We have servers hosted by two providers:
-
free.org is sponsoring us electricity, network and server hosting. We have two servers:
- off1.openfoodfacts.org
- off2.openfoodfacts.org
-
OVH foundation sponsors us three bare metal servers:
-
Most services are hosted on ovh, and pass through an nginx proxy (see promox - HTTP Reverse Proxy) hosted on 101 VM on ovh1 which has a bridge with it's own ip.
-
product opener instances (openfoodfacts.org and its cousins) have their own proxy on off1
-
a specific nginx is also set on ovh3 to serve images and some static resources
We still need to deploy stunnel for clear text tcp services transiting through (also to avoid ip rules)
We limit access to certain services through IP tables rules. Notably:
- on off2 access to mongodb is filtered by ip to enable access from ovh
We also use IP tables rules to proxy services: Notably:
- on ovh1 ip tables rules proxy PGM service requests coming from off1 and off2 (we could replace by stunnel)
Located at free.org
Currently installed in bare-metal mode with debian. (migration to come to proxmox)
Main services:
- Open Food Facts server main nginx (distribution install)
- all Product Opener instances: Open Food Facts / Open Products Facts / etc.
It also contains secondary services like https://cestemballepresdechezvous.fr/
Located at free.org
Currently installed in bare-metal mode with debian. (migration to come to proxmox)
Main services:
- Main MongoDB instance supporting all product data for product opener instances on off1
Located at ovh Strasbourg (sbg3)
Uses proxmox
Part of proxmox cluster.
Contains lots of small services, as proxmox containers:
Located at ovh Roubaix (rbx8)
Part of proxmox cluster.
Contains two big QEMU VMs hosting lots of docker services. One for staging, one for production. See Docker architecture
Located at ovh Roubaix (rbx7)
It's a storage server, which mainly contains:
- replication of all production data: images, products, etc.
- a nginx to serve images (and some static resources as fallback)
- some zfs volumes for ovh1 and ovh2 services