Skip to content

Web Application Hosting

Introduction

RC Web hosting is not a generic web hosting service

HiPerGator Web Application Hosting a.k.a. 'PubApps or PrivApps' is not intended to be a generic web application hosting service. Use

  • UF T4 CMS Hosting for hosting static "standard" websites in the T4 content management system configured to use UF approved styling.
  • UFIT Hosting as a versatile option for hosting both informational websites and web applications on Private UF Cloud or Public (AWS, Azure, GCP) Cloud hosting infrastructure. Available hosting environments include Linux Apache, Microsoft IIS, and the most flexible, but sysadmin-intensive as the customer is responsible for the OS setup, maintanance, and security, VM Hosting depending on your needs. Public Cloud infrastructure configuration is available for either public internet-accessible applications or the internal UF networks.
  • UFIT database hosting for MySQL and MSSQL databases is available to complement the web hosting options.

UFIT RC web hosting infrastructure is intended primarily for Research Web Applications that:

  • Have significant computational and database needs.
  • Showcase research and data produced on HiPerGator.
  • May or may not need HiPerGator integration.
  • Were developed with the help of the UFIT RC Research Software Engineering team.
  • Have specific security/access requirements (public or restricted to HPG users/groups).
  • Require GPUs for machine learning model inference.
  • Need to be connected to other data-producing hardware at the university.

The purpose of PubApps is to provide a 'long-tail' service and infrastructure that cannot be obtained or set up elsewhere or requires access to resources on HiPerGator to give UF Research Computing customers the flexibility and a competitive edge needed for top-tier research and presentation of such research.

If you are unsure whether this service will work for you, please reach out to use via Support System or one of the options listed in RC Remote Support documentation, so we could discuss your project and determine whether it's appropriate for PubApps or whether you should explore on of the UFIT hosting solutions listed above. Additionally, we're happy to discuss your application architecture and deployment options as a part of determining the feasibility of hosting the application in PubApps. RC also has an RSE (Research Software Engineering) team that can work with you to develop applications you need including web apps.

Risk Assessment

A Risk Assessment is required for all new instances since May 2025. See the PubApps Risk Assessment document for more details.

Architecture

PubApps Infrastructure Diagram

Public vs Private Facing

This is the main choice to be made when setting up a single hosting instance, but a group can purchase both a PUBAPPS and a PRIVAPPS instance at the same time if the group intends to deploy applications on both sides.

PubApps

Public hosting infrastructure (PUBAPPS) is characterized by and provides

  • Open access to hosted applications from the public internet.
  • Web application are hosted in VMs (Virtual Machines) accessible by application developers via ssh from HiPerGator.
  • Groups are expected to host application databases in the VMs using containers.
  • Shared scheduled computing infrastructure (SLURM setup, simplified version of HiPerGator scheduling) is available as a convenience on a first-come first-serve basis.
  • NIVIDIA L4 GPUs are available for allocation to indvidual hosting VMs or shared between multiple VMs with preset VRAM (gpu memory) share limits per VM.
  • Standalone /pubapps storage is not accessible directly from HPG. Use rsync or other mechanism to sync data from HPG to PubApps and back.
  • Podman container runtime only, no Docker or any other runtimes available.
  • Conda environments can be used in addition to containers.
  • Applications can use authentication, but are not required to do it since PubApps deals with open data. RC SSO or Basic Apache Auth are available for endpoint protection if needed.

PrivApps

Private hosting infrastructure (PRIVAPPS) is integrated with HiPerGator. Because of that it has different security requirements compared to PubApps.

  • Internal facing - no access from outside of the UF network.
  • Applications must use authentication. RC SSO or Basic Apache Auth are available for endpoint protection.
  • Web application are hosted in VMs (Virtual Machines) accessible by application developers via ssh from HiPerGator only.
  • Ability to schedule jobs on HiPerGator proper via Slurm scheduling.
  • Groups are expected to host application databases in the VMs using containers.
  • Small 60GB application/container deployment storage area in /privapps is available.
  • Main application data must be stored on the /blue or /orange filesystems.
  • Podman container runtime only, no Docker or any other runtimes.
  • Conda environments can be used in addition to containers.

Purchasing

Before application(s) can be deployed in pubapps a PubApps instance must be requested via a Trial Allocation or purchased via the HiPerGator Service Purchase form for $300 per year. Please note that the public and private/internal web apps are hosted on separate platforms and deploying both types of applications requires purchasing a hosting instance on each side. If additional resources are required CPU/memory (NCU), storage units (in TB), and GPUs can be purchased in the same manner and with the same pricing as HPG NCU, BlSU, and NGU resources on HiPerGator. Each instance includes up to 2 virtual CPU cores, 16GB of memory, and 1TB of disk space on the public side (/pubapps) or 60GB of space on the private side (/privapps). Container image storage is set up on the local filesystem in a VM in addition to the above.

Instance Overview

A pubapps instance is a combination of a user, resources, and infrastructure within which web applications can be deployed. You can also describe the instance as a deployment environment. Each hosting instance is based on one or more VMs (Virtual Machines), which are virtualized servers with defined resources based on the purchased allocations.

Once a group has a PA-Instance allocation one of the group members may open a support request for creation of a PubApps instance, which will result in a creation of the initial web hosting VM.

The following components will be configured during instance setup:

PubApps

  • Hosting VM
  • $project user account - usually the same as the HiPerGator group name.
  • /pubapps/$project storage quota - 1TB with a basic PA-Instance allocation, more can be purchased as PA-Storage units at the Blue storage prices.
  • ssh key access list setup for access by authorized group members from HiPerGator.
  • Environment setup (login linger configuration to allow processes to continue to run when you log out and rootless podman configuration).
  • A /podman/$serviceuser local filesystem directory tree for container storage.

Once an instance is set up authorized group members can ssh as the project user from HiPerGator to the instance VM.

PrivApps

  • Hosting VM.
  • HiPerGator service user is created to run web applications. The name will follow the rc-svc-privweb-GROUP pattern. This user will be a member of a HPG group.
  • ssh key access list setup for access to the service user by authorized group members from HiPerGator.
  • A /privapps/$project 60GB storage quota for application deployment.
  • A /podman/$serviceuser local filesystem directory tree for container storage.

Access

All pubapps/privapps instance VM environments are accessed via SSH from HiPerGator. Once an instance is set up authorized group members can ssh as the project/service user from HiPerGator to the instance VM. The group sponsor and the already authorized members of the project can self-manage the ~/.ssh/authorized_keys file that lists HiPerGator public ssh keys of the project members authorized to ssh in as the project user. If no active project members are available to handle the addition of new members please open an RCSupport ticket for assistance. We will request confirmation from the Sponsor or the designated project manager before adding a new project member's public ssh key to the list.

See the ssh access article for reference.

Deployment

Multiple web applications can be deployed within the instance. As long as the applications are not fully consuming VM resources there is no limit on the number of deployed applications. You can purchase more PA-CPU or PA-GPU resources to resize the hosting VM(s) when needed. We will need to restart the hosting VM to resize it to apply the new resource allocations.

See the PUBAPPS Deployment Documentation for steps and details on how to communicate your pubapps deployment requirements and the resulting configuration.