diff --git a/website/content/docs/configuration/controller.mdx b/website/content/docs/configuration/controller.mdx index 04bec30e9c..244ef0d603 100644 --- a/website/content/docs/configuration/controller.mdx +++ b/website/content/docs/configuration/controller.mdx @@ -26,8 +26,8 @@ controller { - `database` - Configuration block with two valid parameters for connecting to Postgres: - `url` - Configures the URL for connecting to Postgres - - `migration_url` - Can be used to specify a different URL for the migrations, as that - usually requires higher priviledges. + - `migration_url` - Can be used to specify a different URL for the migrations, as that + usually requires higher privileges. Either can refer to a file on disk (file://) from which a URL will be read; an env var (env://) from which the URL will be read; or a direct database URL (postgres://). @@ -76,7 +76,7 @@ listener "tcp" { # The purpose of this listener purpose = "cluster" - tls_disable = false + tls_disable = false proxy_protocol_behavior = "allow_authorized" proxy_protocol_authorized_addrs = "127.0.0.1" } diff --git a/website/content/docs/configuration/worker.mdx b/website/content/docs/configuration/worker.mdx index c9613faa59..a0365a23ab 100644 --- a/website/content/docs/configuration/worker.mdx +++ b/website/content/docs/configuration/worker.mdx @@ -22,7 +22,7 @@ worker { - `description` - Specifies a friendly description of this worker. -- `public_addr` - Specifies the public IP address for the worker to be reached on. This is useful for cloud environemnts that do not bind a publically accessible IP to a NIC on the host directly, such as an Amazon EIP. +- `public_addr` - Specifies the public IP address for the worker to be reached on. This is useful for cloud environments that do not bind a publicly accessible IP to a NIC on the host directly, such as an Amazon EIP. - `controllers` - A list of IP addresses for reaching controllers on port :9202. diff --git a/website/content/docs/installing/high-availability.mdx b/website/content/docs/installing/high-availability.mdx index de759a6c8a..30d0291951 100644 --- a/website/content/docs/installing/high-availability.mdx +++ b/website/content/docs/installing/high-availability.mdx @@ -8,15 +8,15 @@ description: |- # High Availability Installation -Installing Boundary as a high availability service requires certain infrastructure considerations. At the most basic level, running 3 controller and worker instances gives a fundamental level of high availability for the control plane (controller), as well as bandwidth for number of sessions on the data plane (worker). Both server types should be run in a fault-tolerant setting, that is, in a self-healing environment such as an auto-scaling group. The documentation here does not cover self-healing infrastructure and assumes the operator has their preferred scheduling methods for these environments. +Installing Boundary as a high availability service requires certain infrastructure considerations. At the most basic level, running 3 controller and 3 worker instances gives a fundamental level of high availability for the control plane (controller), as well as bandwidth for a number of sessions on the data plane (worker). Both server types should be run in a fault-tolerant setting, that is, in a self-healing environment such as an auto-scaling group. The documentation here does not cover self-healing infrastructure and assumes the operator has their preferred scheduling methods for these environments. ## Network Requirements The following ports should be available: -- Client must have access to the Controller's port (default 9200) -- Client must have access to the Worker's port (defaults 9202) -- Worker must have access to the Controller's port (default 9201) +- Clients must have access to the Controller's port (default 9200) +- Clients must have access to the Worker's port (defaults 9202) +- Workers must have access to the Controller's port (default 9201) - Workers must have a route and port access to the targets which they service ## Architecture @@ -37,7 +37,7 @@ Boundary requires an external [Postgres](https://www.postgresql.org/) and [KMS]( ### API and Console Load Balancer -Load balancing the controller allows operators to secure the ingress to the Boundary system. We recommend placing all Boundary server's in private networks and using load balancing tecniques to expose services such as the API and administrative console to public networks. In the high availability architecture, we recommend load balancing using a layer 7 load balancer and further constraining ingress to that load balancer with layer 4 constraints such as [security groups](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html) or [IP tables](https://wiki.archlinux.org/index.php/Iptables). +Load balancing the controller allows operators to secure the ingress to the Boundary system. We recommend placing all Boundary server's in private networks and using load balancing techniques to expose services such as the API and administrative console to public networks. In the high availability architecture, we recommend load balancing using a layer 7 load balancer and further constraining ingress to that load balancer with layer 4 constraints such as [security groups](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html) or [IP tables](https://wiki.archlinux.org/index.php/Iptables). For general configuration, we recommend the following: diff --git a/website/content/docs/installing/postgres.mdx b/website/content/docs/installing/postgres.mdx index cd2e5cb31a..4a8838c4f0 100644 --- a/website/content/docs/installing/postgres.mdx +++ b/website/content/docs/installing/postgres.mdx @@ -1,9 +1,9 @@ --- layout: docs -page_title: Postgres Installation +page_title: Postgres Installation sidebar_title: Postgres Install description: |- - Postgres configuration for Boundary + Postgres configuration for Boundary --- # Postgres Configuration @@ -12,8 +12,8 @@ This section covers Postgres-specific installation requirements. ## Version -Boundary prefers Postgres 11x or greater. +Boundary prefers Postgres 11x or greater. -## Network +## Network -In non-HA configurations, Boundary serverss must be able to reach Postgres. If you're running in [high availability](/docs/installing/high-availability), then the controllers, and not workers, need access to the Postgres server infrastructure. +In non-HA configurations, Boundary servers must be able to reach Postgres. If you're running in [high availability](/docs/installing/high-availability), then the controllers, and not workers, need access to the Postgres server infrastructure.