I'm planning to deploy geronimo based java app on CloudFoundry. I read the documentation that CloudFoundry assigns a port per application. Geronimo app have port numbers for app, admin and jmx monitoring.
is there any way we can request cloudfoundry to assign more than one port to each application and we can use these ports in different config in the codebase?
First just fyi, if you are deploying the app as a Java web app, CloudFoundry in the backend uses only Tomcat as the application server. Therefore for your case you need to deploy it as a standalone app with your own Geronimo runtime. http://blog.cloudfoundry.com/2012/05/11/running-standalone-web-applications-on-cloud-foundry/
CF apps get one IP and one port each, accessible via environment variables VCAP_APP_HOST and VCAP_APP_PORT. There isnt a way to assign explicitly. Ports an app listens to other than the port assigned will not be accessible through CF router.
If you are interested, my suggestion would be deploying multiple apps for each port(Geronimo function) you want to listen to. This would give you URL-based app, admin or jmx monitoring.
Related
I created a web application in Spring boot, now I want to deploy it on Server so that our Client application (Angular 4 application) can consume REST services.
Is it good to deploy both application on same server? or do I need to create seperate server for each?
Will you ever need to deploy your applications separately? Will you need to scale one application independently of the other? Do your applications have different security requirements? If so, you should separate your applications to run on separate distinct instances.
Let me start this by saying I am fairly new to k8s. I'm using kops on aws.
I currently have 3 deployments on a cluster.
FrontEnd nginx image serving an angular web app. One pod. External service.
socket.io server. Internal service. (this is a chat application, and we decided to separate this server from our api. Was this a good idea?)
API that is requested by both the socket.io server and the web application. Internal Service (should it be external?)
The socket.io deployment and API seem to be able to communicate through the cluster ips and corresponding services I have set up for the deployments; however, the webapp times out when querying the API.
From the web app, I am querying the API using the API's cluster IP address. Should I be requesting a different address?
Additionally, what is the best way to configure these addresses in my files without having to change the addresses in the files each time I create a new deployment? (the cluster ip addresses change every time you tare down and recreate the deployment)
If I understood correctly your frontend web application depends on API server, so that it sends requests to it. In such case, your API service should be available from outside of the cluster. It means it should be exposed as the NodePort or LoadBalancer service type.
P.S. you can refer to service using ClusterIP only inside of the cluster.
We are working on an app whose Front-end has been decoupled from the back end.
We have 2 project packages. The first project package acts as the front-end for the app and interacts with the 2nd package which acts as the back-end via API.
Front-end is built with:
React
Redux
Back-end is built with:
ExpressJS
MongoDB
We have deployed the app successfully on the AWS EC2 instance but I am doubtful about the security inbound measure we have applied for the packages. Both the packages are deployed on the same ec2 instance.
The front end of the app can be accessed with https://xxx.xxx.x.xxx:8080. Under the security group, under inbound rules, I added the source as anywhere for port 8080 under the custom TCP rule.
I did the same for port 3000 reserved for the back-end API server and port 27017 reserved for MongoDB.
What I actually wanna do is only let the front-end package running on port 8080 talk to the API server and the API server in turn talks to MongoDB.
I do not want everyone to have access to the backend server and MongoDB except for the front-end app server.
Note that I have already used the JWT token to secure the API. This one is to add an extra layer of security.
How can I limit the access to only the Front-end app server?
Thanks in anticipation.
Sorry, are you accessing your MongoDB directly from the frontend? I hope no...
So you should configure firewall on your server (firewalld or iptables) to block Mongo and all other internal ports from access from web.
I know this kind of question is basic concept of bluemix but, I just worder if I develop an application on public bluemix using certain runtime, such as Node.js or Liberty, can this application run on my own Local server or AWS?
Is it depends on bluemix-provided services that I bind to application?
or If I install cloudfoundry on my local server or AWS cloud host, can the application run without any problem or issue?
thank you
You can try out Lattice. It will allow you to run your own local or AWS hosted minimal cloudfoundry runtime. This will allow you to run your applications. If the services you are talking to are publicly accessible ie. Have a publicly routable host and port, then you can expose them as environment variables in your CF app manifest and reach out to them from your own CF or you could look at user provided services. You will need to upload buildpacks to your lattice/cf installation that are not a part of the standard installation.
DISCLAIMER: Lattice is useful during development and NOT recommended for production use. You should setup the entire cloudfoundry for that.
I have an app deployed to Cloudfoundry that I've exposed JMX MBeans interfaces for our logging levels. I'd like to connect to the cloudfoundry instances with jconsole. Is this possible? How do I make this happen? What if I'm running more than 1 instance of Tomcat, how do I connect to a specific instance? or does it matter?
There is currently no way to connect to once specific instance of an application or for that matter any port other than http port via the main Cloud Foundry router.
In the platform we use an app deployed alongside the Login and UAA components (https://github.com/cloudfoundry/identity-tools/tree/master/varz). It gives read-only access to selected MBeans through a CF-like REST interface. It is opinionated about the most important MBeans to expose and may break on complex object graphs, but you can adapt it if you want. You could rip out the controller and use it in your app or do the same as we do in the platform with a standalone app, deploying your own war and the varz in the same container.
Also see Jolokia for a generic JMX REST wrapper.