All Deployment Guidelines

• new in Eden-6.2 (not yet released)

In certain situations, you may want to deploy Eden with the database on a separate host. Follow these steps for Debian/Linux:

This guideline assumes that you have two hosts running on Debian/Linux - we will use the App Host and DB Host designations here to distinguish between the two.

Further, we assume that each host has a public IP (exposed to the internet) and a private IP (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this:

apphost-public-ip 000.000.000.000
apphost-private-ip 000.000.000.000
dbhost-public-ip 000.000.000.000
dbhost-private-ip 000.000.000.000

...so that you have them readily at hand when walking through this guide. We will use designations like <apphost-public-ip>, for instance, to refer to the public IP of the App Host. In these places, replace the designation with the respective IP address.

Make sure that you have a DNS A-record set up for the public IP of the App Host, e.g. in the FQDN (fully qualified domain name) "eden.example.com", the "eden" part constitutes the hostname, and "example.com" the domain.

Login to the DB Host and create a user account for Eden:

adduser eden

Use visudo to add the following lines to the sudoers configuration:

# User rules for eden
eden ALL=(ALL) NOPASSWD:ALL

This will allow Eden to become root without password.

On your local machine, generate a new RSA key pair:

ssh-keygen -t rsa -m PEM -b 4096 -f eden -C "eden"

Note: Leave the password empty as this key is to be used for script automation

This will generate two files, eden (=private key) and eden.pub (=public key), in the current directory. Install the public key on the DB Host:

cat eden.pub | ssh eden@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

Copy the private key to the App Host:

scp eden admin@<apphost-public-ip>:/tmp

Login to the App Host and store the key in a safe location:

sudo su -
cp /tmp/eden ~/.ssh
chown root.root ~/.ssh/eden
chmod 600 ~/.ssh/eden

Verify that you can use this key to SSH-login from the App Host to the DB Host (via private IP), as user eden:

ssh -i ~/.ssh/eden eden@<dbhost-private-ip>

On the DB Host, make yourself root:

sudo su -

Then install PostgreSQL and PostGIS:

apt-get update
apt-get install -y postgresql-17 postgresql-17-postgis-3

You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file /etc/postgresql/17/main/pg_hba.conf, adding the following lines at the end (using the private IP of the App Host):

# Eden App Host
host    all    all    <apphost-private-ip>/32   md5

Note: if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.

Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file /etc/postgresql/17/main/postgresql.conf, and modify the listen_address setting, adding the private IP of the DB Host:

listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;

Finally, restart PostgreSQL:

systemctl restart postgresql

Logout from the DB Host, going back to the App Host.

Copy the Eden DEB-package to the App Host - either using scp from your local machine, or wget to fetch it from GitHub, e.g.:

cd /tmp
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb

Note: The actual location and name of the package depends on the release - check on GitHub for the latest available package.

Login to the App Host and make yourself root:

sudo su -

Install the package:

apt-get update
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb

Create a file /etc/sahana/dbhost.conf, with the details of the DB Host, so that edenctl can login there:

DBHOST=<dbhost-private-ip>
DBHOST_USER=eden
DBHOST_KEY=/root/.ssh/eden

After that, you can set up the Eden instance as usual:

edenctl setup

Eventually, start the Eden instance with:

edenctl start