OCVT's deployment configuration, mainly centered around docker.
- Publish a new release to create a new image tag
- Update
launch.sh
with the new tag - On the server, run
./launch down && ./launch up
- Run
./launch.sh build && ./launch.sh up
to build and start a local build
- Create a VPC named "OCVT VPC" with IPv4 (10.0.0.0/24) and IPv6 enabled
- Delete the default VPC
- Create a subnet named "OCVT Subnet" with auto-assigned IPs turned on, and create an IPv6 CIDR block
- Create an Internet Gateway named
ocvt-igw
associated with the VPC from step 1 - Add rules to the route table so that
0.0.0.0/0
and::0/0
are both routed to the Internet Gateway from step 4 - Create a new security group named
ocvt-sg
allowing SSH, HTTP, and HTTPS traffic from0.0.0.0/0
and::0/0
- Finally, create a new
t3a.small
instance with Amazon Linux 2, ensuring the security group from step 6 is used, public IPs are assigned, and theocvt-dev-key
SSH key name is used - Create a new Elastic IP named
ocvt-eip
and associate it with the instance created in step 7 - Create an A & AAAA record for pineswamp.ocvt.club and ocvt.club pointing to that instance, and create CNAME records for www.ocvt.club, api.ocvt.club, and api-dev.ozmo.club pointing to pineswamp.ocvt.club
- Ensure IPv6 is working: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-migrate-ipv6.html#ipv6-dhcpv6-amazon-linux
- Create a backup plan in AWS Backup to take montly backups and keep them for 1 year
Create the following DNS records:
- @, pineswamp -> A & AAAA -> IP of AWS instance
- api, www -> CNAME -> pineswamp.ocvt.club.
Note: If the EC2 instance is terminated for whatever reason, the IPv6 address will have to be set again because AWS does not support IPv6 elastic IPs.
Get the ocvt-dev-key
SSH keypair and add this config to your ~/.ssh/config
Host pineswamp
User ec2-user
Hostname pineswamp.ocvt.club
IdentityFile ~/.ssh/ocvt-dev-key.pem
- Run
ssh pineswamp
to ensure SSH works - Run
ansible-playbook ansible/main.yml -i ansible/hosts.cfg
to install required packages on the host - Clone this repository to the server
- Set the environment variables
- Run
./launch up
to start the services. Launches nginx (proxy and image cache), the html site, and the api. Nginx auto-creates the localnginx-config
directory for persistent TLS certs. - Create a weekly cronjob to run
pushd /home/ec2-user/aws && ./launch.sh down && ./launch.sh up && popd
due to a small memory leak in ocvt-api.
- New container images for ocvt/ocvt-site and ocvt/dolabra are created on each new release via Github Actions (look at the workflow file) and stored in GitHub packages
Configure uptime robot to do a check against https://ocvt.club and https://api.ocvt.club/healthcheck