Self-proclaimed genius, and ruler of the Internet. System admin the rest of the time

Over the last few days, I’ve been playing with Ruby on Rails again and came across Thin, a small, yet stable web server which will serve applications written in Ruby.

This is a small tutorial on how to get Nginx, Varnish, HAProxy working together with Thin (for dynamic pages) and Lighttpd (for static pages).

I decided to take this route as from reading in many places I found that separating static and dynamic content improves performance significantly.

Nginx

Nginx is a lightweight, high performance web server and reverse proxy. It can also be used as an email proxy, although this is not an area I have explored. I will be using Nginx as the front-end server for serving my rails applications.

I installed Nginx using the RHEL binary package available from EPEL.

Configuration of Nginx is very simple. I have kept it very simple, and made Nginx My current configuration file consists of the following:

user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] $request "$status" $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';

    sendfile on;
    tcp_nopush on;
    tcp_nodelay off;

    keepalive_timeout 5;

    # This section enables gzip compression.
    gzip on;
    gzip_comp_level 2;
    gzip_proxied any;
    gzip_types text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    # Here you can define the addresses on which varnish will listen. You can place multiple servers here, and nginx will load balance between them.
    upstream cache_servers {
      server localhost:6081 max_fails=3 fail_timeout=30s;
    }

    # This is the default virtual host.
    server {
        listen 80 default;
        access_log /var/log/nginx/access.log main;
        error_log /var/log/nginx/error.log;
        charset utf-8;

        # This is optional. It serves up a 1x1 blank gif image from RAM.
        location = /1x1.gif {
          empty_gif;
        }

        # This is the actual part which will proxy all connections to varnish.
        location / {
          proxy_pass http://cache_servers/;
          proxy_redirect http://cache_servers/ http://$host:$server_port/;

          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }
}

Varnish

Varnish is a high performance caching server. We can use Varnish to cache content which will not be changed often.

I installed Varnish using the RHEL binary package available from EPEL as well. Initially, I only needed to edit /etc/sysconfig/varnish, and configure the address on which varnish will listen on.

DAEMON_OPTS="-a localhost:6081 \
             -T localhost:6082 \
             -f /etc/varnish/default.vcl \
             -u varnish -g varnish \
             -s file,/var/lib/varnish/varnish_storage.bin,10G"

This will make varnish listen on port 6081 for normal HTTP traffic, and port 8082 for administration.

Next, you must edit /etc/varnish/default.vcl to actually cache data. My current configuration is as follows:

backend thin {
  .host = "127.0.0.1";
  .port = "8080";
}

backend lighttpd {
  .host = "127.0.0.1";
  .port = "8081";
}

sub vcl_recv {
    if (req.url ~ "^/static/") {
        set req.backend = lighttpd;
    } else {
        set req.backend = thin;
    }

    # Allow purging of cache using shift + reload
    if (req.http.Cache-Control ~ "no-cache") {
        purge_url(req.url);
    }

    # Unset any cookies and autorization data for static links and icons, and fetch from catch
    if (req.request == "GET" && req.url ~ "^/static/" || req.request == "GET" && req.url ~ "^/icons/") {
        unset req.http.cookie;
        unset req.http.Authorization;
        lookup;
    }

    # Look for images in the cache
    if (req.url ~ "\.(png|gif|jpg|ico|jpeg|swf|css|js)$") {
        unset req.http.cookie;
        lookup;
    }

    # Do not cache any POST'ed data
    if (req.request == "POST") {
        pass;
    }

    # Do not cache any non-standard requests
    if (req.request != "GET" && req.request != "HEAD" &&
        req.request != "PUT" && req.request != "POST" &&
        req.request != "TRACE" && req.request != "OPTIONS" &&
        req.request != "DELETE") {
        pass;
    }

    # Do not cache data which has an autorization header
    if (req.http.Authorization) {
        pass;
    }

    lookup;
}

sub vcl_fetch {
    # Remove cookies and cache static content for 12 hours
    if (req.request == "GET" && req.url ~ "^/static/" || req.request == "GET" && req.url ~ "^/icons/") {
        unset obj.http.Set-Cookie;
        set obj.ttl = 12h;
        deliver;
    }

