Setting up Jebrains Upsource on AWS

upsource-aws-setup.md

Installing and configuring Upsource on AWS with SSL

Upsource is a tool that brings Jetbrains IDE's code insights to code reviews. Upsource's integration with Jetbrains IDEs and GitHub are some of the most attractive features for us at VideoBlocks since we're heavy users of them both. We currently have over 50 private repos and use IntelliJ, PHPStorm and WebStorm to build our core products. All of our infrastructure is hosted on AWS now, so I decided to get this up and running there for quick evaluation.

Launch an EC2 Instance

This step is straight forward and there are already some good resources for setting up an EC2 instance. I won't go into detail here, but I chose an Ubuntu AMI at a size of M3.large (which is the minimum instance size Jetbrains recommends). We're configuring our security group with the standard HTTP ports (80 and 443) and exposing the standard SSH port 22.

Install Java

Upsource needs Java8 to run. I decided to go with the Oracle JRE. Digital Ocean has great instructions for working through this. Below is the TL;DR version

Download the JRE

Get the latest java 1.8 from Oracle

Install the JRE

For this step a have 2 terminals open: one connected to the EC2 instance via ssh and the other for the local filesystem.

In the EC2 instance

sudo mkdir –p /usr/local/java

Then copy the JRE to your EC2 instance

scp -i ~/.ssh/your.pem /path/to/jre.tar.gz ubuntu@ec2.ip.address:/usr/local/java

Back in EC2 land:

sudo cp jre1.8.0_91.tar.gz /usr/local/java/
cd /usr/local/java
sudo chmod a+x jre1.8.0_91.tar.gz
sudo tar xvzf jre1.8.0_91.tar.gz
sudo update-alternatives --install /usr/bin/java java /usr/local/java/jre1.8.0_91/bin/java 100

Setup environment variables

Jetbrains recommends adding these to your environment.

Open /etc/profile and add the variable initializations at the bottom of the file.

JRE_HOME=/usr/local/java/jre1.8.0_25

PATH=$PATH:${JRE_HOME}/bin
export JRE_HOME
export PATH

Install nginx

We try to serve all of our web applications behind ssl. So, we're installing nginx to provide a reverse proxy that will secure the HTTP traffic to Upsource.

First, install nginx:

sudo apt-get update
sudo apt-get install -y nginx

SSL Certs

Next, you'll want to find your ssl certificates. We had a wildcard cert laying around that we use for non-prod environments so I didn't need to create one. But, if you need one then I highly recommend Let's Encrypt as a simple and free certificate authority.

Nginx Configuration

Next, you'll want to edit the default nginx configuration and paste in the contents below.

sudo vim /etc/nginx/sites-enabled/default

server {
  # only allow https!
  listen 80;
  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl;
  ssl_certificate /etc/nginx/your.crt;
  ssl_certificate_key /etc/nginx/your.key;
  server_name  localhost;
  location  / {
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_http_version 1.1;

    # to proxy WebSockets in nginx
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_pass http://localhost:1111/;
  }
}

One important thing to call out here is the port in http://localhost:1111. You can choose any reasonable port but just note it as we'll use that for Upsource's port later.

Here's some good resource for ssl certificates and nginx ssl configuration

Restart nginx

sudo service nginx restart

Setup a public DNS

This step is optional as AWS already gives you a public DNS. Though, they are ugly as hell (e.g. ec2-52-23-233-29.compute-1.amazonaws.com). We have our dev root domain managed in Route53, so adding a new subdomain for Upsource was really painless. You just need an A record that points to your EC2 instance's IP address.

Configure and start Upsource

All right! Now we're nearly there. Go ahead and download Upsource and copy it to your EC2 instance.

scp -i ~/.ssh/your.pem upsource.zip ubuntu@ip.address:/usr/local/upsource/

cd /usr/local/upsource
unzip /usr/local/upsource/upsource.zip

Jetbrains recommends setting up some limits on linux boxes.

update /etc/security/limits.conf

*               -       memlock         unlimited
*               -       nofile          100000
*               -       nproc           32768
*               -       as              unlimited

Configure host and port

cd /usr/local/upsource
sudo bin/upsource.sh configure --listen-port 1111 --base-url https://public-dns-for-ec2-instance/
sudo bin/upsource.sh start

remember to use the same port as in your nginx configuration

And you're done! Now you should see the login screen after the initialization steps. The default username and password is admin:admin.

Setup mail

You may want to setup mail to get updates too. Again, Digital Ocean has a great reference for that as well. You can set this up in the Hub System Settings

sudo apt-get install -y mailutils
# choose internet site and mail name (e.g. public-dns-for-ec2-instance)
sudo vim /etc/postfix/main.cf

mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = localhost

echo "This is the body of the email" | mail -s "This is the subject line" user@example.com

Nice guide. Thanks for your time !

In the nginx section, I had better luck with listen 443 ssl http2; instead of just listen 443 ssl;

Thank you for the great guide!