There are two reasons why web pages cannot be served by a default Labs instance:
- Instances are closed off from outside networks with a firewall. You must open holes in the firewall by editing the security groups for your project.
- Instances are assigned private IP addresses that are only visible from within labs. This can be addressed by assigning your instance a public IP or by creating a web proxy.
This page describes how to create a simple web proxy for an instance.
Important: Make sure you have set up your security groups properly before attempting to create a web proxy.
Creating a web proxy
You must be a projectadmin of the project that contains the instance you wish to proxy. You must also have two-factor authentication enabled for your wikitech account. You can enable two-factor authentication on Wikitech by visiting Preferences->User Profile and clicking
Enable two-factor authentication.
- Go to https://horizon.wikimedia.org/
- Select your project in the center of the top menu.
- Click "DNS" in the left navigation menu.
- Click "Web Proxies" inside the expanded "DNS" section of the left navigation menu.
- Click the "Create Proxy" button in the upper right of the page.
- In the "Hostname" field, enter the hostname that you wish to have as the publicly-visible name for your instance. Important: Enter just the hostname (e.g. 'webtastic'), not the fully qualified name (e.g. 'webtastic.wmflabs.org').
- Specify the domain for your instance using the “Domain” selector. If you want a domain that is not already present in the menu, a Labs Cloudadmin (most likely a staff member) will need to create it for you.
- Select the instance that you're creating a proxy for in the “Backend Instance” selector.
- Enter the “Backend port” that the proxy should connect to on your instance. This will probably be either the default value of
80if you are running a normal web server or
8080if you are using MediaWiki-Vagrant.
- Click “Submit”.
If all goes well, you will see an entry for the new proxy in the proxy table.
You may need to update your security group settings as well before you can access your instance on an external browser. Some projects have setup a 'web' security group to make this easier or already added the common
8080 ports to their default security group.
- Navigate to "Manage Security Groups", and select the project you want to make available externally.
- Add a new rule to open up your proxied port for outside access.
- Set the start and end port in the rule form to the value you entered for “Backend port” when creating the proxy.
- Select "tcp" as the protocol
- CIDR range: 10.0.0.0/8
- Click "Submit"
Deleting a web proxy
Once your instance is no longer in use, please clean up after yourself by clicking the “Delete Proxy” button next to your unused proxy entry.