I’m mainly a HPC/scientific computing/applied math guy, and while I do okay as a sysadmin if I’m all you’ve got, web infrastructure is not my primary area of competence. I’m pondering server infrastructure for a website project which will involve storing and sharing a lot of images. We have an Epyc 7302 system with 128GB of RAM and a few large NVMe drives available; since we’re storing a relatively large amount of data, the cost math favors a colocated server over cloud storage.
What I’m struggling with is how to handle the data storage. Obviously the simplest thing would be to just install a bare-metal OS on the server and host the data and the web server / database software on the same box. But I have an inkling that I want to separate the web server from the data storage, both for security reasons and to minimize headaches if we need to expand to multiple servers in the future. Right now, the host is a bare-metal Debian install that hosts the data on ZFS, and the web server & associated processes are running in a QEMU VM which accesses the data volumes over NFS from the host. It was set up this way because that was the kind of thing I am most familiar with. We have a separate system to store backups, as well.
I’m thinking that it might be preferable (and future-looking) to install a hypervisor, probably XCP-NG, and have two VMs for now: web server, and data storage. The web server VM probably won’t change, but I’d like some advice on how to handle the storage side.
- A linux VM with ZFS, exporting the data over NFS (like now)?
- TrueNAS or some other NAS OS?
- MinIO or some sort of object storage?
- Something totally else?
There are two concerns, I guess: what to host the data on (Debian? TrueNAS? Other?), and how to expose it to the web VM (NFS? iSCSI? Object storage/HTTP?). My preexisting knowledge/comfort includes manually administrating Linux servers, ZFS, NFS, iSCSI, etc, but I don’t want to make a suboptimal choice just because “it’s what I know”. Advice and input is very welcome.
Edit: I might also host a pfsense VM as a firewall, forbidden router style…