Author: Nabeel Ahmed
Last Updated: Thu, Dec 23, 2021ArangoDB is an open-source NoSQL database used in modern web applications, which supports models for document, graph, and key-value data. It's managed through a web or command-line interface and uses a declarative query language called AQL (ArangoDB Query Language).
Deploy a new Ubuntu 20.04 Vultr cloud server.
Set up a non-root user with sudo privileges.
Verify your server is up to date.
Import repository key.
$ curl -fsSL https://download.arangodb.com/arangodb38/DEBIAN/Release.key | sudo apt-key add -
Update the sources list.
$ echo 'deb https://download.arangodb.com/arangodb38/DEBIAN/ /' | sudo tee /etc/apt/sources.list.d/arangodb.list
$ sudo apt-get update
Install ArangoDB.
$ sudo apt-get install arangodb3
Verify the installation was successful.
$ arangod --version
server-version: 3.8.x
Start ArangoDB.
$ sudo systemctl start arangodb3
Monitor the database with status.
$ sudo systemctl status arangodb3
Hardening will make blocking unauthorized use of endpoints more strict.
To edit database server settings, navigate and edit the arangod.conf file.
$ sudo nano /etc/arangodb3/arangod.conf
Under the [server] section, append the following text if it's not already there.
harden = true
Under the [javascript] section, append the following text.
harden = true
Restart the database to take effect.
$ sudo systemctl restart arangodb3
Verify changes were successful by checking for errors in status.
$ sudo systemctl status arangodb3
To access ArangoDB through the command line, use the arangosh command.
$ arangosh
This is meant for development or internal network purposes only. For production applications, continue down the doc for configuring the server through a reverse proxy.
By default, the ArangoDB web interface is only available locally.
To make the server available on the internet, navigate and edit the arangod.conf file.
$ sudo nano /etc/arangodb3/arangod.conf
Under the [server] section, replace the endpoint URL with your server's IP. For example:
endpoint = tcp://192.0.2.123:8529
Restart the server.
$ sudo systemctl restart arangodb3
Verify changes were successful by checking for errors in status.
$ sudo systemctl status arangodb3
Navigate to your server's IP address at port 8529 in a web browser.
http://192.0.2.123:8529/
For a production application, it is better to host the database locally and access it through a reverse proxy. This makes it easier to manage multiple services, enforce rate-limiting, SSL, and IP-filtering.
Install Nginx.
$ sudo apt-get install nginx
Delete default Nginx server block.
$ sudo rm /etc/nginx/sites-enabled/default
Create a new Nginx server block.
$ sudo nano /etc/nginx/sites-enabled/arangodb.conf
Add the following text to the file.
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;
server {
listen 80; # Listen on ArangoDB port.
listen [::]:80; # ipv6 support.
server_name _;
location / {
limit_req zone=mylimit burst=20 nodelay; # Basic Rate limiting at 10 requests/sec.
proxy_pass http://127.0.0.1:8529;
}
}
Adjust the rate-limiting rates and zones according to your application and needs.
Restart Nginx for changes to take effect.
$ sudo systemctl restart nginx
Navigate to your server's IP address in a web browser.
http://192.0.2.123/
You should see the ArangoDB web interface login menu. As a test, try refreshing the page in rapid succession. Soon, the webpage should respond with a 503 HTTP error, which would indicate a successful rate-limited request.
For more information, refer to the official ArangoDB documentation.