## Goal Setup a metabase instance via docker with https support and a professional Deployment Pipeline ## Questions - Separate Reverse Proxy or local Web Server enough?? - Exisiterende SSL Zertifikate nutzen? - Kriege ich irgendwie Zugang? ### 20250311 - How many users? - What is the old db software? Maybe we can reuse it? Are there backups of the old database ? - DNS Verwaltung - is the metabase version a requirement? ## Meeting-20250311 Teilnehmer: Lukas Maas, Milos Nikolic, Petar Cubela ### Answers - DB: MySQL. Backup dump exist. - Version needs to be 0.49.18 - 20 people - Existing certs - Use Reverse Proxy - I will get access to the machines ### My Time/ Steps 1. Databse Instance MySQL (0.5h -1h) 2. Metabase (.50 h) 3. VM R2verse Proxy (.50 h) 4. Find and Test the recreation of the data/dashboard database (metabase.db/) (1-2h) 5. write overwivew network setup (ip address, open ports in firewall, metabase.discopharma.de -> public ip ) (1h) 6. Recreate in discopharma setup: (2-3h) 1. dns setup properly 2. network setup properly 3. creation of the VMs (oeither discopharma or me) 4. Installation process (db exist, docker deployment of metabase, reverse proxy) 5. Test ## List of requirements regarding Metabase deployment (discopharma) 1. Find or create backup of Metabase Dashboard data within Docker image on the old machine (marketplace image that was compromised, or a previous image of it) 2. Solution architecture that obeys to best practices of security, so that - DISCO employees can connect to a DISCO-internal metabase application using a web browser and the URL “metabase.discopharma.de” - The application is not exposed to the public - All connections to the application are encrypted (https) 3. Solution architecture that includes a - Productive instance (highest priority) - Development/sandbox instance (lower priority) - A process to deploy upgrades of the application (lower priority) 4. Metabase version 0.49.18 ## Requirements - properly configured and firewalled google cloud; VMs should only be able to communicate via private IPs! - VM in google cloud for the metabase instance; Public IP address, port 80 and 443 forwarded; 1 cores, 2GB RAM (depends on user number) - VM in google cloud for the metabase database instance; Private IP address; 1 cores, 1GB RAM (depends on user number); PostgreSQL - Use existing SSL certs(??) with web server/reverse proxy like nginx/traefik/etc ## Software - Debian 12 - Docker - Metabase - PostgreSQL - Traefik/Nginx (depends) ## Notes ### 20250311 - - Run separate database (PostgreSQL) and application server instances #### Metabase application server size - Metabase needs at least 1 core and 1GB of RAM - For every 20 concurrent people it needs 1CPU and 2GB of RAM #### Metabase application database server size - Database needs at least 1 core and 2GB of RAM - For every 40 concurrent people it needs 1CPU and 1GB of RAM ## docker-compose.yml example ```yml services: metabase: image: metabase/metabase:latest container_name: metabase hostname: metabase restart: unless-stopped volumes: - /dev/urandom:/dev/random:ro - "./metabase-db:/metabase.db" - ./plugins:/plugins ports: - 3000:3000 environment: JAVA_TIMEZONE: Europe/Berlin MB_DB_FILE=/metabase.db MB_DB_TYPE: postgres MB_DB_DBNAME: metabase MB_DB_PORT: 5432 MB_DB_USER_FILE: /run/secrets/db_user MB_DB_PASS_FILE: /run/secrets/db_password MB_DB_HOST: postgres networks: - metanet1 secrets: - db_password - db_user healthcheck: test: curl --fail -I http://localhost:3000/api/health || exit 1 interval: 15s timeout: 5s retries: 5 postgres: image: postgres:latest container_name: postgres hostname: postgres restart: unless-stopped environment: POSTGRES_USER_FILE: /run/secrets/db_user POSTGRES_DB: metabase POSTGRES_PASSWORD_FILE: /run/secrets/db_password networks: - metanet1 secrets: - db_password - db_user networks: metanet1: driver: bridge secrets: db_password: file: db_password.txt db_user: file: db_user.txt ```