Scaling Meteor with Amazon EC2 and Elastic Load Balancer


elastic load balancer.jpg
In building Gander, we are planning for large scalability. So far there has not been much guidance on scaling Meteor applications. We started with the convenient free hosting on Meteor.com, and quickly moved our database onto MongoHQ. Since Meteor.com hosting is mainly for development and testing at this time (coupled with us effectively causing a DoS faux pas event during our testing), we moved to hosting on Heroku. After performance tests and because of the lack of session affinity across Heroku web dynos, we elected to move Gander to EC2 with an Elastic Load Balancer (ELB). An Elastic Load Balancer (ELB) is an Amazon Web Services (AWS) Elastic Compute Cloud (EC2) service that provides SSL termination, session affinity (via cookies), fault tolerance, and load balancing across a group of EC2 instances. 

Creating an ELB and enabling sticky sessions 

  1. Log into the AWS console and select EC2 Dashboard
  2. Click Load Balancers
  3. Click create Load Balancer and follow the wizard.
  4. Specify the load balancer protocols, health checks,  and attach valid EC2 instances. If using ELB SSL termination follow the instructions below to create and upload the proper certificates. 
  5. Example health checks: 
    • Ping target
    • Timeout
    • Interval
    • Unhealthy threshold
    • Healthy threshold
  6. For every EC2 instance added add the amazon-elb/amazon-elb-sg group to the security group for the designated port it is trying to server traffic to.
    • i.e. If a listener is configured to send traffic for port 80 from the outside world to port 3000 on the instance then add amazon-elb/amazon-elb-sg group to the security group with a port restriction of 3000.
  7. To enable session stickiness, select the description tab and edit the port configuration for listener. The default is no stickness. The other two options are to let the application generate a cookie or let the ELB generate the cookie.
    • We let the load balancer handle the session stickiness by selecting the 2nd option (Enable Load Balancer Generated Cookie Stickiness) and leaving the field blank to disable cookie expiration. This cookie will expire when the user closes the browser session.
  8. To serve content from a URL other than the default elb generate jibberish, you will need ELB's A or AAA record found in the description tab and add the appropriate CNAME entry in external DNS server.

Adding certificates to an ELB

    These instructions are based on using the Digicert ssl certificate provider, but are general enough that hey can be applied to different ssl certificate providers.
  1. On a computer with openssl installed, create the private key: $ openssl genrsa 2048 > private-key.pem
  2. Create the csr for Digicert (fill in the appropriate fields when asked): openssl req -new -key private-key.pem -out csr.pem
      1. Country:
      2. State: 
      3. City: 
      4. Org name:
      5. OU: Web
      6. Common name: sub.domain.com (or the FQDN for the domain being secured with SSL)
      7. Email address: 
  3. Login to Digicert
  4. From reissue options, choose duplicate
  5. Copy the output of the csr.pem file into the CSR box
  6. Specify OTHER as the certificate output(openssl x509 -inform PEM -in DigiCertCA.crtopenssl x509 -inform PEM -in TrustedRoot.crt)
  7. Enter the name of the subdomain(s) to secure at the bottom of the form
  8. Click process duplicate wildcard cert
  9. Refresh, and click download on the duplicate certificate created.
  10. Choose Other format, individual crts for the download format
  11. Convert the star_gander_io.crt to pem: $ openssl x509 -inform PEM -in star_gander_io.crt 
  12. Convert the intermidiate and root certificate into a certificate chain: $ (openssl x509 -inform PEM -in DigiCertCA.crt; openssl x509 -inform PEM -in TrustedRoot.crt)
  13. When prompted for certificates during the ELB wizard
    • give the certificate a name
    • paste the output of the private key file into private field
    • paste the output of the star_gander_io.crt pem openssl output into the public field
    • paste the output of the DigicertCA.crt and TrustedRoot.crt openssl output into the chain field
  14. Choose the default ELB ssl policy.

Conclusion:

EC2 and ELB provide a robust scaling platform for Meteor. Until Meteor's rumored Galaxy service becomes available, this duo is the best solution for scaling Meteor applications today.

Additional Resources

3 Comments