Infrastructureď
Domainsď
nextstrain.org, next.nextstrain.org, and dev.nextstrain.org are hosted on Heroku.
data.nextstrain.org is an AWS CloudFronted S3 bucket, nextstrain-data
.
staging.nextstrain.org is an AWS CloudFronted S3 bucket, nextstrain-staging
.
login.nextstrain.org is used by our AWS Cognito user pool.
clades.nextstrain.org is used by Nextclade.
docs.nextstrain.org is a documentation site with the Nextstrain Read the Docs project and sub-projects.
support.nextstrain.org is an email ticketing system powered by Zoho Desk.
discussion.nextstrain.org is a discussion forum powered by Discourse.
Herokuď
We use a Heroku pipeline named nextstrain-server
to manage multiple related apps.
The production app serving nextstrain.org is nextstrain-server
.
The canary app serving next.nextstrain.org is nextstrain-canary
.
Deploys of master
to the canary app happen automatically after GitHub Actions CI tests are successful.
Deploys to the production app are performed by manually promoting the canaryâs current release to production (see also more about promoting below).
Environment (or config) variablesď
NODE_ENV
is used to condition behaviour between production and non-production environments, following the widely-used convention set by Express. Its value affects not just the explicit conditionals in this repo but also Express and other layers in our dependencies. All our Heroku apps run underNODE_ENV=production
.SESSION_SECRET
must be set to a long, securely generated string. It protects the session data stored in browser cookies. Changing this will invalidate all existing sessions and forcibly logout people.SESSION_ENCRYPTION_KEYS
must be set to a URL query param string encoding pairs of key names and base64-encoded key material. These keys protect sensitive data in the session (such as authn tokens) when session data is âat restâ (such as in Redis). You may prepend new keys to use for new sessions (i.e. key rotation) but do not drop old keys or old sessions will be unusable and people will be forcibly logged out. Keys must be 256 bits in length.SESSION_COOKIE_DOMAIN
is set when necessary to allow sharing of session cookies between parent and subdomains, e.g. nextstrain.org and next.nextstrain.org.AWS_ACCESS_KEY_ID
andAWS_SECRET_ACCESS_KEY
are tied to thenextstrain.org
AWS IAM user. These credentials allow the backend web server limited access to private S3 buckets.AWS_REGION
should be set to the region containing S3 buckets. This isus-east-1
for production and testing.REDIS_URL
is provided by the Heroku Redis add-on. It should not be modified directly. Our authentication handlers rewrite it at server start to use a secure TLS connection.FETCH_CACHE
is not currently used, but can be set to change the location of the on-disk cache used by (some) serverfetch()
-es. The default location is/tmp/fetch-cache
.PAPERTRAIL_API_TOKEN
is used for logging through papertrail.GITHUB_TOKEN
is used to make authenticated requests to the GitHub API so that we get increased rate limits and can download workflow artifacts. The token should be a fine-grained personal access token with public access only, i.e. no specific respositories or permissions granted. If not provided, requests to the GitHub API are unauthenticated. The token we use in production is associated with thenextstrain-bot
GitHub user.CANARY_ORIGIN
is the origin of a canary deployment to redirect to for users who are opted-in to thecanary
flag (the!flags/canary
Cognito group). Redirection does not happen if this variable is not defined or if the requestâs origin already matches this variableâs value. In production we set this tohttps://next.nextstrain.org
.CONFIG_FILE
is the path to a JSON file defining the defaults for the required variables below. If not provided, the checked-in filesenv/production/config.json
andenv/testing/config.json
are used (depending on the value ofNODE_ENV
).USE_PREBUILT_STATIC_SITE
is useful for development purposes and allows you to run the static site (sometimes referred to as the âfrontendâ or the âNext.js siteâ) using pre-built assets, which is how it behaves in production mode. In the absence of this variable theNODE_ENV
is used to decide whether to use pre-built assets (âproduction modeâ) or compile assets as requested (âdevelopment modeâ). IfNODE_ENV="production"
thenUSE_PREBUILT_STATIC_SITE
has no effect. (P.S. to use prebuilt assets they must first be built, typically vianpm run build
.)DEBUG
controls debug-level logging output from our own codebase as well as many of our deps (e.g. Express and its related packages). As examples, to see the output from our own code, setDEBUG=nextstrain:*
; to also see the output from thecompression
module, setDEBUG=nextstrain:*,compression
. Refer to thedebug
module documentation for more information.
Several variables are required but obtain defaults from a config file (e.g. env/production/config.json
):
COGNITO_USER_POOL_ID
must be set to the id of the Cognito user pool to use for authentication.OIDC_IDP_URL
must be set to the URL of the Cognito user poolâs IdP endpoint. This is something likehttps://cognito-idp.{REGION}.amazonaws.com/{REGION}_{ID}
.OAUTH2_CLIENT_ID
must be set to the OAuth2 client id for the nextstrain.org client registered with the Cognito user pool.OAUTH2_CLI_CLIENT_ID
must be set to the OAuth2 client id for the Nextstrain CLI client registered with the Cognito user pool.OAUTH2_LOGOUT_URL
overrides any value discovered via IdP metadata. For Cognito, which doesnât provide a value via metadata, this must be set to the logout URL of the Cognito user poolâs hosted UI. In production, this ishttps://login.nextstrain.org/logout
. In development and testing, this would be something likehttps://nextstrain-testing.auth.us-east-1.amazoncognito.com/logout
.OIDC_USERNAME_CLAIM
must be set to the field in the id token claims which contains the username for a user. For Cognito, this iscognito:username
.OIDC_GROUPS_CLAIM
must be set to the field in the id token claims which contains the list of group names for a user. For Cognito, this iscognito:groups
.GROUPS_DATA_FILE
is the path to a JSON file defining the known Groups. Our config files point to the checked-in filesenv/production/groups.json
andenv/testing/groups.json
.
