I am currently using Heroku's Memcached in a Rails 3 app and would like to move over to Elasticache because the pricing is much more favorable. Is this possible? Is the configuration relatively straightforward? Is there anything that I should be aware of as regards the performance?
No, it isn't recommended you use Elasticache as there is no authentication mechanism with it. As such, anyone can access your cache! This is normally fine as you would use AWS security rules to restrict what machines can access it to yours. However, this obviously doesn't work with Heroku since your app is run on a randomly chosen machine of Herokus.
You could deploy memcache yourself with SASL authentication on an EC2 machine. ElastiCache doesn't really give you anything more than an EC2 machine with memcache pre-installed anyway.
There is another option: MemCachier
(Full disclaimer, I work for MemCachier).
There is another memcache provider on Heroku that is significantly cheaper than the membase provided one. It's called MemCachier, addon home page is here.
It's comparable in price to ElasticCache depending on your cache size and if you use reserved instances or not (at the very large cache sizes ElatiCache is cheaper).
Update (June, 2013): The membase memcache addon has shutdown, so MemCachier is the only provider of Memcache on Heroku.
Please reach out to me if you need any help even if you go with ElastiCache.
DANGER: I do NOT recommend using this solution for production use. While this does work, #btucker pointed out that it allows any Heroku-hosted app to access your ElastiCache cluster.
Yes you can. The setup is similar to the guide Heroku has on Amazon RDS. The steps that differ go like this:
Follow the "Get Started with Amazon ElastiCache" guide to create a cache cluster and node
Install the ElastiCache Command Line Toolkit
Allow Heroku's servers ingress to your ElastiCache cluster like the RDS guide explains but replace the rds- commands with elasticache- ones:
elasticache-authorize-cache-security-group-ingress \
--cache-security-group-name default \
--ec2-security-group-name default \
--ec2-security-group-owner-id 098166147350 \
# If your AWS_CREDENTIAL_FILE environment setting is configured,
# this option is not necessary.
--aws-credential-file ../credential-file-path.template
Set a Heroku config value for your production app with your cluster's hostname:
heroku config:set MEMCACHE_SERVERS=elasticachehostname.amazonaws.com
After that, follow the Memcache Rails setup, and you're set.
It's worth noting that while #ssorallen's answer above will work as described, it also allows ANY heroku-deployed app to access your memcached server. So if you store anything at all confidential, or you're concerned about other people making use of your ElatiCache cluster, don't do it. In the context of RDS you have the access control built into the database, but memcached has no such authentication supported by ElastiCache. So opening up the security group to all of Heroku is a pretty big risk.
There are several Heroku addons that will kinda solve this problem. They provide a SOCKS5 proxy with a static IP address that you can whitelist.
https://elements.heroku.com/addons/proximo
https://elements.heroku.com/addons/quotaguardstatic
https://elements.heroku.com/addons/fixie-socks
You can also do this yourself by setting up your own SOCKS5 proxy on ec2.
Note the caveats here though:
http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/Access.Outside.html
It's slower, unencrypted, and some NAT monkey business will be required to get it working.
If you are using Heroku Private spaces, then it should be possible to do using VPC peering. Follow the instructions here so that your AWS VPC and Heroku VPC can access each other's resources:
https://devcenter.heroku.com/articles/private-space-peering
Once you have the above setup working, just create an elastic cache cluster in the AWS VPC and allow access from the dyno CIDR ranges in the AWS security group or to the complete Heroku VPC CIDR and your dynos will be able to access elastic cache URLs. I was able to get a working setup for Redis, and it should work for any other resource in the AWS VPC.
Related
I've successfully deployed my Rails application to Digital Ocean by configuring a git post-receive hook and running my puma server through screen (screen rails server).
It seems to be working and accessible at http://178.128.12.158:3000/
Do I still need to implement nginx? My purpose is only serving my API and a CMS website at the same domain.
And about deployment packages like capistrano/mina? Why should I care about them if git hook is serving me well?
Thank you in advance
If you're going to manage large number of traffic with load balancing mode nginx will help. We can add some constraint like block some sent of IP access, etc...
For more refer the following link: https://www.nginx.com/resources/glossary/application-server-vs-web-server/
If you want static resources to be served by a web server, which is often faster, you'll want to front-end your rails app with something like nginx. Nginx will offer a lot more flexibility for tuning how you serve your app.
Capistrano is for deployments, and again, is more flexible than the basic hook approach. For instance, if you intend to have different hosts (for db, web, assets, etc.), or multiples of them, then Cap is your friend.
