Configurable Cloud Environment

There is an option to connect Ephemeric cloud instance to external services like databases. If the cloud runtime finds a special file named stunnel.conf in a published Image Archive File then it creates a secure tunnel to the specified services.

Configuration file stunnel.conf is a plain text file which consists of description of tunnels. Each description usually contains connection information to remote service and authentification method (like "pre-shared keys" or "certificates").

Configuration file may contain several destinations. The system will open all connections in this case.

The tunnels are secured by encription and hence you may connect to your services across public network. However the entire encription job is done by the system so from ephemeric instance point of view it would seem like operating with open un-enctypted ports.

System uses utilty called stunnel which is available for the majority of platforms. You may find documentation and some examples here: https://www.stunnel.org

MongoDB appliance example configuration

Pharocloud hosting appliances are stunnel-ready so it is quite easy to configure Ephemeric Cloud instance to work with Pharocloud database appliance. For instance, let's take a look on how to connect ephemeric instance to a MongoDB appliance.

Pharocloud database appliances are not accessible via unsecure port by default. The user has to establish a secure tunnel with pre-shared authentication keys in order to get access to the database.

To connect your local machine to a database appliance follow the steps below:

  1. Start a MongoDB appliance at Pharocloud
  2. Create a psk.txt file which contains a line with user id and password.
  3. Open appliance's "stunnel" tab in Pharocloud management console and upload the psk.txt file to activate the tunnel on the appliance side.
  4. Copy the content of public stunnel.conf configuration from the "stunnel" tab of the appliance to a local stunnel.conf.

Please note that stunnel.conf and psk.txt files must be located at the same folder.

For instance, MongoDB appliance's stunnel.conf may look like this:

[server]
client = yes
accept = 127.0.0.1:27017
connect = todoapplication-mongo.pharocloud.com:27037
PSKsecrets = psk.txt

Contents of psk.txt

eph1:BMT33fgJGQzwH88KERatxXmA

Please note that this configuration opens a connection to remote MongoDB and makes it accessible locally on 27017 unencrypted port. This means that Pharo application should be configured with default settings to be able to connect to the database.

To publish an ephemeric instance with the secure tunnel configuration put stunnel.conf and psk.txt files to the same directory as Pharo Image before creating an Image Archive File. When ephemeric is published it should have a valid connection to the database.

Quick-start package

If you want just to try it out then proceed with the steps below:

  1. Download Pharo Image with sample Seaside&Voyage Todo Application:
  2. The archive contains stunnel.conf and psk.txt which you need to modify by the following steps
  3. Start a Mongo Small appliance at Pharocloud (it is free for a week)
  4. When the appliance is deployed – modify and then upload psk.txt file to activate the tunnel on the appliance side.
  5. Replace stunel.conf content with PUBLIC configuration of your appliance.
  6. Create a new zip archive with Pharo Image and modified stunnel.conf and psk.txt and publish it in Ephemeric cloud - the application should get connected to your database.

Please note that if you run multiple instances of the application, they all work with the same database.