AWS

Pre-Requisites

• Make sure to have an AWS account, and an AWS_ACCESS_KEY_ID & AWS_SECRET_ACCESS_KEY.

• Make sure to grant AmazonEC2FullAccess to your AWS user.

• You’ll need to create a security group which allows inbound TCP connections. See also: Working With Security Groups.

• Install docker-machine

Create an SSH key/pair

$ ssh-keygen -t rsa -b 4096 -C "your_email@example.com" -f aws_rsa
$ eval "$(ssh-agent -s)"
$ ssh-add ~/.ssh/aws_rsa

Create The Docker Machine

AWS_ACCESS_KEY_ID=<YOUR_ACCESS_KEY_ID>
AWS_SECRET_ACCESS_KEY=<YOUR_SECRET_KEY>

docker-machine create -d amazonec2 \
  --amazonec2-access-key $AWS_ACCESS_KEY_ID \
  --amazonec2-secret-key $AWS_SECRET_ACCESS_KEY \
  --amazonec2-region eu-west-3 \
  --amazonec2-instance-type "t2.medium" \
  --amazonec2-ssh-keypath ~/.ssh/aws_rsa \
  aws-ogmios

Push The Stack

First, configure your shell and activate your docker-machine:

$ eval $(docker-machine env aws-ogmios)

Then, simply push the stack using docker-compose:

$ COMPOSE_TLS_VERSION=TLSv1_2 docker-compose up -d

🎉 Enjoy

$ docker-machine ls
NAME         ACTIVE   DRIVER      STATE     URL                         SWARM   DOCKER     ERRORS
aws-ogmios   *        amazonec2   Running   tcp://xx.xxx.xxx.xxx:xxxx           v19.03.8 

(Optional) Adding TLS with a registered domain

1. Install nginx.

2. Configure a new server as /etc/nginx/sites-enabled/domain.extension

   server {
       server_name DOMAIN.EXTENSION;
       listen 80;
   
       location ^~ /.well-known/acme-challenge/ {
           try_files $uri /dev/null =404;
       }
   }
   

   👆 Make sure to replace ‘DOMAIN.EXTENSION’ with your actual registered domain.

3. Reload your nginx configuration with: sudo systemctl reload nginx.service.

4. Install certbot and let certbot configure your nginx server (sudo certbot --nginx).

5. Once done, edit your nginx configuration one more time…

   1. Remove (no longer needed after certbot has successfully configured the server)

      location ^~ /.well-known/acme-challenge/ {
          try_files $uri /dev/null =404;
      }
      

   2. And add the following clause to enable routing all traffic (including WebSockets) to ogmios

      location ~* / {
          proxy_pass http://localhost:1337;
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "Upgrade";
          proxy_set_header Host $host;
      }
      

The final configuration should look like this:

server {
  server_name ogmios.dev;

  location ~* / {
    proxy_pass http://localhost:1337;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $host;
  }

  listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/ogmios.dev/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/ogmios.dev/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
  server_name ogmios.dev;
  listen 80;

  if ($host = ogmios.dev) {
      return 301 https://$host$request_uri;
  } # managed by Certbot

  return 404; # managed by Certbot
}