You need a place to store and maintain all the content that makes up your website—HTML, javascript, CSS, images, etc. This is referred to as an “origin”.

The Akamai edge network communicates with your origin server during client requests, grabs all of your website content, and holds it in cache for quick access to future requests. This step of the tutorial shows you how to create compute instances (Linodes) with Akamai Cloud to act as virtual origin servers.

How long will this take?

Approximately 1 hour

Create three Linodes—a primary and two standby instances—to make a high availability architecture. Perform basic configuration options on your Apache2 web server.

High availability

If you only need one origin server, why do you need multiple Linodes? A high availability architecture made up of multiple compute instances is used to create redundancy and eliminate a single point of failure.

You want your site to be accessible to your clients all the time. By using multiple Linodes, you are creating a highly available setup that combines load balancing and failover functionality. This better protects your site’s uptime against potential scenarios like hardware problems or network overload.

Cloud-based virtual machines also eliminate the overhead that a physical redundant network could create. Akamai Cloud’s cost-per-usage model lets you scale your site as client-access requests increase. Linodes are easy to create and maintain, so you can quickly add another one to your cloud to expand redundancy as needed.

🚧
The Linodes created in this step of the tutorial are not meant for production workloads. They are meant to illustrate the concept of a basic high availability architecture.

1. Create the primary instance

Create your first Linode instance to serve as the primary origin server. This tutorial uses a preconfigured LAMP (Linux, Apache2, MySQL, and PHP) stack app from the Akamai Cloud Marketplace to install the necessary software for hosting a website. For reference, see our guide on deploying a LAMP stack through the Marketplace.

Log into Cloud Manager using the account you created.
Click Create Linode.
Click the Marketplace tab, and select the LAMP application to open the LAMP Setup configuration options.
In LAMP Setup, apply these options:
- Email address (for the Let's Encrypt SSL certificate). Let's Encrypt generates a secure certificate for HTTPS access to the Linode to resolve requests for your domain to the Akamai edge network. Let's Encrypt needs an email address for confirmation.
- Limited sudo user. This is the limited user created on the Linux system so that you can access your instance as a non-root user. By default, this limited user account is added to the sudo (superuser do) group with elevated privileges for performing system administrative tasks. The sudo user’s password is configured later on.
- Advanced Options. For the purposes of this tutorial, you can leave all Advanced Options as their default values. All domain information is created later on.
Select the desired Region to host your Linode. Keep in mind that your other Linode instances must be deployed in the same region. The region you select also determines whether or not you can configure your Linode with a VPC (Virtual Private Cloud) for routing with a NodeBalancer. This is covered later in step 10.
In the Select an Image dropdown, select the latest LTS version of Ubuntu.
In the Linode Plan options, select the plan that best suits the size requirements for your site. Click Choosing a plan for more details on the available options. Pricing and plan options may vary by region.
Enter a Linode Label to something to differentiate this instance as the primary. For example, lamp-primary-origin.
Create and enter a secure Root Password. This is used to initially access the Linode over SSH as the system's root user.

📘
Keep it safe and secure
Keep these points in mind when setting your root password:

Use a strong password. You want to make sure the Linode is secure.

Consider using an SSH key. This tutorial uses a root password for ease of use, but an SSH key pair is a more secure way to set up access to your Linode. If you have an available SSH key added to your account, select it here, and your provided public key will be added to the root user’s authorized keys file on your Linode.

See our Manage SSH Keys guide for more info.

In the Networking menu, select Configuration Profile Interfaces as your Network Interface Type.
While in the Networking menu, click VPC (virtual private cloud) if you're using a region that supports VPCs. If you don't have an existing VPC configured, click Create VPC, and follow the instructions to make one here. Enable the Auto-assign VPC IPv4 addresses and Allow public IPv4 access options. VPCs are the preferred method of private routing for use with a NodeBalancer, Akamai Cloud’s load balancing service. See our Create a VPC guide for additional info.
Under Add-ons, select the Private IP option so your primary Linode has an alternative method of communicating with the other standby Linodes beyond a VPC.
Leave all other options at their default and click Create Linode.

