In the previous post I introduced DC/OS and provided a way to install it. There was a minor caveat related to the accessing your DC/OS instance - you need ssh to connect to it and some way to tunnel port 80 from the VM to your local computer. In fact whole infrastructure is sealed and allows connecting to it only via ssh. What if I would like to allow accessing it with any other possibility? Well, there's a simple way to do it, which I present by allowing access directly via browser on port 80.
Inbound security rules...
The whole DC/OS isolation comes from the fact, that it resides inside a VPN, which is protected by both its security rules and a load balancer, which directs traffic inside the network. By default it allows connections via ssh on port 2200, which is further forwarded to port 22. To allow accessing it using other service, we have to perform following steps:
- Add a new inbound NAT rule to the load balancer to forward traffic on port 80 to port 80 inside our VM
- Allow accessing our network with port 80
Note - we're talking about HTTP here, nor problem to change configured port to 443 and access VM only via HTTPS.
How can I do it?
To allow access to our VM via HTTP perform following steps:
- Go to Azure Portal and open resource group containing an instance of Mesosphere DC/OS
- Find the master load balancer(usually contains something like dcos-master)
- Go to Inbound NAT rules and click +Add
- Provide a name for the rule, from the Service dropdown select any service you'd like to configure(e.g. HTTP)
- In Target field select a VM you're interested in
- Then click OK and wait a minute so the load balancer is reconfigured
- Now go back to DC/OS resources and find a network security group associated with the master node
- Go to Inbound security rules and click +Add
- Provide a name and select a service you're interested in
- Make sure Allow is selected and click OK
Once configuration is finished you should be able to access DC/OS with your browser by using your VM IP public address.