Installing a Web, Email & MySQL Database Cluster on Debian 8.4 Jessie with ISPConfig 3.1

This tutorial describes the installation of a clustered web, email, database and DNS server to be used for redundancy, high availability and load balancing on Debian 8 with the ISPConfig 3 control panel. MySQL Master/Master replication will be used to replicate the MySQL client databases between the servers, Unison will be used to Sync the /var/www (websites) and the Mails will be synced with Dovecot.

 

1 General note

In this setup, there will be one master server (which runs the ISPConfig control panel interface) and one slave server which mirrors the web (apache), email (postfix and dovecot), dns (bind) and database (MySQL or MariaDB) services of the master server.

To install the clustered setup, we need two servers with a Debian 8.4 minimal install and the same ISPConfig version.

In my example I use the following hostnames and IP addresses for the two servers:

Master Server

Hostname: server1.example.tld
IP-Address: 192.168.0.105
IPv6-Address: 2001:db8::1

Slave server

Hostname: server2.example.tld
IP-Address: 192.168.0.106
IPv6-Address: 2001:db8::2

Wherever these hostnames or IP addresses occur in the next installation steps you will have to change them to match the IP's and hostnames of your servers.

All commands must be run as the root user. If you need to make changes in MySQL login into MySQL with the root-password for MySQL:

mysql -u root -p

2 Install the Master Server

First we need to install ISPConfig on the Master-Server. If you have already installed ISPConfig on this Server, you can skip the installation (ensure, that the existing installation is up-to-date).

Install ISPConfig on the Master-Server according to The Perfect Server - Debian 8.4 Jessie (Apache2, BIND, Dovecot, ISPConfig 3.1).

Add the Slave Server to the /etc/hosts file

vi /etc/hosts

so it looks like:

127.0.0.1       localhost
192.168.0.105   server1.example.tld server1
2001:db8::1     server1.example.tld server1
192.168.0.106   server2.example.tld
2001:db8::2     server2.example.tld

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

3 Prepare the Slave Server

Run steps 1 - 19 from The Perfect Server - Debian 8.4 Jessie (Apache2, BIND, Dovecot, ISPConfig 3.1).

Do not install ISPConfig on server2 yet.

Add the Master Server to the /etc/hosts file

vi /etc/hosts

so it looks like:

127.0.0.1       localhost
192.168.0.105   server1.example.tld
2001:db8::1     server1.example.tld
192.168.0.106   server2.example.tld server2
2001:db8::2     server2.example.tld server2

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

4 Keyless Login from Server1 to Server2

On server2:

We allow temporarily the root-login into server2 with a password. Open /etc/sshd_config:

vi /etc/ssh/sshd_config

and change

PermitRootLogin without-password

to

PermitRootLogin yes

afterwards, restart the ssh-daemon:

service ssh restart

On server1:

Create a private/public key pair:

ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): <-- ENTER
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): <-- ENTER
Enter same passphrase again: <-- ENTER
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
f3:d0:62:a7:24:6f:f0:1e:d1:64:a9:9f:12:6c:98:5a [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|           .     |
|          +      |
|       + *       |
|      E S +      |
|     o O @ .     |
|    .   B +      |
|       o o       |
|        .        |
+-----------------+

It is important that you do not enter a passphrase otherwise the mirroring will not work without human interaction so simply hit ENTER!

Next, we copy our public key to server2.example.tld:

ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
The authenticity of host '192.168.0.106 (192.168.0.106)' can't be established.
ECDSA key fingerprint is 25:d8:7a:ee:c2:4b:1d:92:a7:3d:16:26:95:56:62:4e.
Are you sure you want to continue connecting (yes/no)? <-- yes (you will see this only if this is the first time you connect to server2) 
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: <- enter root password from server2

Now try logging into the machine:

ssh [email protected]

And check /root/.ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.

