info_tfgrid/collections/developers/proxy/production.md

2.9 KiB

Running Proxy in Production

Table of Contents


Introduction

We show how to run grid proxy in production.

Production Run

  • Download the latest binary here

  • add the execution permission to the binary and move it to the bin directory

    chmod +x ./gridproxy-server
    mv ./gridproxy-server /usr/local/bin/gridproxy-server
    
  • Add a new systemd service

cat << EOF > /etc/systemd/system/gridproxy-server.service
[Unit]
Description=grid proxy server
After=network.target

[Service]
ExecStart=gridproxy-server --domain gridproxy.dev.grid.tf --email omar.elawady.alternative@gmail.com -ca https://acme-v02.api.letsencrypt.org/directory --postgres-host 127.0.0.1 --postgres-db db --postgres-password password --postgres-user postgres --mnemonics <insert user mnemonics>
Type=simple
Restart=always
User=root
Group=root

[Install]
WantedBy=multi-user.target
Alias=gridproxy.service
EOF
  • enable the service

     systemctl enable gridproxy.service
    
  • start the service

    systemctl start gridproxy.service
    
  • check the status

    systemctl status gridproxy.service
    
  • The command options:

    • domain: the host domain which will generate ssl certificate to.
    • email: the mail used to run generate the ssl certificate.
    • ca: certificate authority server url, e.g.
      • let's encrypt staging: https://acme-staging-v02.api.letsencrypt.org/directory
      • let's encrypt production: https://acme-v02.api.letsencrypt.org/directory
    • postgres -*: postgres connection info.

To upgrade the machine

  • just replace the binary with the new one and apply
systemctl restart gridproxy-server.service
  • it you have changes in the /etc/systemd/system/gridproxy-server.service you have to run this command first
systemctl daemon-reload

Dockerfile

To build & run dockerfile

docker build -t threefoldtech/gridproxy .
docker run --name gridproxy -e POSTGRES_HOST="127.0.0.1" -e POSTGRES_PORT="5432" -e POSTGRES_DB="db" -e POSTGRES_USER="postgres" -e POSTGRES_PASSWORD="password" -e MNEMONICS="<insert user mnemonics>" threefoldtech/gridproxy

Update helm package

  • Do helm lint charts/gridproxy
  • Regenerate the packages helm package -u charts/gridproxy
  • Regenerate index.yaml helm repo index --url https://threefoldtech.github.io/tfgridclient_proxy/ .
  • Push your changes

Install the chart using helm package

  • Adding the repo to your helm

    helm repo add gridproxy https://threefoldtech.github.io/tfgridclient_proxy/
    
  • install a chart

    helm install gridproxy/gridproxy