Environment grouped SSH Configs
This directory is located at ~/.ssh/conf.d
/
/~
/.ssh
/jod
/config
/conf.d
/jod
/qa.config # <- we are here
/prod.config
qa.config
These are the names of the instances that host our staging services:
| ssh Host | Description |
|---|---|
| jod.stage.haproxy | load balancer to route HTTP request to appropriate service |
| jodgig.qa.api | instance that hosts php-fpm and nginx to serve our Laravel project |
| jodgig.qa.frontend | instance that is running nginx which is serving built react app |
| jodpro.qa.api | instance that hosts django for jodpro apis |
| jodpro.qa.frontend | instance that is running nginx which is serving built react app |
qa.config Template
# JOD QA
Host jod.qa.haproxy
HostName <ip.redacted>
IdentityFile ~/.ssh/jod/qa-yourname.pem
User ubuntu
Host jodgig.qa.api
HostName <ip.redacted>
IdentityFile ~/.ssh/jod/qa-yourname.pem
User ubuntu
ProxyJump jod.qa.haproxy
Host jod.qa.frontend
HostName <ip.redacted>
User ubuntu
ProxyJump jod.qa.haproxy
note
IP addresses are redacted. Request them from your squad lead when setting this up.
ProxyJump
ProxyJump, or the -J flag was added in ssh version 7.3.
- Check your
sshversion with the commandssh -V
It is the simplified way to use a feature that ssh has had for a long time: ProxyCommand
~/.ssh/conf.d/jod/prod.config
These are the names of the instances that host our staging services:
| ssh Host | Description |
|---|---|
| jod.prod.haproxy | load balancer to route HTTP request to appropriate service |
| jodgig.prod.api | Hosts Rails API (/admins), Sidekiq and Ops Dash |
| jodgig.prod.frontend | Hosts Rails API (/customers and /sellers) only |
| jodgig.prod.cron | Hosts Rails API that process image uploads |
| jodgig.prod.frontend | Hosts Shopfront and Seller Dash |
| jodgig.prod.metabase | Hosts Metabase app for BI |
~/.ssh/conf.d/jod/prod.config Template
We are using jod.prod.haproxy as the bastion host.
- It's not best practice the instance receiving public traffic to also be the bastion host.
- But it's the easiest way to get started.
Read more about what a bastion host is and why we use it in Bastion Proxy Jump
note
IP addreses are redacted. Request them from your squad lead when setting this up.
# Jod Prod
Host jod.prod.haproxy
HostName <ip.address.redacted>
IdentityFile ~/.ssh/tinkerlust/prod-<your-name>.pem
User ubuntu
# GIG
Host jodgig.prod.api
HostName <ip.address.redacted>
User ubuntu
ProxyJump jod.prod.haproxy
Host jodgig.prod.frontend
HostName <ip.address.redacted>
User ubuntu
ProxyJump jod.prod.haproxy
# PRO
Host jodpro.prod.api
HostName <ip.address.redacted>
User ubuntu
ProxyJump jod.prod.haproxy
Host jodpro.prod.frontend
HostName <ip.address.redacted>
User ubuntu
ProxyJump jod.prod.haproxy
# Internal
Host jod.prod.metabase
HostName <ip.address.redacted>
User ubuntu
ProxyJump jod.prod.haproxy