Verify and test

It may take a few minutes for the compute instance to fully provision and come online. You can keep track of this progress via the LISH console (Linode Shell).

The Linode shows as RUNNING once it's provisioned, and then it automatically starts installing and configuring software that makes up the LAMP stack. Use these steps to verify the LAMP installation is complete, and then test it for access.

Click the three dots option button at the top of the Linode page, and select Launch LISH Console. The console window launches.

Follow along with the installation script. Once you see a login prompt or an Installation Complete message, it's ready. Here are some other ways you can verify installation.

PLAY RECAP *********************************************************************
localhost                  : ok=45   changed=28   unreachable=0    failed=0     
Installation Complete

Close the window when you're ready.
While on your Linode's page in Cloud Manager, look under IP Addresses, find your Linode's public IPv4 address (for example: 192.0.2.49) and copy it.
Open a browser, paste the IP into the address bar, and press Enter on your keyboard.

You should see a page stating “LAMP Stack: Powered by Akamai Cloud Compute Marketplace” or the index page that Apache2 ships with, which means it can fulfill requests. You're ready move onto the next phase.

Set your limited sudo user's password

Log into your instance as the root user and configure a password for the limited sudo user account created when you made the Linode.

From Cloud Manager, select Linodes from the side navigation menu, and click the Linode instance you created to view its information.
Using a terminal emulator, log into the instance via SSH. Replace IP_ADDRESS with your Linode's public IPv4 address. When prompted, enter the root password you created when deploying your Linode:
```
ssh root@IP_ADDRESS
```
You can also login using the Lish Console by clicking Launch LISH Console in the options at the top of your Linode instance's control page.
Use the passwd command to set the password for your limited sudo user. Replace USER with your actual limited sudo user name:
```
passwd USER
```
When prompted, enter, and reenter a strong password.
Once complete, exit the terminal session:
```
exit
```
Log back into the instance as your limited sudo user. Replace USER and IP_ADDRESS with your limited sudo user name and Linode IP address, respectively:
```
ssh USER@IP_ADDRESS
```

Get your primary hostname (optional)

Optionally obtain or customize the hostname of your primary Linode instance. Repeat these steps for any standby instances you create.

While logged into your Linode as your limited user, run the hostname command to view the current hostname for your primary instance:
```
hostname
<ip-address>.ip.linodeuser.content.com
```
Make note of the returned hostname for reference. If you prefer to change this to an easier hostname to identify later (for example, primary-origin), use the hostnamectl command below, replacing primary-origin with the hostname of your choosing:
```
hostnamectl set-hostname primary-origin
```
If prompted, enter your limited sudo user's password to authorize the hostnamectl command.

Configure Apache2 (required)

You need your Apache2 web server configured with a registered domain name. You also need to have an "A" record configured in your DNS settings that points your domain to your primary Linode's public IPv4 address. Later on, you'll update your DNS settings to include a CNAME record that redirects requests to an Akamai edge hostname.

Before moving forward, follow the steps in our Apache2 quick config guide to get an initial site set up.

Update your system's `hosts` file

A system's hosts file creates static associations between IP addresses and hostnames or domains which the system prioritizes before DNS for name resolution. Using the instructions in our Set up and secure a Linode guide, add an entry to your system's hosts file located at /etc/hosts to create a relationship between your public IPv4 address, your domain name, and your local hostname.

2. Create standby #1

Create another Linode to serve as your first standby for failover. For the example in this tutorial, you can either clone the primary node as it currently exists (recommended), or you can make a new node by repeating the same steps you did when creating your primary node.

Cloning your primary instance can save you from needing to reconfigure your Apache2 web server. If creating new standby instances via the Marketplace, you'll also have to repeat the Apache2 quick config guide steps after they’re provisioned.

📘
In a true production environment, standby nodes are often identical to, and maintained alongside, primary nodes in clustered deployments (like Kubernetes clusters) to ensure data consistency. The deployment in this tutorial does not use a clustered deployment model for simplicity.

