Nginx reverse proxied Ubuntu instance, provisioned by these deployment scripts

Last updated: 2024-08-28 20:39:04

This repo contains scripts for auto set up of and deployment to a Linux Debian Ubuntu distribution, to carry out the following:

On running the ./setup.sh executable script file:
- SSHs in as 'ubuntu' into the remote server.
- Creates a user (recommend naming user as 'deploy') with sudo & no password-all privileges.
- Installs Nginx.
- Creates a systemd unit file to run the update-dns.sh script on each restart.
On running the ./deploy.sh executable script file:
- Copies the local ./index.html file to 'deploy' users' home.
- Moves the ~/index.html file to /var/www/html.
- Changes the ownership of the /var/www/html/index.html file to 'ubuntu'.
- Restarts the nginx service.
~/index.html is html markup of this README.md. To ensure content parity both files are programatically timestamped via:
- For index.html a script element in deploy.sh lines 30-51.
- For README.md via a .git/hooks/pre-commit which instantiates the ./update_readme.sh script.

Variable configuration:

The below sensitive variables must be defined for these scripts to operate. Create a /.env file with the correct values for the following variables:

In /.env:

Variable	Description
`SERVER`	Virtual machine public IP
`SERVER_NAME`	Domain name (set with correct DNS settings defined)
`USER`	Name for the user that will replace ubuntu for administration
`SSH_KEY`	Path to the private SSH key
`CF_API_TOKEN`	CloudFlare API token with the assigned domain's DNS editing permissions
`ZONE_ID`	The zone id of the assigned domain name
`RECORD_ID`	The DNS record ID number that needs updating on restart
`RECORD_NAME`	The DNS record name number that needs updating on restart

/settings.sh will then source your /.env file and export it's variable values to it's runtime environment for the scripts to use. /settings.sh also defines some non-sensitive variables vales that the scripts may use.

To run the scripts:

Clone this repository.
CD into the repository.
Create a local /.env and populate with correct values for variables listed in the configuration table above.

Setup:

run ./setup.sh -h` in terminal and read ./setup.sh's help options.
run USER=deploy ./setup.sh in terminal (without arguments runs all units & steps). you must define USER variable in terminal commands with the username that you wish to create on the server and run deployment from, otherwise USER will be set to your local machine's user name!.

Deploy index.html;

run USER=deploy ./deploy.sh in terminal to execute the deploy script. again, you must define USER in the terminal execute command (set as the same user that you setup in setup.sh). You must have an index.html file in the same directory as the deploy.sh script file - this is the HTML file that you are deploying to the server.

Manual configuration required:

HTTPS

To serve via HTTPS, you must manually configure the server to do so, by doing the following:

Get SSL cert & key from provider.
Create an /etc/nginx/ssl directory.
SCP cert & key into server:
Cert; scp -i ~/path/to/your/ssh-keypair.pem ~/path/to/your/ssl_certificate.crt [email protected]:/home/ubuntu

Key; scp -i ~/path/to/your/ssh-keypair.pem ~/path/to/your/ssl_certificate_key.key [email protected]:/home/ubuntu
Sudo move the cert & key into /etc/nginx/ssl directory:
i.e., sudo mv ~/ssl_certificate.crt /etc/nginx/ssl/ssl_certificate.crt

i.e., sudo mv ~/ssl_certificate_key.key /etc/nginx/ssl/ssl_certificate_key.key
Chmod & chown to nginx user, default user set in /etc/nginx/nginx.conf, usually 'www-data':
sudo chmod 600 /etc/nginx/ssl/ssl_certificate_key.key

sudo chown www-data:www-data /etc/nginx/ssl/ssl_certificate_key.key
Update server context in /etc/nginx/sites-available/... with:
ssl_certificate /path/to/cert
ssl_certificate_key /path/to/cert_key
root /path/to/your/html
Define your location route contexts

See example of a server context setup for SSL in this repo; 'nginx/sites-available/default'

DNS (via Cloudflare)

To assign a domain name to the EC2 instance you must:
1. Initially, manually create 2 DNS 'A records' pointing to the EC2 instance's public IP address:
  - one named; 'www'
  - one named; 'domain_name.tld'
2. Update the variable values in your .env with:
  - Cloudflare API token for domain (via https://dash.cloudflare.com/profile/api-tokens)
  - Domain's Cloudflare zone - get value from Cloudflare API at below endpoint: curl -X GET "https://api.cloudflare.com/client/v4/zones" -H "Authorization: Bearer YOUR_API_TOKEN" -H "Content-Type: application/json"
  - The DNS record(s) name and ID - get value from Cloudflare API at below endpoint: curl -X GET "https://api.cloudflare.com/client/v4/zones/YOUR_ZONE_ID/dns_records" -H "Authorization: Bearer YOUR_API_TOKEN" -H "Content-Type: application/json"
3. Ensure that the setup.sh script unit named 'auto_update_dns' has run, after your .env cloudflare related variable values are updated.
4. SSH into the server (update ~/.ssh/config for easy ssh login with the EC2 instance's public IP, delete old 'known hosts') and run systemctl status dns_update.service to check that the systemd service has been created (it should be loaded and enabled, but inactive because it only runs on restart). If the systemd service was created successfully, then the DNS records will now be automatically updated via Cloudflare's API on each server restart.

On instance documentation

Write a SERVER_INFO.md file with info about server instance info and save on server instance at /etc/docs/SERVER_INFO.md.