Linux Infrastructure Architecture Overview for Small-Medium Websites

Components of a Small-Medium Scale Website Architecture

  1. Customers/Users

Visitors accessing the website

  1. Security Guard - Firewall (firewalld)

Implements access control policies

  1. Receptionist - Load Balancer (nginx)

Schedules and distributes incoming user requests

  1. Waiter - Web Server (nginx)

Processes user requests

  1. Chef - Database Server (MySQL)

Stores structured data (e.g., product info, order details, addresses, timestamps)

  1. Chef - Storage Server (NFS)

Stores images, audio, video, attachments, and other binary data

  1. Chef - Backup Server (rsync+crond for scheduled backups, rsync+sersync for real-time backups)

Maintains critical data backups across all servers

  1. Chef - Cache Server (memcached, Redis, MongoDB)

a) Stores data in memory for fast retrieval b) Reduces load on backend servers

  1. Manager - Batch Management Server (Ansible)

Manages multiple server hosts simultaneously

Deploying the Website Architecture

  1. Addressing Single Points of Failure

Load Balancer: High availability via Keepalived Database: High availability via MHA Storage: High availability via Keepalived or distributed storage solutions Backup Services: Implement a comprehensive backup strategy

Interview Question: How does your company handle data backups?

  1. Use open-source tools for data backup - rsync (free)
  2. Use enterprise cloud storage - Qiniu Cloud Storage
  3. Build self-managed backup infrastructure - two locations with three data centers

Cache Services: High availability via cache clustering or sentinel mode

  1. Enabling Remote Access for Internal Staff

Deploy VPN server - PPTP or L2TP VPN

  1. Auditing Staff Operations on Infrastructure Servers

Deploy jump server - JumpServer

  1. Setting Up Alerting for Server Issues

Deploy monitoring server - Zabbix

Infrastructure Planning

Hostname and IP Address Assignment

01. Firewall Server      firewalld     10.0.0.81 (public)    172.16.1.81 (private)    Software: firewalld
02. Load Balancer        lb01          10.0.0.5              172.16.1.5               Software: nginx, keepalived
03. Load Balancer        lb02          10.0.0.6              172.16.1.6               Software: nginx, keepalived
04. Web Server           web01         10.0.0.7              172.16.1.7               Software: nginx
05. Web Server           web02         10.0.0.8              172.16.1.8               Software: nginx
06. Web Server           web03         10.0.0.9              172.16.1.9               Software: nginx
07. Database Server      db01          10.0.0.51             172.16.1.51              Software: mysql/mariadb
08. Storage Server       nfs01         10.0.0.31             172.16.1.31              Software: nfs
09. Backup Server        backup        10.0.0.41             172.16.1.41              Software: rsync
10. Management Server    m01           10.0.0.61             172.16.1.61              Software: ansible
11. Jump Server          jumpserver    10.0.0.71             172.16.1.71              Software: jumpserver
12. Monitoring Server    zabbix        10.0.0.72             172.16.1.72              Software: zabbix
Cache Server: Optional component

Optimizing the Template Machine Configuration

Network Configuration

(1) Add network adapter

(2) Configure the network interface

vim /etc/sysconfig/network-scripts/ifcfg-eth1
# or use the interactive tool
nmtui

Restart network services

systemctl restart network

(3) Verify network configuration

ping external addresses to check connectivity

System Optimization Process

(1) Template machine optimization - hosts file configuration

Backup the hosts configuration file

cp /etc/hosts{,.backup}

Configure hostnames

cat >/etc/hosts<<EOF
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5      lb01
172.16.1.6      lb02
172.16.1.7      web01
172.16.1.8      web02
172.16.1.9      web03
172.16.1.51     db01 db01.etiantian.org
172.16.1.31     nfs01
172.16.1.41     backup
172.16.1.61     m01
EOF

Template machine optimization - updating yum repositories

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup &&\
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum install -y wget  
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

Template machine optimization - disabling SELinux

sed -i.bak 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
grep SELINUX=disabled /etc/selinux/config 
setenforce 0
getenforce

Template machine optimization - disabling firewall

systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld

Template machine optimization - granting sudo privileges (optional)

useradd deployuser
echo 123456|passwd --stdin deployuser
\cp /etc/sudoers /etc/sudoers.orig
echo "deployuser  ALL=(ALL) NOPASSWD: ALL " >>/etc/sudoers
tail -1 /etc/sudoers
visudo -c

Template machine optimization - setting English locale

localectl set-locale LANG="en_US.UTF-8"

Template machine optimization - time synchronization

yum install -y ntpdate
echo '#time sync by admin at 2024-01-01' >>/var/spool/cron/root
echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1' >>/var/spool/cron/root
crontab -l

Template machine optimization - increasing file descriptor limits (default: 1024)

Explanation:

When a service runs, it opens corresponding files For example, the crond service opens configuration files in /var/spool/cron/root and log files in /var/log/cron

ulimit -a


yum install -y lsof
lsof -i:22

Increase file descriptor limits

echo '*               -       nofile          65536' >>/etc/security/limits.conf 
tail -1 /etc/security/limits.conf

Template machine optimization - installing additional utilities

yum install lrzsz nmap tree dos2unix nc telnet wget lsof ntpdate bash-completion bash-completion-extras -y

Template machine optimization - SSH connection speed tuning

# SSH connection speed optimization          
sed -i.bak 's@#UseDNS yes@UseDNS no@g;s@^GSSAPIAuthentication yes@GSSAPIAuthentication no@g' /etc/ssh/sshd_config
systemctl restart sshd

Performing Template Machine Cloning

  1. Create snapshot of template machine
  2. Clone virtual machines

Linked Clone (suitable for lab environments) Advantages:

a) Conserves physical host resources b) Fast cloning process

Disadvantages:

a) Deleting the template invalidates linked clones

Full Clone (suitable for production) Advantages:

a) Template deletion does not affect cloned machines

Disadvantages:

a) Consumes more physical host resources b) Slower cloning process

Backup Server Configuraton

hostnamectl set-hostname backup
sed -i 's#200#41#g' /etc/sysconfig/network-scripts/ifcfg-eth[01]
grep 41 /etc/sysconfig/network-scripts/ifcfg-eth[01]
sed -i '/UUID/d' /etc/sysconfig/network-scripts/ifcfg-eth[01]
grep UUID /etc/sysconfig/network-scripts/ifcfg-eth[01]
systemctl restart network

Storage Server Configuration

hostnamectl set-hostname nfs01
sed -i 's#200#31#g' /etc/sysconfig/network-scripts/ifcfg-eth[01]
grep 31 /etc/sysconfig/network-scripts/ifcfg-eth[01]
sed -i '/UUID/d' /etc/sysconfig/network-scripts/ifcfg-eth[01]
grep UUID /etc/sysconfig/network-scripts/ifcfg-eth[01]
systemctl restart network

Tags: Linux infrastructure nginx load-balancing Keepalived

Posted on Wed, 24 Jun 2026 16:36:56 +0000 by nmohamm

Hot Tags

©2026 Freaks City