Guidelines:DualHost: Difference between revisions

In certain situations, you may want to deploy Eden with a database on a separate host. Follow these steps for Debian/Linux:

This guideline assumes that you have two hosts running on Debian/Linux - we will use the App Host and DB Host designations here to distinguish between the two.

Further, we assume that each host has a public IP (exposed to the internet) and a private IP (local network only; in some intranet setups, public IP and private IP may be the same). Thus, a designation like apphost-public-ip, for instance, refers to the public IP of the App Host.

Make sure that you have a DNS A-record set up for the public IP of the App Host, e.g. in the FQDN (fully qualified domain name) "eden.example.com", the "eden" part constitutes the hostname, and "example.com" the domain.

This guideline further assumes that you have set up the servers for key-based SSH login (see Guidelines:SecureOperation) with a non-privileged user account serveradm (replace this with the actual user name where required).

First, we need to setup an additional key pair on the App Host, for edenctl to login at the DB Host. On your local machine, generate a key pair with:

ssh-keygen -t rsa -m PEM -b 4096 -C "apphost" -f apphost

Leave the password empty, as the private key is to be used by the edenctl script.

This will generate two files apphost and apphost.pub in the local directory. Copy the private key (apphost) to the App Host, using the private key of the serveradm user:

scp -i serveradm apphost serveradm@<apphost-public-ip>:/tmp

Install the public key (apphost.pub) for the serveradm user on the DB Host:

cat apphost.pub | ssh -i serveradm serveradm@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

Login to the App Host:

ssh -i serveradm serveradm@<apphost-public-ip>

Make yourself root and move the private key into a secure location:

sudo su -
mv /tmp/apphost ~/.ssh/apphost
chown root.root ~/.ssh/apphost
chmod 600 ~/.ssh/apphost

Now you should be able to login from the App Host to the DB Host using this key and the private IP of the DB Host:

ssh -i ~/.ssh/apphost serveradm@<dbhost-private-ip>

On the DB Host, make yourself root:

sudo su -

Then install PostgreSQL and PostGIS:

apt-get update
apt-get install -y postgresql-17 postgresql-17-postgis-3

You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file /etc/postgresql/17/main/pg_hba.conf, adding the following lines at the end (using the private IP of the App Host):

# Eden App Host
host    all    all    <apphost-private-ip>/32   md5

Note: if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.

Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file /etc/postgresql/17/main/postgresql.conf, and modify the listen_addresses setting, adding the private IP of the DB Host:

listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;

Finally, restart PostgreSQL:

systemctl restart postgresql

Logout from the DB Host, going back to the App Host.

Copy the Eden DEB-package to the App Host - either using scp from your local machine, or wget to fetch it from GitHub, e.g.:

cd /tmp
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb

Install the package:

apt-get update
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb

Create a file /etc/sahana/dbhost.conf, with the details of the DB Host, so that edenctl can login there:

DBHOST=<dbhost-private-ip>
DBHOST_USER=serveradm
DBHOST_KEY=/root/.ssh/apphost

After that, you can set up the Eden instance as usual:

edenctl setup

Eventually, start the Eden instance with:

edenctl start