    # Remove cookies and cache images for 12 hours
    if (req.url ~ "\.(png|gif|jpg|ico|jpeg|swf|css|js)$") {
        unset obj.http.set-cookie;
        set obj.ttl = 12h;
        deliver;
    }

    # Do not cache anything that does not return a value in the 200's
    if (obj.status >= 300) {
        pass;
    }

    # Do not cache content which varnish has marked uncachable
    if (!obj.cacheable) {
        pass;
    }

    # Do not cache content which has a cookie set
    if (obj.http.Set-Cookie) {
        pass;
    }

    # Do not cache content with cache control headers set
    if(obj.http.Pragma ~ "no-cache" || obj.http.Cache-Control ~ "no-cache" || obj.http.Cache-Control ~ "private") {
        pass;
    }

    if (obj.http.Cache-Control ~ "max-age") {
        unset obj.http.Set-Cookie;
        deliver;
    }

    pass;
}

HAProxy

HAProxy is a high performance TCP/HTTP load balancer. It can be used to load balance almost any type of TCP connection, although I have only used it with HTTP connections.

We will be using HAProxy to balance connections over multiple thin instances.

HAProxy is also available in EPEL. My HAProxy configuration is as follows:

global
  daemon
  log 127.0.0.1 local0
  maxconn 4096
  nbproc 1
  chroot /var/lib/haproxy
  user haproxy
  group haproxy

defaults
  mode http
  clitimeout 60000
  srvtimeout 30000
  timeout connect 4000

  option httpclose
  option abortonclose
  option httpchk
  option forwardfor

  balance roundrobin

  stats enable
  stats refresh 5s
  stats auth admin:123abc789xyz

listen thin 127.0.0.1:8080
  server thin 10.10.10.2:2010 weight 1 minconn 3 maxconn 6 check inter 20000
  server thin 10.10.10.2:2011 weight 1 minconn 3 maxconn 6 check inter 20000
  server thin 10.10.10.2:2012 weight 1 minconn 3 maxconn 6 check inter 20000
  server thin 10.10.10.2:2013 weight 1 minconn 3 maxconn 6 check inter 20000
  server thin 10.10.10.2:2014 weight 1 minconn 3 maxconn 6 check inter 20000
  server thin 10.10.10.2:2015 weight 1 minconn 3 maxconn 6 check inter 20000
  server thin 10.10.10.2:2016 weight 1 minconn 3 maxconn 6 check inter 20000
  server thin 10.10.10.2:2017 weight 1 minconn 3 maxconn 6 check inter 20000
  server thin 10.10.10.2:2018 weight 1 minconn 3 maxconn 6 check inter 20000
  server thin 10.10.10.2:2019 weight 1 minconn 3 maxconn 6 check inter 20000

Thin

My Thin server is actually run on a separate Gentoo box. I installed Thin using the package in Portage.

To configure Thin, I used the following command:

thin config -C /etc/thin/config-name.yml -c /srv/myapp --servers 10 -e production -p 2010

This configures thin to start 10 servers, listening on port 2010 to 2019. If you want an init script for Thin, so you can start it at boot, run

thin init

This is will create the init script, and you can set it to start up at boot using the normal method (rc-update add thin default or chkconfig thin on).

You should now be able to access your rails app through http://nginx.servers.ip.address

Next, we must configure the static webserver.

Lighttpd

I decided to go with Lighttpd as it is a fast, stable and lightweight webserver which will do the job perfectly with little configuration.

You could also use nginx as the static server instead of using lighttpd, but I decided to separate it.

I decided to use the package from EPEL for Lighttpd, and found that most of the default configuration was as I wanted it to be. The only thing I needed to change was the port and address the server was listening on:

server.port = 8081
server.bind = "127.0.0.1"

And thats pretty much it! Now you just have to dump any static content into /var/www/lighttpd/ (the default location that the Lighttpd package in EPEL is configured to use) and reference any static links using “/static/document_path_of_file”, for example if I put an image into /var/www/lighttpd/images/ called “bg.png”, I can access it using http://servers_hostname/static/images/bg.png.

I have not really done any performance tests onto how well this works, and there are probably many things which I could have done better. This is the first time I made any attempt HTTP performance tuning, and so I am always looking for feedback or tips on how to make this better, so please do contact me if you have any suggestions!

