Versions Compared

Old Version 2

changes.mady.by.user Vincent Balbarin

Saved on

compared with

New Version Current

changes.mady.by.user Tristen Lawrence

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

We will use Yale Spinup to host this application.

Creating the Spinup Space

We will create a new Space in Spinup to contain the resources for this solution.

...

We will be adding the following resources:

  1. A Microsoft SQL Express database backend.

  2. A secret that will store the database connection string and will be assigned to the runtime environment of the application.

  3. A persistent storage volume accessible via Network File System (NFS) for storing the ProGet artifacts.

  4. A container service task to run the application with the following containers:

    1. ProGet application server

    2. Nginx reverse proxy

Creating the Database Backend

ProGet requires the use of Microsoft SQL. For our purposes, MS SQL Express hosted on AWS RDS is sufficient.

...

Use the following values:

  1. Size: db.t3.small

  2. Administrator username: sqladmin

  3. Disk size: 20

  4. Generate a new Administrator password and stash it away as text (preferably in a password safe like KeepassXC). You will need this to construct the connection string.

...

It will take a few minutes for the database to be fully provisioned. When it’s ready, note the Endpoint URL, as we’ll need that to connect.

...

Creating the Database Connection String Secret

Next, we need to create a secret parameter which will be used by the container service to connect to the MS SQL database backend.

...

NOTE: the SQL_CONNECTION_STRING is specific to the ProGet application’s execution environment. Different applications will require different environment secrets and values, but the principle remains the same.

Creating the Persistent Storage Volume

A persistent storage volume will be used by the ProGet docker container to hold packages.

...

A new NFS file system resource spinup-xxxxxx-data will be created

...

Creating the Container Service Task: Application and Reverse Proxy

Our container service will comprise two docker containers: the ProGet application and an Nginx reverse proxy to handle SSL termination for the application.

...

Enter a Service Name; this name will identify the application or service running in the containers to be defined shortly. Select a Size. Expand the Volumes section by clicking the + sign. Click Persistent. Select the volume spinup-nnnnnn-data created earlier.

ProGet Docker Container Configuration

We will configure the task definition for ProGet next. Select the Definitions tab.

...

The summary will be updated with the ProGet container entry, and a new container dialog will be presented.

Nginx Reverse Proxy Container Configuration

We will be creating an Nginx reverse proxy. The Spinup team has created a docker image for this purpose. Again, we create a new container. Use the following values for the Image:

  1. Name: Nginx

  2. External container source

  3. Image resource location: yalespinup/nginxproxy:latest

...

Click the green check mark to save the configuration.

...

Next, we will configure load balancing to enable access to the ProGet application from on-campus source IP addresses.

Important Note: Enabling Public Campus or Internet Access for the Application

If you require public access from internal or external source addresses, please contact the Spinup team before proceeding with the following steps.

The task containing the docker containers of the ProGet application will be attached to an elastic network interface assigned a private IP address in the Spinup private network. An application load balancer is required to route traffic to this private IP address from public internal (private campus) or external (internet).

A limitation in the task definition requires the creation of an empty load balancer target group prior to the creation of the container service. The Spinup platform will populate this target group with the IP address of the network interface assigned to the ProGet task.

...

Spinup starts deploying the container and you will see the management page for the container service - you will know when it’s ready when the yellow dot in the upper left corner turns green.

...

Firewall

But before we can do that, there’s one final step - we need to open the port that the Container Service is listening on (in this case 443). This is done from the Firewall tab for the space. You will notice that by default the only ports allowed are 22 and 3389 for administrator access. Click Add rule to open another port.

...

Info

Note that the above URL is only available on the Yale network and if you need to expose it to the Internet, you need to request that from the Spinup team. It involves setting up an additional web proxy (ALB) and a custom DNS name (e.g. nocodbexample.yale.edu) with SSL certificate. There is an additional monthly cost for this service.

Filter by label (Content by label)
page
showLabelsfalse
max5
spacescom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@ca98fe5d
showSpacefalse
sortmodified
showSpacetypefalsepage
reversetruetype
labelscontainer_service storage kb-how-to-article spinup
cqllabel in ( "container_service" , "spinup" , "kb-how-to-article" ) and type = "page" and space = "spinup"labelscontainer_service storage kb-how-to-article spinup
Page Properties
hiddentrue

Related issues