Jump to content

Guidelines:DualHost: Difference between revisions

From Sahana Eden Wiki
← Older editNewer edit →
Dominic (talk | contribs)
architect, maintainer
164 edits
Dominic (talk | contribs)
architect, maintainer
164 edits
Line 21: Line 21:
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host.
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host.


Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain''':
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain'''. Note these details down:


<pre>
<pre>

Revision as of 23:21, 2 February 2026

All Deployment Guidelines

Dual Host Setup

  • new in Eden-6.2 (not yet released)

In certain situations, you may want to deploy Eden with the database on a separate host. Follow these steps for Debian/Linux:

Prerequisites and Terminology

This guideline assumes that you have two hosts running on Debian/Linux - we will use the App Host and DB Host designations here to distinguish between the two.

Further, we assume that each host has a public IP (exposed to the internet) and a private IP (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this: 

apphost-public-ip 000.000.000.000
apphost-private-ip 000.000.000.000
dbhost-public-ip 000.000.000.000
dbhost-private-ip 000.000.000.000

...so that you have them readily at hand when walking through this guide. We will use designations like <apphost-public-ip>, for instance, to refer to the public IP of the App Host.

Make sure that you have a DNS A-record set up for the public IP of the App Host, e.g. in the FQDN (fully qualified domain name) "eden.example.com", the "eden" part constitutes the hostname, and "example.com" the domain. Note these details down: 

FQDN eden.example.com
Hostname eden
Domain example.com

This guideline further assumes that you have set up the servers for key-based SSH login (see Guidelines:SecureOperation) with a non-privileged user account serveradm (replace this with the actual user name as required).

Preparing the Servers

First, we need to setup an additional key pair on the App Host, for edenctl to login at the DB Host. On your local machine, generate a key pair with: 

ssh-keygen -t rsa -m PEM -b 4096 -C "apphost" -f apphost

Leave the password empty, as the private key is to be used by the edenctl script.

This will generate two files apphost and apphost.pub in the local directory. Copy the private key (apphost) to the App Host, using the private key of the serveradm user: 

scp -i serveradm apphost serveradm@<apphost-public-ip>:/tmp

Install the public key (apphost.pub) for the serveradm user on the DB Host: 

cat apphost.pub | ssh -i serveradm serveradm@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

Login to the App Host: 

ssh -i serveradm serveradm@<apphost-public-ip>

Make yourself root and move the private key into a secure location: 

sudo su -
mv /tmp/apphost ~/.ssh/apphost
chown root.root ~/.ssh/apphost
chmod 600 ~/.ssh/apphost

Now you should be able to login from the App Host to the DB Host using this key and the private IP of the DB Host: 

ssh -i ~/.ssh/apphost serveradm@<dbhost-private-ip>

Installing PostgreSQL

On the DB Host, make yourself root: 

sudo su -

Then install PostgreSQL and PostGIS: 

apt-get update
apt-get install -y postgresql-17 postgresql-17-postgis-3

Configure Host-based Access

You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file /etc/postgresql/17/main/pg_hba.conf, adding the following lines at the end (using the private IP of the App Host): 

# Eden App Host
host    all    all    <apphost-private-ip>/32   md5

Note: if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.

Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file /etc/postgresql/17/main/postgresql.conf, and modify the listen_address setting, adding the private IP of the DB Host: 

listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;

Finally, restart PostgreSQL: 

systemctl restart postgresql

Logout from the DB Host, going back to the App Host.

Setting Up Eden

Copy the Eden DEB-package to the App Host - either using scp from your local machine, or wget to fetch it from GitHub, e.g.: 

cd /tmp
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb

Note: The actual location and name of the package depends on the release - check on GitHub for the latest available package.

Install the package: 

apt-get update
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb

Create a file /etc/sahana/dbhost.conf, with the details of the DB Host, so that edenctl can login there: 

DBHOST=<dbhost-private-ip>
DBHOST_USER=serveradm
DBHOST_KEY=/root/.ssh/apphost

After that, you can set up the Eden instance as usual: 

edenctl setup

Eventually, start the Eden instance with: 

edenctl start
Retrieved from "https://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&oldid=268"