CloudFileStorage on a Debian Linux, with DFS storage.
CloudFileStorage on a Debian Linux, with DFS storage.
Install new bare Debian system. Bussleye(11.x) or older version is acceptable, not newer.
You will need at least 3 or more servers.
Make separated disk partition for a datastore, and mount it to /var/STOR01
Install required packages and all dependencies.
Код: Выделить всё
apt-get install apache2 apachetop bsdmainutils default-mysql-server dnsutils php7.4 php7.4-curl php7.4-gd php7.4-mysql php7.4-zip psmisc rsync socat uptimed libapache2-mod-php7.4 libapache2-mod-upload-progress php7.4-common openssl php7.4-xml php7.4-bz2 bsdmainutils dnsutils uptimed aptitude net-tools mc screen php7.4-mbstring php7.4-intl sudo redis php7.4-redis glusterfs-server tcpdump htop iotop ioping atop iftopSetting up GlasterFS.
Make directories for gluster's brick on each server:
Код: Выделить всё
mkdir -p /var/STOR01/DFS_brick_dataStart GlusterD:
Код: Выделить всё
systemctl start glusterdYou must make more then two gluster members, to avoid DFS split-brain.
On the Main Member:
make connections
Код: Выделить всё
gluster peer probe 10.100.100.1
gluster peer probe 10.100.100.2
gluster peer probe 10.100.100.3check peers status
Код: Выделить всё
gluster peer statuscreate a volume
Код: Выделить всё
gluster volume create fs-vol replica 3 10.100.100.1:/var/STOR01/DFS_brick_data 10.100.100.2:/var/STOR01/DFS_brick_data 10.100.100.3:/var/STOR01/DFS_brick_datastart the volume
Код: Выделить всё
gluster volume start fs-volcheck the volume status
Код: Выделить всё
gluster volume statusOn the Other Members:
check peers status
Код: Выделить всё
gluster peer statuscheck the volume status
Код: Выделить всё
gluster volume statusOn the each member:
Add mount point for gluster volume to /etc/fstab
Код: Выделить всё
localhost:/fs-vol /var/STOR01/FS_DATA glusterfs defaults,_netdev 0 0and mount it
Код: Выделить всё
mount -aYou should use the same path on the each server.
OPTIONAL: you should use DFS for the "data" directory only. You can make DFS for the www-data dir either, however there is a cons - low web-server HTTP requests latensy.
Setting up the SQL server and Galera.
On the each server:
add some options to galera.cnf and server.cnf
Код: Выделить всё
#/etc/mysql/mariadb.conf.d/50-server.cnf
performance_schema = ON
general_log_file = /var/log/mysql/mysql.log
general_log = 1
log_error = /var/log/mysql/error.log
server-id = 1200
log_bin = /var/log/mysql/mysql-bin.log
expire_logs_days = 10
max_binlog_size = 1000MКод: Выделить всё
#/etc/mysql/mariadb.conf.d/60-galera.cnf
wsrep_provider = /usr/lib/galera/libgalera_smm.so
wsrep_on = ON
wsrep_cluster_name = "maria_db_cluster"
wsrep_node_name = maria_db_a
wsrep_node_address = 10.100.100.1
wsrep_cluster_address = gcomm://10.100.100.1,10.100.100.2,10.100.100.3
binlog_format = row
innodb_autoinc_lock_mode = 2
bind-address = 0.0.0.0Код: Выделить всё
systemctl stop mysqlOn the Main Node:
Код: Выделить всё
galera_new_clusterOn the each node:
Код: Выделить всё
systemctl start mysqlCheck cluster status:
Код: Выделить всё
mysql -u root
SHOW STATUS;If Maria cluster is good, set root password and create new database on the Main Node, and check it on another.
Код: Выделить всё
mysqladmin -u root password
NEW-DBКод: Выделить всё
CHECK DBSetting up Redis.
Код: Выделить всё
gpasswd -a www-data redisSet some options in /etc/redis/redis.conf
Код: Выделить всё
unixsocket /var/run/redis/redis-server.sock
unixsocketperm 770
supervised systemd
pidfile /var/run/redis/redis-server.pid
save 900 1
save 300 10
save 60 10000Код: Выделить всё
systemctl restart redisSetting up Apache web server and vhost.
Код: Выделить всё
a2enmod ssl headers socache_shmcb rewriteadd options to /etc/apache2/conf-available/security.conf
Код: Выделить всё
<IfModule mod_ssl.c>
<IfModule mod_socache_shmcb.c>
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
</IfModule>
</IfModule>make new vhost
Код: Выделить всё
<VirtualHost fs.dom.loc:80>
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost fs.dom.loc:443>
ServerAdmin xxx@xxx.xx
DocumentRoot /var/www/https/owncloud
ErrorLog ${APACHE_LOG_DIR}/s_fs_error.log
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog ${APACHE_LOG_DIR}/s_fs_access.log combined env=!forwarded
CustomLog ${APACHE_LOG_DIR}/s_fs_prxd_access.log proxy env=forwarded
SSLEngine on
Protocols h2 http/1.1
SSLCertificateFile /etc/ssl/certs/fs_cert.pem
SSLCertificateKeyFile /etc/ssl/private/fs_key.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
SSLHonorCipherOrder off
SSLSessionTickets off
<IfModule mod_socache_shmcb.c>
SSLUseStapling On
</IfModule>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
</VirtualHost>
</IfModule>Код: Выделить всё
systemctl restart apache2Deploy owncloud package.
Download https://owncloud.com/download-server/ and unzip package to the www-root dir.
Go to the URL https://your-own-cloud.com
Follow the installation steps (set unusual data directory, or move it later with rsync -a /var/www/https/owncloud/data/ /var/STOR01/FS_DATA/oc_data/)
add option to /etc/crontab
Код: Выделить всё
*/15 * * * * www-data /usr/bin/php -f /var/www/https/owncloud/occ system:cronSet some owncloud options.