CubelaPetar/notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
252a91dbcc7352cbb59f434d5d2eed366d8dd679
notes/archive/discopharma/20250311-metabase-environment.md
Petar Cubela 252a91dbcc ]
2025-07-15 15:36:24 +02:00

2.8 KiB
Raw Blame History

VM Ressources and Setup

The listed IP Addresses are only example values here and can be chosen on your judgement. Important is that the machines can communicate with each other.

MySQL Database

  • Name: MySQL Database
  • OS: Debian 12
  • hostname: db.discopharma.de (unimportant)
  • IP Address: 10.156.0.5/24
  • CPU: 1 core
  • RAM: 2 GB (2048 MB)
  • Storage: depends (30 GB)
  • DNS entry: none
  • Note: for every 40 concurrent users: needs 1CPU and 1GB of RAM more

Metabase Server

  • Name: Metabase Server
  • OS: Debian 12
  • hostname: mb.discopharma.de (unimportant)
  • IP Address: 10.156.0.6/24
  • CPU: 1 core
  • RAM: 1 GB (1024 MB)
  • Storage: depends (30 GB)
  • DNS entry: none
  • Note: for every 20 concurrent users: needs 1CPU and 2GB of RAM more

Reverse Proxy

  • Name: Reverse Proxy
  • OS: Debian 12
  • hostname: rproxy.discopharma.de (unimportant)
  • IP Address: 10.156.0.7/24 + <PUBLIC IP> address (only activated in the end)
  • CPU: 1 core
  • RAM: 1 GB (1024 MB)
  • Storage: depends (16 GB)
  • DNS entry: metabase.discopharma.de -> <PUBLIC IP>
  • Note: for every concurrent users: needs 1CPU and 2GB of RAM more

SSL/TSL certificates

  • we need the discopharma wildcard certificate placed on the Reverse Proxy
  • usually two files enough called privkey.pem and fullchain.pem
  • you can put all the cert files on the reverse proxy and we will then use only the needed ones or convert them in the process if necessary

Firewall Setup

I list all necessary communications and respective ports needed:

(Abbreviations:

  • Databse: db = 10.156.0.5
  • Metabse: mb = 10.156.0.6
  • ReverseProxy: rp = 10.156.0.7)
Source SourcePort Destination DestPort Description
mb 3306/tcp db 3306/tcp 3306 is the standard mysql port. Communication of mb to db
rp 3000/tcp,3000/udp mb 3000/tcp,3000/udp 3000 is the metabase web port (arbitrary). Reverse Proxy sends request via this port to mb.
OPEN INTERNET any PUBLIC IP of rp 443/tcp 443 is the https port to communicate to rp over internet

You could also limit the access to the public ip such that only your company ip can reach it. The 443 port should be opened as the last thing when everything is done. When the VMs are in the same private network, they should be able to openly communicate with each other; the first two entries in the table should be already open.

Reference in New Issue View Git Blame Copy Permalink