[Labs-l] Web access for labs instances

Andrew Otto otto at wikimedia.org
Mon Nov 25 17:53:54 UTC 2013 

Awesome this is so useful!

>  If your instance has a public IP and needs access to ports other than 80 and 443 (that is, http and https) then please let me know so that I don't break your setup.

Analytics needs this.  Hadoop (and other) services start a bunch of web interfaces on various ports (50070, 8088, 8888, etc. etc.).  We're currently using either instance-proxy with ports in the URL, or a manual custom haproxy instance on our one node with a public IP to get to these services.


On Nov 25, 2013, at 12:43 PM, Andrew Bogott <abogott at wikimedia.org> wrote:

>    Thanks to Yuvi's hard work, we have a new system for creating web proxies for Labs instances.  If you need public web access for an instance, project admins can now create a proxy here: https://wikitech.wikimedia.org/wiki/Special:NovaProxy
> 
>    A proxy created on that page will map a public address (e.g. 'awesome.wmflabs.org') to a private instance (e.g. 'lessawesome.pmtpa.wmflabs').  When users browse to awesome.wmflabs.org their http or https requests will be relayed to the specified instance via http over port 80.  No additional work is needed to provide https access on the backend.
> 
>    I wrote a short docpage explaining a few more details here: https://wikitech.wikimedia.org/wiki/Help:Proxy  This setup uses several new pieces of software that have not yet been tested in production, so please approach with caution and let me know when you encounter hiccups.
> 
>    Those of you who were already facing the question of public access have been using one of two existing solutions:
> 
> 1)  instance-proxy.wmflabs.org
> 
> I don't have any immediate plans to kill this framework, but i also don't expect to maintain it for much longer.  If you were relying on instance-proxy then please set up a custom proxy instead.
> 
> 2) public IP address
> 
> The system for managing public IPs will remain.  However, public IPs are precious, and may also cause complications in the upcoming datacenter migration.
> 
> So, once the bugs shake out of the new proxy system, I will be gradually migrating instances away from public IP use and over to the proxy system.  If you want to beat me to the punch and do this for your own instances, that will be much appreciated.  If your instance has a public IP and needs access to ports other than 80 and 443 (that is, http and https) then please let me know so that I don't break your setup.
> 
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/labs-l

More information about the Labs-l mailing list