High Availability and Redundant cPanel Setup on Digital Ocean

Operating System & Version
Centos 7

Phil.Williams

Registered
Dec 23, 2020
4
2
3
United Kingdom
cPanel Access Level
Root Administrator
cPanel doesn't support HA natively which is a pain so after spending the day researching options I've come up with a possible solution to deploy onto Digital Ocean for a high availability cPanel cluster with redundancy and no single points of failure. I did take a look at Autom8n and had some excellent responses from them but not quite what I was looking for. I've attached a rather rubbish network diagram to help explain what I'm thinking...

Cloud backup diagram example.png

I haven't got as far as planning VPC/firewalls just yet, this is just to get the layout straight in my mind. So from the top...

Nameservers
Probably the easiest part as I get set up four name servers using cPanel DNS-Only licenses to handle DNS and replication. This will connect to...

Digital Ocean Load Balancer
Does what it says on the tin, handles requests from the outside world via the nameservers and then distributes this to...

Three cPanel Droplets
This is the tricky part but in essence, I will have three identical cPanel droplets with WHM configuration clusters enabled to keep the primary settings in place.

I'll then setup lsyncd to replicate content from a master server to the two slaves so the home directories, apache configs etc. I'll use Memcache to hold PHP sessions and share these amongst all the droplets. I won't be handling Mail on the server, that gets offloaded to G-Suite.

To make changes to the virtual hosts via SFTP or to access cPanel/WHM I'll direct traffic to a "master" and then sync to the other servers. Databases are handled by...

Digital Ocean MySQL Managed Database
As I can setup all the droplets to access the same remote MySQL managed instance, this will solve the sync problems for data. I'll probably have a standby instance added as well.

Now aside from the expense as there is quite a lot involved here, what are peoples thoughts from a practical solution considering the limitations of cPanel and HA plus the inability to use a Digital Ocean storage space and share this amongst droplets?
 
Last edited by a moderator:
  • Like
Reactions: cPRex

gnusys

Well-Known Member
Jan 18, 2013
53
13
58
cPanel Access Level
DataCenter Provider
Some points I thought worth mentioning

1. It is better to use Unison than Lsyncd for the filesystem sync as you will definitely need bidirectional sync if the web scripts are uploading files

2. You will need a script to sed 's/master-ip/slave-ip/' for the apache config as the Virtual Host def's will have the IP: port specific to the master

3. Not sure if DO managed MySQL provide root MySQL access which is needed if cPanel Remote MySQL feature is to be used

4. Memcached traffic is hard to encrypt and therefore if your servers are across DC's the session data is open and can be overheard by anyone. You can easily use filesystem session storage and possibly a session stickiness on the LB so a user always connect to the same server

Do share your story of success/failure/issues as all are worth sharing/reading
 
  • Like
Reactions: Phil.Williams

Phil.Williams

Registered
Dec 23, 2020
4
2
3
United Kingdom
cPanel Access Level
Root Administrator
Hi Anoop and thanks for answering my endless questions yesterday!

1. Fair point, I'll check unison
2. Yep, planning on replicating vhost data
3. They don't set you up as root but do create a root user. Remains to be seen if this will work. Even if not then I could still use a master/slave setup with my own MySQL setup
4. I was considering that. Planning on an VPC network locked down to just those droplets to negate that problem.

If I get this working I'll certainly update though!
 

WorkinOnIt

Well-Known Member
Aug 3, 2016
227
30
78
UK
cPanel Access Level
Root Administrator
@Phil.Williams

Following this! Very keen to set this up myself.

How haver you got on so far?

  1. One of the issues you have not addressed is email and DNS. How have you handled these in terms of failover?
  2. What happens on new account creations / terminations etc on the master?
  3. Would you care to elaborate on why Autom8n was not suitable?
  4. Are you able to offer further guidance on what is working well?
Thank you for sharing