Project 3‐SEC‐440‐Application Redundancy - lpcyber1/SEC440 GitHub Wiki

VM Setup

U1 Setup

image

U2 Setup

image

U3 Setup

image

HAProxy Setup

  • Edit your /etc/haproxy/haproxy.cfg to reflect the following to bind your galera cluster to a virtual IP

image

MariaDB and Galera Setup

image

  • mysql_secure_installation
  • Answers to install

Switch to unix_socket authentication [Y/n] n

Change the root password? [Y/n] y

Remove anonymous users? [Y/n] y

Disallow root login remotely? [Y/n] n

Remove test database and access to it? [Y/n] y

Reload privilege tables now? [Y/n] y

  • On u1: systemctl stop mariadb then nano /etc/mysql/mariadb.conf.d/50-server.cnf
  • Add the following to the bottom of the file and comment out 127.0.0.1

image

  • galera_new_cluster
  • nano /etc/mysql/mariadb.conf.d/50-server.cnf again to add the other nodes

image

  • On u2 and u3 as root, apt install -y mariadb-server and run mysql_secure_installation answering the questions the same as before

  • Then nano /etc/mysql/mariadb.conf.d/50-server.cnf

  • u2 config

image

  • u3 config

image

  • To check if each have joined the galera cluster run

image

Wordpress Setup

  • Following this guide to install Wordpress to Web01 and Web02

  • First on Web01 and Web02 sudo dnf install install php-gd php-soap php-intl php-mysqlnd php-pdo php-pecl-zip php-fpm php-opcache php-curl php-zip php-xmlrpc wget

  • Head over to u1 (everything will sync to u2 and u3) and set up the wordpress user/database

  • As root, mysql then CREATE DATABASE wordpress;

  • Create the wordpress user with CREATE USER 'wordpress_user'@'10.0.5.%' IDENTIFIED BY 'password; so anyone in the LAN can access

  • Also run this again to add a user for the OPT network CREATE USER 'wordpress_user'@'10.0.6.%' IDENTIFIED BY 'password;

  • Grant access with GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress_user'@'10.0.5.%';

  • Again for OPT GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress_user'@'10.0.6.%';

  • Finally FLUSH PRIVILEGES;

  • On Web01 and Web02 download the latest version with cd /var/www/ and wget https://wordpress.org/latest.tar.gz then extract it with sudo unzip latest.zip

  • Move all of the wordpress files into the html directory with sudo mv wordpress/* /var/www/html/

  • Configure Apache for wordpress adding the following with sudo nano /etc/httpd/conf.d/wordpress.conf

image

  • Restart httpd with sudo systemctl restart httpd and enable it if you haven't already

  • Configure SELinux for wordpress with the following commands on web01 and web02

sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?"

sudo restorecon -Rv /var/www/html/

sudo setsebool -P httpd_can_network_connect_db 1

  • Configure wordpress to use the galera cluster by running sudo cp /var/www/html/wp-config-sample.php /var/www/html/wp-config.php

  • Edit the wp-config.php file accordingly on web01 and web02

image

  • Make sure to restart any services like httpd and haproxy to stage changes made

  • Finally head over to xubuntu-lan and browse to both your web01 and web02 IPs and finish the wordpress install in the web ui. You should end up at your dashboard after signing in

image

RSync Setup on Web01

  • In order to synchronize wordpress content we will utilize rsync from Web01 to Web02

  • First install with sudo dnf install rsync if it isn't installed already

  • Then run rsync -avz /var/www/html/wp-content/ [email protected]:/var/www/html/wp-content/

  • Run crontab -e and add */2 * * * * rsync -avz /var/www/html/wp-content/ [email protected]:/var/www/html/wp-content/ to the file to run rsync every 2 minutes to keep files synchronized across wordpress

image

Deliverable

  • Link to video