TiTiler

We are running DevSeed TiTiler on the Cyverse OpenStack Cloud

https://titiler.cyverse.org

For this we are running a xl instance (16-cores, 64 GB RAM, 200 GiB Disk ) with Ubuntu 22.04 and Docker

Instructions for DevSeed TiTiler¶

https://titiler.cyverse.org/

Start Docker¶

We are running TiTiler with Docker:

docker run \
--name titiler \
--env FORWARDED_ALLOW_IPS=*
--env REDIRECT_URL=https://titiler.cyverse.org \
-p 8000:8000 \
--env PORT=8000 \
--env WORKERS_PER_CORE=1 \
--restart always \
-d  \
-it \
ghcr.io/developmentseed/titiler:latest

To ensure that the container is always alive and is healthy, we are running a cron job every 5 minutes to test it and restart it as necessary

*/5 * * * * docker ps -f health=unhealthy --format "docker restart {{.ID}}" | sh

NGINX¶

Install nginx

sudo apt install apache2-utils nginx

modify /etc/nginx/sites-enabled/default

# Default server configuration
#
server {
        listen 80 default_server;
        listen [::]:80 default_server;

        # SSL configuration
        #
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;


        ssl_certificate /etc/ssl/certs/cyverse.org.fullchain.crt;
        ssl_certificate_key /etc/ssl/private/cyverse.org.key;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                proxy_pass http://localhost:8000;
                proxy_set_header Host $http_host;
                proxy_set_header X-Forwarded-Proto $scheme;

                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                # try_files $uri $uri/ =404;
        }

        # pass PHP scripts to FastCGI server
        #
        #location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #
        #       # With php-fpm (or other unix sockets):
        #       fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        #       # With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}

Add Certs

Add .key and .crt to:

$ /etc/ssl/private/
$ /etc/ssl/certs/

Start a new tmux session.

Check and Restart nginx

sudo systemctl status nginx
sudo systemctl restart nginx

Last update: 2024-03-21