diff --git a/README.md b/README.md index e9ff16e..5379059 100644 --- a/README.md +++ b/README.md @@ -22,33 +22,36 @@ tar --directory ec2/setup -czvf setup.tar.gz . --- -## docker-bundle +## app This section is used to create and publish a new version of Orca's Web application as a [Docker](https://www.docker.com/) image. ### Requirements -You'll need to have both the [AWS CLI](https://aws.amazon.com/cli/) and the [Docker CLI](https://docs.docker.com/engine/reference/commandline/cli/) installed and available. +You'll need to have both the [AWS CLI](https://aws.amazon.com/cli/) and the [Docker CLI](https://docs.docker.com/engine/reference/commandline/cli/) installed and available. The image will be published to our [AWS ECS](https://aws.amazon.com/ecs/) registry (`424880512736.dkr.ecr.eu-west-1.amazonaws.com/orca`). -You will need to be logged in using: -```shell-script -aws ecr get-login-password | docker login --username AWS --password-stdin 424880512736.dkr.ecr.eu-west-1.amazonaws.com -``` +> [IMPORTANT] +> You will need to have configured a CLI profile named `ncls` that has **write** access to [ECR](https://aws.amazon.com/ecr/) on the `424880512736` account. ### Usage -- Make sure to have the web app available under the `webapps/` directory -- Execute `compose.bat `. +- Make sure to have the webapp available under the `webapps/` directory +- Execute `compose.sh `. --- -## elastic-beanstalk +## eb + +> [!WARNING] +> This method doesn't deploy puppeteer-html2pdf, which is required for PDF generation. This section creates a application bundle for [AWS Elastic Beanstalk](https://aws.amazon.com/elasticbeanstalk/) to run a [Multi-Container Docker environment](http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker_ecs.html) with a ready-to-use Orca Web server. Using Elastic Beanstalk, the SSL certificates are managed via [AWS Certificate Manager (ACM)](https://aws.amazon.com/certificate-manager/) and installed on a front-facing [Elastic Load Balancer (ELB)](https://aws.amazon.com/elasticloadbalancing/). The distributed certificate is a wildcard, whose renewal is automatically handled by ACM. +> [!NOTE] +> > - **Pro:** Easiest setup possible. > - **Con:** Uses an ELB (per environment), which is somewhat pricy and downright overkill, considering our current needs. @@ -63,12 +66,14 @@ Using Elastic Beanstalk, the SSL certificates are managed via [AWS Certificate M --- -## ec2-ubuntu +## ec2 This section guides you through setting up client configuration and building tools to deploy Orca directly onto an [EC2 instance](https://aws.amazon.com/ec2/). -Managing your own EC2 instance "manually" will use certificates issued by [Let's Encrypt](https://letsencrypt.org/). It might end up somewhat more painful to manage, although their [Certbot](https://certbot.eff.org/) client is very solid when working with NGINX on Ubuntu. The distributed certificates can **not** use wildcards, and thus are issued dynamically for each instance, in turn requiring the corresponding DNS records to have properly propagated before being able to resolve the challenge. +Managing your own EC2 instance "manually" will use certificates issued by [Let's Encrypt](https://letsencrypt.org/). +> [!NOTE] +> > - **Pro:** No additional costs, other than the EC2 instance and data transfer. > - **Con:** More complex setup. @@ -77,7 +82,6 @@ Managing your own EC2 instance "manually" will use certificates issued by [Let's 1. Launch an EC2 instance configured as follows: - Choose an instance of type _Amazon Linux 2023 AMI_ (e.g.: `ami-0fc3317b37c1269d3`). -- Set its `clientid` tag appropriately. - Pick a preconfigured [Security Group](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) that opens `HTTP` (`:80/tcp`), `HTTPS` (`:443/tcp`) and `SSH` (`:22/tcp`). - Also ensure that `[::]:80`, `[::]:443` and `[::]:22` are open, for IPv6 support. @@ -93,21 +97,22 @@ Managing your own EC2 instance "manually" will use certificates issued by [Let's 2. Create the DNS record for `.orca-solution.com` pointing to the right instance (use an [Elastic IP](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)). 3. Set the [expected environment variables](#environment-variables): - - Edit the [configuration template](/ec2-ubuntu/utils/orca.conf.tpl) + - Edit the [configuration template](/ec2/utils/orca.conf.tpl) - Upload it as `.conf` in the `orca-clients` S3 bucket (`arn:aws:s3:::orca-clients`). 4. Connect onto the machine and install the latest release via the setup script on `master` branch: - > **IMPORTANT:** Ensure the DNS records have properly propagated before continuing. + > [!TIP] + > Ensure the DNS records have properly propagated before continuing. ```shell - ssh -i /path/to/key.pem ubuntu@.orca-solution.com - bash <(curl -s https://raw.githubusercontent.com/ccjmne/orca-deploy/pre-revamp/ec2-ubuntu/utils/deploy.sh) + ssh -i /path/to/key.pem ec2-user@.orca-solution.com + bash <(curl -s https://raw.githubusercontent.com/ccjmne/orca-deploy/pre-revamp/ec2/utils/deploy.sh) ``` ### Update Orca -Use the `update.sh` script installed during the deployment in your home directory (`/home/ubuntu`) as follows: +Use the `update.sh` script installed during the deployment in your home directory (`/home/ec2-user`) as follows: ```shell ./update.sh