-Single EC2 Instance in public subnet of AWS with an elastic IP (permanent public IP) assigned. This IP is mapped to a domain example.com in Route 53 DNS. TLS is enabled by "auto" ACME option in ejabberd.yml file. TLS is working on single node (but even when the certificate is auto generated from let's encrypt, I am getting self-signed warning, not sure if this is any issue though....)
NOW ON TO CLUSTER:-
Setup is as below:-
Updated docker-compose for main ejbaberrd node as below
Main Node (This is EC2 in public AWS subnet):
ERLANG_NODE=ejabberd@main
ERLANG_COOKIE=dummycookie123
FIREWALL_WINDOW=4200-4210
INET_DIST_INTERFACE={54,16,13,44} # Example Public IP (EC2 public IP, used in single node above.)
EJABBERD_HTTPS=true
EJABBERD_PROTOCOL_OPTIONS_TLSV1=true
EJABBERD_PROTOCOL_OPTIONS_TLSV1_1=true
Both nodes and ping each other on local network i.e. 10.0.0.0 (on their private IPs). Private node have access to internet (via NAT) but does not have public IP. I have tried to request TLS for replica node (in private subnet) and it failed.
Cookie is kept same in both compose files. I have not copied cookie (but only added in compose file).
NOW to questions:-
1) Does my setup above looks correct and if not what could be wrong I.e. One EC2 in public and one in private subnet, but in same VPC and Availability Zone? Or do I need to have both nodes in private network?
2) Do I have to request TLS separately for both nodes or can I copy PEM files across or Do I only need TLS for one EC2, which has its IP in route 53?
3) I am currently not using a load balancer. I wanted to make the cluster feature work. Is that achievable without load balancer?
4) How is the DNS suppose to work. If my host name is example.com. What would I add as DNS records? Will that be public IP of EC2 main instance, which is what I have done. But how then replica node work?
5) If I do use load balancer, is there any difference if I use AWS NLB or ALB or HA Proxy?
I am a bit confused on this whole cluster setup and any guidance will be much appreciated.
licaon-kter
commented
2 years ago
erl +VHi
I have installed a single node ejabberd setup using docker-compose in an AWS EC2 ubuntu environment. The setup wth single node is as below:-
Docker image used: ghcr.io/processone/ejabberd:22.05 ERLANG_NODE=ejabberd XMPP_DOMAIN=example.com xyz
-Single EC2 Instance in public subnet of AWS with an elastic IP (permanent public IP) assigned. This IP is mapped to a domain example.com in Route 53 DNS. TLS is enabled by "auto" ACME option in ejabberd.yml file. TLS is working on single node (but even when the certificate is auto generated from let's encrypt, I am getting self-signed warning, not sure if this is any issue though....)
NOW ON TO CLUSTER:-
Setup is as below:-
Main Node (This is EC2 in public AWS subnet):
ERLANG_NODE=ejabberd@main ERLANG_COOKIE=dummycookie123 FIREWALL_WINDOW=4200-4210 INET_DIST_INTERFACE={54,16,13,44} # Example Public IP (EC2 public IP, used in single node above.) EJABBERD_HTTPS=true EJABBERD_PROTOCOL_OPTIONS_TLSV1=true EJABBERD_PROTOCOL_OPTIONS_TLSV1_1=true
VHOST and ACCOUNT
XMPP_DOMAIN=example.com xyz EJABBERD_ADMINS=admin@example.com EJABBERD_USERS=admin@example.com:password4321 user1@xyz.io CTL_ON_CREATE=register admin example.com password ; check_password admin admin@example.com password CTL_ON_START=stats registeredusers ; status
Second Node (This is EC2 in private AWS subnet):
ERLANG_NODE=ejabberd@replica ERLANG_COOKIE=dummycookie123 FIREWALL_WINDOW=4200-4210 INET_DIST_INTERFACE={10,10,12, 2} # Example Private IP EJABBERD_HTTPS=true EJABBERD_PROTOCOL_OPTIONS_TLSV1=true EJABBERD_PROTOCOL_OPTIONS_TLSV1_1=true
VHOST and ACCOUNT
XMPP_DOMAIN=example.com xyz EJABBERD_ADMINS=admin@example.com EJABBERD_USERS=admin@example.com:password4321 user1@xyz.io CTL_ON_CREATE=register admin example.com password ; check_password admin admin@example.com password CTL_ON_START=stats registeredusers ; status
Both nodes and ping each other on local network i.e. 10.0.0.0 (on their private IPs). Private node have access to internet (via NAT) but does not have public IP. I have tried to request TLS for replica node (in private subnet) and it failed.
Cookie is kept same in both compose files. I have not copied cookie (but only added in compose file).
NOW to questions:-
1) Does my setup above looks correct and if not what could be wrong I.e. One EC2 in public and one in private subnet, but in same VPC and Availability Zone? Or do I need to have both nodes in private network? 2) Do I have to request TLS separately for both nodes or can I copy PEM files across or Do I only need TLS for one EC2, which has its IP in route 53? 3) I am currently not using a load balancer. I wanted to make the cluster feature work. Is that achievable without load balancer? 4) How is the DNS suppose to work. If my host name is example.com. What would I add as DNS records? Will that be public IP of EC2 main instance, which is what I have done. But how then replica node work? 5) If I do use load balancer, is there any difference if I use AWS NLB or ALB or HA Proxy?
I am a bit confused on this whole cluster setup and any guidance will be much appreciated.
Thanks
Before creating a ticket, please consider if this should fit the discussion forum better: https://github.com/processone/ejabberd/discussions
Environment
erl +VConfiguration (only if needed): grep -Ev '^$|^\s*#' ejabberd.yml
Errors from error.log/crash.log
No errors
Bug description
Please, give us a precise description (what does not work, what is expected, etc.)