I have a Rails API and a Node app. Can I deploy both to the same AWS EC2 instance?
Yes. Your EC2 instance just needs to have the appropriate prerequisites installed and enough system resources available to run both.
Sure, this is fine. It is recommended to separate your db behind a firewall though (could be VPC or a security group)
I have an application developed by Grails 2.5.1 , i need PaaS provider to deploy it for production use , but must got these options :
SMTP server as my application needs to send emails
preferred to have access to file system but not necessary
MYSql DB
Able to deploy PHP applications in it.
Easy to deploy application's packages on
Good customer support
some adviced with Jelastic , but unfortunately they don't have SMTP server , and Heroku the deploying in it is a little bit hard.
any recommendations?
I would recommend Heroku or Elastic Beanstalk. Amazon RDS for MySQL as a Service, or Aurora which is MySQL compatible.
Not sure what you mean by "able to deploy PHP". You won't be able to run a PHP app and a Grails/Java app on the same PaaS server, but you could spin up a separate PHP app on the same PaaS.
You could use Amazon SES to send emails, or a SendGrid account. Email server really shouldn't be a deciding factor.
Sheriff
It is very easy to add SMTP to Jelastic.
All you need to set up your SMPT Server is here.
Also, how to use external SMTP Server in your environment - is here.
With reference to the rest of your list Jelastic provides:
Access to file system (FTP/FTPS, SFTP/FISH, WebDAV, Dashboard)
MYSql DB
Able to deploy PHP applications in it
Easy to deploy application's packages on (Direct, GIT/SVN, Bitbucket)
Good customer support (You can choose hoster by your significant criteria here).
Have a nice day,
Jelastic Support
I am running a Ruby on Rails application on Heroku and my database is in someother place where it will be accessed with certain whitelisted IP's only but since heroku doesn't provide dynamic IP's I thought of using proximo.
Please help me how to connect to remote database with proximo from heroku.
We had a difficult time achieving this (we ended up whitelisting every domain)
IP's
The problem is Dyno's are hosted on AWS' EC2 cloud - meaning they aren't actually Heroku's servers. This causes a lot of problems, as the IPs are all shrouded & change:
Because the Heroku dyno grid is dynamic in nature, the IP address that
a given dyno will be assigned over time will be both dynamic and
unpredictable. This dynamic sourcing of outbound traffic can make it
difficult to integrate with APIs or make connections through firewalls
that require IP-based whitelisting
After seeing the proximo addon, you may be able to achieve what you need using a static IP
Proximo
According to the proximo tutorial on Heroku's site, you should be able to install the add-on & receive your outbound IP relatively simply:
$ heroku addons:add proximo:development
Adding proximo to sharp-mountain-4005⦠done, v18 ($5/mo)
Your static IP address is 127.0.0.1
You should then be able to use this on your db host - to allow the IP
No ruby database adapters natively support proxy connections so for database access you need to proxy your calls via a SOCKS proxy. A SOCKS wrapper script to do this is available as part of our QuotaGuard Static Heroku add-on.
You configure this by prepending the call to the wrapper script in your Procfile so should work with minimal integration.
web: bin/qgsocksify bundle exec unicorn -p $PORT -c ./config/unicorn.rb
By default this wrapper routes all outbound TCP traffic via the proxy but there is additional configuration available to limit this to just your database traffic.
A workaround is to whitelist all IP adresses from your SQL database provider admin interface:
You can do this by whitelisting 0.0.0.0/0. (In Google Cloud SQL, you can do this under "authorized networks")
If you do so, it is highly recommended to configure your connection to use SSL and to only allow SSL connections to your database.
You can configure NGINX as your reverse proxy to allow your Heroku app to connect to the IP address(which is your NGINX server and whitelisted), the reverse proxy will connect to the DB.
https://stackoverflow.com/a/27874505/1345865
http://blog.talenox.com/post/107675614745/how-to-setup-static-ip-on-heroku
I have two heroku apps accessing the same Redis database. I need to make sure only these two servers can access it.
Normally, I can do this by setting firewall through IP. However, Heroku uses dyno system, and does not have fixed IP for servers.
I found proximo addon, which can be used to set an IP for each of my apps. But I would like to know if there is a simpler solution for this issue.
You don't have any control or guarantee about the servers running your application on Heroku or their IP addresses.
You should use a secondary authentication mechanism, like redis's built in auth scheme for connections to authenticate the incoming request.
This is the mechanism most of the hosted redis providers on Heroku use (RedisToGo, OpenRedis, etc).