An overview of deploying stack behind the bastion server.
- About deployment gateways
- How to deploy your stack behind the gateway server
- Accessing your servers behind the gateway server
About deployment gateways
If you want to deploy your stack in a DMZ, you should prepare a bastion server which enables you to connect to your DMZ. You should define a Deployment Gateway in your Cloud66 account and specify the information of the bastion server, then you will be able to deploy your stack in the DMZ.
Team members should have Edit Deploy Gateways access rights to be able to use the deployment gateway.
How to deploy your stack behind the gateway server
Gateway management is available through toolbelt .
First you need to define a gateway:
$ cx gateways add --name aws_bastion --address 18.104.22.168 --username ec2-user --private-ip 22.214.171.124
In order to use this gateway for a stack deployment, you need to first specify it in the manifest:
production: gateway: name: aws_bastion username: ec2-user
and then make it available before you start the deployment:
$ cx gateways open --name aws_bastion --key /tmp/gateway.pem --ttl 1h
Now you can start deploying your stack.
After the deployment is finished you can invalidate the gateway or leave it until the TTL is over.
$ cx gateways close --name aws_bastion
Accessing your servers behind the gateway server
If you want to connect to your servers behind the bastion server firstly you will need to have access to the bastion server’s key, then you can use toolbelt to connect to your server:
$ cx ssh --gateway-key ~/.ssh/bastion_key -s "My Awesome App" Lion