CubelaPetar/notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ee2da8ceb66151dbe08a13d2bced1373c015264d
notes/projects/discopharma/20250311-metabase-environment.md
Petar Cubela 6c47451c60 new notes
2025-03-18 14:23:17 +01:00

66 lines
2.8 KiB
Markdown
Raw Blame History

## VM Ressources and Setup
The listed IP Addresses are only example values here and can be chosen on your judgement. Important is that the machines can communicate with each other.
### MySQL Database
- Name: MySQL Database
- OS: Debian 12
- hostname: db.discopharma.de (unimportant)
- IP Address: 10.156.0.5/24
- CPU: 1 core
- RAM: 2 GB (2048 MB)
- Storage: depends (30 GB)
- DNS entry: none
- Note: for every 40 concurrent users: needs 1CPU and 1GB of RAM more
### Metabase Server
- Name: Metabase Server
- OS: Debian 12
- hostname: mb.discopharma.de (unimportant)
- IP Address: 10.156.0.6/24
- CPU: 1 core
- RAM: 1 GB (1024 MB)
- Storage: depends (30 GB)
- DNS entry: none
- Note: for every 20 concurrent users: needs 1CPU and 2GB of RAM more
### Reverse Proxy
- Name: Reverse Proxy
- OS: Debian 12
- hostname: rproxy.discopharma.de (unimportant)
- IP Address: 10.156.0.7/24 + \<PUBLIC IP\> address (only activated in the end)
- CPU: 1 core
- RAM: 1 GB (1024 MB)
- Storage: depends (16 GB)
- DNS entry: metabase.discopharma.de -> \<PUBLIC IP\>
- Note: for every concurrent users: needs 1CPU and 2GB of RAM more
## SSL/TSL certificates
- we need the discopharma wildcard certificate placed on the Reverse Proxy
- usually two files enough called `privkey.pem` and `fullchain.pem`
- you can put all the cert files on the reverse proxy and we will then use only the needed ones or convert them in the process if necessary
## Firewall Setup
I list all necessary communications and respective ports needed:
(Abbreviations:
- Databse: db = 10.156.0.5
- Metabse: mb = 10.156.0.6
- ReverseProxy: rp = 10.156.0.7)
| Source | SourcePort | Destination | DestPort | Description |
| ------------- | ----------------- | --------------- | ----------------- | ------------------------------------------------------------------------------------------- |
| mb | 3306/tcp | db | 3306/tcp | 3306 is the standard mysql port. Communication of mb to db |
| rp | 3000/tcp,3000/udp | mb | 3000/tcp,3000/udp | 3000 is the metabase web port (arbitrary). Reverse Proxy sends request via this port to mb. |
| OPEN INTERNET | any | PUBLIC IP of rp | 443/tcp | 443 is the https port to communicate to rp over internet |
You could also limit the access to the public ip such that only your company ip can reach it. The 443 port should be opened as the last thing when everything is done.
When the VMs are in the same private network, they should be able to openly communicate with each other; the first two entries in the table should be already open.
Reference in New Issue View Git Blame Copy Permalink