Skip to content

Latest commit

 

History

History
148 lines (112 loc) · 4.98 KB

aws.md

File metadata and controls

148 lines (112 loc) · 4.98 KB
layout title active docs_active permalink
documentation
RethinkDB on Amazon Web Services
docs
aws
docs/aws/

RethinkDB can be easily deployed on Amazon Web Services. You can use a pre-built AMI (Amazon Machine Image), which takes only a few minutes to set up.

AWS quickstart

Launching an instance

The minimal recommended instance type is M1 Small, however T1 Micro works for simple tests. Follow these instructions to set up an AMI:

  1. On the RethinkDB marketplace page, click the Continue button. Then select the 1-Click Launch tab and click on the Launch with 1-Click button on the right. Finally, click on the link Your Sotware to access RethinkDB.
  2. You should see a RethinkDB instance. When the instance is ready, click on the Access Software link on the right.
  3. You should see a web page to set up the AMI. Click on the Continue button and follow the instructions. Shard with the web interface

{% infobox info %} Note: RethinkDB uses a self-signed certificate to encrypt your password. You'll have to accept the self-signed certificate in your browser to access the instance. {% endinfobox %}

AMI configuration

The RethinkDB AMI is preconfigured with the following options:

  • Ubuntu Server 12.04 LTS
  • RethinkDB server
  • Official RethinkDB client drivers for Python, JavaScript, and Ruby
  • 5 GB of free EBS space for your data

{% infobox info %} Note: it is possible to attach more specialized EBS volumes and have RethinkDB store your data on them, but this option is not yet available out of the box. If you manually attach an EBS volume, you can SSH into the instance and edit the configuration file to point RethinkDB to the custom volume. See the cluster setup instructions for more details. {% endinfobox%}

Instance administration

SSH access

To connect to your instance over SSH, log in as the user ubuntu. Use the private key you chose during the installation process and the public hostname of the instance. For example:

ssh -i rethinkdb.prv -l ubuntu ec2-184-72-203-271.compute-1.amazonaws.com

RethinkDB command line administration

You can launch the administration tool from the command line after logging in over ssh:

rethinkdb admin --join localhost:29015

Security

The default security group opens 4 ports:

  • Port 22 is for SSH. The server uses public key authentication.
  • Port 80 is for HTTP. It is used during the setup process but otherwise redirects to HTTPS.
  • Port 443 is for HTTPS. An Nginx server sits between RethinkDB and the world and provides basic HTTP authentication and secure HTTPS connections for the web UI.
  • Port 28015 is for client driver access. The only form of authentication is a key that is sent in plain text over the network.

To secure your instance even further, we recommend that you perform the following steps:

  • Change the authentification key. Open the RethinkDB command line and execute the command 
    set auth <your_key>
  • Restrict access to port 28015 to allow only IP addresses or security groups that should have driver access.

Changing the web UI password

To change the password used to access the web UI, log in over SSH and run the following command:

htpasswd /etc/nginx/htpasswd rethinkdb

The htpasswd tool will prompt for your new password.

Changing the driver API key

To change the API key used by the server to authenticate the drivers, login over SSH and run rethinkdb admin set auth.

You can run the following commands to generate a good API key:

API_KEY=$(head /dev/urandom | md5sum | cut -f 1 -d ' ')
htpasswd /etc/nginx/htpasswd rethinkdb $API_KEY
echo $API_KEY

Cluster administration

To form a two-machine cluster, launch two RethinkDB instances on Amazon. Follow the steps below to ensure that AWS security groups are configured properly:

  1. Open the Security Groups section of the administration console. If you launched your instance in the US East region, you can find the console here.
  2. Select the security group that your instances belong to and open the Inbound tab in the bottom half of the page.
  3. Note the id of the security group, it should start with sg-.
  4. Create a new rule to allow instances to connect to one another:
    • Select Custom TCP rule.
    • Enter "29015" as the port range
    • As the Source, enter the id of the security group (see step 3)
    • Click on Add Rule, and Apply rule changes

After the rule has been applied, connect to one of the two instances over SSH and change the RethinkDB configuration file to join the two instances (see the cluster setup instructions).

{% infobox info %} Note: we will automate setup of RethinkDB clusters on AWS in the future. {% endinfobox %}