Option 1: Clone your primary Linode

Follow these steps, or see our Clone a Linode guide, if you want to clone your primary node:

Select Linodes from the side navigation menu, and click on your primary Linode instance.
Click the three dots option at the top of the Linode page, and click Clone.
Turn off the primary Linode by clicking Power Off.
Select the same region and Linode plan as your primary Linode instance.
Under Linode Label, change the name to identify the Linode as a standby instance. For example: lamp-standby1-origin.
Make sure the Private IP Add-on option is selected.
Click Create Linode.
It may take a few minutes for cloning to complete. To monitor the cloning process, navigate back to your Linodes list or primary Linode's details page.
Once the cloning process has finished, you may need to boot your new standby Linode.

When cloning a Linode that’s already assigned to a VPC with public access, you do not need to add the cloned instance’s IP to the VPC afterwards. A new subnet and public IP are automatically created.

Option 2: Create a new standby Linode

📘
If you create a new instance rather than cloning your existing primary Linode, your Apache2 configuration must also be reconfigured for your new Linode.

If you wish to create a new standby node using the same steps as the primary instance, follow the same instructions as in the Create the primary instance section, but set the below values:

Email address (for Let's Encrypt SSL certificate). Use the same address.
Select an Image. Set to the same version you selected for the primary.
Region. Set to the same region you set for the primary.
Linode Plan. Use the same configuration you did for your primary.
Linode Label. Set it to something to differentiate this one as the first standby. For example: lamp-standby1-origin.
Root Password. Set a unique password value using the same safe and secure recommendations.
Check for the Private IP under Add-ons.

Test standby #1

Once it's booted and labeled as RUNNING, follow the steps in the Verify and test section to test the instance.

3. Create standby #2

Having a second standby helps with failover and potential site maintenance. Repeat the steps you took to create standby #1 to add an additional standby Linode instance, this time editing the Linode Label to differentiate from standby #1. For example: lamp-standby2-origin

Test standby #2

Once it's booted labeled as RUNNING, you can once again test the instance by following the steps in the Verify and test section.

4. Set up HTTPS on the primary

To set up high availability, one of your Linodes needs to serve as a secure point of entry, using HTTPS through a secure certificate. A LAMP stack set up on a Linode already includes this certificate, but may require manual renewal once it expires.

This section goes over the process for setting up Certbot on your primary to create the applicable certificate and enabling automatic renewal.

Set up HTTPS

Boot your primary Linode instance if you haven't done so already.
Once booted, log in as your limited sudo user via SSH. Replace USER and IP_ADDRESS with your limited sudo user name and primary Linode IP address, respectively:
```
ssh USER@IP_ADDRESS
```

Run the sudo ufw status command to verify firewall settings. A LAMP stack should automatically enable firewall settings, and you should see the follow response:

Status: active

To                         Action      From
--                         ------      ----
80/tcp                     ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
22/tcp                     ALLOW       Anywhere                  
80/tcp (v6)                ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6)             
22/tcp (v6)                ALLOW       Anywhere (v6)

To ensure you have the latest version of Certbot, remove any previously installed versions:
```
sudo apt remove certbot
```
Use the snap utility to install the current version of Certbot:
```
sudo snap install --classic certbot
```
Configure a symbolic link to the Certbot directory using the ln command:
```
sudo ln -s /snap/bin/certbot /usr/bin/certbot
```
Request a certificate using Certbot:
```
sudo certbot --apache
```
When prompted, enter the domain name you want protected, replacing docassociates.com with your domain. If you have more than one, separate each domain with a whitespace:
```
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): docsassociates.com
```

The domains you enter must:

Be registered with an accredited registrar
Already exist on your Apache2 web server. See Apache2 quick config for details on adding your domains.

Once you enter your domain, the request is sent to Let's Encrypt to verify your domain and register the certificate:

Requesting a certificate for docsassociates.com

A successful completion message looks like this:

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/docsassociates.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/docsassociates.com/privkey.pem
This certificate expires on 2025-12-21.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for docsassociates.com to /etc/apache2/sites-available/docsassociates.com-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://docsassociates.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Test your domain

Open a browser and type in your domain. Your site should now be secure as indicated by your domain being preceded with https://.

You may also see a browser indication that your site is now secured. For example, if using Chrome, the "Not secure" icon next to your domain should be replaced with a padlock icon.

