Tech 101: How To Run Metabase On An EC2 Instance

In business or data study, it is expedient that users and engineers find the best way to study the stored data and one of the most efficient tool is Metabase. Metabase is an open-source business intelligence tool that lets users ask questions about the data, and displays answers in formats that make sense — it could bar graph, tables, histogram and any other preferred pictorial/graphical format. It is also possible to group the recent questions, store them and refer to them when necessary. The dashboards for the data visualizations could be shared with the teammates in any organization. So if you're looking rightly visualize your data from your database then Metabase is your option.

In this article, we will be looking through some steps on how to host Metabase on an EC2 Instance and possible attach a sub-domain to the IP address so it can be accessed through a URL instead of the IP address of the EC2 Instance. Enough of the theoretical banter, let's get our hands a bit in the dirt.

Prerequisites

  1. Security Groups with inbound rules that allow 3000 and outbound rules for “all” has been set up.
  2. Key Pairs should have been sorted.
  3. Subnets already set up.
  4. AWS account.

Inbound Rules

  • HTTP TCP 80 0.0.0.0/0
  • SSH TCP 22 0.0.0.0/0
  • RDP TCP 3389 0.0.0.0/0
  • HTTPS TCP 443 0.0.0.0/0
  • HTTPS TCP 443::/0

Outbound Rules

  • All traffic All All 0.0.0.0/0

Steps

  • Give a name to the instance for easy identification and best practice (optional)
  • SSH into the EC2 Instance from your local machine. Well, depending on your operating system, you could look up this documentation and do the right thing. From my Linux Ubuntu machine, I can ssh to my EC2 instance using the following structure:
$ ssh -i “name of key pair” ec2-user@Public IPv4 DNS

You must ensure the key pair is in the directory with which you are running this command so it can reference without hassles. In my case, the following is the result:

  • Install Nginx by the steps here confirm its running status using this command
$ service nginx status
  • Get into the Nginx directory and create two files file named sites-enabled and sites-available then perform other actions as shown below:
  • Nano into the Nginx.conf file with the following command
$ sudo nano nginx.conf

Then fill in the nano file with the following configuration:

user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main ‘$remote_addr — $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘“$http_user_agent” “$http_x_forwarded_for”’;
access_log /var/log/nginx/access.log main;
sendfile off;
#tcp_nopush on;
keepalive_timeout 65;
server_tokens off;
#gzip on;
#include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
server_names_hash_bucket_size 64;
}
  • Get into the “sites-available” directory and create a configuration file that corresponds to the site to be created, following this syntax;
sudo nano subdomain-name.com.conf

Then fill in with the following syntax

server{
# listen 443 ssl;
# listen [::]:443 ssl;
#ssl_certificate /applications/ssl/subdomain-name.chained.crt;
#ssl_certificate_key /applications/ssl/subdomain-name.com.key;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!MD5;
server_name sub-domain.com www.sub-domain.com;access_log /var/log/nginx/subdomain-name.com.access.log;
error_log /var/log/nginx/subdomain-name.com.error.log;
location / {
proxy_pass http://localhost:3000/ ;
proxy_set_header Host $host;
#include /etc/nginx/proxy_params;
}
# if ($scheme != “https”) {
# return 301 https://$host$request_uri;
# }

The configuration is not complete yet because we must redirect it to a preferred URL and make it accessible on HTTPS for the display of a secured connection with respect to best practices.

  • Still, in the same directory, create a symlink between sites-enabled and sites-available so changes in sites-available files would replicate in the site-enabled folder. Do this by running this command
$ sudo ln -s ../sites-enabled/*.conf .
  • Install certbot to be able to run SSL certificates, generate some changes to your subdomain.com.conf file so the Metabase is accessible through HTTPS and required subdomain as well. Certbot deletes the need to create an SSL certificate from AWS or any paid platform; with certbot, it can be generated for free and be renewed every three months. Check other details about certbot in their documentation here so you know exactly what commands to use depending on your operating system. Now for me here, I ran the following commands:

Note that before installing Certbot, ensure that Nginx is stooped with the command below:

$ sudo service nginx stop

Then continue thus:

$ sudo amazon-linux-extras install epel -y$ sudo yum-config-manager — enable epel$ sudo service nginx stopsudo yum update -y$ sudo yum install -y certbot python2-certbot-nginx$ sudo certbot -v
  • Configure your subdomain-name to point to the IP address of the EC2 Instance. You can do this on Route 53 if you use AWS or any other domain registrars out there like Cloudflare and the rest. As you follow each step, you will be asked to verify the processes with your email address and some other verifications. Lastly, you will need to choose the preferred subdomain-name that is being listed for routing.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): admin@yourdomain.com

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: Y

Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for yourdomian.com
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
Deploying Certificate for yourdomain.com to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf

-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://subdomain-name.com
  • Also, you must know that Certbot expires after three months so you can set up a cronjob to make it renew itself automatically after the required time has elapsed. It is done using the following command:
crontab -e

and then add the following:

0 0 1 * * /usr/bin/letsencrypt renew >> /var/log/letsencrypt-renew.log

Save the file and close it. Restart the cron service so the changes can take effect:

service cron restart
  • After all, these have been done, for Metabase to be accessible, it must be running on the EC2 Instance and that is done using the following command:
java -jar metabase.jar

Now, from here it is possible to access Metabase via your subdomain-name but assuming the local machine goes down or there is some sort of internet outage, then Metabase is down so avoid this and allow continuous running, use the following command while still ssh in the instance.

sudo java -jar metabase.jar &

The ‘&’ is a bash script command used to run a process under the subshell and it's not dependent on local machine status but solely on the instance LIVE or DEAD status. (Optional) In case you have some running error, confirm that your ports are free.

  • Access your site as required and use this documentation to set everything up. You should have this homepage:

Well, at this point, I’d say congratulations to you, you just deployed Metabase on an EC2 Instance and routed it to your preferred URL. Now, remember, this article is not only for experts in the software space, even newbies could hop in and learn a lot and that is why I try to make everything clear both in layman and professional terms, so if you have any questions, shoot or you can also reach out to me on Twitter or find me on Github.

Thanks for reading ❤️

Please leave a comment if you have any thoughts about the topic — I am open to learning and knowledge explorations.

I can imagine how helpful this post has been, do leave a clap 👏 below a few times to show your support for the author!

A writer for Cloud and DevOps with a sprinkle of other interesting software concepts.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store