AWS Deployment Guide
This notebook will guide you step-by-step on how to configure your AWS instance and docker container in order to deploy your backend. Thank you to Samit Poojary, Ethan Tran, Edwin Abraham, Mr. Mortensen and Jeffrey Fonseca for resources and instructions.
- Accessing AWS
- Local Setup
- AWS Setup
- DNS & NGINX Setup
- Certbot Config
- Updating after changing code in Repository
- Congratulations!
Accessing AWS
Server Setup and Initial Deployment
Development Operations (DevOps) begins with server setup.
Amazon Web Services (AWS):Electric Cloud Compute (EC2) Setup- To begin, head to the "Instances" dropdown on AWS and select "Instances."
- From here, a variety of instances will show up. For this project, depending on which teacher you have, select either "NCS.cf Yeung CSP" or "NCS.gq Mort CSP"
FROM docker.io/python:3.10
WORKDIR /
# --- [Install python and pip] ---
RUN apt-get update && apt-get upgrade -y && \
apt-get install -y python3 python3-pip git
COPY . /app
RUN pip install --no-cache-dir -r requirements.txt
RUN pip install gunicorn
ENV GUNICORN_CMD_ARGS="--workers=3 --bind=0.0.0.0:8080"
EXPOSE 8080
CMD [ "gunicorn", "main:app" ]
- Edit your
docker-compose.yml
according to the template below.
version: '3'
services:
web:
image: flask_port_v1 # Change the image name to something unique
build: .
ports:
- "8---:8080" # Edit the number on the left to match the port you chose
volumes:
- ./volumes:/volumes
- ./instance:/instance
restart: unless-stopped
-
Test
docker-compose up
orsudo docker-compose up
in your VSCode terminal (don't forget to 'cd' into the right repo.) -
After it's done building, type in
http://localhost:8---
in your browser (replace '8---' with your port number you've chosen) -
If all runs smoothly, push your changes to Github and continue to AWS setup
AWS Setup
In the AWS terminal;
-
cd ~
-
Clone your backend repo:
git clone github.com/server/project.git my-unique-name
-
Navigate to your repo:
cd my-unique-name
-
Install your requirements:
pip install -r requirements.txt
-
Build your site:
docker-compose up -d --build
-
Test your site:
curl localhost:8---
(replace '8---' with your port number)This should show you all the html content of your site. Double check some things that are unique to your site to ensure your port is accurate and working.
If all runs smooth, continue to DNS & NGINX Setup
DNS & NGINX Setup
Follow Jeffrey's guide to duckdns (public IP can be found below the terminal)
Nginx setup in AWS terminal
-
Navigate to nginx:
cd /etc/nginx/sites-available
-
Create an nginx config file:
sudo nano yourUniqueName
-
Use the format below to write into your config file
server {
listen 80;
listen [::]:80;
server_name -----.duckdns.org; # CHANGE SERVER NAME TO YOUR REGISTERED DOMAIN
location / {
proxy_pass http://localhost:8---; # CHANGE PORT TO YOUR UNIQUE PORT
# Simple requests
if ($request_method ~* “(GET|POST|PUT|DELETE)“) { # Customize Request methods based on your needs
add_header “Access-Control-Allow-Origin” *;
}
# Preflighted requests
if ($request_method = OPTIONS ) {
add_header “Access-Control-Allow-Origin” *;
add_header “Access-Control-Allow-Methods” “GET, POST, PUT, DELETE, OPTIONS, HEAD”; # Make sure the request methods above match here
add_header “Access-Control-Allow-Headers” “Authorization, Origin, X-Requested-With, Content-Type, Accept”;
return 200;
}
}
}
-
To save changes,
ctl X
orcmd X
, theny
, thenenter
-
Create a symbolic link:
cd /etc/nginx/sites-enabled
, thenln -s /etc/nginx/sites-available/yourUniqueName /etc/nginx/sites-enabled
(change yourUniqueName to your nginx config file name) -
Validate by running:
sudo nginx -t
-
Restart nginx by running
sudo systemctl restart nginx
-
Test your domain name in browser now (only http://, not https://)
If all runs smoothly, continue to Certbot config
cd ~
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --nginx
Ideal outcome is shown below
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: coolcodersjava.pw
2: www.coolcodersjava.pw
3: ajarcade.duckdns.org
4: flowhealth.duckdns.org
5: goatedgroup.duckdns.org
6: jasj-inventory.duckdns.org
7: recipies.duckdns.org
8: ssvgcars.duckdns.org
9: userapi.duckdns.org
10: fr0st.ml
11: www.fr0st.ml
12: agenda.nighthawkcodescrums.gq
13: coolcoders.nighthawkcodescrums.gq
14: escaperoom.nighthawkcodescrums.gq
15: frost.nighthawkcodescrums.gq
16: jame.nighthawkcodescrums.gq
17: lawnmowers.nighthawkcodescrums.gq
18: loopholegames.nighthawkcodescrums.gq
