Skip to Content.
Sympa Menu

comanage-users - Re: [comanage-users] Info about Comanage deployment in HA

Subject: COmanage Users List

List archive

Re: [comanage-users] Info about Comanage deployment in HA

Chronological Thread 
  • From: Scott Koranda <>
  • To: Barbara Monticini <>
  • Cc:
  • Subject: Re: [comanage-users] Info about Comanage deployment in HA
  • Date: Sat, 16 Feb 2019 02:35:20 -0600

Hi Barbara,

I operate the COmanage Registry service for CILogon at

The service is deployed using AWS and Docker Swarm in a HA

Traffic comes in from the internet to a Network Load Balancer "flavor"
of the AWS Elastic Load Balancing (ELB) service. The targets for the ELB
are the Docker Swarm manager nodes which are EC2 instances running
Docker in a Swarm configuration.

Each Docker Swarm manager node runs the reverse proxy/load balancer

Web traffic is consumed by Traefik and then routed to COmanage Registry
containers. The COmanage Registry containers use mod_auth_openidc and
consume OIDC tokens/claims from the CILogon OP for authentication.
Traefik is configured to use sticky sessions so that requests always
route to the same COmanage Registry container.

We leverage the AWS MariaDB "flavor" of Aurora RDS for database HA:

Each Docker Swarm manager node also runs an OpenLDAP slapd daemon in
proxy mode (ldap backend). It proxies LDAP traffic in much the same way
Traefik proxies web traffic, routing traffic as necessary to slapd


Scott K

> I'm going to set up Comanage and want to find some more documents of
> existing deployments which include HA capabilities
> The only document I found is the official page:
> Thanks for any other hints you could share.
> Thank you
> Regards
> Barbara

Archive powered by MHonArc 2.6.19.

Top of Page