Alternatively, you can run a curl against your domain in a terminal emulator to see if the output returns your domain location with https://:

curl -IL docsassociates.com
...
Location: https://docassociates.com/
...

Renew the certificate

A domain-validated certificate has a lifecycle of 90 days. Certbot automatically renews your certificate before its expiration date, but you may need to manually request an updated certificate if your site's configuration file on the Apache2 server changes. In this scenario, you can rerun the Certbot procedure in this section.

Optionally, you can test the automated renewal process, without affecting your current certificate.

5. Add network load balancing

NodeBalancers are Akamai’s cloud-based load balancing service. A NodeBalancer distributes client requests between Linodes to improve capacity, performance, and availability. This section goes over NodeBalancer setup to distribute requests between the Linode instances acting as your origin servers.

Before you begin

When you Set up HTTPS on the primary, a certificate and its private key were generated for the certificate. You need the contents of these files for this process.

If you haven't done so already, log into your primary Linode instance as your limited sudo user:
```
ssh USER@IP_ADDRESS
```
View the file contents that contains the certificate, replacing docassociates.com with your domain.
```
sudo cat /etc/letsencrypt/live/docsassociates.com/fullchain.pem
```

Highlight and copy the entire contents of the file.

🚧
Don't use this example certificate. It's a sanitized version of what the content of this file might look like and won't function.

Open a new terminal emulator window, and paste the entire contents of the file into a separate .txt file on your local machine. Save it as certificate.txt. This certificate info is used when creating your NodeBalancer.
```
nano certificate.txt
```
Repeat the process for the privkey.pem file, replacing docassociates.com with your domain. This is the private key.
```
sudo cat /etc/letsencrypt/live/docsassociates.com/privkey.pem
```

Highlight and copy the entire contents of the file.

🚧
Don't use this content. This is also a sanitized example of what this file might look like and is not a valid private key.

In your separate terminal window, paste the contents of the file into another new .txt file. Save it as private.txt.
```
nano private.txt
```

Set up load balancing

Follow these steps to create and configure a basic high availability architecture using the NodeBalancer load balancing service.

From Cloud Manager, select NodeBalancers from the side navigation menu.
Click Create NodeBalancer.
Set a NodeBalancer Label. Enter a name to make it recognizable for your LAMP configuration.
Select the same region you used for your three Linodes.
Select the same VPC as your Linodes.
Set the following configuration options:
- Port. Set this to 443. This is the default port used for secure HTTPS connections.
- Protocol. Select HTTPS to limit connections to clients using HTTPS. This adds security to the connection between the Akamai edge servers and your Linodes.
- SSL Certificate (required). Copy the content from the certificate.txt file you created and paste it here.
- Private Key (required). Copy the content from the private.txt file you created and paste it here.
- Algorithm. Select Least Connections. This helps evenly distribute the client request load for your site between your three Linodes.
- Session Stickiness. Select HTTP Cookie. Subsequent requests from the same client will review an HTTP cookie on that client to determine which Linode to use.
Health Checks help take problematic Linodes out of the rotation so edge servers won't try to connect to them should issues arise. Set these options to enable them:
- Active Health Checks. Set Type to HTTP Status and set Check HTTP Path to /. Leave all other options at their default. If a request to any path (/) on one of your Linodes fails these timeout parameters, the request will be rerouted to one of your other Linodes.
- Passive Checks. Make sure this is enabled.
In the Backend Nodes options, click the Label field, and enter a name for your primary instance. For example, primary-origin.
Select your primary Linode from the IP Address menu. Leave the other options at their default.
Click Add A Node.
Repeat steps 7-8 for Standby #1, entering a name like standby1-origin.
Click Add A Node.
Repeat steps 7-8 for Standby #2, entering a name like standby2-origin.
Click Create NodeBalancer. Your new NodeBalancer is displayed.
With the Summary tab selected, make note of the IPv4 address under IP Addresses. You'll need this later when setting up your Ion property.
Once your NodeBalancer's backend nodes are all reporting with a status of up, you're ready to move onto the next step. You can check the status of your backend nodes by navigating to your NodeBalancer's Configurations tab.

