Mongo Meteor AWS EC2 Multiple Deploy - mongodb

I was using Galaxy to host my meteor app and recently decided to host my app with Amazon Cloudfront serving static webpage (angular client) and connect that to my meteor app running on an EC2 container.
I have the static page working and I have the meteor app on the EC2 container, which points to a remote mongo server, working as well. I am using the meteor-client-bundler package to attempt to connect the client (static cloudfront) to the Meteor server via DDP URL. Here is where I am stuck.
The DDP Url should be my meteor server correct? Hosted at ec2....amazonaws.com)? I feel like it has to be because I have publications and methods on the server I will need to hit constantly. If that is correct, then what if I also want to have two EC2 containers running the same Meteor app? Just like in Galaxy, in case 1 is getting maintenance work done or goes down, I want the backup to take over. How can I set up two different DDP urls?

You should use a custom domain for the server, and use that custom domain in the DDP URL. While using the EC2 address will work, it's better to use a different address, especially if you ever want to move to another provider.
You can use NGINX as a reverse proxy to have 2 or more Meteor apps on the one box. It's not too difficult to set up.
You can also use Meteor up (aka mup) to do multiple deployments to the same box. http://meteor-up.com/ Meteor up will give you a very simple way to deploy, it will even revert to the previous version if something goes wrong automatically. You can even configure it to run letsencrypt to give you https security, and automatically renew the certs.

For anyone who is new to this stuff like I am, I figured out to buy another domain name, use dns (route 53) to a load balancer (elastic beanstalk) which handles multiple ec2s for 1 domain, and then point your ddp from the client to the domain. Boom. Thanks for the help #Mikkel

Related

How to access my desktop MongoDB from EC2 Linux?

I have MongoDB installed on my desktop, using which I have developed a web application. I want to now deploy this webapp on an EC2 linux instance and test it. I don't want to setup another mongoDB on the EC2 separately, rather use the one on my desktop. I understand that it is not that simple to put my ip and mongo port and just connect.
I have added port-forwarding settings on my router like this -
Also I have opened my firewall for this port by adding an inbound rule.
Yet I'm not able to connect. What am I missing here?
Thanks in advance

Trying to use AWS EC2 node.js app to talk to AWS Mongo Linux instance via AWS ELB

I have 2 x AWS EC2 instances with a node.js app. Out of the box, they come with a local mongod instance that works fine. Given the criticality of the app, I decided to spin up 2 x EC2 front ends (node js) to talk to a mongo db in another availability zone using the AWS ELB.
Full IP communication/27017 connectivity exists between all 3 nodes.
When using only 1 server to the mongo server, it works just fine. When adding both front end servers into the ELB target group, I get random 504 gateway errors.
Removing a server from the group fixes the issue.
Any suggestions on what I should look for?
In terms of how the node.js server connects to mongo, there is a config.json file that simply points out the IP and DB name required.
Thanks!
AWS Load Balancer use "round robin" mechanism to route user's requests. Does your application have way to control user sessions? If not then your first request come to server 1, then second request to server 2 which doesn't have any information to the first request may result in error. That explain why it works fine when you have 1 server only
the server uses redis (the app server) and the following components:
Node.js - Server-side Javascript-framework
Express.js - Web application framework for Node.js
Nginx - Web server & reverse proxy
MongoDB - NoSQL database
redis - Session Manager & data structure server
Socket.IO - Bi-directional communication between web clients and servers

How can one connect from Heroku to a firewalled host to get data from MongoDb?

I am currently developing a service application that pulls data from Mongo and returns it to consumers. There is a layer of authentication involved and I am using Heroku to host the service. Mongo was being hosted on MongoLabs, but there were some significant performance concerns and so we have moved to hosting Mongo on one of our cloud servers. We want to be able to secure access to Mongo using a firewall, white-listing the ip address of the service app on Heroku.
There are a couple of issues with this.
Issues
Well, at least these are main ones...
Heroku, while providing some nice features like easily managing cluster settings, s/w upgrades, etc., draws ip addresses from a pool. While the dns value of an application's url may not change, the underlying ip address can and will change.
to be better secured, mongo-server01 is placed behind a firewall that requires rules to be added using static ip addresses to allow access.
Since Heroku can't provide static ip addresses, we need to consider options for how Heroku can access mongo-server01 while still protecting the data it hosts.
Static IP addresses for outbound requests
There seem to be a couple of options, specifically for Heroku. Fixie and QuotaGuard Static both seem to serve that function, but these seem to be geared toward HTTP and HTTPS communication only (perhaps not even HTTPS).
Mongo doesn't use HTTP, it uses its own network protocol over port 27017, by default
https://groups.google.com/forum/embed/#!topic/mongodb-user/eX_RIv2cZVw
Does this mean these proxies won't work for calls to Mongo? In theory, there doesn't seem to be any reason that a proxy is only for HTTP or HTTPS requests. That being said, there doesn't seem to be any way to get in to these Heroku plugins and configure the proxy to use a different port or to handle Mongo's particular protocol.
If we could get into the proxy, perhaps we could put an additional set of ssh keys in place so the ssl tunnel chain could continue on to mongo-server01. But there doesn't see to be any way to ssh to these proxies or access configuration through the plugin dashboards.
The question (finally!)
How can one connect from Heroku to a firewalled host to get data from MongoDb? Are there proxies that can be used to achieve this?
The simple approach. Won't work because Heroku applications don't use static ip addresses.
Using a proxy. The Heroku proxy plugins don't know how to proxy mongodb protocol. Can't install ssh keys on proxy for ssh tunneling.
What can be done to get a connection without opening up the Mongo server to the world?
I spoke with the folks at QuotaGuard and they do have something that does the trick.
we offer a SOCKS proxy which should do the trick as it proxies at the TCP layer
https://devcenter.heroku.com/articles/quotaguardstatic#socks-proxy-setup
I did need to make a simple change to bin/qgsocksify
#SOCKS_DIR="$(dirname $(dirname $(readlink -f ${BASH_SOURCE[0]})))/vendor/dante
SOCKS_DIR="${HOME}/vendor/dante"
After that, the proxy worked like a charm.

