Skip to content

Instantly share code, notes, and snippets.

@lorecrafting

lorecrafting/AWS Deployment.md

Last active February 15, 2019 08:41
Show Gist options
  • Save lorecrafting/489c34502724d47d84d258b39d724121 to your computer and use it in GitHub Desktop.
Save lorecrafting/489c34502724d47d84d258b39d724121 to your computer and use it in GitHub Desktop.
Download ZIP
Nginx Certbot Reverse Proxy Docker-Compose deployment
Raw
AWS Deployment.md

GETTING ON YOUR SERVER

ssh ubuntu@{ip}
Enter yes to prompt

CREATE USER

sudo adduser {username} and follow prompts

SET SSH KEY FOR NEW USER

sudo mkdir /home/{username}/.ssh
cd /home/{username}/.ssh
sudo touch authorized_keys
sudo vim authorized_keys
Paste your .ssh/id_rsa.pub key from your laptop into this file
:wq to leave vim
cd .. to leave .ssh folder
sudo chown -R {username}:{username} .ssh
exit

SMOKE TEST NEW ACCOUNT

ssh {username}@{ip}
exit

MAKE NEW ACCOUNT A SUDOER

ssh root@{ip} // Get back in as root
sudo usermod -aG sudo {username}
su - {username} // switch to new account
sudo ls -lah /root // smoke test sudo capabilities

RE-ENTER AS NEW ACCOUNT

exit
exit
ssh {username}@{ip}

Install Docker:

  • https://docs.docker.com/install/linux/docker-ce/ubuntu/#os-requirements

Add docker to sudo group:

  • sudo usermod -aG docker ubuntu
  • exit
  • log back into ec2 instance
  • id -nG
  • Smoke test: docker ps

Install Docker-Compose:

  • https://docs.docker.com/compose/install/#install-compose
  • Smoke test: docker-compose --version

GENERATE SSH KEY (ONLY IF GOING WITH A DEPLOY KEY)

ssh-keygen -t rsa -b 4096 -C “{email}” // just stick with defaults
cat /home/{username}/.ssh/id_rsa.pub // smoke test new key

Clone down your GH Repository, CD into it and:

  • docker-compose up --build -d
  • Smoke test: curl localhost:{port}

NGINX

  • sudo apt install nginx
  • Smoke test: sudo systemctl status nginx

cd /etc/nginx/sites-available
sudo touch {name}
sudo vim {name}

Paste in this:

server {
  listen 80;

  server_name {url};

  client_max_body_size 100m;
  client_body_timeout 120s; # Default is 60, May need to be increased for very large uploads

  location / {
      proxy_pass http://localhost:{PORT};
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection 'upgrade';
      proxy_set_header Host $host;
      proxy_cache_bypass $http_upgrade;
  }
}

sudo cp {name} ../sites-enabled/
sudo nginx -t // smoke test the new config file we made
sudo service nginx reload
Smoke test by going to your {ip}

SSL Certs with Lets Encrypt

(Before getting SSL certs you need to point your domain name to EC2 instance) Install Certbot:

  • sudo add-apt-repository ppa:certbot/certbot
  • sudo apt-get install python-certbot-nginx
  • Make sure to open up port 80 in AWS Security Group
  • sudo certbot --nginx -d {url} Yes for redirect
  • sudo systemctl restart nginx

UFW Firewall Hardening:

  • sudo ufw status
  • sudo ufw allow 'Nginx Full'
  • sudo ufw status

Installing Node

  • curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.34.0/install.sh | bash
  • source .bashrc
  • nvm install --lts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment