Make sure to have an AWS account, and an AWS_ACCESS_KEY_ID
& AWS_SECRET_ACCESS_KEY
.
Make sure to grant AmazonEC2FullAccess
to your AWS user.
You’ll need to create a security group which allows inbound TCP connections. See also: Working With Security Groups.
Install docker-machine
$ ssh-keygen -t rsa -b 4096 -C "your_email@example.com" -f aws_rsa
$ eval "$(ssh-agent -s)"
$ ssh-add ~/.ssh/aws_rsa
AWS_ACCESS_KEY_ID=<YOUR_ACCESS_KEY_ID>
AWS_SECRET_ACCESS_KEY=<YOUR_SECRET_KEY>
docker-machine create -d amazonec2 \
--amazonec2-access-key $AWS_ACCESS_KEY_ID \
--amazonec2-secret-key $AWS_SECRET_ACCESS_KEY \
--amazonec2-region eu-west-3 \
--amazonec2-instance-type "t2.medium" \
--amazonec2-ssh-keypath ~/.ssh/aws_rsa \
aws-ogmios
First, configure your shell and activate your docker-machine:
$ eval $(docker-machine env aws-ogmios)
Then, simply push the stack using docker-compose:
$ COMPOSE_TLS_VERSION=TLSv1_2 docker-compose up -d
Compose may use a wrong TLS version for pulling layers from dockerhub. Hence the ENV var.
$ docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
aws-ogmios * amazonec2 Running tcp://xx.xxx.xxx.xxx:xxxx v19.03.8
Install nginx.
👆 Make sure to replace ‘DOMAIN.EXTENSION’ with your actual registered domain.
Reload your nginx configuration with: sudo systemctl reload nginx.service
.
Install certbot and let certbot configure your nginx server (sudo certbot --nginx
).
Once done, edit your nginx configuration one more time…
The final configuration should look like this:
server {
server_name ogmios.dev;
location ~* / {
proxy_pass http://localhost:1337;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/ogmios.dev/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ogmios.dev/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name ogmios.dev;
listen 80;
if ($host = ogmios.dev) {
return 301 https://$host$request_uri;
} # managed by Certbot
return 404; # managed by Certbot
}