Ask HN: Setting up/deploying a REST based service – need some help

pjungwir11y ago

These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)

taurenkOP11y ago

Thanks for the help! I definitely was confusing VPN with Shared Private Networking and VPC. Just started to read up on the AWS VPC and this is exactly was I needed!

rubyn00bie11y ago

As the other commenter said, you definitely want the db on a different server. Hosting the database on your application servers is generally a terrible idea as the DB will starve for resources.

I'm not in anyway sure why would want a VPN in this case as it's "Virtual Private Network." Are you trying to anonymize it or protect it from some sort of local authority? I don't care either way, I just can't figure out the VPN deal.

Maybe you're talking about setting an "upstream" connection to proxy requests to? That is to say, you want to set up a load balancer so you can distribute requests amongst many app servers?

If you can give us more details on the environment (web server, app server, or your end goal) I'm sure someone here will be happy to fill in the blanks.

taurenkOP11y ago

So my goal was to take this code I created in Python, and turn it into a REST engine [Probably via Flask]. The Database Server is running PostgreSQL.

I would like to create an application server that simply takes user input, call the REST engine and, returns the results in a "pretty" manor.

I am trying to figure out how to deploy this all in the best way, in a hosted envionment. I suppose i can rephrase: what is the best [and simplest] way to host a 3 tiered app?

v_ignatyev11y ago

Probably you want to expose REST API to the web application. Everything you need is just set up domain for your RESTful service and setup CORS settings to access REST API from application server, no matter where web application server would be. The database should have no public IP and should be in the same network as your REST server is. If I were you, I set up for the first time everything on the same server on EC2 instance for example. Then using Docker I 'd set up accurate deployment system. Then "scale" it to three separate servers. You should keep DB on dedicated instance because of performance and because you probably will need (if so) to use master/slave replication or kind of scaling.

Don't do it on early stage. Just make it somehow working for the first time, until existing infrastructure become unstable/laggy.

v_ignatyev11y ago

*I mentioned CORS assuming you want to access the REST via browser.

jtchang11y ago

Do you mean firewall and not VPN? VPN means something pretty specific.

Separate servers isn't necessarily bad. In fact it is a "best practice".

To get started if you wanted everything on one server:

  Web server with port 80 and 443 open (apache or nginx).
  Web server proxies to app server (unless you are on PHP)
  App server connects to database on specific port. Port is not exposed to outside world.

taurenkOP11y ago

Thank you for the tip- still a bit confused (and maybe mixing up terms). If I wanted to keep the DB and App server on separate servers, would i leave them out in the open or house them in a private network?

v_ignatyev11y ago

Remove Public IP for DB server. Keep them in one private network. You don't need VPN. Servers in any data-center are already connected into one network. You can use iptables to prevent external connections to your DB.

rubyn00bie11y ago

Generally use a private network for having your servers communicate with eachother. It also makes setting up IP Tables to lockdown access to your DB server much easier/intuitive.

pjungwir11y ago

These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)

pjungwir11y ago

These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)

pjungwir11y ago

These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)

pjungwir11y ago

These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)

pjungwir11y ago

These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)

pjungwir11y ago

These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)

pjungwir11y ago

These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)

pjungwir11y ago

These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)

pjungwir11y ago

These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)

pjungwir11y ago

These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)

taurenkOP11y ago

Thanks everyone for the help! I hope to post my site here soon

Ask HN: Setting up/deploying a REST based service – need some help

21 comments

Ask HN: Setting up/deploying a REST based service – need some help

21 comments