From 766ee6eb44c03e78f68bfb7938336ffc271f0e66 Mon Sep 17 00:00:00 2001 From: Alessandro Cerioni <acerioni@grandlyon.com> Date: Tue, 9 Jul 2019 18:22:20 +0200 Subject: [PATCH] Updated doc regarding the configuration of the front-web instance and its failover IP --- docs/deployment/beta-deployment.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/deployment/beta-deployment.md b/docs/deployment/beta-deployment.md index 8f5c144..d0fc9c5 100644 --- a/docs/deployment/beta-deployment.md +++ b/docs/deployment/beta-deployment.md @@ -8,7 +8,7 @@ The software is hosted on 5 machines, having the following hostnames and specs: * **es-2**: 30 GB RAM; 8 vCores; 200 GB SSD * **es-3**: 30 GB RAM; 8 vCores; 200 GB SSD -The above machines exchanges information through a private LAN: `192.168.0.0/24`; `front-web` is the only instance which is directly connected to the Internet, through its WAN interface (`ens3`) and public IP address (`51.83.13.51`). +The above machines exchanges information through a private LAN: `192.168.0.0/24`; `front-web` is the only instance which is directly connected to the Internet, through its WAN interface `ens3` and public IP addresses : `51.83.13.51` (standard), `91.121.35.236` (failover). The following diagram provides a sketch of the various applications hosted by infrastructure:  @@ -36,6 +36,7 @@ The relevant configuration is stored within the file `/etc/iptables/rules.v4`: :OUTPUT ACCEPT [683:49410] :POSTROUTING ACCEPT [683:49410] -A POSTROUTING -s 192.168.0.0/24 -o ens3 -j MASQUERADE +-A POSTROUTING -o ens3 -j SNAT --to-source 91.121.35.236 COMMIT *filter @@ -50,6 +51,8 @@ COMMIT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "in order to receive responses to outgoing requests" -j ACCEPT -A INPUT -d 51.83.13.51/32 -i ens3 -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -d 51.83.13.51/32 -i ens3 -p tcp -m tcp --dport 80 -j ACCEPT +-A INPUT -d 91.121.35.236/32 -i ens3 -p tcp -m tcp --dport 443 -j ACCEPT +-A INPUT -d 91.121.35.236/32 -i ens3 -p tcp -m tcp --dport 80 -j ACCEPT COMMIT ``` -- GitLab