cat /root/.ssh/authorized_keys
ssh-dss AAAAB3NzaC1kc3MAAACBAPhiAexgEBexnw0rFG8lXwAuIsca/V+lhmv5lhF3BqUfAbL7e2sWlQlGhxZ8I2UnzZK8Ypffq6Ks+lp46yOs7MMXLqb7JBP9gkgqxyEWqOoUSt5hTE9ghupcCvE7rRMhefY5shLUnRkVH6hnCWe6yXSnH+Z8lHbcfp864GHkLDK1AAAAFQDddQckbfRG4C6LOQXTzRBpIiXzoQAAAIEAleevPHwi+a3fTDM2+Vm6EVqR5DkSLwDM7KVVNtFSkAY4GVCfhLFREsfuMkcBD9Bv2DrKF2Ay3OOh39269Z1rgYVk+/MFC6sYgB6apirMlHj3l4RR1g09LaM1OpRz7pc/GqIGsDt74D1ES2j0zrq5kslnX8wEWSHapPR0tziin6UAAACBAJHxgr+GKxAdWpxV5MkF+FTaKcxA2tWHJegjGFrYGU8BpzZ4VDFMiObuzBjZ+LrUs57BiwTGB/MQl9FKQEyEV4J+AgZCBxvg6n57YlVn6OEA0ukeJa29aFOcc0inEFfNhw2jAXt5LRyvuHD/C2gG78lwb6CxV02Z3sbTBdc43J6y [email protected]

Disallow root-login with a password. Open /etc/sshd_config:

vi /etc/ssh/sshd_config

and change

PermitRootLogin yes

to

PermitRootLogin without-password

afterwards, restart the ssh-daemon:

service ssh restart

Logout from server2:

exit
logout
Connection to 192.168.0.106 closed.

We are now back on server1.

Share this page:

33 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Slayer
Reply  

Nice job! thx

By: Saeid
Reply  

Thank you,Thats very helpful article. Good explanation and clear instruction.I assume it will be same if I want to implement that on Ubuntu 16.04 LTS server, right?That would be greate if you confirm it's working fine if I alter my current single server setup of ISPConfig to be changed to cluster based system.Thanks again...

By: Ilko
Reply  

Hi do you know a tutorial to add load balancer on the system which shares the load between the 2 servers?

By: Hias
Reply  

Very good tutorial! Can u tell me, what to do, in cause of failover IPs?

By: Butty Pierre-André
Reply  

hi ! great Tuto, on Step 6 with Download ISPConfig 3.1, an Type Error with the line :

tar xfvz xfz ISPConfig-3.1-beta.tar.gz, the second xfz is too.

By: Pierre-André Butty
Reply  

hi !

i mean instead of "tar xfvz xfz ISPConfig-3.1-beta.tar.gz" on step 6 with upload of ISPConfig 3.1 only "tar xfvz ISPConfig-3.1-beta.tar.gz" ist ok.

 

By: Edijs Zatevahins
Reply  

Thank you. But what means (commenting out all existing conflicting options):

How i know which one's is conflicting options?

By: Zoltan Laczko
Reply  

And what about PHP session files sync?

By: Jeff S
Reply  

For the section 5.5, which server is this step being perfomed on?

 

5.5 MySQL Master-Master-Replication

Create the MySQL-User for the replication and grant the privileg in MySQL:

CREATE USER 'slaveuser1'@'server1.example.tld' IDENTIFIED BY 'slave_user_password';CREATE USER 'slaveuser1'@'192.168.0.105' IDENTIFIED BY 'slave_user_password';CREATE USER 'slaveuser1'@'2001:db8::1' IDENTIFIED BY 'slave_user_password';GRANT REPLICATION SLAVE ON *.* TO 'slaveuser1'@'server1.example.tld'; GRANT REPLICATION SLAVE ON *.* TO 'slaveuser1'@'192.168.0.105';GRANT REPLICATION SLAVE ON *.* TO 'slaveuser1'@'2001:db8::1';QUIT;

By: stone1555
Reply  

Can someone clarify on which server section 5.5 and 6 commands are to be run?

By: Peter
Reply  

It is creating a Slave(second server) user to the 1st (master) server.

CREATE USER 'slaveuser1'@'server1.example.tld'

So its on the first, master server or server1.example.tld...

By: Mounaam
Reply  

Hi,

last char is missing for server2 in below line

> relay-log-index          = slave-relay-log.inde

Best regards,Mounaam

By: Marc
Reply  

In chapter 5.4 it's important to note that by importing the sql from server1 to the slave you overwrite your MySQL credentials.

