How to Build a Resilient High‑Traffic Website: A Complete Operations Guide

1. Domain

Purchase multiple domains (50‑100), separating primary and promotional domains. Use GoDaddy for stable registration and domain protection to hide real server IPs. Delegate DNS management to Cloudflare, DNSPod, or ZNDNS, or run your own DNS server to enable fast DNS record changes.

2. CDN

Buy a CDN service (e.g., Cloudflare). Point the domain to the CDN, which then forwards traffic to the core server. The CDN provides global caching and can absorb attacks of at least 200 GB, ensuring availability during large‑scale traffic spikes.

3. Image Server

Deploy a few domestic servers as image cache servers; Nginx can serve as an efficient image cache. Keep image servers separate from other services, allowing the protection layer ("meat shield") to cache images.

4. Data Center Selection

Choose data centers with high service quality, strong DDoS protection, reliability, and responsive support. Distribute servers across regions (e.g., Hong Kong for core services, US for protection nodes) to avoid a single point of failure.

5. Homepage

Use the homepage as a landing or advertising page hosted on a cloud VM. Include a link to the game front‑end, either with a port number (simple) or without (requires CDN or a non‑备案 data center). For restricted content, host the protection layer in a non‑备案 location to avoid domain/IP takedowns.

6. Monitoring System

Implement real‑time monitoring to detect attacks, log spikes, and network anomalies. Forward logs to a syslog server and visualize them with Cacti. Monitor bandwidth; sudden increases indicate possible attacks. Set up alerting to trigger immediate response.

7. Attack Mitigation

Small attacks can be blocked with Nginx and iptables. Large DDoS attacks require high‑capacity data‑center protection (minimum 200 GB). If the attack originates from a few IPs, request the data center to block them. Use CDN to offload traffic when under attack.

8. Redundancy

Design for at least double the expected concurrent users (e.g., 2 000 concurrent users for a 1 000‑user peak) to handle traffic spikes during events.

9. Server Configuration

Equip each server with three network interfaces: one for public traffic, one for internal communication, and one for SSH management. Use multiple IPs per NIC to avoid single‑IP blocking. Provide RAID‑1 storage, dual CPUs, dual power supplies, and avoid single points of failure. The protection layer can run on lower‑spec hardware as long as network connectivity is strong.

10. Database

Implement master‑slave replication with off‑site backups. Use Nginx upstream for load‑balancing. Separate front‑end (user‑facing) and back‑end (admin) services onto different machines. Other services can share a virtual machine to reduce cost. Use Gmail for corporate email and consider an internal chat solution if needed.

11. Testing Environments

Maintain three environments: a developer workstation, an internal LAN test environment, and an external internet test environment, plus production. The LAN test environment should be stable, using dedicated rack hardware and version control (SVN or Git). Only promote code after thorough testing.

12. Protection Layer and Core Server Connectivity

Ensure the protection layer can ping the core server to verify network reachability.

13. Operations Staff

At least two operators; a manager plus one engineer is sufficient. Document all procedures, enable 24‑hour on‑call coverage, and coordinate tasks without shift work.

14. Linux Optimization and Security

Optimize Nginx and other services based on CPU and memory limits. Rotate all passwords (especially domain and email accounts) every three months.

15. LAN Infrastructure

Provide a stable LAN with at least 10 Mbps bandwidth, dual Ethernet cables, and a mobile Wi‑Fi hotspot for employee devices.

16. Data Center (Large‑Scale Architecture)

For large deployments, own a dedicated core data center staffed by engineers for networking, databases, security, storage, and backup.

17. Operations Tools

Standardize tools: SQLyog for database access, CRT for SSH, KeePass for password management, WinSCP for file transfers, etc. Encourage continuous learning and English proficiency to stay current with technical documentation.

18. Disaster Recovery Plan

Develop a clear failover plan: when a server fails, switch to a standby system quickly. Conduct regular drills and backup restoration tests to ensure backups are usable.

19. Server Security

Apply comprehensive security hardening covering user accounts, applications, system, and file permissions to prevent unauthorized access.

20. High‑Concurrency Testing

Simulate 2 000 concurrent users to evaluate load handling. Ensure server hardware, network bandwidth, and data‑center location are appropriate for the expected traffic.

21. Operations Knowledge Sharing

Share all operational information (passwords, configuration steps) between two operators under the guidance of an operations manager, fostering a collaborative and skilled team.

22. Server Logging

Record every operation on all servers with timestamps and details. Perform risk assessments before any production changes.

23. Operational Best Practices

Focus on website availability, monitoring with alerts, capacity planning, standardized processes, knowledge management, and automation.

24. Routine Operations After Release

Post‑deployment tasks include version upgrades, service monitoring, status statistics, regular inspections, incident response, configuration changes, cluster management, performance tuning, database optimization, scaling architecture with traffic, security hardening, and developing operational tooling.

25. Checking Connection Counts

Use commands such as netstat -ant | grep $ip:80 | wc -l and netstat -ant | grep $ip:80 | grep EST | wc -l to monitor active connections.