94dfe05dbc1e23b67bc997791492fcc20b08e141
wiki/info/landscape/amazon-ec2.md
| ... | ... | @@ -42,6 +42,25 @@ Furthermore, it host aliases for ``sapsailing.com``, ``www.sapsailing.com`` and |
| 42 | 42 | service httpd reload |
| 43 | 43 | ``` |
| 44 | 44 | |
| 45 | +The webserver is registered as target in various locations: |
|
| 46 | + |
|
| 47 | +* As DNS record with its internal IP address (e.g., 172.31.19.129) for the two DNS entries ``logfiles.internal.sapsailing.com`` used by various NFS mounts, and ``smtp.internal.sapsailing.com`` for e-mail traffic sent within the landscape and not requiring the AWS SES |
|
| 48 | +* as IP target with its internal IP address for the ``HTTP-to-sapsailing-dot-com`` target group, accepting the HTTP traffic sent straight to ``sapsailing.com`` (not ``www.sapsailing.com``) |
|
| 49 | +* as IP target with its internal IP address for the ``SSH-to-sapsailing-dot-com`` target group, accepting the SSH traffic for ``sapsailing.com`` |
|
| 50 | +* as regular instance target in all load balancers' default rule's target group, such as ``DefDynsapsailing-com``, ``DNSMapped-0``, ``DNSMapped-1``, and so on |
|
| 51 | +* as target of the elastic IP address ``54.229.94.254`` |
|
| 52 | + |
|
| 53 | +Furthermore, it is important to ensure that the ``/internal-server-status`` path will resolve correctly to the Apache httpd server status page. For this, the ``/etc/httpd/conf.d/001-events.conf`` file contains three rules at the very beginning: |
|
| 54 | + |
|
| 55 | +``` |
|
| 56 | +## SERVER STATUS |
|
| 57 | +Use Status ec2-54-229-94-254.eu-west-1.compute.amazonaws.com internal-server-status |
|
| 58 | +Use Status 172.31.19.129 internal-server-status |
|
| 59 | +Use Status 127.0.0.1 internal-server-status |
|
| 60 | +``` |
|
| 61 | + |
|
| 62 | +The second obviously requires maintenance as the internal IP changes, e.g., when instantiating a new Webserver copy by creating an image and restoring from the image. When upgrading / moving / copying the webserver you may try to be smart and copy the contents of ``/etc/ssh``, in particular the ``ssh_host_...`` files that contain the host keys. As you switch, users will then not have to upgrade their ``known_hosts`` file, and even internal accounts such as the Wiki account or the sailing accounts on other hosts that clone the git, or the build infrastructure won't be affected. |
|
| 63 | + |
|
| 45 | 64 | ### DNS and ALBs |
| 46 | 65 | |
| 47 | 66 | We distinguish between DNS-mapped and non-DNS-mapped content. The basic services offered by the web server as listed above are DNS-mapped, with the DNS entries being CNAME records pointing to an ALB (Sailing-DNSMapped-eu-west-1-604165534.eu-west-1.elb.amazonaws.com) which handles SSL offloading with the Amazon-managed certificate and forwards those requests to the web server. Furthermore, longer-running application replica sets can have a sub-domain declared in Route53's DNS, pointing to an ALB which then forwards to the public and master target groups for this replica set based on hostname, header fields and request method. A default redirect for the ``/`` path can also be defined, obsoleting previous Apache httpd reverse proxy redirects. |