Hacker News new | past | comments | ask | show | jobs | submit login
Convox – Launch a Private Cloud in Minutes (convox.com)
298 points by lox on Aug 1, 2015 | hide | past | favorite | 115 comments



Hello! I'm part of the Convox core team and happy to answer any questions.

Convox is an app deployment platform that you can install into your own AWS account. It uses ECS, ELB, Kinesis, and many other great AWS services under the hood but automates it all away to give you a deployment experience even easier than Heroku.

Convox uses Docker under the hood so if you want to customize anything (distro, dependencies, etc) you can simply add a Dockerfile to your project.

Convox is entirely open source. Check it out at https://github.com/convox

To get started with our installer go to: http://docs.convox.com/docs/getting-started-with-convox


Is there likely to be support for other clouds in the future? Amazon is great and you're far cheaper than Heroku itself but I'd love to throw this on DigitalOcean or Vultr.


We're strongly considering other clouds but are focused on AWS for the moment.


Vultr's website looks... interesting. And their control panel is also... interesting. BUT.

I've been very impressed by the performance of my nodes.

Tops DigitalOcean easily. I don't have any hard numbers (I can provide some if people would like) but with the performance and number of locations they provide it's hard to beat.

$50 credits for two months: http://vultr.com/freetrial

Vultr also offers a "dedicated cloud" which I think is just dedicated resources — similar to RunAbove (http://www.runabove.com)

Whenever I talk about hosting, I seem like I'm affiliated with the providers. I am not :) I am simply a vet, a student, and a product of the hosting space.

If anyone has any questions, see my profile and reach out. I love to talk hosting :)


I'm also a big fan of Vultr, hence why I mention them :)

When I've run tests, they beat DO on every metric on unixbench (for equivalently priced/RAM filled instances [0][1]) and they let you use whichever ISOs/images you want (including fun stuff like BSD), unlike DO.

Their SATA storage nodes are really handy too.

You didn't post numbers but here are mine:

[0] Vultr benchmark: https://gist.github.com/bobobo1618/0972fc51f49d90fb37af

[1] DigitalOcean benchmark: https://gist.github.com/bobobo1618/81aa3f413b99aaab1f0d


This looks like a really great idea. Does Convox provide a convenient way to set up SSL for custom domains? The custom domains page (https://docs.convox.com/docs/custom-domains) didn't say much about it, but I may just be looking in the wrong place.


Hey I'm Matt, another member of the Convox core team.

SSL setup isn't in the product yet, but it's coming soon. For now you can set up SSL using the AWS cli: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/Devel...


Sorry I downvoted by mistake... I was trying to upvote so quickly that I pressed the wrong button. I love what you have built! Definitely spending the rest of the weekend playing with this...


Haha :)

We're excited about it, too. Hit us up via the www.convox.com Intercom button or support@convox.com if you have any questions.


Looks awesome! It might be just what we need for a project we're working on at my company. :-)

Do you perhaps have a writeup or something about the convox architecture? (Which AWS services it uses, how etc)


@oreng put together a nice high-level diagram: http://oren.github.io/blog/convox.html

We're using CloudFormation and Lambda to create and update everything.

The "convox" stack the installer creates makes a VPC, ASG, ECS cluster and ELB, and registers an ECS task and service for the API and private registry.

It also creates DynamoDB table for recording every build and release. And creates a KMS key for encrypting all the environment variables before we save them to S3.

An app stack the "convox deploy" command creates makes ECS tasks and services and an ELB for all the containers in `docker-compose.yml`, and creates a Kinesis stream for app logs.

Take a look at the CloudFormation tools as a starting point:

https://github.com/convox/kernel/blob/master/dist/kernel.jso... https://github.com/convox/app/blob/master/template/staging.t...


We don't yet, unfortunately, but we will add one soon.

If you'd like to see for yourself you can install it and then check the Resources tab on your CloudFormation page in the AWS web console to inspect everything it created.

https://docs.convox.com/docs/getting-started-with-convox

You can uninstall when you're done to avoid paying for the AWS resources if you're not ready to use it yet.

https://docs.convox.com/docs/uninstall-convox


Cool, thanks for the tip!


You're welcome! Please contact us if you have more questions.


This project looks great!

Is anybody working full-time on the project? Are there plans to commercialize any aspects of this? How confident are you that the project will get to "1.0".


Thanks! Yes right now we have a small team working on this full time. We do plan to commercialize it, but intend to always keep it open source.

We're super confident it will get to a more mature state. We have some resources to keep working on it ourselves, and we're seeing lots of interest and participation from the open source community as well.


Yes! We have formed a business behind convox and current have a small team working on it full time. We are very confident that it will hit 1.0. Thanks for your interest :)


Looks interesting! How is ECS working out so far for you?

And what's your minimum per-application cost for single-container Docker web app with SSL?


ECS is working out great for us. We host all of our own internal infrastructure on Convox and have been very happy.

The minimum per-application cost would be for an ELB. Counting the slice of runtime cluster needed to run it I'd estimate around $20-25 per app as a minimum.


Can Convox do non-internet-facing services? i.e. private internal services not routable from outside the VPC?


Absolutely! You can decide not to use a front-end load balancer. We have one user using Convox to spin up large worker pools on AWS.

We also have plans on our roadmap to integrate with internal (inside the VPC only) ELBs for internal APIs and things of that nature.


> We also have plans on our roadmap to integrate with internal (inside the VPC only) ELBs for internal APIs and things of that nature.

This is what I'm getting at. Also just saw the issue pertaining to HIPAA, which probably requires the same thing.

Apps deployed on Empire apparently are only available inside the VPC unless a domain name is added, it doesn't actually work like that (when I deployed the Empire stack all boxes had public IPs and a security group allowing ingress from the internet 😓), but the idea is a good one I think.

Oh, and thanks. Knowing you're behind it I'm sure Convox will be great. I'm looking forward to watching it develop and using it myself.


Hey! Creator of Empire here. The demo stack we provide isn't suitable for production use as you found out already. Empire can definitely be deployed in a production ready manor where you can have internal and external services, which is how we have it setup at Remind. The docs are a little lacking right now unfortunately, but we'll be improving this in the future.

We actually have a production ready example stack using our stack provisioning tool called stacker: https://github.com/remind101/stacker/pull/43.


That's very kind of you to say :)

Currently the EC2 instances in your Convox installation all have public IP addresses but this is currently being addressed

https://github.com/convox/kernel/issues/92


Could you tell me in which way it it different than elastic beanstalk? Ease of use?


How are backups handled?


Will you be adding some comments or tests?


@ddollar: This is Michael from Livecoding.tv Do you want to demo Convox live on Livecoding.tv? Would be cool to see this in action and ask questions My email is michael@livecoding.tv


Hey Michael that sounds great. Sending you an email now.


Cool product! This is fairly unrelated but since you've open-sourced your code (thanks!) I was just browsing around the 'cli' project and saw heaps of the following:

  if err != nil {
      stdcli.Error(err)
      return
  }
Is this idiomatic Go? It's just sprinkled everywhere and makes it hard to follow logic at a glance.


Explicit error handling is part of Go. It's pretty common to see lots of conditionals in a Go codebase.


Not sure how much it applies here as I haven't looked at the code, but the Golang blog has a good article that talks about how to "Simplify repetitive error handling"[1].

[1]https://blog.golang.org/error-handling-and-go


I work with Go at my day job and that's idiomatic. It's not the most beautiful or readable language for sure. This does force devs to think about error handling. Although it's not that different from code littered with exceptions (like some Java codebases).


You have a "Convox, Inc" copyright on the website - is there a business / monetisation-plan behind this, or is it just the open source project?


Yes, there is a business behind Convox. The founders are all ex-Heroku engineers and have we all have a great deal of experience building this type of tooling and automation.

For now we are focused on building a great open-source platform.


How is this a private cloud if it's running on AWS which is most certainly a public cloud? I don't mean to take away from the product but I find the messaging to be odd.


My guess is that it's them playing slightly loose with the AWS term VPC: Virtual Private Cloud. My guess is that this is the way most people that have done work with AWS will understand their statement this way.


You're right. It's technically a virtual private cloud. We've found that nowadays VPC works for most people. The days of on-premises platforms are numbered.


Days numbered or not (aside: take a look around Fortune 1000 and you'll see it's alive and well) the term private cloud has a definition. Someone should come up with a term for subnets inside a public cloud.


Thanks for the interest :) We have been trying to figure out the best way to describe our platform and "private cloud" seems the closest.

https://en.wikipedia.org/wiki/Cloud_computing#Private_cloud


Fair enough. Btw, is this what Nitrous became?


This is a separate venture from Nitrous.


The fact that Amazon offers Direct Connect shows that on-premises platform growth are certainly numbered but not the mere existence of them. Plenty of companies are still forcibly keeping their data in their own datacenters due to regulatory reasons despite desperately wanting to use third party providers. So until these regulations change (I'd bet it'll happen for PCI-DSS level 2+ before several federal ones unless FedRAMP supersedes them all) the largest possible users for AWS (and sadly, the most likely to benefit from it the most) are likely to be stuck operating stupidly expensive datacenters for pretty much no good reason besides making last-generation tech jobs.


The title was changed. It previously said something along the lines of "Launch a private Heroku"


hibikir got it right. Privacy comes from VPCs.



It is similar to Deis in goals but it differs substantially in implementation. Because Convox runs on AWS we can rely on stable and scalable services only available on that platform such as ELB and DynamoDB. Deis uses its own internal Postgres and implements a custom load balancer, scheduler, etc. We believe using the hosted services will help you keep your operational costs down over time.


How does Convox compare to Empire? I see a bunch of similarities (good use of AWS features in particular), and they both look pretty great.

(Empire: https://github.com/remind101/empire, http://engineering.remind.com/introducing-empire/)


Creator of Empire here. Empire and Convox are kinda like brothers and sisters, both really similar in implementation and philosophy. There's a couple of subtle differences, like how Empire expects that you've already built a Docker image somehow, whereas Convox can just take some code and do it for you (hosts it's own docker registry). Convox also supports streaming logs, which is pretty awesome (although, coming soon to Empire too :)). Convox is a little more reliant on AWS, whereas Empire was designed to be able to work with other backends like Kubernetes for example (not implemented yet). I would say, use which ever one best suites your needs, they're both great, and like David said, we talk a lot and share ideas back and forth.


Thanks Eric!

+1 Check out Convox and Empire. See which one works best for you.


Empire is awesome, we think it's a great project. We have been swapping notes with the folks working on it.

The primary difference is that Convox is backed by a company for which this is our product and has a full-time team dedicated to it.


Fair enough :-)


"The simplicity of Heroku. The power of AWS."

The privacy of "?". Was waiting for this part since it was included in the title.


How about something like:

"The privacy of your own data center."

To me, AWS VPC is a game-changer for privacy. The isolation and network configuration options satisfy every need of a "private cloud" or "behind the firewall install".


Good point. Any suggestions?


The HIPAA-compliance was a nice mention. "zero-knowledge" privacy resonates with me as well when it comes to privacy, though I realize that's out of your control with AWS.


This looks amazing! Thanks for making/releasing this as open source.


You're quite welcome! All three of the Convox founders are huge proponents of open source. We've already seen the benefit from this as a user has mapped out the missing pieces to host HIPAA-compliant applications on Convox and has already started making the necessary changes.

https://github.com/convox/kernel/issues/92


Anathem reference?


We have a winner :)


Super awesome. I can't wait to start porting some of my heroku apps over to aws using convox.


Let us know if there's anything we can do to help! I'm david@convox.com


I would like to use Convox to spawn several instances of a Java app in order to benchmark Java messaging lib within the VPC (no ELB needed). Is Convox suitable for such use case?


Absolutely! We have a few people using Convox to run and scale workers without a web app.


Good stuff! Looks very promising!

Haven't had a chance to take it for a trial spin yet, but I was wondering if there is anything in here for applications that have a limited lifespan? Working on a system right now that would have the need for a "central" application that would need to regularly launch subworker apps for a specific task (planning on running each sub app on it's own micro AWS instance) and then "kill it off" once the job was completed.


You could definitely do this. Create one master app and then have it connect back to ECS to spawn more apps.


Could someone familiar with Convox give us a brief answer to the question "how is this different from the myriad DevOps tools that Amazon provides for AWS?"


We're most familiar with OpsWorks. The main difference is simplicity. Convox doesn't require you to think much about infrastructure or write big JSON config files. We want the developer experience to be very app-focused like Heroku.



Is anyone using this in production? If so, at what scale?


One of the great things about stuff like Convox and Empire is that, because they're built on existing stable technologies and utilize AWS managed services, you're basically asking if ELB, EC2 and ECS can scale. The most unstable component in all of this is probably Docker. In our experience running it in production at scale, it's faults have been pretty minor (things like push/pull being agonizingly slow) and failure modes get taken care of by ECS managing desired state well.


Yes, we have people using this in production, including ourselves! Most of the scale right now is on the small-to-moderate end but once your application is up and running you're really only limited by how much AWS you want to pay for :)


If anyone here would like an invitation to the Convox #public Slack channel please email me at matt@convox.com.


sounds very similar to tsuru:

https://tsuru.io/


There is a tremendous amount of awesome work happening in this space. Tsuru is one such great project, thanks for adding it to the thread.

One big difference is that Convox uses managed services over writing and running our own components. For example, we use DynamoDB for saving build and release records. And we use ELBs for load balancing and routing.

This approach ties us closely to AWS, but results in a stack of infrastructure that has minimal operational overhead (e.g. Amazon is keeping DynamoDB Available, you don't have to manage an etcd cluster), and great scaling potential (vs tuning and scaling individual HAProxy nodes).


Looks cool. Thanks for the link. We'll definitely check it out.


How does this compare to Cloud Foundry? Do they solve different problems and therefore should not be compared directly?

I can (and will) google this myself in an effort to triangulate and understand but I figure it would be valuable to hear from people who are more informed and experienced.


This is really great! I'm interested in trying this out for our products in place of OpsWork.

The documentations says "by default provisions an Elastic Load Balancer and 3 t2.small instances", is it possible to change the number/size of servers dynamically?


This was recently added by a contributor!

https://github.com/convox/cli/pull/48

You can update an existing cluster using something like `convox system scale --count 5 --type c4.xlarge` from the CLI. If you change the instance type your cluster will be rolled one at a time with no downtime.


That's great. Is it possible to add additional servers after installation? I looked into the CLI project but I haven't found anything yet, the scale option appears to be for processes not servers.


Woops, I ninja-edited my comment above before I saw this. Yes you can do this, see the CLI command above.


Very cool, thanks so much for your hard work!


Just getting started here and wondering if there's a way to choose the region all this stuff is being installed to?

Can apps be launched in specific regions?

edit: Looks like it defaults to us-east-1. I'd much prefer to use Sydney due to the latency here in AU :)


Correct. It does default to us-east-1. The main reason is that we are using some fairly new AWS services that aren't launched in all regions, but we do want to and expect to expand to more regions.


What does it take it to adapt Convox to be installed on a baremetal server like Hetzner?

Can I rent 2-3 servers at Hetzner and have a small cloud of sorts?

Or is that not something that is suggested to be done?


It may be possible but it would take a substantial amount of work and I wouldn't recommend it. Convox achieves much of its stability and scalability from relying on hosted a AWS services.


Great product - exactly what I'm looking for in infrastructure. Was able to get a bunch of esoteric services up and running on AWS without having to pull out my hair.


When you will support other vendors?


We are considering other vendors but currently focused on AWS. What vendors would you like to see?


Google Cloud


+1 for Google Cloud!

This project looks AMAZING. I love what you guys are doing at Convox. The title of this post immediately caught my attention, because I've already spent what I consider far too much time figuring out how to deploy our application and would face the same problem with AWS.

Convox looks to help developers focus on their platform as opposed to how exactly it should be deployed when there are many options, even though most platforms can run and scale with a very similar setup. Great work guys. Looking forward to Google Cloud support!


Thanks for the input. Google's offerings are really picking up steam. We've been in touch with Google and are excited about expanding onto their infrastructure in the future.


Would be great to see this extended eventually to Google Container Engine!


What about IBM Bluemix?


That one hasn't been on our radar, but we'll definitely check it out.


It's based on CloudFoundry, and supports OpenStack and Docker, so lots of choices.


Anybody know if something exists similar to Convox that currently works with Google Cloud? I haven't been able to find anything myself.


Funny, we have a similar tag line but quite different products.

https://cloudron.io/

(Cofounder of cloudron.io here)


Great minds think alike ;)

Cloudiron.io looks cool. I'll definitely check it out.


Is it even legal to use the phrase "The simplicity of Heroku. The power of AWS." if you're all ex-Heroku engineers? Seems sketchy as hell.


How is this different than Dokku?


Unless it has changed since I last look Dokku only runs on a single server.

The other major difference is that software like Dokku is trying to run anywhere. Because we are only trying to run on AWS we do not need to build custom schedulers, load balancers, routers, etc. We believe this will reduce your operational costs over time.


As one of the dokku maintainers, I wholeheartedly agree with ddollar. Convox seems extremely interesting to me, since our goal is a single-server heroku experience. I personally would never be able use Dokku in production exactly because of this, but its quite good for throw-away sites, as a test-bed for side projects, etc.

Good work ddollar. I quickly looked at the github repos and once I saw your name attached, I knew it was going to be a quality project :)


David had to go AFK, but thanks, on his behalf. I'll make sure he sees this :)


Thanks for the reply, Im starting a project with dokku right now but its giving me trouble so I might switch over


Let us know if there's any way we can help. You can reach me at david@convox.com


So what does Convox, Inc. offer?


Currently we only offer Convox the open-source platform :) In the future we are considering paid support and other monetization strategies but the base platform itself will always be open-source and available for you to do with as you please.


any plans to support stateful apps like Wordpress?


You could run Wordpress today, afaik. Anything that can run in a Docker container can run on on Convox. You'd just need to use some sort of hosted database service like Amazon RDS to persist your data.

edit: Just looked at Wordpress a little closer. I didn't realize it expects a persistent filesystem, which I guess is what you're asking about. Convox follows the 12factor.net philosophy of ephemeral filesystems, so you'd need to figure out a way to persist files to S3 or similar...



awesome!


Thank you!


It's just another toy for AWS kids with "private cloud" buzzword.


Don't you think it makes it easier to deploy a "private cloud" though. It looks like it take away a lot of the tedium.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: