This document describes how to do a deployment of Send in AWS
ALB:
8080
Instance:
8080
An S3 bucket (block all public access)
A private EC2 instance running Ubuntu 20.04
(you can use the Amazon EC2 AMI Locator to find the latest)
Attach an IAM role to the instance with the following inline policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::<s3_bucket_name>"
],
"Effect": "Allow"
},
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:ListMultipartUploadParts",
"s3:PutObject",
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:DeleteObjectVersion"
],
"Resource": [
"arn:aws:s3:::<s3_bucket_name>/*"
],
"Effect": "Allow"
}
]
}
A public ALB:
8080
and path /
)send.mydomain.com
A Route53 public record, alias from send.mydomain.com
to the ALB
15.x
LTSsudo apt update
sudo apt install -y apt-transport-https ca-certificates curl software-properties-common
NodeJS 15.x
LTS (checkout package.json):
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | sudo apt-key add -
echo 'deb [arch=amd64] https://deb.nodesource.com/node_15.x focal main' | sudo tee /etc/apt/sources.list.d/nodejs.list
Git (latest)
sudo add-apt-repository ppa:git-core/ppa
Redis (latest)
sudo add-apt-repository ppa:redislabs/redis
sudo apt update
sudo apt install git nodejs redis-server telnet
Generate a strong password:
makepasswd --chars=100
Edit Redis configuration file /etc/redis/redis.conf
:
requirepass <redis_password>
Note: documentation on securing Redis https://redis.io/topics/security
Enable and (re)start the Redis server service:
sudo systemctl enable redis-server
sudo systemctl restart redis-server
sudo systemctl status redis-server
Setup a directory for the data
sudo mkdir -pv /var/www/send
sudo chown www-data:www-data /var/www/send
sudo 750 /var/www/send
Update npm:
sudo npm install -g npm
Checkout current NodeJS and npm versions:
node --version
npm --version
Clone repository, install JavaScript packages and compiles the assets:
sudo su -l www-data -s /bin/bash
cd /var/www/send
git clone https://gitlab.com/timvisee/send.git .
npm install
npm run build
exit
Create the file /var/www/send/.env
used by Systemd with your environment variables
(checkout config.js for more configuration environment variables):
BASE_URL='https://send.mydomain.com'
NODE_ENV='production'
PORT='8080'
REDIS_PASSWORD='<redis_password>'
S3_BUCKET='<s3_bucket_name>'
Lower files and folders permissions to user and group www-data
:
sudo find /var/www/send -type d -exec chmod 750 {} \;
sudo find /var/www/send -type f -exec chmod 640 {} \;
sudo find -L /var/www/send/node_modules/.bin/ -exec chmod 750 {} \;
Create the file /etc/systemd/system/send.service
with root
user and 644
mode:
[Unit]
Description=Send
After=network.target
Requires=redis-server.service
Documentation=https://gitlab.com/timvisee/send
[Service]
Type=simple
ExecStart=/usr/bin/npm run prod
EnvironmentFile=/var/www/send/.env
WorkingDirectory=/var/www/send
User=www-data
Group=www-data
Restart=on-failure
[Install]
WantedBy=multi-user.target
Note: could be better tuner to secure the service by restricting system permissions,
check with systemd-analyze security send
Enable and start the Send service, check logs:
sudo systemctl daemon-reload
sudo systemctl enable send
sudo systemctl start send
sudo systemctl status send
journalctl -fu send