[Girder-users] Deploy Girder on AWS with Elastic Beanstalk
Carlos Agüero
caguero at osrfoundation.org
Wed Apr 26 17:02:04 EDT 2017
hi Michael,
Thanks for your reply! Sorry that I didn't follow-up before but I've been
exploring and partially documenting the process.
I managed to set-up an EC2 machine hosting the Mongo database. Also, I
configured Elastic Beanstalk with a single Docker container (girder/girder)
and a load balancer. The instances are running Girder and using the
external database. I associated an SSL certificate to the load balancer.
All the connections between the users and load balancer are secured and
between the load balancer and the instances go though regular HTTP. I think
this is OK because the load balancer and the instances are within the
internal VPN that cannot be sniffed. The TSL termination happens on the
load balancer.
A similar thing occurs with the database instance. The Mongo port (27017)
is configured with a security rule that allows access only from a machine
within the same VPN (the Girder instances in this case).
The default EB configuration uses NGINX, that redirects requests to the
Docker container. I still have an open issue for redirecting the non-https
requests to https without breaking the health checker monitor that EB uses.
I've done this in the past but this is the first time that I do it with EB
+ docker.
I'm in the process of documenting the process here:
https://bitbucket.org/osrf/propshop-girder/overview
On Thu, Apr 20, 2017 at 5:01 PM, Michael Grauer <michael.grauer at kitware.com>
wrote:
> Hi Carlos,
>
> Thanks for trying out Girder, I'm glad you appreciate our docs! We've
> done a number of deployments to AWS, but they've all been EC2 instances.
> EB is on our roadmap, we'd like to start playing with it over the next
> couple months, but don't have much concrete to share yet. We'd love for
> you to keep us informed about your progress, or let us know any stumbling
> blocks you run into.
>
> The plan you describe sounds like what we were going to attempt, put Mongo
> in a separate EC2 instance, and then have EB bring up Dockerized (seems
> easiest, and we already have a Docker image in Girder's repo) Girder
> containers. We normally would put Girder behind Nginx or Apache. Were you
> going to use ELB for your load balancer, and is that what you normally use
> for your EB deployments? How to best use ELB + possibly other proxy
> servers if necessary (e.g., can you set all of the proxy rules in ELB to
> allow stream notifications? where do you terminate TLS?) + Girder in EB are
> open questions for us.
>
> Let us know if you have more specific questions as well.
>
> Thanks,
> Mike
>
>
>
> On Thu, Apr 20, 2017 at 7:41 PM, Carlos Agüero <caguero at osrfoundation.org>
> wrote:
>
>> Hello,
>>
>> I'm new to Girder and deployed a local instance on my own development
>> machine without problems following your documentation (nice documentation
>> by the way!).
>>
>> I'd like to deploy another Girder instance on AWS and I've read the
>> "Deploy" section of the Administrator documentation. It seems to cover a
>> few options but none of them is AWS.
>>
>> I normally use Elastic Beanstalk (EB) that allows you to configure a load
>> balancer that will spin up machines depending on the server demand. This
>> model seems compatible with Girder as long as the database is deployed in a
>> separate machine separated from the servers, to make sure that there's only
>> one machine running the database.
>>
>> Does anyone have experience, documentation or suggestions deploying
>> Girder on AWS with EB?
>>
>> Thanks!
>> Carlos
>>
>>
>>
>> _______________________________________________
>> Girder-users mailing list
>> Girder-users at public.kitware.com
>> http://public.kitware.com/mailman/listinfo/girder-users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://public.kitware.com/pipermail/girder-users/attachments/20170426/8354b2e9/attachment.html>
More information about the Girder-users
mailing list