Web Application Hosting¶
Introduction¶
RC Web hosting is not a generic web hosting service
HiPerGator Web Application Hosting a.k.a. 'PubApps or PrivApps' is not intended to be a generic web application hosting service. Use
- UF T4 CMS Hosting for hosting static "standard" websites in the T4 content management system configured to use UF approved styling.
- UFIT Hosting as a versatile option for hosting both informational websites and web applications on Private UF Cloud or Public (AWS, Azure, GCP) Cloud hosting infrastructure. Available hosting environments include Linux Apache, Microsoft IIS, and the most flexible, but sysadmin-intensive as the customer is responsible for the OS setup, maintanance, and security, VM Hosting depending on your needs. Public Cloud infrastructure configuration is available for either public internet-accessible applications or the internal UF networks.
- Database hosting for MySQL and MSSQL databases is available to complement the web hosting options.
UFIT RC web hosting infrastructure is intended primarily for Research Web Applications that:
- Have significant computational and database needs.
- Showcase research and data produced on HiPerGator.
- May or may not need HiPerGator integration.
- Were developed with the help of the UFIT RC Research Software Engineering team.
- Have specific security/access requirements (public or restricted to HPG users/groups).
- Require GPUs for machine learning model inference.
- Need to be connected to other data-producing hardware at the university.
The purpose of PubApps is to provide a 'long-tail' service and infrastructure that cannot be obtained or set up elsewhere or requires access to resources on HiPerGator to give UF Research Computing customers the flexibility and a competitive edge needed for top-tier research and presentation of such research.
If you are unsure whether this service will work for you, please reach out to use via Support System or one of the options listed in RC Remote Support documentation, so we could discuss your project and determine whether it's appropriate for PubApps or whether you should explore on of the UFIT hosting solutions listed above. Additionally, we're happy to discuss your application architecture and deployment options as a part of determining the feasibility of hosting the application in PubApps. RC also has an RSE (Research Software Engineering) team that can work with you to develop applications you need including web apps.
Risk Assessment¶
A Risk Assessment is required for all new instances since May 2025. See the PubApps Risk Assessment document for more details.
Architecture¶
Public vs Private Facing¶
This is the main choice to be made when setting up a single hosting instance, but a group can purchase both a PUBAPPS and a PRIVAPPS instance at the same time if the group intends to deploy applications on both sides.
PubApps¶
Public hosting infrastructure (PUBAPPS) is characterized by and provides
- Open access to hosted applications from the public internet.
- Web application are hosted in VMs (Virtual Machines) accessible by application developers via ssh from HiPerGator.
- Shared database servers (MariaDB/MySQL and PostgreSQL) are avialable as a convenience. Groups can host their own in the VMs using containers.
- Shared scheduled computing infrastructure (SLURM setup, simplified version of HiPerGator scheduling) is available as a convenience on a first-come first-serve basis.
- NIVIDIA L4 GPUs are available for allocation to indvidual hosting VMs or shared between multiple VMs with preset VRAM (gpu memory) share limits per VM.
- Standalone /pubapps storage is not accessible directly from HPG. Use rsync or other mechanism to sync data from HPG to PubApps and back.
- Podman container runtime only, no Docker or any other runtimes available.
- Conda environments can be used in addition to containers.
- Applications can use authentication, but are not required to do it since PubApps deals with open data. RC SSO or Basic Apache Auth are available for endpoint protection if needed.
PrivApps¶
Private hosting infrastructure (PRIVAPPS) is integrated with HiPerGator. Because of that it has different security requirements compared to PubApps.
- Internal facing - no access from outside of the UF network.
- Applications must use authentication. RC SSO or Basic Apache Auth are available for endpoint protection.
- Web application are hosted in VMs (Virtual Machines) accessible by application developers via ssh from HiPerGator only.
- Ability to schedule jobs on HiPerGator proper via Slurm scheduling.
- Shared database servers (MariaDB/MySQL and PostgreSQL) are available as a convenience. Groups can host their own in the VMs using containers.
- Small 60GB application/container deployment storage area in /privapps is available.
- Main application data must be stored on the /blue or /orange filesystems.
- Podman container runtime only, no Docker or any other runtimes.
- Conda environments can be used in addition to containers.
Purchasing¶
Before application(s) can be deployed in pubapps a PubApps instance must be requested via a Trial Allocation or purchased via the HiPerGator Service Purchase form for $300 per year. Please note that the public and private/internal web apps are hosted on separate platforms and deploying both types of applications requires purchasing a hosting instance on each side. If additional resources are required CPU/memory (NCU), storage units (in TB), and GPUs can be purchased in the same manner and with the same pricing as HPG NCU, BlSU, and NGU resources on HiPerGator. Each instance includes up to 2 virtual CPU cores, 16GB of memory, and 1TB of disk space on the public side (/pubapps) or 60GB of space on the private side (/privapps). Container image storage is set up on the local filesystem in a VM in addition to the above.
Instance Overview¶
A pubapps instance
is a combination of a user, resources, and infrastructure within
which web applications can be deployed. You can also describe the instance as a deployment
environment.
Once a group has a PA-Instance allocation one of the group members may open a support request for creation of a PubApps instance.
The following components will be configured during instance setup:
PubApps¶
- $project user account - usually the same as the HiPerGator group name.
- /pubapps/$project storage quota - 1TB with a basic instance, more can be purchased as PA-Storage units at the Blue storage prices.
- ssh key access list setup for access by authorized group members from HiPerGator.
- Environment setup (
login linger
and rootless podman configurations).
Once an instance is set up authorized group members can ssh as the project user from HiPerGator to the instance VM. The group's sponsor manages the access approvals via RCSupport.
PrivApps¶
- HiPerGator service user is created to run web applications. E.g. rc-svc-privweb-GROUP. This user will be a member of the HPG group.
- A /privapps/$project 60GB storage quota for application deployment.
- ssh key access list setup for access to the service user by authorized group members on or from HiPerGator.
- Individual project VM. Additional VMs can be provisioned if a group purchases extra PA-CPU, and optionally PA-GPU resources and requests the additional VM setup.
Once an instance is set up authorized group members can ssh as the project user from HiPerGator to the instance VM. The group's sponsor manages the access approvals via RCSupport.
Access¶
All pubapps/privapps instance environments are accessed via SSH from HiPerGator.
A project user is set up in pubapps and authorized project members' HPG ssh keys are added to the ssh access list for the project user on pub* servers.
A service user is created in the group on HiPerGator. Authorized project members' HPG ssh keys are added to the ssh access list to the project user on privweb* servers, in the project VM, and on HPG nodes.
See the ssh access article for more information.
Deployment¶
One or more web applications can be deployed within the instance. As long as the applications are not using resources in excess of what was purchased there is no limit on the number of deployed applications. You can purchase more resources when needed.
See the PUBAPPS Deployment Documentation for steps and details on how to communicate your pubapps deployment requirements and the resulting configuration.