👍
To ensure security of your origin cert, delete the certificate.txt and private.txt files from your local system.

6. Duplicate your Apache2 configuration

High availability switches between your Linodes to handle traffic and support failover. So, your Standby #1 and Standby #2 Linodes need to be configured the same as your Primary.

If you chose to create new standby instances rather than clone your primary instance, follow the steps in Update Apache2 to duplicate your configuration on Standby #1 and #2.

7. Get your site on your Linodes (optional)

🚧
This tutorial isn't intended for complex sites that integrate detailed databases or file systems. It offers an example of a basic Akamai cloud computing environment using Linode instances to store a simple, secure site for delivery through the Akamai CDN.

The LAMP stack set up on your Linodes essentially creates a "blank canvas". This can be used to either build a new site or house your existing one.

Create a new basic site

You could develop your site directly on your primary Linode using PHP, MySQL for your database, and Apache2 as your web server. See the relevant product's documentation for details on their use.

Move your existing basic site

If you already have a simple site, you can migrate it to your primary Linode. With your Linodes deployed and LAMP installed, you'd need to:

Prepare and back up your current host.
Transfer data to your Linode.
Finish setting up your Linode.
Test your new environment. (This isn't for actual delivery, this is to test that your site is on the Linode.)

Duplicate your site on the standbys

Once you've created a new site or migrated an existing one to your primary, it needs to be duplicated and copied to your Standby #1 and Standby #2 instances. See our rsync documentation for tips and guidance for copying relevant files from one Linode to another.

What about maintenance?

There are several ways you can set up maintenance if you need to make changes to your site, including detailed replication scenarios that would reflect changes from your primary directly out to your standbys. TheseWhile these workflows are outside the scope of this document, the "primary + standby #1 + standby #2" model set up here allows for a manual method for maintenance. Below is an outline of a potential process you can follow.

Log in to your primary instance.
Stop Apache2 services using the below systemctl command:
```
systemctl stop apache2
```
This stops Apache2 on your primary instance. Standby #1 and standby #2 are still available to the NodeBalancer.
Make the necessary updates to your website on the primary.
Login to your standby #1 instance.
Stop Apache2 services. The service stops on standby #1, and standby #2 still remains available to the NodeBalancer.
Copy the changed files from the primary to standby #1 using rsync.
Start Apache2 services again on standby #1 by running this command:
```
systemctl start apache2
```
Login to standby #2.
Stop Apache2 services. Standby #1 is now available to the NodeBalancer, and your updates go live.
Copy the changed files from the primary to standby #2 using rsync.
Restart services on standby #2. It's now available to the NodeBlancer with your updated site.
Login to your primary and restart Apache2 services. All three of your Linodes are now available to the NodeBalancer with your updated site.

Alternatively, you can look into using a clustered Kubernetes, container-based deployment model. See our Linode Kubernetes Engine documentation for more information about using our managed Kubernetes service for containerized applications.

Additional resources

Secure your Linodes

See our Setting Up and Securing a Compute Instance guide for several recommendations, tips, and general best practices for properly securing your Linode instances beyond what’s covered in this tutorial.

Third-party resources

These are some additional third-party resources related to the software used in this guide's deployments:

📘
Since these are third-party resources, Akamai doesn't vouch for their accuracy or timeliness.

High availability

1. Create the primary instance

Keep it safe and secure

Verify and test

Set your limited sudo user's password

Get your primary hostname (optional)

Configure Apache2 (required)

Update your system's hosts file

2. Create standby #1

Option 1: Clone your primary Linode

Option 2: Create a new standby Linode

Test standby #1

3. Create standby #2

Test standby #2

4. Set up HTTPS on the primary

Set up HTTPS

Test your domain

Renew the certificate

5. Add network load balancing

Before you begin

Set up load balancing

6. Duplicate your Apache2 configuration

7. Get your site on your Linodes (optional)

Create a new basic site

Move your existing basic site

Duplicate your site on the standbys

What about maintenance?

Additional resources

Secure your Linodes

Third-party resources

Update your system's `hosts` file