I had different SQL passwords for root on both servers and of course the login didn't work on the slave after overwriting it.

By: Alex
Reply  

Is there a reason why we don't install webinterface on server 2? 

So If I shutdown the ISPConfig server 1 how can I see the interface?

By: Florian Leo
Reply  

And where is mentioned that you would need some sort of SQL-DB installed first?

By: npalokan
Reply  

I am not quite sure about high availability. Lets imagine that my server1 goes down, server2 keeps going fully functional. If I have website that's in my servers www.site.tld has A record thats pointing to server1 IP-address. In this situation when I am trying to access my site, it's not available, because server1 is down. And if I am not using low TTL, I cannot even change dns IP manually, so it's getting spread around fast enough. Even if you give www.site.tld two a records (both server IP's) it's only working on every two requests (round-robin rule), you know it's not good solution either in this situation.As my opinion it would be great if server1 dns uses it's own IP in A-records etc... and server2 uses it's own. Of course this still needs low TTL, but even with that, it would be much more high available than this current solution.Or is there something I just don't understand corretly :/

By: Tobias
Reply  

Hello,

i don not really understand, why i have to do 5.1-5.4 a mysql Master-Slave Cluster and on position 5.5 a master-master cluster.

Is 5.5. alternative?

 

Thanks a lot

Tobias

By: tOP tIER cODER
Reply  

if i want to sync through other port than 22, for example 2222, where can i modifying that scrip for unison?

By: Dennis
Reply  

Thank you for your tutorial. I personally didn´t know, that it was that easy to sync dovecot. I still have one question: where does the Loadbalancing happen (as mentioned in the introduction text)? Currently it seems to me, if the master goes down, the pages go down too, because most people just point their DNS to the Master. Or do I miss something?

By: Matha Goram
Reply  

Excellent article!

Any thoughts on configuring more nodes to the HA cluster outlined in your article?

Regards.

By: Chriss
Reply  

Hi,If the master fails, and the email are redirected to slave until master si back, the received mails on the slave will be replicated back to master when this will be available again?

How can be managed from DNS to always use the master and just if it fails to use the slave server (for web and emails)?

 

Thanl you.

By: sgzodyo
Reply  

Can we do multiserver setup with centos/RHEL?

By: till
Reply  

Yes. But there is no tutorial available for that setup.

By: Will
Reply  

Found an Issue with the database replication not being passed from one ispconfig server to the other and it was failing with a log error. You do need to specify the relay-log and relay-index information in the my.cnf files. See this link for more information. The log showed in the syslog after i finished setup and ispconfig starting flagging datalog_status_u_server that changes hadnt been applied to all systems.

 

https://forums.mysql.com/read.php?26,207174,216663#msg-216663

By: esezako
Reply  

Hi,

When a Debian 9 version of this How to?

Thanks in advance!

By: Jonathon Gilbert
Reply  

i am also wondering if this will work by using the debian 9 version.

By: Ming-li
Reply  

Thanks for a great tutorial. One more thing is Let's encrypt. Servers must share /etc/letsencrypt and /usr/local/ispconfig/interface/acme to make it work properly. I use NFS and it works just fine.

By: Oppa
Reply  

Just waiting for the Debian 10 tutorial.

By: Asau
Reply  

Hi Till,

Can I install it on Proxmox?

By: raph
Reply  

I have setup but can't find file config-db.php to copy. I'm on debian 10

By: Juan Pablo
Reply  

I have 2 errors in the system.

1: It does not sync https domains. <VirtualHost *: 443> missing

2: In the master I have domains with php 7.2 and php 5.6, it does not synchronize the versions of php.

 

Could you help me?

By: Andrew
Reply  

/root/.unison/web.prf numericids=true # After sync, the master file owner was changed numericids=false # After sync, the master and slave file owner was sync as same

By: Nebur692
Reply  

I have a problem, I request your help:

I register a new website, I select a version of PHP. The PHP version on server 1 is the same version that I selected but on server 2 (mirror) the default PHP version is always set.This happens to me with all websites, whether new or old.

How can I fix?