Web Application Hosting¶
Introduction¶
RC Web hosting is not a generic web hosting service
HiPerGator Web Application Hosting a.k.a. 'PubApps' is not intended to be a generic web application hosting service. Use UFIT T4 CMS Hosting, UFIT Apache Hosting, or UFIT VM Hosting] for document or generic web application and service hosting. PubApps hosting infrastructure is intended primarily for Research web applications that, for example:
- have significant computational and database needs.
- showcase research and data produced on HiPerGator.
- may or may not need HiPerGator integration.
- were developed with the help of the UFIT RC Research Software Engineering team.
- have specific security/access requirements (public or restricted to HPG users/groups).
- require GPUs for machine learning model inference.
- need to be connected to data-producing hardware at the university.
The purpose of PubApps is to provide a 'long-tail' service and infrastructure that cannot be obtained or set up elsewhere or requires access to data/computational resources on HiPerGator. It can give UF Research Computing customers a competitive edge for top-tier research and presentation of research.
If you are unsure whether this service will work for you, please reach out to use via Support System or one of the options listed in RC Remote Support documentation, so we could discuss your project and determine whether it's appropriate for PubApps or if we could refer you to one of the UFIT hosting solutions or external resources such as cloud hosting. Additionally, we're happy to discuss your application architecture and deployment options as a part of determining the feasibility of hosting the application in PubApps.
Risk Assessment¶
A Risk Assessment is required for all new instances starting May 2025. See the PubApps Risk Assessment document for more details.
Architecture¶
Public vs Private Choice¶
This is the main choice to be made when setting up a single instance, but a group can purchase both a PUBAPPS and a PRIVAPPS instance at the same time if needed.
PubApps¶
Public hosting infrastructure (PUBAPPS) is characterized by and provides
- Open access to hosted applications from the public internet.
- Web application are hosted in VMs (Virtual Machines) accessible by application developers via ssh from HiPerGator.
- Shared database servers (MariaDB/MySQL and PostgreSQL) are avialable as a convenience. Groups can host their own in the VMs using containers.
- Shared scheduled computing infrastructure (SLURM setup, simplified version of HiPerGator scheduling) is available as a convenience on a first-come first-serve access basis.
- NIVIDIA L4 GPUs are available for allocation to indvidual VMs.
- Standalone /pubapps storage (not accessible directly from HPG, use rsync to sync data).
- Podman container runtime only, no Docker or any other runtimes.
- Conda environments can be used in addition to containers.
PrivApps¶
Private hosting infrastructure (PRIVAPPS) is characterized by and provides
- No access from outside of the UF network.
- Applications must use authentication. RC SSO is available for basic use.
- Web application are hosted in VMs (Virtual Machines) accessible by application developers via ssh from HiPerGator.
- Ability to schedule jobs on HiPerGator proper via Slurm scheduling.
- Shared database servers (MariaDB/MySQL and PostgreSQL) are available as a convenience. Groups can host their own in the VMs using containers.
- Small 60GB application/container deployment storage area in /privapps is available.
- Main application data is stored on /blue and /orange filesystems.
- Podman container runtime only, no Docker or any other runtimes.
- Conda environments can be used in addition to containers.
Purchasing¶
Before application(s) can be deployed in pubapps a PubApps instance must be requested via a Trial Allocation or purchased via the HiPerGator Service Purchase form for $300 per year. Please note that the public and private/internal web apps are hosted on separate platforms and deploying both types of applications requires purchasing a hosting instance on each side. If additional resources are required CPU/memory (NCU), storage units (in TB), and GPUs can be purchased in the same manner and with the same pricing as HPG NCU, BlSU, and NGU resources on HiPerGator. Each instance includes up to 2 virtual CPU cores, 16GB of memory, and 1TB of disk space on the public side (/pubapps) or 60GB of space on the private side (/privapps). Container image storage is set up on the local filesystem in a VM in addition to the above.
Instance Overview¶
A pubapps instance
is a combination of a user, resources, and infrastructure within
which web applications can be deployed. You can also describe the instance as a deployment
environment.
Once a group has a PA-Instance allocation one of the group members may open a support request for creation of a PubApps instance.
The following components will be configured during instance setup:
PubApps¶
- $project user account - usually the same as the HiPerGator group name.
- /pubapps/$project storage quota - 1TB with a basic instance, more can be purchased as PA-Storage units at the Blue storage prices.
- ssh key access list setup for access by authorized group members from HiPerGator.
- Environment setup (
login linger
and rootless podman configurations).
Once an instance is set up authorized group members can ssh as the project user from HiPerGator to the instance VM. The group's sponsor manages the access approvals via RCSupport.
PrivApps¶
- HiPerGator service user is created to run web applications. E.g. rc-svc-privweb-GROUP. This user will be a member of the HPG group.
- A /privapps/$project 60GB storage quota for application deployment.
- ssh key access list setup for access to the service user by authorized group members on or from HiPerGator.
- Individual project VM. Additional VMs can be provisioned if a group purchases extra PA-CPU, and optionally PA-GPU resources and requests the additional VM setup.
Once an instance is set up authorized group members can ssh as the project user from HiPerGator to the instance VM. The group's sponsor manages the access approvals via RCSupport.
Access¶
All pubapps/privapps instance environments are accessed via SSH from HiPerGator.
A project user is set up in pubapps and authorized project members' HPG ssh keys are added to the ssh access list for the project user on pub* servers.
A service user is created in the group on HiPerGator. Authorized project members' HPG ssh keys are added to the ssh access list to the project user on privweb* servers, in the project VM, and on HPG nodes.
See the ssh access article for more information.
Deployment¶
One or more web applications can be deployed within the instance. As long as the applications are not using resources in excess of what was purchased there is no limit on the number of deployed applications. You can purchase more resources when needed.
See the PUBAPPS Deployment Documentation for steps and details on how to communicate your pubapps deployment requirements and the resulting configuration.