High availability

On the cheap

This page is hosted on an Amazon’s Elastic Cloud Compute EC2.  The instance is a small, but fixed slice of an Amazon server running a Virtual Machine described below.

The operating system is Linux.  Securely connecting to the machine allows me to install Apache as a web server, MySQL as a database and WordPress as a content management system.  There publicly available images with these pre-installed but I prefer to build my own.  Instructions here.

If you are unfamiliar with these technologies, check them out just at a high level.  Operating system is the computer’s basic functionality.  A web server receives and directs web traffic.  A database reads and writes information to be stored and accessed.  A content management system basically allows people to easily manage a blog.

The EC2 instance is a small carveout of much larger machines that has been provisioned for my limited use.  Think of it like renting a room in your house.  Because my needs are so small, it only costs $3 a month .  The compute power and storage is all we pay for, the software we use is all open source, free to use.  All data stored on EC2 is ecrypted at rest.  That means if some bad actor were to get to to the server, they would have a hard time accessing data.

So we have a website.

Let’s take a look at the structure on Amazon Web Services

The url or web address is going to be some sequence of digits in form of IP Address that is famously unmarketable.: or what have you.

To get something clever and memorable like artefakt.es we utilize AWS Route 53, Amazon’s own Domain Name Service.  This allows us to register a domain name.  This is a one time fee of $10 or so.

We want traffic on this site to be secure, even though we encrypt our data.  The most popular choice here is to use SSL.  In order to do this we need to get an SSL certificate from a certified certificate manager.  Luckily AWS has ACM, which as it so happens will provide us with an SSL certificate for free!

After the page hosts your EC2 instance as the registered domain you can set up AWS CloudFront.   Typically we use CloudFront as a content delivery system.  This means that AWS hosts your files that are often accessed, say a popular picture or movie, and stores them at small access points all over the world.  We do not use CloudFront that way.  We use it only for it’s ability to seamlessly integrate with AWS Certificate Manager.  Cloudfront uses a reverse proxy to connect to the server.

We now have a page that is fully protected.  There a few tweaks you can make to your setup to be HSTS eligible.  You can get info and check your site here .  This means your site is hardcoded into Chrome as being HTTPS only.  This will enhance your search optimization and generally make things safer.

Everything is going great!  The site is nice and cheap.  Route53 and Cloudfront start charging around tens of thousands of page visits, a good problem to have.  We essentially only for pay for EC2.

Then one day a web crawler comes along and blows up your tiny cheap server.  We want to create a highly available site.  That means that if our server fails, users don’t know a difference.  AWS excels at this… but it can be expense.  Load balances, fleets of EC2 instances, databases with multiple availabilty zones; all very expensive.

How about a FA approach (Fairly Available).  For this I use AWS CloudWatch.  I have a healthcheck, looking for a value in a test page on the site.  This check is run every 60 seconds.  There is a CloudWatch alarm set up to look for two consecutive failures.  This kicks off a CloudWatch Event, triggering AWS Lambda.  Lambda has a few lines of Python using the boto3 library, all it does is reboot the server.  This resolves 90% of issues, all within 90 seconds, which is basically our total expected downtime.  That is slick for a small blog.  I have SNS send me a notification that the site was broken and is fine now.

Lambda also stores copies of the DB daily, so if something big happened, we would only lose a day of new data.

Leave a Reply

Your email address will not be published. Required fields are marked *