We all like Galaxy, but honestly it’s an expensive wrapper on top of AWS. It somehow doesn’t feel right even though it makes live easy. At PostSpeaker we switched from a nginx setup to mup-aws-beanstalk, a Meteor-up plugin to deploy to EC2. The plugin works great, but we noticed EC2 doesn’t play that nice with Meteor (or our application). It’s kind of unreliable, too much scaling up and down, 500 alerts, etc. So we started to look again for alternatives and we knew that Digital Ocean had launched a load balancer last year, but more importantly, they’ve increased the size of all their droplets. The 5 USD/month droplets is now a 1Gb droplet, which is perfect for Meteor.
Use Digital Ocean droplets + load balancer, deploy with Meteor-up and get free SSL with Letsencrypt.
It turned out to be quite difficult because the order of steps really determines the success of getting Letsencrypt and your load balancer working. We failed a couple of times so here’s the magic recipe for y’all!
Step 1 — Deploy a droplet
- Create a 1Gb droplet
- Set the proxy in
mup.jsfor SSL, as per the instructions
- Make sure to configure PORT: 80 under env, or Letsencrypt won’t be able to issue certificates
- Now point the DNS of your domain to the IP of that droplet, make sure that the domain matches in
- Only after you’ve done that should you do
- You should now have Letsencrypt and force ssl for your domain, and it should load your app perfectly. Optionally check
mup proxy logs-leto see the status of letsencrypt and
mup proxy statusto see the status of the proxy.
Step 2 — Deploy a load balancer
- Create a Digital Ocean Load Balancer, making sure it’s in the same region as your droplet! It costs USD10/month. This sounds expensive, but it’s managed, highly available and easy to configure. Yes, you could do this with nginx but that would make your load balancer a single point of failure. Imo this is worth the money.
- Assign the droplet from step 1 to your load balancer
- Set redirect https 443 to passthrough. This makes sure https traffic is redirected to your droplet, so traffic is encrypted till your droplet, not till your load balancer. It also avoids needing to use DO’s DNS — we use Cloudflare.
- Set health check to TCP port 443.
- Set force HTTPS
- Now change the DNS of your domain to point to load balancer
- The load balancer should show all droplet as healthy.
- Your domain now points to load balancer and should redirect just fine, loading your app.
Step 3 — Clone your droplet
- Now create a live snapshot of your droplet from step #1
- Create a new droplet from that snapshot
- Assign the newly created droplet to the load balancer
(You could repeat this process as many times as you like to add more droplets to your load balan)
(The snapshot step could potentially be skipped, we haven’t tried it. But as Letsencrypt is already configured on the droplet of step #1, this is a more safe and fast approach)
- Load balancer should show all the droplets as healthy
- Your app should still load just fine when going to your domain
Step 4 — Make the setup ready for re-deploy
mup.jsto include the 2nd droplet
- Now you’re ready to do
mup deploywhenever you feel like it
You now have a 20USD/month high-availability setup!
It is easily scalable as you can just clone droplets and add them to your load balancer.
Oh and did I mention this is about half the price of Galaxy?
For Europe, the only downside is that DO doesn’t support Ireland/Dublin as a region, so if you use mLab, that will decrease your performance a little as the closest region is London. You could set it all up in Frankfurt, we haven’t tried. Then again, only AWS does Dublin (Galaxy is on AWS) so what can you do… For US your options are better although it’s not clear if you can get mLab and Digital Ocean in the exact same data centre.
So check your regions carefully and please share your experience with your setup!