Skip to content

Infrastructure overview#

Locations#

We have servers hosted by two providers:

  • free.org is sponsoring us electricity, network and server hosting. We have two servers:
    • off1.openfoodfacts.org
    • off2.openfoodfacts.org
  • OVH foundation sponsors us three bare metal servers:
    • ovh1.openfoodfacts.org - strasbourg (sbg3)- advance-5 server
    • ovh2.openfoodfacts.org - roubaix (rbx8) - advance-5 server
    • ovh3.openfoodfacts.org - roubaix (rbx7) - stor-2 server
  • Moji is also sponsoring us a good server

Network#

web traffic proxies#

  • Most services are hosted on ovh, and pass through an nginx proxy (see proxmox - HTTP Reverse Proxy) hosted on 101 VM on ovh1 which has a bridge with it's own ip.
  • product opener instances (openfoodfacts.org and its cousins) have their own proxy on off1
  • a specific nginx is also set on ovh3 to serve images and some static resources

Stunnel#

We still need to deploy stunnel for clear text tcp services transiting through (also to avoid ip rules)

IP tables#

We limit access to certain services through IP tables rules. Notably:

  • on off2 access to mongodb is filtered by ip to enable access from ovh

We also use IP tables rules to proxy services: Notably:

  • on ovh1 ip tables rules proxy PGM service requests coming from off1 and off2 (we could replace by stunnel)

Servers#

off1#

Located at free.org

Currently installed in bare-metal mode with debian. (migration to come to proxmox)

Main services:

  • Open Food Facts server main nginx (distribution install)
  • all Product Opener instances: Open Food Facts / Open Products Facts / etc.

It also contains secondary services like https://cestemballepresdechezvous.fr/

off2#

Located at free.org

Currently installed in bare-metal mode with debian. (migration to come to proxmox)

Main services:

  • Main MongoDB instance supporting all product data for product opener instances on off1

ovh1#

Located at ovh Strasbourg (sbg3)

Uses proxmox

Part of proxmox cluster.

Contains lots of small services, as proxmox containers:

ovh2#

Located at ovh Roubaix (rbx8)

Part of proxmox cluster.

Contains two big QEMU VMs hosting lots of docker services. One for staging, one for production. See Docker architecture

ovh3#

Located at ovh Roubaix (rbx7)

It's a storage server, which mainly contains:

  • replication of all production data: images, products, etc.
  • a nginx to serve images (and some static resources as fallback)
  • some zfs volumes for ovh1 and ovh2 services

osm45 (moji)#

Located at Moji. See Moji Datacenter

IPV6 only (+ ipv4 internal network)