This repo contains two types of files:
Locally:
$ git clone this repo
$ terraform init
$ terraform plan
$ terraform apply
$ ssh -i priv_key.pem ubuntu@ip
Connected to instance: I’ve noticed this is best done manually versus passing into as user params. If something fails or a dialogue pops up, you want to be able to respond!
$ curl https://raw.githubusercontent.com/nealalan/tf-nealalan.com/master/install.sh > install.sh
$ chmod +x ./install.sh
$ ./install.sh
# *** MANUALLY RUN CERTBOT IF NECESSARY ***
$ sudo certbot --installer nginx -d nealalan.com,*.nealalan.com,neonaluminum.com,*.neonaluminum.com,*.fire.neonaluminum.com --email nad80@yahoo.com --agree-tos --eff-email --redirect --manual
# sudo nginx -s reload
Optional, to destroy the infrastructure:
$ terraform plan -destroy
$ terraform destroy
My server is at static IP 18.223.13.99 serving https://nealalan.com and https://neonaluminum.com with redirects from all http:// addresses
I ran into an issue with using python3. To see what the error is in PM2, I can use $ pm2 log 1
for process 1.
To resolve, installed the appropriate library:
sudo apt install python3-pip
pip3 install flask
One issue I ran into is I created my own SG that I continually wanted to use. Once the EC2 instance is created, I go to Console > EC2 > Actions > Networking > SGs to add mine.
If I kill an instance and only want to recreate a new version of it with no changes, terraform will not do this smoothly. I need to manually go to Console > EC2 > Actions > Networking > Manually Disassociation Elastic IP Address. This forces a change to the EC2 instance that terraform knows it can only fix by creating a new instance.
This looks promising, but requires a script to give the EC2 instance access to the Route 53 DNS records to create a TXT record for verification. https://certbot-dns-route53.readthedocs.io/en/stable/ In the meantime, I will just use the manual method.
sudo certbot --installer nginx -d nealalan.com,*.nealalan.com,neonaluminum.com,*.neonaluminum.com,*.fire.neonaluminum.com --pre-hook 'sudo service nginx stop' --post-hook 'sudo service nginx start' --email nad80@yahoo.com --agree-tos --eff-email --redirect --manual
As you move around you’llneed to log in to the AWS Console and add your local IP address to the EC2: Network ACLs. Here’s an example of one I had in the past… Also, I now have the flexibility to totally recreate the websever through a few small script changes if I make major site changes, add a new domain name or need to upgrade to the latest LTS of Ubuntu.
And setting it to have a Root PW…
$ sudo apt install mariadb-client
$ sudo apt install mariadb-server
$ sudo passwd root
$ sudo mysql -u root
# Disable plugin authentication for root
> use mysql;
> update user set plugin='' where User='root';
> flush privileges;
> exit
$ sudo systemctl restart mariadb.service
$ sudo mysql_secure_installation
# verity root auth works
$ sudo mysql -u root
$ sudo mysql -u root -p
Within a few days I messed up my Ubuntu instance. The solution was clearly going to take longer than 15 minutes. So here’s what I did, thanks to terraform:
Grab what is managed by terraform
terraform taint aws_instance.wb
$ terraform plan
$ terraform apply
$ curl https://raw.githubusercontent.com/nealalan/tf-nealalan.com/master/install.sh > install.sh
$ chmod +x ./install.sh
$ .install.sh
[edit]