We run a whitelabeled site builder -- think squarespace or shopify (different market, though). We currently host on Heroku, but need to be able to offer customers an IP address so they can easily point their naked domains at our service. Although I want to move to AWS at some point, we're a bit short on resources right now, so I need an interim solution for this.
It seems like I should be able to set up a simple proxy server behind a static IP on Route53 or something that would proxy traffic to our Heroku app. But I've little experience with this sort of thing and don't know A) if this is actually the right way to go about it, B) resources to look at or the right tools to check out, or C) if there are commercial services that would be easier temporarily than running it ourselves.
Thanks in advance for any pointers!
PS - Believe me, I know this is sub-optimal, but there are a number of reasons we definitely have to offer an IP.
You could certainly do this, since a proxy or hand-made LB within EC2 can shuttle traffic off to wherever you need. So HAproxy running on an EC2 instance could pass traffic over to Heroku for you.
However, I see this was posted about 6 months ago and I know Heroku has just reconfigured pricing. So maybe that is encouragement to move into AWS now. My only real worry about your above solution is latency. What if you ran an EC2 instance with Varnish to cache your Heroku app(s) and try to mitigate any sluggishness?
Related
I´m new on development and found Heroku easy for deploying my app.
I was happy until I got to problems:
Heroku does not provide an IP adress which I need for a white IP list to access an API. I fixed this with a Heroku add-on proxy called Fixie. That is free if under 500 request per month.
The Heroku free plan sleeps after 30 min of inactivity. My app needs to makes API requests at midnight and this is getting difficult because the app is sleeping.
I was thinking to pay the nearest cheap plan on Heroku which make that the app does not sleep. But then I though why not use another platfrom than Heroku.
Does anyone have some sugestions? Any other platform that give an IP so I don´t worry about crossing the 500 request per month?
I was thinking of AWS Elastic Beanstalk. But as I said I´m new at this.
You can use DigitalOcean: the cheapest plan is 5$ a month and you get a Droplet with its own IP address. The Droplet is always running (no inactivity timeout like Heroku).
The main difference is Heroku provides an abstraction layer on top of the underlying infrastructure (you only deal with the application deployment and management) while DigitalOcean delivers a virtual box (ie Ubuntu), however the documentation is great and you can easily find what you need (ie install Docker, etc..)
Couldn’t agree more.
I have been running many applications on Heroku for years now and have faced the 1st problem that you’ve mentioned multiple times.
I tried using Engine Yard instead of Heroku as far as I can remember I never faced the IP issue that you are referring to. AWS is good, but again it’s not without its limitations because its really hard to use. It’s these shortcomings that drive users crazy, isn't it? All I can say is that when I shifted to Engine Yard the set problems I faced considerably dropped. It appears to be a much more usable platform. Check it out.
Here’s a link to Engine Yard, which I hope will help you.
I have I Squarespace website I made for myself a while back. The main purpose at the time was to have something to link to from my iOS app, and I opted for something expedient rather that thinking long term just to get the app released. Fast forward to now and I have an AWS EC2 instance where I could do more with a personal site in the future. Ultimately it would be nice to get it off Squarespace and not have to pay another full year billing cycle, but the renewal date is a pretty tight deadline at this point.
Nothing on this domain requires must more than frontend web code really, but a completely different page UI could take more time than I have for this. I'm wondering if there might be a way to just temporarily have the Squarespace page source as is running on EC2 so I can worry about a possible non CMS design when I'm not worried about getting billed for another whole year by Squarespace.
I'm not sure if this is possible, but if not it seems like I should just port the content to minimalistic empty html files with no styling just to avoid the billing or get billed for a shorter time period. Billing seems like the limiting factor here. I would also need to add my new credit card to get billed for more time which I also have yet to do.
Basically, has anyone else dealt with this situation personally? What would you recommend I do? Does Squarespace even allow me to port to EC2 somehow, or is that more in the realm of WordPress? Thanks.
Note: Tomcat's what I'm using on the EC2 instance currently. I will also need to do the multiple site per instance setup for this, but I believe that's the most relevant config info here unless I'm forgetting something.
Not sure why you've already chosen to use Tomcat as I don't see anything that would allow you to easily convert your Squarespace site to a Java webapp. It looks like Squarespace sites can be exported into Wordpress, which you could host on an EC2 server.
Alternatively you could use wget to create a static copy of your website which you could then host easily on your EC2 server with Nginx, or skip EC2 and just host the static website on S3.
