Skip to content

DareData/example-encrypted-http-service

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
ansible
ansible
 
 
terraform
terraform
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

encrypted-ssl-service

For standing up a single ec2 instance that serves an arbitrary http server behind an nginx reverse proxy encrypted using letsencrypt.

When to use

You'd be suprised what you can get away with using a single ec2 instance. If your server is well developed and simple, small instances can scale to thousands of requests per minue which is more than most applications I've worked on ever get to. Furthermore, if the app configuration itself is entirely stored in the database, you can simply resize the machine by changing the size in the terraform and re-deploying the code using ansible with minimal downtime. Obvious use cases for this are internal tools that will be used by 10s or 100s of people within an organization such as a metabase instance. Less obvious are user-facing tools that will be exposed to the public. In this case, you'll need to use more judgement as to whether or not you'll need something horizontally scalable, probably docker-based.

How to use

Set up a repo

Start a new repo and manually copy-paste the files from this repo into it.

Execute the on-time manual steps

  1. Fill in the terraform backend with an s3 bucket name
  2. Alocate an elastic ip address and make note of the allocation id and associate a domain to the ip address and wait for it to propogate.
  3. Create an ssh key in the aws console, download it, place it in ansible/ssh_keys/key.pem

Prepare the terraforms and provision infrastructure

  1. Fill in the prod.tfvars (or staging if you so prefer)
  2. Execute terraform init in the terraform directory
  3. Execute terraform apply -var-file=prod.tfvars and wait

Deploy the software using the ansibles

  1. Fill in the ansible variables found in ansible/group_vars/all
  2. Write your application ansible role by filling in ansible/roles/application The current contents are an example of setting up a ghost blog and serving it behind an nginx reverse proxy
  3. Fill in any ssh public keys for admins in the ansible/ssh_keys/authorized_keys
  4. Fill in the ip address of the host in the ansible/hosts
  5. Deploy with the following commands:
cd ansible
ansible-playbook -i hosts machine-initial-setup.yml
ansible-playbook -i hosts install-nginx-and-certs.yml
ansible-playbook -i hosts install-app.yml

Note that when first developing, you will need to iterate on the ansibles which means that you'll execute the install-app.yml playbook multiple times and may mess something up. In those cases, iterate until things are working and then use terraform to destroy and recreate the infrastructure so that the whole process can be executed from beginning to end with no errors.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

5 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages