Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Setting up/deploying a REST based service – need some help
5 points by taurenk on Jan 6, 2015 | hide | past | favorite | 21 comments
I have developed a service that is REST based, which makes calls to a separate database server. Both of these are currently hosted on digital ocean, as separate servers - probably not best practice.

I would like to create a simple website that can show off what I have just created (eventually users will be able to make calls directly or use the site to access data). From what I understand, It seems it would be best practice to put the RESTful engine and the Database behind a VPN - where a user could send calls to the engine and get some results back. I am not sure whether i should put the app server behind the VPN as well.

Does anyone have any advice on how to set this up/best practices - or if this is even the proper way to do this? I am lagging a bit behind in my web tech skills, so please bare with me if any of this sounds strange. Any help is greatly appreciated!




These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)


Thanks for the help! I definitely was confusing VPN with Shared Private Networking and VPC. Just started to read up on the AWS VPC and this is exactly was I needed!


As the other commenter said, you definitely want the db on a different server. Hosting the database on your application servers is generally a terrible idea as the DB will starve for resources.

I'm not in anyway sure why would want a VPN in this case as it's "Virtual Private Network." Are you trying to anonymize it or protect it from some sort of local authority? I don't care either way, I just can't figure out the VPN deal.

Maybe you're talking about setting an "upstream" connection to proxy requests to? That is to say, you want to set up a load balancer so you can distribute requests amongst many app servers?

If you can give us more details on the environment (web server, app server, or your end goal) I'm sure someone here will be happy to fill in the blanks.


So my goal was to take this code I created in Python, and turn it into a REST engine [Probably via Flask]. The Database Server is running PostgreSQL.

I would like to create an application server that simply takes user input, call the REST engine and, returns the results in a "pretty" manor.

I am trying to figure out how to deploy this all in the best way, in a hosted envionment. I suppose i can rephrase: what is the best [and simplest] way to host a 3 tiered app?


Probably you want to expose REST API to the web application. Everything you need is just set up domain for your RESTful service and setup CORS settings to access REST API from application server, no matter where web application server would be. The database should have no public IP and should be in the same network as your REST server is. If I were you, I set up for the first time everything on the same server on EC2 instance for example. Then using Docker I 'd set up accurate deployment system. Then "scale" it to three separate servers. You should keep DB on dedicated instance because of performance and because you probably will need (if so) to use master/slave replication or kind of scaling.

Don't do it on early stage. Just make it somehow working for the first time, until existing infrastructure become unstable/laggy.


*I mentioned CORS assuming you want to access the REST via browser.


Do you mean firewall and not VPN? VPN means something pretty specific.

Separate servers isn't necessarily bad. In fact it is a "best practice".

To get started if you wanted everything on one server:

  Web server with port 80 and 443 open (apache or nginx).
  Web server proxies to app server (unless you are on PHP)
  App server connects to database on specific port. Port is not exposed to outside world.


Thank you for the tip- still a bit confused (and maybe mixing up terms). If I wanted to keep the DB and App server on separate servers, would i leave them out in the open or house them in a private network?


Remove Public IP for DB server. Keep them in one private network. You don't need VPN. Servers in any data-center are already connected into one network. You can use iptables to prevent external connections to your DB.


Generally use a private network for having your servers communicate with eachother. It also makes setting up IP Tables to lockdown access to your DB server much easier/intuitive.


These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)


These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)


These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)


These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)


These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)


These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)


These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)


These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)


These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)


These days if you have low traffic you can run everything on one box, but separating them is more "best practice," so if you've already done that, congratulations!

The database should not be on a public network or have a public IP address, so that only the REST app can reach it. (In fact if it were all on a single box, you'd want the db to bind only to 127.0.0.1.)

Assuming the web pages will contact the REST app via Ajax, the REST app will need a public IP and should accept connections from anywhere. But if it's the web server that hits the REST service, then as you say the REST service can be private like the database.

I think maybe you are saying "VPN" to mean what DO calls "Shared Private Networking" and AWS calls "VPC". Is that right? To most people "VPN" means an encrypted tunnel that lets you pretend to be on a LAN even if you are remote, so that is maybe why some other replies are asking questions about that.

It sounds like you are doing great so far. Good luck with the rest! :-)


Thanks everyone for the help! I hope to post my site here soon




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: