Manifest settings for web components
Overview
This reference doc details all the Manifest settings for webserver, proxy and framework components. If you’re unfamiliar with Manifest files and how they work, please follow our getting started guide and detailed how-to guide.
If you’re looking for the Manifest settings for data, caching & storage components or load balancers, please see our respective reference documents for those components.
Key to table headings
- Option - the name of the setting as used in the YAML of your Manifest file
- Applied on - the type of deployment required to update this setting. In many cases settings only apply when an application is first built, or when new servers are created or it is cloned. Hover over the names of each condition to see more info.
- Clouds - the cloud providers on which a setting can be used.
Docker
Option | Applied on | Description | Clouds |
---|---|---|---|
activeprotect |
Redeploy ⓘChanges to this setting will be applied when you next deploy your application |
The parent node for ActiveProtect settings (see whitelist and http_ban_rate below) |
All |
activeprotect / whitelist |
Redeploy ⓘChanges to this setting will be applied when you next deploy your application |
A comma-separated whitelist of IPs that should be ignored by your ActiveProtect configuration. Must be nested under activeprotect . |
All |
activeprotect / http_ban_rate |
Redeploy ⓘChanges to this setting will be applied when you next deploy your application |
Set the threshold of *requests per minute* from a single IP address. The default is 2000 . Must be nested under activeprotect . |
All |
docker_version |
Build-only ⓘThis setting only applies when the app is first built (or cloned) or when new servers are added. |
Specify the version of Docker you want to install. | All |
firewall / create_web_rules |
Redeploy ⓘChanges to this setting will be applied when you next deploy your application |
Cloud 66 automatically creates firewall rules to expose your web application to the outside world. You can configure this via your Traffic settings, or disable it completely by setting this value to false . Default is true . |
All |
iam_instance_profile_name |
Build-only ⓘThis setting only applies when the app is first built (or cloned) or when new servers are added. |
The name of the IAM instance profile that should be used when provisioning this server. Read our guide. | AWS |
image_keep_count |
Build-only ⓘThis setting only applies when the app is first built (or cloned) or when new servers are added. |
Set the number of old images to save on your servers (besides the running image). Defaults to 2 . |
All |
instance_service_account_name |
Build-only ⓘThis setting only applies when the app is first built (or cloned) or when new servers are added. |
The name of the GCE Service Account that should be used when provisioning this server. | GCE |
nameservers |
Build-only ⓘThis setting only applies when the app is first built (or cloned) or when new servers are added. |
Set DNS servers for your application. Note that if you specify empty array i.e [ ], it won't add any nameserver to your servers. Default is an empty array: [ ]
|
All |
network / mode |
Build-only ⓘThis setting only applies when the app is first built (or cloned) or when new servers are added. |
Specifies whether your servers should communicate over private or public IP addresses. Defaults to private if your servers are either all cloud or all Registered. If your application uses a mix of cloud and Registered servers, the default will be public .
|
All |
operating_system |
Build-only ⓘThis setting only applies when the app is first built (or cloned) or when new servers are added. |
The version of Ubuntu to install on the server that hosts your app. Accepted values: ubuntu1804 or ubuntu2004 |
All |
root_disk_size |
Build-only ⓘThis setting only applies when the app is first built (or cloned) or when new servers are added. |
Default size of root disk (in GB) for servers used by application. Default value is 50. | AWS, Azure, GCE |
root_disk_type |
Build-only ⓘThis setting only applies when the app is first built (or cloned) or when new servers are added. |
Disk type, accepted values being ssd and magnetic . Default is ssd . |
AWS, GCE |
vn_name |
Build-only ⓘThis setting only applies when the app is first built (or cloned) or when new servers are added. |
The name of the Virtual Network in which you would like to create your servers. | Azure |
vpc_id |
Build-only ⓘThis setting only applies when the app is first built (or cloned) or when new servers are added. |
ID of the AWS VPC in which you would like to create your servers. Note that you must provide subnet_id for all servers in your application. | AWS |
weave_version (Maestro V1 only) |
Deploy-with-upgrades ⓘChanges to this setting will only be applied if you choose the "Deploy with upgrades" option |
Specify the version of Weave you want to install. Maestro V1 only. | All |
Examples YAML for Docker
docker:
configuration:
iam_instance_profile_name: docker-perms
docker_version: 1.7.0
weave_version: 1.0.3
vpc_id: vpc-64872001
root_disk_size: 100
root_disk_type: ssd
image_keep_count: 5
nameservers: ['8.8.8.8', '8.8.4.4']
docker:
configuration:
docker_version: 1.12.0
weave_version: 1.0.3
vn_name: your_vn_name
root_disk_size: 100
root_disk_type: ssd
image_keep_count: 15
Gateway
Note
The gateway should be defined and open before you can use it in manifest.
The following settings are available via the Manifest file:
Option | Applied on | Description | Clouds |
---|---|---|---|
name |
Redeploy ⓘChanges to this setting will be applied when you next deploy your application |
Specify the name of gateway you want to use for your application. | All |
username |
Redeploy ⓘChanges to this setting will be applied when you next deploy your application |
Specify the username which should be used to connect to Bastion server. | All |
Example YAML for gateway
gateway:
name: aws_bastion
username: ec2-user
Nginx
Nginx is the default webserver & reverse proxy for applications managed by Cloud 66.
The following settings are available via the Manifest file:
Option | Applied on | Description | Clouds |
---|---|---|---|
cors |
Redeploy ⓘChanges to this setting will be applied when you next deploy your application |
Enable Cross Origin Resource Sharing | All |
nginx/precompiled_url |
Build-only ⓘThis setting only applies when the app is first built (or cloned) or when new servers are added. |
A URL pointing to a file in tar.gz format that contains a custom version of Nginx that will be used with your application. This Nginx package MUST be compiled using our Cloud 66 compiler. Please read the docs on the Github page for more details. |
All |
perfect_forward_secrecy (deprecated) |
Redeploy ⓘChanges to this setting will be applied when you next deploy your application |
Enable Perfect Forward Secrecy | All |
Customizing Nginx in Maestro
Nginx uses the docker
node in manifest.yml
. See below for examples.
Example YAML for Nginx
docker:
configuration:
nginx:
perfect_forward_secrecy: true # deprecated
CORS configuration
If required, you can also specify the allowed origin (as ‘*’ or a single origin) and methods. You can also specify a comma-separated list of origins, headers, and whether to allow credentials for CORS.
docker:
configuration:
nginx:
cors:
origin: '*'
methods: 'GET, OPTIONS'
headers: 'Custom-Header, Another-Header'
credentials: true
Post-deployment availability checks
You can configure your application to automatically run global availability checks against an HTTP endpoint each time it is deployed. Results of these checks are available on your Cloud 66 dashboard under ActiveProtect.
Note that all of the Health Check settings must be nested under the configuration
→ activeprotect
→ health_check
sub-node.
The following settings are available via the Manifest file:
Option | Applied on | Description | Clouds |
---|---|---|---|
endpoint |
Redeploy ⓘChanges to this setting will be applied when you next deploy your application |
The endpoint to that will be queried during the check | All |
accept |
Redeploy ⓘChanges to this setting will be applied when you next deploy your application |
The set of HTTP codes we will accept as valid from the endpoint (as an array) | All |
timeout |
Redeploy ⓘChanges to this setting will be applied when you next deploy your application |
The timeout limit in seconds of the endpoint (limit: 10 ) |
All |
max_redirects |
Redeploy ⓘChanges to this setting will be applied when you next deploy your application |
The number of acceptable HTTP redirects (limit: 10 ) |
All |
cooldown |
Redeploy ⓘChanges to this setting will be applied when you next deploy your application |
The delay between the end of the deployment process and the start of the test, in seconds. (limit: 1800 ) |
All |
Example YAML for post-deployment global availability checks
docker:
configuration:
activeprotect:
health_check:
endpoint: '/' # Default is root '/'
accept: ["200", "300-399"] # Default is 200
timeout: 2 # Default is 5
max_redirects: 5 # Default is 3
cooldown: 120 # Default is 0