Variables in the environment override defaults from the config file.
Redis add-onď
See redis.md.
Logsď
Server logs are available via the papertrail web app (requires heroku login).
The dev server does not have papertrail enabled, but logs may be viewed using the heroku CLI via heroku logs --app=nextstrain-dev --tail
.
Development serverď
A testing app, nextstrain-dev
, is also used, available at dev.nextstrain.org.
Deploys to it are manual, via the dashboard or git pushes to the Heroku remote, e.g. git push -f heroku-dev <branch>:master
, where the heroku-dev
remote is https://git.heroku.com/nextstrain-dev.git.
Note that the dev server runs in production mode (NODE_ENV=production
), and also uses the nextstrain.org
AWS IAM user.
Review appsď
We use Heroku Review Apps to create ephemeral apps for PRs to the GitHub repo. These are automatically created for PRs submitted by Nextstrain team members. To recreate an inactivated app, or create one for a PR from a fork, you can use the heroku dashboard. (Make sure to review code for security purposes before creating such an app.)
It is not currently possible to login/logout of these apps due to our AWS Cognito setup; thus private datasets cannot be accessed.
Promoting changesď
Promoting changes from canary to production can be done freely at any time, however itâs worth reviewing the changes youâre promoting to make sure they are what you expect them to be.
To inspect the differences between canary (next.nextstrain.org) and production (nextstrain.org), login to Heroku and click ânextstrain-serverâ, find ânextstrain-canaryâ, click âPromote to productionâ (this just opens a popup), and âCompare on GitHubâ.
We have a linear deploy path from git â canary â production, so if your commit Y in git comes after commit X, then deploying/promoting commit Y also deploys/promotes commit X.
(Any out-of-order alternatives, though possible, are considered unnecessary complication for our team for now.)
If youâre promoting someone elseâs prior changes along with your own, it doesnât hurt to give a heads up in the #nextstrain-dev
channel.
That said, if someone leaves changes lying around on the canary for any length of time, that someone should expect the changes might be promoted to prod by someone else.
So if you donât want that for your own changes, then make sure to promote them yourself sooner than later or ask folks to hold off while you let your changes bake off for a bit.
Itâs worth noting that it is possible to promote previous releases to the canary to prod using the Heroku API (and maybe CLI?) but not the web UI. This might be useful if there are some lower stakes prior changes you want to promote before some higher stakes later changes but you didnât get a chance to before the latter deployed to the canary.
Rolling back deploymentsď
In case of issues with a deployment, Heroku allows us to immediately return to a previous version using rollbacks, which take only several seconds to take effect.
Normal Heroku deployments, performed by our GitHub Actions CI workflow, take about 6 minutes, and so, for time-sensitive issues, âfailing forwardâ with a reversion in Git and new deploy, if appropriate, should be done after a rollback.
Rollbacks can be performed via the Heroku dashboard or with heroku rollback --app=nextstrain-server vX
, where X is the version number (available via heroku releases --app=nextstrain-server
).
AWSď
All resources are in the us-east-1
region.
If you donât see them in the AWS Console, make sure to check the region youâre looking at.
S3 bucketsď
nextstrain-dataď
Public.
CloudFronted.
Contains JSONs for our core builds, as well as the nextstrain.yml
conda environment definition.
Fetches by the server happen over unauthenticated HTTP.
nextstrain-stagingď
Public. CloudFronted. Contains JSONs for staging copies of our core builds. Fetches by the server happen over unauthenticated HTTP.
nextstrain-groupsď
Private. Contains data for all groups. Fetches by the server happen via the S3 HTTP API using signed URLs.
EC2 instancesď
rethink.nextstrain.org hosts the labâs fauna instance, used to maintain data for the core builds.
Ephemeral instances are automatically managed by AWS Batch for nextstrain build --aws-batch
jobs.
Cognitoď
A user pool called nextstrain.org
provides authentication for Nextstrain logins.
Cognito is integrated with the nextstrain.org server using the OAuth2 support from PassportJS in our authn/index.js
file.
We donât use Cognitoâs identity pools.
DNSď
Nameservers for the nextstrain.org zone are hosted by DNSimple.
GitHubď
nextstrain/nextstrain.org is the GitHub repo for the Nextstrain website.
Core and staging narratives are sourced from the nextstrain/narratives repo (the master
and staging
branches, respectively).
CIď
CI tests and deployments are run via GitHub Actions using our CI workflow.
Any push or PR will trigger CI tests.
Pushes to the master
branch will trigger a CI deployment after tests pass.