-
Notifications
You must be signed in to change notification settings - Fork 4
Setting up the ELB
AWS makes it easy to set up an SSL certificate to an ELB so that secure connections are possible. This guide will not cover how to request the certificate.
When you create the ELB, make it a classic load balancer. Use Route 53 to set the domain name to point to the DNS name of your ELB using type CNAME. Next, add instances to the ELB that it should load balance to, which should be the machines that are running HAProxy and the Manticore web app. Additionally, each machine should have an IAM role such that they are allowed to use Amazon's API to edit the listeners on the ELB.
Manticore controls the HAProxy configuration. HAProxy has a monitor-uri directive that allows a path called /haproxy to be used for ELB health checks. When you make the health check for the ELB, ensure that the port it's checking matches your HAProxy port opened and that the path on the ELB check is the same as the one in the monitor-uri directive (/haproxy).
Manticore can configure the security group for you if you pass in the security group's IDs to the appropriate environment variables. Therefore, it is recommended you use this feature. If you want to do it manually, then at a minimum, port 443 should be open for HTTPS connections, and whatever port the environment variable ELB_SSL_PORT is should be open as well. The classic load balancer cannot have websockets running using the HTTPS listener so this is why the ports for HTTPS and SSL need to be different. Additionally, a range of TCP ports should be opened for TCP connections for connections from the user's phone to sdl_core. These port ranges are defined by the environment variables TCP_PORT_RANGE_START and TCP_PORT_RANGE_END that are passed in to the Manticore web app. Allow all traffic to come through these ports, since this is the internet-facing load balancer.
The ELB's listener ports will automatically be created and removed by Manticore when necessary. This depends on whether cores and HMIs are created. Additionally, Manticore will setup the certificate on the HTTPS and SSL ports for you if you have the appropriate environment variables set.
One last warning is that the number of listeners that can exist on one load balancer is limited to 50. This means that the maximum number of cores and HMIs that can exist at once is 48, since a TCP listener needs to be created for every pair. While this number should be more than reasonable for most situations, it's important to know not to extend your cluster of instances past the point where 48 pairs of cores and HMIs can be created. However, you could contact AWS support to increase this number for your situation.
The next article has some stats about container resources consumed