Nginx Certbot Reverse Proxy Docker-Compose deployment

AWS EC2 Deployment.md

Create an instance of an EC2 Server

• Go the AWS, then Services, then EC2.
• Click Launch Instance
• Choose an Amazon Machine Image (AMI):
• • Select Ubuntu
• Choose an Instance Type:
• • (Take the default General Purpose t2.micro that is free tier eligible)
• • Click Review and Launch

Connect to the new instance

• After the instance is ready, click Connect
• Either generate or select a public/private key pair:
• • Put them both inside a .ssh folder located where your project root is.
• Go to the local .ssh folder where you put the private key and...
  • • Make a public key:
  • • ssh-keygen -y -f <privateKey.pem> > <newPubKey>.pub
  • • Make the private key not publically viewable:
  • • chmod 400 <privateKey.pem>
  • • Connect to the server:
    • • The public DNS would be something like ec2-54-245-198-14.us-west-2.compute.amazonaws.com
  • • ssh -i "<privateKey.pem>" ubuntu@<public DNS>

GETTING ON YOUR SERVER

ssh ubuntu@{ip}
Enter yes to prompt

CREATE USER

sudo adduser {username} and follow prompts

SET SSH KEY FOR NEW USER

sudo mkdir /home/{username}/.ssh
cd /home/{username}/.ssh
sudo touch authorized_keys
sudo vim authorized_keys
Paste your .ssh/id_rsa.pub key from your laptop into this file
Hit ESC to leave editor mode and into the operations mode. :wq to save & quit vim
cd .. to leave .ssh folder
sudo chown -R {username}:{username} .ssh
exit

SMOKE TEST NEW ACCOUNT

ssh {username}@{ip}
exit

MAKE NEW ACCOUNT A SUDOER

ssh root@{ip} // Get back in as root
sudo usermod -aG sudo {username}
su - {username} // switch to new account
sudo ls -lah /root // smoke test sudo capabilities

RE-ENTER AS NEW ACCOUNT

exit
exit
ssh {username}@{ip}

Install Docker:

• https://docs.docker.com/install/linux/docker-ce/ubuntu/#os-requirements

Add docker to sudo group:

• sudo usermod -aG docker ubuntu
• exit
• log back into ec2 instance
• id -nG
• Smoke test: docker ps

Install Docker-Compose:

• https://docs.docker.com/compose/install/#install-compose
• Smoke test: docker-compose --version

GENERATE SSH KEY (ONLY IF GOING WITH A DEPLOY KEY)

ssh-keygen -t rsa -b 4096 -C “{email}” // just stick with defaults
cat /home/{username}/.ssh/id_rsa.pub // smoke test new key

Clone down your GH Repository, CD into it and:

• docker-compose up --build -d
• Smoke test: curl localhost:{port}

NGINX

• sudo apt install nginx
• Smoke test: sudo systemctl status nginx

cd /etc/nginx/sites-available
sudo touch {name}
sudo vim {name}

Paste in this:

server {
  listen 80;

  server_name {url};

  client_max_body_size 100m;
  client_body_timeout 120s; # Default is 60, May need to be increased for very large uploads

  location / {
      proxy_pass http://localhost:{PORT};
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection 'upgrade';
      proxy_set_header Host $host;
      proxy_cache_bypass $http_upgrade;
  }
}

sudo cp {name} ../sites-enabled/
sudo nginx -t // smoke test the new config file we made
sudo service nginx reload
Smoke test by going to your {ip}

SSL Certs with Lets Encrypt

(Before getting SSL certs you need to point your domain name to EC2 instance) Install Certbot:

• sudo add-apt-repository ppa:certbot/certbot
• sudo apt-get install python-certbot-nginx
• Make sure to open up port 80 in AWS Security Group
• sudo certbot --nginx -d {url} Yes for redirect
• sudo systemctl restart nginx

UFW Firewall Hardening:

• sudo ufw status
• sudo ufw allow 'Nginx Full'
• sudo ufw status

Installing Node

• curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.34.0/install.sh | bash
• source .bashrc
• nvm install --lts

Use ssh to clone to ec2

• git clone <github url>

Open the incoming port that you want to use by going to:

• Click on Security Groups: launch-wizard-5 (at bottom of ec2 dashboard)
• add the incoming port