19: musicmania.nighthawkcodescrums.gq
20: nba.nighthawkcodescrums.gq
21: sadv.nighthawkcodescrums.gq
22: ssjn.nighthawkcodescrums.gq
23: stocks.nighthawkcodescrums.gq
24: striver.nighthawkcodescrums.gq
25: tngc.nighthawkcodescrums.gq
26: white.nighthawkcodescrums.gq
27: workwatch.nighthawkcodescrums.gq
28: cars.nighthawkcodingsociety.com
29: dolphin.nighthawkcodingsociety.com
30: saakd.nighthawkcodingsociety.com
31: pythonalflask.tk
32: www.pythonalflask.tk
33: teambrobro.tk
34: www.teambrobro.tk
35: teamcheeseatimetime.tk
36: www.teamcheeseatimetime.tk
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): # ENTER YOUR CORRESPONDING NUMBER
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/nighthawkcodingsociety.com-0001.conf)
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for nighthawkcodingsociety.com
http-01 challenge for csa.nighthawkcodingsociety.com
http-01 challenge for cso.nighthawkcodingsociety.com
http-01 challenge for flm.nighthawkcodingsociety.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/nighthawk_society
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/nighthawk_csa
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/nighthawk_csp
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/nighthawk_flm
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Traffic on port 80 already redirecting to ssl in /etc/nginx/sites-enabled/nighthawk_society
Traffic on port 80 already redirecting to ssl in /etc/nginx/sites-enabled/nighthawk_csa
Traffic on port 80 already redirecting to ssl in /etc/nginx/sites-enabled/nighthawk_csp
Traffic on port 80 already redirecting to ssl in /etc/nginx/sites-enabled/nighthawk_flm
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Your existing certificate has been successfully renewed, and the new certificate
has been installed.
The new certificate covers the following domains:
https://nighthawkcodingsociety.com,
https://csa.nighthawkcodingsociety.com,
https://csp.nighthawkcodingsociety.com, and
https://flm.nighthawkcodingsociety.com,
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=nighthawkcodingsociety.com
https://www.ssllabs.com/ssltest/analyze.html?d=csa.nighthawkcodingsociety.com
https://www.ssllabs.com/ssltest/analyze.html?d=csp.nighthawkcodingsociety.com
https://www.ssllabs.com/ssltest/analyze.html?d=flm.nighthawkcodingsociety.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/nighthawkcodingsociety.com-0001/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/nighthawkcodingsociety.com-0001/privkey.pem
Your cert will expire on 2022-03-06. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Updating after changing code in Repository
Changing Code in VSCode
-
Make sure to
git pull
before making changes; this will make sure that you pull any changes made by your team, and prevents merge conflicts -
Open terminal in VSCode and run
python3 main.py
(Make sure you cd into your repo)This should give you a local address where your flask is running. Open this in your browser to see your changes live
-
Make changes that are needed (Refer to your live site to see the changes integrated into the site)
-
Commit your changes
-
Make sure your Docker Desktop app is running
-
Test
docker-compose up
orsudo docker-compose up
in your VSCode terminal (don't forget to 'cd' into the right repo.) -
After it's done building, type in
http://localhost:8---
in your browser (replace '8---' with your port number you've chosen)> Your changes should now appear -
If all goes well, push to the repository using the Source Control tab on the left navbar
Pulling Changes into AWS
In your AWS terminal;
- Navigate to your repo:
cd ~/yourRepo
-
Run
docker-compose ps
orsudo docker-compose ps
It should show your docker container state as 'up' with correct port
-
sudo docker ps
to check container and image -
git status
to see if you have any changes to your repo in AWS -
sudo docker-compose kill
run ps on docker-compose and docker and you should observe changes Server should be down (502 Bad Gateway in browser)
-
git pull
-
Rebuild your docker container:
sudo docker-compose up -d --build
-
Try to curl:
curl localhost:8---
(replace '8---' with your port number)If your changes were visible on index.html, you should see them here
-
Test domain in browser (server should no longer be down)
-
Run
docker-compose ps
orsudo docker-compose ps
to check that docker is up -
sudo docker ps
to check container and image
If all went smooth, update is complete.