch from AWS Marketplacehttp://aws.amazon.com/marketplace
• Search on “NGINX Plus”– Amazon Linux– Ubuntu
• 30 Day Free Trial !!
• Launch and Verify– $ /etc/init.d/nginx status
NGINX - Security RecommendationsUse SSH for accessing your hosts
Security Groups to control inbound/outbound traffic
Connection Method
Protocol Port Range Source IP or Group Comments
HTTP tcp 80-80 CIDR IP Range non-encrypted web traffic
HTTPS tcp 443-443 CIDR IP Range encrypted web traffic
SSH tcp 22-22 CIDR IP Range ssh access
SSH tcp 873-873 CIDR IP Range rsync access
SSH udp 5405-5405 CIDR IP Range corosync traffic
Control access here
Load BalancingBehind ELB
region
Route53 hosted zone
Elastic Load Balancer
Web App 1
NGINX Plus EC2 instances
Web App 2 Web App 3
Load BalancingDIY
region
Web App 1
NGINX Plus AMI
Web App 2 Web App 3
Elastic IP
Load BalancingDIY Considerations – Being Auto Scaling Aware
Command Line Option
describe-auto-scaling-instances
describe-instances
Update NGINX configuration
Load BalancingDIY Considerations – Being Auto Scaling Aware
SQS and SNS for notifications
Auto Scaling group
Current State
NGINX
Amazon SQS
Auto Scaling group
Scale up
NGINX
Scale down
Amazon SNS
Amazon SQS
Auto Scaling group
NGINX
Performance
EC2 instance Sizing• Workloads vary
– Start small and move up
Testing Steady State
Initial Launch
T2 class M3 General Purpose Bigger Moreor
Auto Scaling group
EC2EC2
EC2EC2
EC2
EC2
EC2
G2
GPUenabled
M3
General purpose
Memoryoptimized
R3
CR1M2
Storage and IOoptimized
C3
Computeoptimized
CC2C1
I2
HI1
HS1
CG1M1
Broad Set of Compute Instance Types…
© 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
PerformanceTraffic profiles
• SSL termination = CPU resources• Lots of small requests = CPU resources• Web Socket = CPU resources• Content Caching = Memory & Instance
Storage• Bandwidth Heavy = Horizontal scaling
Performance Planning
• Determine the right instance profile• Test, Test, Test, Test & Test• Run expected and un-expected traffic
patterns against your environment• Analyze results and tweak where needed
– Throw away what does not work• Monitor
Performance Baselines
Performance testing tools
– ab– jmeter– http_load– siege– curl-loader
– weighttp– httperf– wrk– sslswamp– your favorite tool
Performance Baseline Approaches
Different In-stance
Different Availability Zone
Different Re-gion
NGINXTest
Instance
region
Availability Zone
Availability Zone
NGINX Test Instance
region
Availability Zone
region
Availability Zone
NGINX Test Instance
High Availability – General Recommendations
region
Availability Zone 2
Availability Zone 1
EC2 EC2
region
Availability Zone 1
EC2 EC2
Auto Scaling group
Availability Zone 2
EC2 EC2
Auto Scaling group
Use multiple AZs in a re-gion
Auto Scaling to help with load changes
NGINX High Availability Configuration
• Highly available pair of NGINX instances on EC2 with a public IP Address
• Active/Passive Configuration• Corosync and Pacemaker for clustering
NGINX High Availability Configuration
Corosync/Pacemaker
NGINX EC2 Primary
NGINX EC2 Standby
Elastic IP Address
NGINX High Availability Configuration
Install and config steps• Allocate an Elastic IP address• Create IAM Instance Profile
– Assign Elastic IP
– Disassociate Elastic IP
– EC2 Describe
• Launch instances with IAM Instance Profile• Install NGINX HA
– $sudo yum install nginx-ha
– $sudo apt-get install nginx-ha
• Start NGINX HA config on both instances– $ sudo nginx-ha-setup
• Answer questions on both instances• Pick a primary• Done!!!
Configuration Verification===========
Last updated: Wed Mar 19 02:46:49 2014
Last change: Wed Mar 19 02:46:42 2014 via cibadmin on nginxha101
Stack: openais
Current DC: nginxha101 – partition with quorum
Version: 1.1.6-9971ebba4494012a93c03b40a2c58ec0eb60f50c
2 Nodes configured, 2 expected votes
2 Resources configured.
============
Node nginxha100: online
ha-ip (ocf::heartbeat:IPaddr2) Started
ha-nginx (ocf::nginx-ha:nginx-ha) Started
Node nginxha101: online
NGINX High Availability Architecture OptionsSame Region
region
Web App 1
Web App 2
Web App 3
Elastic IP
Availability Zone 1
Primary NGINX HA Instance
Availability Zone 2
Failover NGINX HA Instance
Web App 1
Web App 2
Web App 3
NGINX High Availability Architecture OptionsDifferent Regions
Region 1
Elastic IP
Failover NGINX HA Instance
Web App 1Web App 2 Web App 3
Availability Zone 2
Primary NGINX HA Instance
Web App 1Web App 2 Web App 3
Availability Zone 1
Elastic IP
Failover NGINX HA Instance
Web App 1Web App 2 Web App 3
Availability Zone 2
Primary NGINX HA Instance
Web App 1Web App 2 Web App 3
Availability Zone 1
Region 2
Amazon Route53 hosted zone
NGINX High Availability Configuration Additional Considerations
• Make sure that both NGINX instances are configured the same for their jobs
• You get Active/Passive with two instances in cluster– Active/Active or more than two instances? Corosync and
Pacemaker documentation
Monitoring
Know what is going on with your environment at all times
Amazon CloudWatch
Default Amazon EC2 metrics
CPU Utilization (Percent)
Disk Reads (Bytes)
Disk Read Operations (Operations)
Disk Writes (Bytes)
Disk Write Operations (Operations)
Network In (Bytes)
Network Out (Bytes)
Status Check Failed (Count)
1 or 5 minute intervals
NGINX Metrics into Amazon CloudWatchstatus.html CloudWatch
Install Agent$ sudo yum install nginx-cw-agent$ sudo apt-get install nginx-cw-agent
NGINX Metrics into Amazon CloudWatchstatus.html CloudWatch
Update Configuration $ /etc/nginx-cw-agent/nginx-cw-agent.ini
[source1]name=exampleorgurl=http://example.org/status [source2]name=examplecomurl=http://example.com/statushttp_user=testuserhttp_pass=testpass
NGINX Metrics into Amazon CloudWatchstatus.html CloudWatch
Start Background AgentTest - $ /usr/bin/nginx-cw-agent.py –f startAll in - $ sudo service nginx-cw-agent start
View Metrics
NGINX with Amazon CloudWatch Logs
• Consolidate metrics and alarming for log files from 1 or many instances
• Define filters to parse content from your log files• Measure and alarm on specific attributes• Define retention period for your log files
EC2
CloudWatch
NGINX with Amazon CloudWatch Logs
Filter
Alarm
NGINX with Amazon CloudWatch Logs
EC2
EC2EC2
EC2 EC2
EC2
Capture logs from multiple instances in one place
CloudWatch
Backup Strategy - Options
Protect your configuration• Create an AMI with each new verified config• Snapshot the root volume• Store config files in Amazon S3 or source
repository – Deploy via user-data when new Amazon EC2
instance launches
• Continuous integration software to build new AMIs with your NGINX configuration
Scott Ward— Solutions Architect
AWS Pop-Up Loft925 Market Street
http://aws.amazon.com/start-ups/loft/
Than
k Yo
u!
© 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
scotward@amazon.com
top related