How to deploy behind a gateway server
About deployment gateways
If you want to deploy your stack in a DMZ, you should prepare a bastion server which enables you to connect to your DMZ. You should define a Deployment Gateway in your Cloud66 account and specify the information of the bastion server, then you will be able to deploy your stack in the DMZ.
Important
Team members should have Edit Deploy Gateways access rights to be able to use the deployment gateway.
How to deploy your stack behind the gateway server
Gateway management is available through toolbelt .
First you need to define a gateway:
$ cx gateways add --name aws_bastion --address 1.1.1.1 --username ec2-user --private-ip 2.2.2.2
In order to use this gateway for a stack deployment, you need to first specify it in the manifest:
production:
gateway:
name: aws_bastion
username: ec2-user
and then make it available before you start the deployment:
$ cx gateways open --name aws_bastion --key /tmp/gateway.pem --ttl 1h
Now you can start deploying your stack.
After the deployment is finished you can invalidate the gateway or leave it until the TTL is over.
$ cx gateways close --name aws_bastion
Accessing your servers behind the gateway server
If you want to connect to your servers behind the bastion server firstly you will need to have access to the bastion server’s key, then you can use toolbelt to connect to your server:
$ cx ssh --gateway-key ~/.ssh/bastion_key -s "My Awesome App" Lion
