Accessing AWS and Server Setup

Amazon Web Services - Electric Cloud Compute Setup

  • First, head over to AWS and select the "Instances" dropdown. Once you click "Instances" you will see a couple different ones pop up. Based on who your teacher is, select one of the following.

Once here, run the following line of code to observe the ports which are currently in use.

$ sudo docker ps

Docker and docker-compose.yml

  • Update docker-compose.yml and Docker files on corresponding VSCode, on your local machine
  • Choose a port which is not in use and then change docker-compose.yml to the new, unused port you have decided upon. Should be in the following format: xxx:8086 where xxx is new port

Dockerfile:

  • Now you want to check that your Dockerfile matches the following:
FROM docker.io/python:3.10

WORKDIR /

# --- [Install python and pip] ---
RUN apt-get update && apt-get upgrade -y && \
    apt-get install -y python3 python3-pip git
COPY . /app

RUN pip install --no-cache-dir -r requirements.txt
RUN pip install gunicorn

ENV GUNICORN_CMD_ARGS="--workers=3 --bind=0.0.0.0:8080"

EXPOSE 8080

CMD [ "gunicorn", "main:app" ]
  • Now, run bash sudo docker-compose up in VSCode terminal to make sure it builds correctly.

  • Error-proofing! If any errors occur in terminal you will need to revise previous steps. Work in small steps to succeed, test as you go to make sure everything is working in accordance.

  • Once everything is working, no errors in site, stage and commit all changes to the docker-compose.yml, and of course, to the Docker.

Cloning and Relocating Project Location

  • On AWS, go back to the instance you chose, either Mr. Mort's or Mr. Yeung's.
  • Once you are in the instace, run 
ls
  • this allows you to check other repo names, so don't select the name of one which already appears once you run this
  • Now run the following: 
$ cd
$ git clone https://github.com/nighthawkcoders/flask_portfolio.git #input your own GitHub HTTPs link here, not Mr. Mort's. This was just for example
$ cd input-yours
  • Now that you will be cd'd into your repo, run this:
docker-compose up -d --build
  • To make sure app is up and running, run
curl localhost:xxx # where xxx is the port you selected from earlier

Testing Docker Web using IP

  • Enabling Nginx is crucial
  • Install Nginx:
    $ sudo apt install nginx
  • Go into directory of Nginx files
    $ cd /etc/nginx/sites-available
  • Open editor to simulate your personal Nginx configuration
    $ sudo nano input-yours # input name of whatever your nginx file is called

  • Now edit your Nginx server configuration, specifically, modify the following:

    • IP Address:
    • docker-compose, proxy pass Port: 8086

  • Must Do's

  • establish unique, valid name for nginx file

  • Duck DNS name for server - see Jeffrey's guide here.

  • Use format below to write into your congif file:

    server {
  listen 80;
  listen [::]:80;
  server_name 3.233.212.71;
  location / {
      proxy_pass http://localhost:8086;
      # Simple requests
      if ($request_method ~* "(GET|POST)") {
              add_header "Access-Control-Allow-Origin"  *;
      }
      # Preflight requests
      if ($request_method = OPTIONS ) {
              add_header "Access-Control-Allow-Origin"  *;
              add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
              add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
              return 200;
      }
  }
}

Time to Activate Nginx Config

  • Enable your Nginx server config
    $ sudo ln -s /etc/nginx/sites-available/input-yours /etc/nginx/sites-enabled # input name of your nginx file
$ sudo nginx -t
  • Again, error proof!
  • Check documentation to make sure you aren't missing any semicolon at end of server, or proxy_pass code.
  • If there aren't any errors, restart your nginx so that the server can activate the files
    $ sudo systemctl restart nginx
  • make sure server is running on live browser
  • you can do this by doing http://(name of your domain)

Prep Docker Web App through DNS

  • certbot config:
    $ sudo certbot --nginx

Ideally, you should see this...

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: coolcodersjava.pw
2: www.coolcodersjava.pw
3: ajarcade.duckdns.org
4: flowhealth.duckdns.org
5: goatedgroup.duckdns.org
6: jasj-inventory.duckdns.org
7: recipies.duckdns.org
8: ssvgcars.duckdns.org
9: userapi.duckdns.org
10: fr0st.ml
11: www.fr0st.ml
12: agenda.nighthawkcodescrums.gq
13: coolcoders.nighthawkcodescrums.gq
14: escaperoom.nighthawkcodescrums.gq
15: frost.nighthawkcodescrums.gq
16: jame.nighthawkcodescrums.gq
17: lawnmowers.nighthawkcodescrums.gq
18: loopholegames.nighthawkcodescrums.gq
19: musicmania.nighthawkcodescrums.gq
20: nba.nighthawkcodescrums.gq
21: sadv.nighthawkcodescrums.gq
22: ssjn.nighthawkcodescrums.gq
23: stocks.nighthawkcodescrums.gq
24: striver.nighthawkcodescrums.gq
25: tngc.nighthawkcodescrums.gq
26: white.nighthawkcodescrums.gq
27: workwatch.nighthawkcodescrums.gq
28: cars.nighthawkcodingsociety.com
29: dolphin.nighthawkcodingsociety.com
30: saakd.nighthawkcodingsociety.com
31: pythonalflask.tk
32: www.pythonalflask.tk
33: teambrobro.tk
34: www.teambrobro.tk
35: teamcheeseatimetime.tk
36: www.teamcheeseatimetime.tk
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): # ENTER YOUR CORRESPONDING NUMBER

Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/nighthawkcodingsociety.com-0001.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for nighthawkcodingsociety.com
http-01 challenge for csa.nighthawkcodingsociety.com
http-01 challenge for cso.nighthawkcodingsociety.com
http-01 challenge for flm.nighthawkcodingsociety.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/nighthawk_society
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/nighthawk_csa
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/nighthawk_csp
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/nighthawk_flm

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Traffic on port 80 already redirecting to ssl in /etc/nginx/sites-enabled/nighthawk_society
Traffic on port 80 already redirecting to ssl in /etc/nginx/sites-enabled/nighthawk_csa
Traffic on port 80 already redirecting to ssl in /etc/nginx/sites-enabled/nighthawk_csp
Traffic on port 80 already redirecting to ssl in /etc/nginx/sites-enabled/nighthawk_flm

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Your existing certificate has been successfully renewed, and the new certificate
has been installed.

The new certificate covers the following domains:
https://nighthawkcodingsociety.com, 
https://csa.nighthawkcodingsociety.com, 
https://csp.nighthawkcodingsociety.com, and
https://flm.nighthawkcodingsociety.com,

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=nighthawkcodingsociety.com
https://www.ssllabs.com/ssltest/analyze.html?d=csa.nighthawkcodingsociety.com
https://www.ssllabs.com/ssltest/analyze.html?d=csp.nighthawkcodingsociety.com
https://www.ssllabs.com/ssltest/analyze.html?d=flm.nighthawkcodingsociety.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/nighthawkcodingsociety.com-0001/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/nighthawkcodingsociety.com-0001/privkey.pem
   Your cert will expire on 2022-03-06. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Nearing Completion!

  • You should be nearly done!

  • Now, you want to update deployment. To update all your code, run the following;

    $ sudo docker-compose kill
Killing flask_portfolio_web_1 ... done
  • You may see an error, now, so run git pull. 
$ git pull
  • Now rebuild...
    $ sudo docker-compose build --no-cache
  • All you have to do now is run
$ sudo docker-compose up -d
Recreating flask_portfolio_web_1 ... done
  • If this works succesfully, you should see your server back up with any changes or updates you just made to it. Congrats!