Configuring AWS VPC, Load Balancers, and DNS for WordPress and Moodle Integration

Configuring AWS VPC, Load Balancers, and DNS for WordPress and Moodle Integration

Implementing High-Availability VPC Architectures, DNS Routing, and Load Balancing for WordPress and Moodle in AWS

Table of Contents

  1. Introduction.

  2. System Architecture.

  3. Implementation and Deployment.

    • Configuration of the VPC and Subnets.

    • Configuration of the DNS Server.

    • Configuration of the Load Balancer (HAProxy).

  4. Installation and Configuration of WordPress.

  5. Installation and Configuration of Moodle.

  6. Verification and Results.

  7. Issues Encountered During Development, Troubleshooting, and/or Recommendations.

  8. Conclusions.

  9. References.


List of Figures

  1. AWS Resource Map.

  2. Screenshot of EC2 Instances in AWS.

  3. BIND Configuration File named.conf.local.

  4. BIND Configuration File db.learxyz.online.

  5. BIND Configuration File db.10.

  6. HAProxy Configuration File haproxy.cfg.

  7. HAProxy Statistics Page.

  8. WordPress Main Page.

  9. Moodle Learning Portal.

  10. AWS Security Group Configuration.

  11. Route 53 Configuration.

  12. DNS Propagation Verification on WhatsMyDNS.


Introduction

The project involves the deployment of a cloud services environment for XYZ S.A. Manufacturas (Fictitious not real company). The goal is to create a scalable and highly available infrastructure using AWS, which includes a CMS (WordPress), an LMS (Moodle), and a load balancer (HAProxy). The setup includes creating a VPC with public and private subnets, installing services on EC2 instances, and configuring a domain in Route 53.


System Architecture

AWS Resource Map

Figure 1: AWS Resource Map

The resource map shows the VPC structure implemented for XYZ S.A. Manufacturas. It includes:

  • VPC (Virtual Private Cloud): XYZSA-vpc-01, which houses all network resources.

  • Subnets:

    • Public-subnet-XYZSA-01: Public subnet containing the public instance.

    • Private-subnet-XYZSA-01: Private subnet containing application and database instances.

  • Route Tables:

    • Public-Route-Table-XYZSA-VPC: Manages traffic for the public subnet.

    • Private-Route-Table-XYZSA-VPC: Manages traffic for the private subnet.

  • Network Connections:

    • Internet Gateway (ig-XYZSA-vpc): Enables Internet connectivity for the VPC.

    • NAT Gateway (Nat-gateway-XYZSA-VPC): Enables instances in the private subnet to securely access the Internet.


Implementation and Deployment

VPC and Subnet Configuration

Figure 2: Screenshot of EC2 Instances in AWS

This screenshot shows the EC2 instances deployed in AWS:

  • private-instance-CMS-01-XYZSA and private-instance-CMS-02-XYZSA: These instances host the WordPress CMS. Having two instances allows for high availability and load balancing.

  • private-instance-DB-01-XYZSA: This instance hosts the MariaDB database, accessible only from the application instances.

  • private-instance-LMS-01-XYZSA: This instance runs the Moodle LMS.

  • public-instance-01-XYZSA: This public instance acts as a load balancer and DNS server, directing traffic to the appropriate instances in the private subnet.

DNS Server Configuration

Figure 3: BIND Configuration File named.conf.local

This file configures the BIND DNS server to resolve domain names to IP addresses:

  • zone "learxyz.online": Defines the primary zone for the domain learxyz.online, indicating that DNS records for this domain are in db.learxyz.online.

  • zone "1.0.10.in-addr.arpa": Defines the zone for reverse IP resolution in the 10.0.1.0 subnet, with records in db.10.

Figure 4: BIND Configuration File db.learxyz.online

This file contains the specific DNS records for learxyz.online:

  • SOA Record: Defines the origin server and zone update parameters.

  • NS Records: ns1.learxyz.online and ns2.learxyz.online are the authoritative name servers.

  • A Records: ns1 and ns2 point to 100.27.144.145 (elastic IP of the public instance). The @ (root domain) also points to 100.27.144.145.

  • CNAME Record: www.learxyz.online is an alias pointing to @, resolving to 100.27.144.145.

  • A Record: lms.learxyz.online points to 100.27.144.145.

These records ensure that all DNS requests for learxyz.online and its subdomains are directed to the elastic IP of the public instance, where HAProxy will load balance the traffic.

Figure 5: BIND Configuration File db.10

This file contains the reverse resolution records:

  • PTR Records: Maps IP addresses to corresponding domain names. 10.0.1.10 resolves to www.learxyz.online and 10.0.1.12 to lms.learxyz.online.

These records allow for reverse DNS resolution, useful for diagnostics and certain applications requiring domain name verification from IPs.

Load Balancer Configuration (HAProxy)

Figure 6: HAProxy Configuration File haproxy.cfg

This file configures HAProxy, the load balancer:

  • Listen stats: Enables the statistics interface on port 8080, accessible with basic authentication.

  • Frontend http_front: Defines a frontend listening on port 80. Uses ACLs to redirect traffic based on the host name:

    • learxyz.online and www.learxyz.online are directed to the backend wordpress_servers.

    • lms.learxyz.online is directed to the backend moodle_servers.

  • Backend wordpress_servers: Balances traffic between two WordPress instances (10.0.1.119 and 10.0.1.129).

  • Backend moodle_servers: Balances traffic to the Moodle instance (10.0.1.174).

HAProxy distributes incoming requests to the appropriate instances, ensuring high availability and redundancy.

Figure 7: HAProxy Statistics Page

This page provides real-time statistics on HAProxy's performance:

  • Connection Status: Shows the number of active and queued connections.

  • Processed Traffic: Incoming and outgoing bytes, denied requests, and errors.

  • Backend Instance Status: Indicates whether instances are active and available for load balancing.

WordPress Installation and Configuration

Figure 8: WordPress Homepage

These images show the homepage of the WordPress site at www.learxyz.online. The page changes language when reloaded in the browser to demonstrate load balancing, distributing requests between the two WordPress instances. This ensures the site remains available even if one instance fails.

Moodle Installation and Configuration

Figure 9: Moodle Learning Portal

This image shows the Moodle learning portal at lms.learxyz.online. The course "Introduction to XYZ Manufacturing" is available, designed to train employees on the company's manufacturing processes. Moodle is configured to provide a robust and scalable platform for online education and training.


Verification and Results

Figure 10: AWS Security Group Configuration

Security Group rules control access to EC2 instances:

  • ICMP: Allows all ICMP packets for diagnostics (ping).

  • SSH (22): Allows SSH access for remote administration.

  • MySQL/Aurora (3306): Allows MySQL traffic from any IP, enabling connection to the database.

  • DNS (UDP 53) and DNS (TCP 53): Allow DNS traffic.

  • Custom TCP (8080): Allows access to the HAProxy statistics page.

  • HTTP (80) and HTTPS (443): Allow HTTP and HTTPS traffic for web access.

These rules ensure that instances are accessible only through the necessary ports, improving security.

Figure 11: Route 53 Configuration

Route 53 manages traffic routing for learxyz.online:

  • A Record: learxyz.online points to elastic IP 100.27.144.145, directing all traffic to the load balancer.

  • NS Records: Defines the authoritative name servers.

  • SOA Record: Contains origin server information and zone parameters.

  • A Record: lms.learxyz.online points to 100.27.144.145.

  • CNAME Record: www.learxyz.online is an alias pointing to learxyz.online.

These records ensure that requests for learxyz.online and its subdomains are properly directed to the public instance.

Figure 12: DNS Propagation Verification in WhatsMyDNS

This image shows DNS record propagation using WhatsMyDNS. Successful global propagation ensures that learxyz.online resolves correctly to 100.27.144.145 from multiple locations worldwide, guaranteeing accessibility and redundancy.


Issues Encountered, Troubleshooting, and Recommendations

Several issues were encountered during project development that required attention and resolution:

  1. DNS Server Configuration:

    • Issue: DNS records did not propagate correctly initially.

    • Solution: The BIND records were reviewed and corrected, ensuring the name servers pointed to the correct elastic IP. WhatsMyDNS was used to confirm global propagation of the records.

  2. HAProxy Load Balancer Configuration:

    • Issue: HTTP traffic was not evenly distributed between the WordPress instances.

    • Solution: ACLs and backend settings in haproxy.cfg were adjusted to ensure all requests were properly load balanced.

  3. WordPress and Moodle Installation:

    • Issue: WordPress instances displayed the default Apache page instead of WordPress content.

    • Solution: WordPress files were correctly moved to the web server's root directory, and the proper permissions were set.

  4. Security Group Configuration:

    • Issue: Access to necessary service ports was restricted.

    • Solution: Security Group rules were updated to allow traffic on specific ports (80, 443, 22, 3306, 53, 8080).

  5. Moodle Configuration:

    • Issue: Missing required PHP extensions during Moodle installation.

    • Solution: Required PHP extensions (xml, intl, zip, etc.) were installed and enabled, and PHP configurations (max_input_vars, memory_limit) were adjusted to meet Moodle’s requirements.


Conclusions

The project demonstrated XYZ S.A. Manufacturas’ ability to implement a scalable and highly available cloud infrastructure. AWS and HAProxy provided the necessary flexibility and redundancy to support the company’s critical applications. The following points highlight the project’s conclusions:

  • Scalability: The infrastructure can easily scale to handle increased traffic and workload.

  • High Availability: Redundancy and load balancing ensure that services remain available even if an instance fails.

  • Security: Proper configuration of Security Groups and access policies ensures resources are accessible only by authorized users.


Future Work

Future recommendations for XYZ S.A. Manufacturas include:

  • Automation: Implement AWS Lambda functions to automate system monitoring and scaling.

  • Monitoring: Use AWS CloudWatch for real-time monitoring of infrastructure performance and resource utilization.

  • Disaster Recovery: Set up automatic backups and a disaster recovery plan to ensure business continuity in case of failures.


References