Questions

Page 1
question

WAF questions

Hi!

Could you provide more details about WAF, as we are experiencing constant malicious activity attempts?

I’m particularly interested in protection against:

Directory Traversal

Code Injection

SQL Injection

XSS

avatar
1
question

Kernel updates

To pull this conversation public, I thought I would throw a question out to the senior staff at Cycle in regards to Kernel/OS updates. Lets kick this thread off with a few questions around server security

  1. How are the kernel and service/library updates performed?
  2. Do these require downtime? Are we required to run 2N infra or evacuate our nodes to perform kernel upgrades?
  3. How often are servers patched?
  4. What root OS variant is used to build the OS from track CVSS scorings and potential vulnerabilities and determine compatibility with various workloads?

I think these type of questions serve as a baseline for determining how folks can address security updates and ensure their servers are kept up to date.

avatar
3
question

Load Balancer timeout

Hello, We are experiencing timeouts on our API calls in our system and we are trying to identify the source. We can see that the load balancer in cycle has multiple timeout fields and are unsure of what needs to be set so that a REST API call timeout can be set to 90 seconds.

We see 2 options:

  1. Idle timeout (set to 900s currently)
  2. Destination connection timeout on ingress traffic (set to 3s currently)

Which one needs to be set such that our timeouts are 90 seconds for calls on port 443?

Thank you!

avatar
1
question

Load balancer - traffic distribution between containers according to URL.

Hi!

How can I route traffic based on URL?

For example:

https://<my_domain>/ - goes to one container

https://<my_domain>/<path1> - goes to a second container

https://<my_domain>/<path2> - goes to another container

Thanks!

avatar
7
question

Server storage

We have a notification on our server saying server storage is almost full.

Server Storage Pool Full There is less than 10% of total storage available on server

But when I look at the Server Details -> base volume on the right it says 16GB/29GB used.

What is the actual usage percentage?

Also, there is an option to increase the storage size. How do I check the maximum storage available for my server?

avatar
1
question

SSL Certificates

Hello!

How can I upload my SSL certificate (from GoDaddy) for DNS zone?

How can I route traffic based on URL?

For example:

https://<my_domain>/ - goes to one container

https://<my_domain>/<path1> - goes to a second container

https://<my_domain>/<path2> - goes to another container

Thanks!

avatar
11
question

How do I turn on legacy mode (ipv4) for an existing environment?

I'm deploying containers that need to connect to each locally via ipv4. How do I turn on legacy mode for an existing environment?

avatar
1
question

Load Averages - What are reasonable levels?

Hey team! I can see the load averages on our servers, but I'm not sure what is too high or too low.

In the docs, I can see "Load Averages System load averages over time-frame selected. This indicates how busy the server's CPU is." But the scale of these load averages is 0, 1, 2, etc. And I see for example LOAD 0.74, 0.64, 0.61 in the right hand panel as well as the graph.

Can you give some guidance about what would be too little load (ie too big of a machine, could save $$) or too much load (ie too few CPUs, needs bigger machine), etc? In absence of this, I'm not sure what to do with these numbers.

Thanks!

avatar
2
question

servers matching criteria do not contain enough unallocated resources for deployment

Hi, we are trying to spin up new containers, we are getting this error. How do we resolve this?

avatar
2
question

Adding range of ports

I would like to add a range of ports. Is there a way to do this through the portal?

avatar
1
question

mktemp: failed to create directory via template '/var/lock/apache2.XXXXXXXXXX': No such file or directory

Hi!

I have a couple of questions:

The container I published earlier is giving an error. I tried simplifying and changing the Dockerfile, but nothing seems to change. The container builds and runs locally, the CI pipeline also passes correctly, but during deployment, it throws the following error: vbnet Copy code [Sep 23 12:23:36.956][ CYCLE COMPUTE] Console attached mktemp: failed to create directory via template '/var/lock/apache2.XXXXXXXXXX': No such file or directory chmod: missing operand after '755' Try 'chmod --help' for more information. [Sep 23 12:23:37.033][ CYCLE COMPUTE] Console disconnected (77.073087ms) [Sep 23 12:26:49.663][ CYCLE COMPUTE] Console attached mktemp: failed to create directory via template '/var/lock/apache2.XXXXXXXXXX': No such file or directory chmod: missing operand after '755' Try 'chmod --help' for more information. [Sep 23 12:26:49.794][ CYCLE COMPUTE] Console disconnected (130.256738ms) I even removed everything related to this from the Dockerfile (attached), but the issue persists.

FROM php:8.2-apache

Install necessary packages

RUN apt-get update && apt-get install -y libzip-dev zip unzip git && docker-php-ext-install zip

Enable Apache modules

RUN a2enmod rewrite RUN a2enmod ssl

Set Apache environment variables

ENV APACHE_RUN_USER=www-data ENV APACHE_RUN_GROUP=www-data

ENV APACHE_LOG_DIR=/var/log/apache2

ENV APACHE_PID_FILE=/var/run/apache2/apache2.pid

ENV APACHE_RUN_DIR=/var/run/apache2

ENV APACHE_LOCK_DIR=/var/lock/apache2

# Create necessary directories

RUN mkdir -p $APACHE_RUN_DIR $APACHE_LOCK_DIR $APACHE_LOG_DIR

# Ensure Apache can access these directories

RUN chown -R www-data:www-data $APACHE_RUN_DIR $APACHE_LOCK_DIR $APACHE_LOG_DIR

RUN chmod 755 $APACHE_RUN_DIR $APACHE_LOCK_DIR $APACHE_LOG_DIR

Copy application files

COPY --chown=www-data:www-data ./app /var/www/html

Clean up

RUN rm -rf /var/lib/apt/lists/*

Set the working directory

WORKDIR /var/www/html

I created a second server in the Products cluster and increased the number of container instances to 2. The deployment happened, but both containers were placed on the same server. How can I ensure that containers are evenly distributed across servers? Afterward, I stopped the first server with the containers in the AWS console, but the containers didn’t automatically deploy on the second server. So, if the server crashes (not just the container), the application becomes unavailable. How can this issue be resolved?

avatar
6
question

Issue with MySQL 5.7 Docker Containers Failing to Restart

Hello,

My team and I encountered an issue this week with containers running the MySQL 5.7 image from Dockerhub. After shutting them down, the containers failed to restart.

We’ve been using this same unmodified image across multiple containers for over a year without issue, but this problem started earlier this week.

This same issue also occurs across different cloud providers in our account. And the problem persists even when deploying the same MySQL 5.7 image to a new container, so this isn’t isolated to a single container.

Here are the errors displayed when attempting to restart the container:

2024-09-20715:38:38.264529Z 0 [Warning] A deprecated TLS version TLSvl. 1 is enabled. Please use TLSv1.2 or higher.
2024-09-20715:38:38.265036Z 0 [Warning] CA certificate ca.pem is self signed.
2024-09-20715:38:38.265070Z 0 [Note] Skipping generation of RSA key pair as key files are present in data directory.
2024-09-20715:38:38.265316Z 0 [Note] Server hostname (bind-address): '*'; port: 3306
2024-09-20T15:38:38.265348Z 0 [Note] IPv6 is available.
2024-09-20715:38:38.265360Z 0 [Note]
2024-09-20T15:38:38.265383Z 0 [Note] Server socket created on IP: ' :: '.
2024-09-20715:38:38.265425z 0 [ERROR] Could not create unix socket lock file /var/run/mysqld/mysqld.sock.lock.
2024-09-20715:38:38.265435Z 0 [ERROR] Unable to setup unix socket lock file.
2024-09-20715:38:38.265445Z 0 [ERROR] Aborting

We are able to solve this issue by upgrading to a new MySQL 8 image.

Could the TLS errors be related to CycleOS? Was there an update that potentially disables older versions of TLS?

Any guidance would be greatly appreciated!

avatar
3
question

Pipeline run status doesn't terminate to `failed` or similar when there is an error

Hello,

I'm integrating with the pipeline API, and it seems like pipeline runs don't go to a final state assigned when they error out. I’ve created and queried a couple of errored out runs and they all have a status block like this:

        "state":
        {
            "changed": "2024-08-21T04:07:43.786Z",
            "error":
            {
                "message": "could not find cycle.json in repo"
            },
            "current": "running"
        },

Note that current is still running eventhough the run ended hours ago with a pretty permanent error. I would expect the current status to be something like failed, so I can pick it up and determine the run is done (and cooked).

avatar
1
question

Function container execution

How to execute function container (B) from another function container (A)? More details: I want to execute container A function and inside execution process I want to decide (based on some paramaters passed to the function and additional logic) how many function B I want to execute (how many containers with B function I want to start).

avatar
5
question

Instances

I am looking to restart an instance using the Cycle API based on some application logic. I tried going through the documentation but could not find anything to restart an instance through the API. Am I missing something? Any help would be appreciated. Docs I was going through: https://api.docs.cycle.io/tag/Instances Thank you!

avatar
2
question

How to mount a file in a container via stack files

I'm using a stack file (cycle.json) in my repo and I have a container for grafana which needs a config file mounted in the container. I know I can update this file in the portal but is there a way to define the file in the stack file so I can just update it in code?

avatar
1
question

[FAQ] Mounting Files in Containers on Cycle

This post is made by a Cycle employee highlighting a commonly asked question. It's being placed here for visibility, questions, feedback, feature requests, and general discussion.

The most direct way to do this is by using the file type scoped variable. This allows a user to mount a file at either a default path, provided by the platform, or at the path of their choosing. For binary file types, there is a base64 decode feature that will automatically decode any base64 encoded file on read.

Another popular way to mount files into container(s) is through shared mounts. This allows a remote filesystem (like EFS) to be mounted to a server and then allows containers on that server to opt into those files being available.

Have a specific use case you can't quite decided which approach is right for? Want some feedback on your implementation?

We'd love to hear your questions or successes here in the replies!

avatar
platform
0
question

[FAQ] Docker Compose Converter to Cycle Stack File

This post is made by a Cycle employee highlighting a commonly asked question. It's being placed here for visibility, questions, feedback, feature requests, and general discussion.

If you're moving a project from Docker Compose to a Cycle Stack File, converting from one format to the other is a process worth automating.

Users can now visit the Docker Compose Converter from the Toolbox section of the website and they can easily paste in a docker compose file and get a cycle.json file out.

If you've used this tool we'd love to hear about your experience in the replies or creating a new thread with feedback, questions, or a request for new functionality!

avatar
platform
0
question

Deployments for monorepos

How should I structure a deployment for multiple services inside a monorepo?

avatar
2
question

Where do I find the build log for a stack image

I've hit an error creating a stack and I wanted to find the build log for a stack image but Im not seeing it.

avatar
3
v2024.12.08.01 © 2024 Petrichor Holdings, Inc.