RethinkDB on Amazon Web Services
RethinkDB can be easily deployed on Amazon Web Services. You can use a pre-built AMI (Amazon Machine Image), which takes only a few minutes to set up.
Launching an instance
The minimal recommended instance type is M1 Small, however T1 Micro works for simple tests. Follow these instructions to set up an AMI:
- On the RethinkDB marketplace page, click the Continue button. Then select the 1-Click Launch tab and click on the Launch with 1-Click button on the right. Finally, click on the link Your Software to access RethinkDB.
- You should see a RethinkDB instance. When the instance is ready, click on the Access Software link on the right.
- You should see a web page to set up the AMI. Click on the Continue button and follow the instructions.
Note: RethinkDB uses a self-signed certificate to encrypt your password. You'll have to accept the self-signed certificate in your browser to access the instance.
The RethinkDB AMI is preconfigured with the following options:
- Ubuntu Server 12.04 LTS
- RethinkDB server
- 5 GB of free EBS space for your data
Note: it is possible to attach more specialized EBS volumes and have RethinkDB store your data on them, but this option is not yet available out of the box. If you manually attach an EBS volume, you can SSH into the instance and edit the configuration file to point RethinkDB to the custom volume. See the cluster setup instructions for more details.
To connect to your instance over SSH, log in as the user
the private key you chose during the installation process and the
public hostname of the instance. For example:
ssh -i rethinkdb.prv -l ubuntu ec2-184-72-203-271.compute-1.amazonaws.com
RethinkDB command line administration
You can launch the administration tool from the command line after logging in over ssh:
rethinkdb admin --join localhost:29015
The default security group opens 4 ports:
- Port 22 is for SSH. The server uses public key authentication.
- Port 80 is for HTTP. It is used during the setup process but otherwise redirects to HTTPS.
- Port 443 is for HTTPS. An Nginx server sits between RethinkDB and the world and provides basic HTTP authentication and secure HTTPS connections for the web UI.
- Port 28015 is for client driver access. The only form of authentication is a key that is sent in plain text over the network.
To secure your instance even further, we recommend that you perform the following steps:
- Change the authentication key.
Open the RethinkDB command line and execute the command
set auth <your_key>
- Restrict access to port 28015 to allow only IP addresses or security groups that should have driver access.
Changing the web UI password
To change the password used to access the web UI, log in over SSH and run the following command:
htpasswd /etc/nginx/htpasswd rethinkdb
htpasswd tool will prompt for your new password.
Changing the driver API key
To change the API key used by the server to authenticate the drivers,
login over SSH and run
rethinkdb admin set auth.
You can run the following commands to generate a good API key:
API_KEY=$(head /dev/urandom | md5sum | cut -f 1 -d ' ') htpasswd /etc/nginx/htpasswd rethinkdb $API_KEY echo $API_KEY
To form a two-machine cluster, launch two RethinkDB instances on Amazon. Follow the steps below to ensure that AWS security groups are configured properly:
- Open the Security Groups section of the administration console. If you launched your instance in the US East region, you can find the console here.
- Select the security group that your instances belong to and open the Inbound tab in the bottom half of the page.
- Note the id of the security group, it should start with
- Create a new rule to allow instances to connect to one another:
- Select Custom TCP rule.
- Enter "29015" as the port range
- As the Source, enter the id of the security group (see step 3)
- Click on Add Rule, and Apply rule changes
After the rule has been applied, connect to one of the two instances over SSH and change the RethinkDB configuration file to join the two instances (see the cluster setup instructions).
Note: we will automate setup of RethinkDB clusters on AWS in the future.