RethinkDB can be easily deployed on Compose and Amazon Web Services.
Each deployment provided by Compose is configured as a high-availability cluster with full redundancy. To create a hosted RethinkDB instance:
If you haven’t already added billing information to your Compose account, you’ll be prompted to do so before deployment.
You can connect to your hosted cluster on Compose in one of two ways: via SSL or via SSH tunneling. With SSL, you can get a direct Admin URL and driver connection URL to your RethinkDB instance. SSL driver connections are only supported with the official RethinkDB drivers and the community-supported Go driver. For more details, read Compose’s RethinkDB and SSL blog post.
SSH tunneling lets you connect directly to the virtual private network of your RethinkDB cluster. This is more complicated to set up, but lets you work with the hosted RethinkDB instance the same way you’d work with a local installation, and it can work with any community RethinkDB driver. After your RethinkDB deployment is created, the admin console will give you the host and port information that you need to use to set up the SSH tunnel.
Read Compose’s overview of RethinkDB support and their Connecting to RethinkDB documentation for more information.
The smallest recommended instance type is t2.small
. However, t2.micro
works for simple tests. Follow these instructions to set up an AMI:
rethinkdb
and the password you chose in step 7.Note: RethinkDB uses a self-signed certificate to encrypt your password. You’ll have to accept the self-signed certificate in your browser to access the instance.
The RethinkDB AMI is preconfigured with the following options:
Note: it is possible to attach more specialized EBS volumes and have RethinkDB store your data on them, but this option is not yet available out of the box. If you manually attach an EBS volume, you can SSH into the instance and edit the configuration file to point RethinkDB to the custom volume. See the cluster setup instructions for more details.
The primary way to administer a RethinkDB AMI is through the web UI. Advanced tasks can be performed with ReQL administration commands, using the Data Explorer interactively or scripting through any RethinkDB driver. Read Administration tools for more details about scripting administration tasks.
To connect to your instance over SSH, log in as the user ubuntu
. Use
the private key you chose during the installation process and the
public hostname of the instance. For example:
ssh -i rethinkdb.prv -l ubuntu ec2-184-72-203-271.compute-1.amazonaws.com
The default security group opens 4 ports:
To secure your instance more tightly, we recommend that you perform the following steps:
Change the admin user password.
Open the RethinkDB Data Explorer in the web UI and execute the following command:
r.db('rethinkdb').table('users').get('admin').update({password: 'newpass'})
Where “newpass” is the new password you want to use.
Restrict access to port 28015 to allow only IP addresses or security groups that should have driver access.
To change the password used to access the web UI, log in over SSH and run the following command:
htpasswd /etc/nginx/htpasswd rethinkdb
The htpasswd
tool will prompt for your new password.
For details about this, read Permissions and user accounts.
For added security, you can isolate a multi-node RethinkDB cluster on AWS using a Virtual Private Cloud security group. The default security group settings for RethinkDB allow anyone to connect to the database’s driver port, but exclude the intracluster port. Follow the steps below to set up your security groups.
sg-
.After the rule has been applied, connect to your instances over SSH and change the RethinkDB configuration file (/etc/rethinkdb/interfaces.d/default.conf
) to join them.
bind=all
join=<IP address>:29015
If you have changed the intracluster port from 29015, use the new number. For more guidance, see RethinkDB’s cluster setup instructions and Amazon’s documentation on Security Groups for your VPC.