Is it possible to expose an Owin service?

We have created self-hosted services using OWIN. They are working fine inside the server and we can request and retrieve information using the http://localhost. We use a different port for each service so that we can go and get certain information from http://localhost:8001, other from http://localhost:8015 and so on.
Now, we need to expose the results of one of those self-hosted services to access to it through internet. We'd like to provide a custom address such http://ourpublicinfo.mydomain.com:8001 or using the server ip such http://209.111.145.73:8001.
Is that possible?
How can we implement it?
Our server OS is Windows Server 2012 R2
OWIN Self-Hosted apps can run on a Windows Service, as a Console process and, with if desired, as part of a more robust Host like IIS.
Since you mention your app is running as a service you're probably missing all the GUI goodies IIS provides. In reality however, IIS works on top of http.sys, just as HttpListener does (which is probably what you're using to self-host your app) 1. You just need to do some manual set up yourself:
First of all, you need to make a URL reservation in order to publish on a nonstandard port.
Why would you do that? Quite simply because you're not running under localhost alone anymore on your very own local machine, where you probably are an admin and/or have special privileges/powers.
Since this is a server, and the user used for running the Service might not be an admin (most probably), then you need to give permission to that user to use that URL... and here is where URL reservations come into scene.
You pretty much have to options:
open up the URL to be used by any user:
netsh http add urlacl url=http://209.111.145.73:8001/ user="everyone" listen=yes
or open up the URL to be used by the user(s) running the service, e.g.: NETWORK SERVICE:
netsh http add urlacl url=http://209.111.145.73:8001/ user="NETWORK SERVICE" listen=yes
There is a way to make the reservation for several users too, using sddl, user groups, etc... but I'll not get into it (you can look that up).
Second of all, you need to open up a hall through your firewall (if you don't have one on this day and age, I pity you!)
There are plenty of tutorials on this. You can use a GUI, netsh.exe and what not.
Pretty much all you need to do is make sure you allow incoming connections through that port and that should do the trick.
To make sure the hall is open through and through you can use a tool like http://www.yougetsignal.com/tools/open-ports/ and insert 209.111.145.73 in the Remote Address and 8001 in the Port Number.
If for some reason it shows that the port is closed, even after creating an incoming rule in your firewall for it, then you probably have one or more firewalls in between your server and the outside world.
With those to elements in place you should be able to access your Self-Hosted Service from the outside.
As for accessing your service through an address like http://ourpublicinfo.mydomain.com:8001, you'll need to create a DNS entry somewhere, most likely on your Domain Registrar for mydomain.com, where you could create an A Record for your ourpublicinfo subdomain pointing to 209.111.145.73.
From this point on, you should be able to access your service through direct IP and Port or through the afore mentioned URL.
Best of luck!
Note:
If your service will be access from other domains, you might need to make sure you have CORS (Cross Origen Resourece Sharing) well defined and working on your service too ;)

Can create a remote server with MongoDB? How?

My question, to be more clear, it is to create a server with mongodb on a cloud hosting (for example) and access it through another server.
Example:
I have a mobile app.
I hosted my mongoDB a cloud hosting (ubuntu).
I want to connect my app to the db on the server cloud.
Is it possible? How?
I'm joining this learning and my question was exactly MongoDB to create a server in a way that I could access it remotely.
Out of "localhost"? Different from all the tutorials I've seen.
From what you are describing, I think you want to implement a 2-Tier-Architecture. For practically all use cases, don't do it!
It's definitely possible, yes. You can open up the MongoDB port in your firewall. Let's say your computer has a fixed IP or a fixed name like mymongo.example.com. You can then connect to mongodb://mymongo.example.com:27017 (if you use the default port). But beware:
Security You need to make sure that clients can only perform those operations that you want to allow, e.g. using MongoDB integrated authentication, otherwise some random script kiddie will steal you database, delete it, or fill it with random data. Many servers, even if they don't host a well-known service, get attacked thousands of times per day. Also, you probably want to encrypt the connection so people can't spy on the connection. And to make it all worse, you will have to store the database credentials in your client app, which is practically impossible to do in a truly secure way.
Software architecture There is a ton of arguments against this architecture, but 1) alone should be enough. You never want to couple your client to the database, be it because of data migrations, software updates, security considerations, etc.
3-Tier
So what to do instead? Use a 3-Tier-Architecture: Host a server of some kind on mymongo.example.com that then connects to the database. That server could be implemented in nginx/node.js, iis/asp.net, apache/php, or whatever. It could even be a plain old C application (like many game servers).
The mongodb can still reside on yet a different machine, but when you use a server, the database credentials are only known to the server, not to all the clients.
Yes, it is possible. You would connect to MongoDB using the ip address of your host, or preferably using it's fully qualified hostname rather than "localhost". If you do that, you should secure your MongoDB installation otherwise anyone would be able to connect to your MongoDB instance. At an absolute minimum, enable MongoDB authentication. You should read up on MongoDB Security.
For a mobile application, you would probably have some sort of application server in front of MongoDB, e.g. your mobile application would not be connecting to MongoDB directly. In that case only your application server would be connecting to MongoDB, and you would secure MongoDB accordingly.