Just got my Metabase installed using the jar file on an ec2 instance (Our VPC config is too complicated for me to understand so EB wasn’t a great option).
EDIT: The ec2 instance is Ubuntu 16.04, Chrome 71.0.3578.98, and Metabase v0.31.2
A few questions:
I used keytool -genkey -keyalg RSA -alias tomcat -keystore selfsigned.jks -validity 2 -keysize 4096
to generate my .jsk file.
I added my key, and still got the same error. Added sudo in front of ‘java -jar’ and it worked.
Now, I can run sudo java -jar etc. but I can still only connect at http://host:3000. host:80 does not work, https does not work. I believe I followed the correct instructions but am a little bit lost.
Thanks @flamber, that was a lot of helpful information. If you have a couple minutes I have a few more questions:
sudo export isn’t a thing. Do I need to configure things on the AWS side to allow inbound connections to that ec2 instance on both 80 and 443? My ubuntu user generally speaking has sudo permissions though.
How should I configure MB_JETTY_HOST? I’m trying to use this as a production deploy of Metabase. In order to access the ec2 instance, users need to be connected to our corporate VPN. So, by running things on localhost, I was going to just send people to 172.30.0.1:80 or whatever the ec2 ip address is within our network. Is there a better way of doing this? I verified that running on localhost was accessible to other logged-in VPN users via their browsers.
I’m looking at that github issue you linked, #4558, and it seems there are still some recent bugs involving the reverse proxy. Can you please explain a little bit about why it’s recommended? Is it for security purposes? Requiring the VPN to connect to this ec2 seems like it should be sufficient? The reverse proxy would just act as an intermediary and show that traffic was coming from the proxy and not from my ec2 instance. Is that right?
I have no idea how AWS works, but you’re running Metabase on localhost - meaning 127.0.0.1 - which is different from 172.30.0.1, so you would need to define MB_JETTY_HOST if you want to use Jetty instead of a reverse-proxy.
There’s no issues with doing reverse proxy. Yes, some people are having issues, but I don’t know their setup, so I cannot say if they are doing something wrong. And most people run Metabase in the root of their host, whereas the problems you’re reading are about running in a sub-dir.
I would always always run things via a reverse-proxy, since Nginx/Caddy are better at handling connections (and security) than Jetty, so it just gives me more control.