Before anything, I have never worked with Amazon EC2 Service, first time I even hear of it. I was asked to work on a Drupal 6 site and I need to upload a custom module. The client gave me a username and password to log into Amazon EC2, but told me nothing else. I assumed their site was hosted there. I came upon the EC2 dashboard, and to my surprise (or maybe not) there were no running instances. If I understood properly, you need a running instance that's supposed to work as the server, please, correct me if I'm wrong. I might be understanding it all wrong, and associating "instance" as if it were the Virtual Server itself (sort of like when you use virtual machines on your computer and instance=="virtual machine").
If there are no running instances, how is the site "up" ? There must be a server, somewhere, answering to the client's requests. Or is it that the "instances" are more like "working sessions"? Thing is, I don't want to meddle too much into the dashboard in case I mess it up since this client has no staging site nor repository. That's why I wasn't bold enough to create an instance.
Helps is much appreciated.
You are correct, that if the site is hosted on aws ec2, there must be an ec2 instance running somewhere - definitely check to make sure you have selected the correct region in the upper right hand corner of the console.
The only other possibility, and I don't this would apply to Drupal, is it actually is possible to host an html/css/javascript only site completely on aws s3 (which would not required ec2 instance) but that is not likely what you are dealing with.
I'd like to host some php or perl/cgi script, without having a full blown web site, does anybody know someone is offering this kind of service, free, hopefully.
Thanks,
David
you can sign up for a developer account with Amazon Web Services and get a server instance of your choice for free for one year - http://aws.amazon.com/
You could run your own Linux or Windows webserver - both are completely capable of hosting as simple or complex a site you want. Unless you want to make this script available for others to use as a service, there's no need to find an "outside" provider.
Hmm, Free File Hosting. Or, if you don't need to actually access the files from anywhere, and you just want them hosted somewhere, gist might work well for you.
I have just installed a fedora linux AMI on amazon EC2, from the amazon collection. I plan to connect it to EBS storage. Assuming I have done nothing more than the most basic steps, no password changed, nothing extra has been done at this stage other than the above.
Now, from this point, what steps should I take to stop the hackers and secure my instance/EBS?
Actually there is nothing different here from securing any other Linux server.
At some point you need to create your own image (AMI). The reason for doing this is that the changes you will make in an existing AMI will be lost if your instance goes down (which could easily happen as Amazon doesn't guarantee that an instance will stay active indefinitely). Even if you do use EBS for data storage, you will need to do the same mundane tasks configuring the OS every time the instance goes down. You may also want to stop and restart your instance in certain periods or in case of peak traffic start more than one of them.
You can read some instructions for creating your image in the documentation. Regarding security you need to be careful not to expose your certification files and keys. If you fail on doing this, then a cracker could use them to start new instances that will be charged for. Thankfully the process is very safe and you should only pay attention in a couple of points:
Start from an image you trust. Users are allowed to create public images to be used by everyone and they could either by mistake or in purpose have left a security hole in them that could allow someone to steal your identifiers. Starting from an official Amazon AMI, even if it lacks some of the features you require, is always a wise solution.
In the process of creating an image, you will need to upload your certificates in a running instance. Upload them in a location that isn't bundled in the image (/mnt or /tmp). Leaving them in the image is insecure, since you may need to share your image in the future. Even if you are never planning to do so, a cracker could exploit a security fault in the software your using (OS, web server, framework) to gain access in your running instance and steal your credentials.
If you are planning to create a public image, make sure that you leave no trace of your keys/identifies in it (in the command history of the shell for example).
What we did at work is we made sure that servers could be accessed only with a private key, no passwords. We also disabled ping so that anyone out there pinging for servers would be less likely to find ours. Additionally, we blocked port 22 from anything outside our network IP, wit the exception of a few IT personnel who might need access from home on the weekends. All other non-essential ports were blocked.
If you have more than one EC2 instance, I would recommend finding a way to ensure that intercommunication between servers is secure. For instance, you don't want server B to get hacked too just because server A was compromised. There may be a way to block SSH access from one server to another, but I have not personally done this.
What makes securing an EC2 instance more challenging than an in-house server is the lack of your corporate firewall. Instead, you rely solely on the tools Amazon provides you. When our servers were in-house, some weren't even exposed to the Internet and were only accessible within the network because the server just didn't have a public IP address.