A few months ago, I bought a Western Digital 1TB Hard Drive (http://www.wdc.com/en/products/products.asp?DriveID=336) for my server.

Since every WD drive I have bought in the past has served me very well, I assumed this drive would do the same…. but VERY annoyingly, I just got an email from smartmon tools telling me that there are an increasing number of bad sectors on the drive!

eBuyer has agreed to replace the drive since it is still under warrenty, but the problem is that I have the drive in an LVM volume group, so backing up the data is a little difficult.

It would be easy if I had another 1TB Hard Drive to add to the volume group, the pvmove all the data off the broken one, but I do not have a spare 1TB drive, and eBuyer (naturally), didn’t agree to sending me the new drive before I give the old drive back to them.

I also have 1TB Seagate drive in the volume group, which is performing very well, so very reluctantly, I might just ask eBuyer if they would let me switch it for a Seagate one.

Oh well, I guess for now, my only option would be to buy another 1TB drive, move all the data onto that drive, remove the old drive from the VG, get it replaced, then if I feel brave enough, add the new one to the VG. I’ll have quite a large volume group if I do that (3TB!).

Speaking of which, if anyone has any tips for boosting LVM performance when using large volume groups, please tell me!

Last week my phone contract ended, so I decided to upgrade to an iPhone 3G.

Till now, my main two phones have been the SE P910i and K800i, both of which have served me very very well for what I was using them for. There are a few reasons I decided to switch over to an iPhone. Firstly, I was originally using my K800i with a 2GB M2 memory stick as my MP3 player. As I soon noticed, 2GB isn’t really enough sometimes. I think the iPhone’s 16GB worth of space will give much more freedom. Also, I usually use my PSP to watch movies/TV shows when ever I go on the train or bus. I really like using the PSP for that purpose, the screen size is not bad, and the quality is pretty good too. BUT, then I have to carry around 2 phones and a PSP which can be quite irritating. So considering the size of the iPhone screen isn’t much smaller than the PSPs, it would be a perfect replacement to watch videos on, and have only 1 gadget to carry around. Thirdly, I often use my P910i to go on IRC or MSN from places where I can’t access a computer (Grandmothers house etc). I really liked using my P910i for this purpose, it was easy to type on and the application I use on it for MSN/Jabber/Yahoo is quite nice too (IM+). But from what I have seen, iPhone alternatives are just as good, or even better and have less bugs (afaik, IM+ for UIQ2 phones is no longer developed ).

In “preperation” for my iPhone getting delivered tomorrow, I decided to actually “try” out iTunes. After 3 hours of playing with it, I can say this much: I hate it .

The main reason for this is that I cannot make it “watch” a folder. All of my music is stored on my server, where my brothers dump music too. Quite often my brothers have put music there without me knowing, and so a “folder watch” feature would be very nice in iTunes. On Linux, I use MPD as my music player. I have a crontab script which makes MPD update its database every hour, so if there is anything new on my server, it will automatically be added to my library. After some googling I found iTunes Library Updater (http://itlu.ownz.ch/wordpress/) which works I guess but it still requires quite a bit of user interaction.

After Googling a bit more, I got the impression that even in Mac OS X I would have this problem which got me thinking: I would feel quite uncomfortable in OS X, just as I do in Windows.

I never really thought about it before but most of what I do on Linux, I do through the command line (Which is why I wanted a Mac for so long I guess). I find the command line much more efficiant than using a GUI, and imo Mac OS X is most popular due to its idiot-proof GUIs etc. Now that I think about it, when I first go on any machine, I open some sort of terminal. On Windows, I fire up Putty before anything else and on Linux Gnome Terminal is on my auto-startup apps list.

I accept that Linux does have a lot of things missing, but I think that OS X and Windows both have just as many things missing from them, and so far I think Linux is fixing these missing things faster than Apple or Microsoft are. (I guess thats mainly because most of these “issues” with OS X and Windows don’t effect the everyday user, but do effect Geeks!).

I was originally intending on listing reasons why I think I wouldn’t feel comfortable in OS X, but that will come another day (after I have actually tried out OS X).

A lot of you know I’ve wanted a Mac for AGES, but I can now say that I’m not sure if I really want to switch to OS X… of course I will try it out, who knows, I might be wrong!

Now to find an easy way to put music/videos onto the iPhone from Linux….