QOTO on AWS
aws ecs register-task-definition --family load-balancer --network-mode bridge --container-definitions "$(cat container-def.json)" --volumes "$(cat volumes-def.json)"
# Launch ECS task, when above command ran once X == 1, for every update X increases by one.
# will have too double check docs how to get latest
aws ecs run-task --cluster default --task-definition load-balancer:X --count 1
#Another way to bring up a cluster, uses cloud formation
ecs up --capability-iam
#or with some options
ecs-cli up --keypair aws-key --capability-iam --size 1
#or make it empty
ecs-cli up --keypair aws-key --capability-iam --empty
#or specify user data
ecs-cli up \
--capability-iam \
--extra-user-data my-shellscript \
--extra-user-data my-cloud-boot-hook \
--extra-user-data my-mime-multipart-archive \
--launch-type EC2
#bring up docker-compose container
ecs compose up
#create security group
aws ec2 create-security-group --group-name qoto-sg --description "My security group" --vpc-id vpc-073bf00a5b8e5f714
#name it
aws ec2 create-tags --resources securityGroupId --tags "Key=Name,Value=qoto-security-group-open"
#add all outbound, probably not needed
aws ec2 authorize-security-group-egress --group-id sg-04baf687640554cf7 --cidr 0.0.0.0/0 --protocol all
#enable all input
aws ec2 authorize-security-group-ingress --group-id sg-04baf687640554cf7 --cidr 0.0.0.0/0 --protocol all
##
## Make sure you create an EFS mount point mounted via user data.
##
#must base64 encode the file locally. The keyname matches the name in AWS
aws ec2 run-instances --image-id ami-0c09d65d2051ada93 --count 1 --instance-type r5a.xlarge --user-data file://userdata.sh --iam-instance-profile "Name=ecsInstanceRole" --key-name aws-key --security-group-ids sg-00240092cb8166df4 --subnet-id subnet-0a43db1988ad60343
#just view some info
aws ec2 describe-security-groups --group-ids sg-xxxxxxxx
# Create a VPC of the given subnet block.
aws ec2 create-vpc --cidr-block 10.0.0.0/16
# Apply a name to the vpc we just created
aws ec2 create-tags --resources VpcIDHere --tags "Key=Name,Value=MyNewNameHere"
#enable some needed features on the vpc
aws ec2 modify-vpc-attribute --vpc-id VpcIDHere --enable-dns-support "{\"Value\":true}"
aws ec2 modify-vpc-attribute --vpc-id VpcIDHere --enable-dns-hostnames "{\"Value\":true}"
# Create a subnet within the VPC
aws ec2 create-subnet --vpc-id VpcIDHere --cidr-block 10.0.0.0/24
# Name the subnet
aws ec2 create-tags --resources SubnetIDHere --tags "Key=Name,Value=MyNewNameHere"
# Lets create a gateway to allow internet access
aws ec2 create-internet-gateway
# Name gw
aws ec2 create-tags --resources GatewayIDHere --tags "Key=Name,Value=MyNewNameHere"
# Attach the new gateway to our earlier subnet
aws ec2 attach-internet-gateway --vpc-id VpcIDHere --internet-gateway-id GatewayIDHere
# Create empty routing table
aws ec2 create-route-table --vpc-id VpcIDHere
# Name the new routing table
aws ec2 create-tags --resources RouteTableIDHere --tags "Key=Name,Value=MyNewNameHere"
# Create the default route in the routing table to our gateway
aws ec2 create-route --route-table-id RouteTableIDHere --destination-cidr-block 0.0.0.0/0 --gateway-id GatewayIDHere
# Optionally we can view the new route table to confirm it worked
aws ec2 describe-route-tables --route-table-id RouteTableIDHere
# Associate earlier subnet with the route table
aws ec2 associate-route-table --subnet-id SubnetIDHere --route-table-id RouteTableIDHere
# Ensure any insance launched into the subnet is automatically given a public IP
aws ec2 modify-subnet-attribute --subnet-id SubnetIDHere --map-public-ip-on-launch
aws ecs register-task-definition --family load-balancer --network-mode bridge --container-definitions "$(cat container-def.json)" --volumes "$(cat volumes-def.json)"
# Launch ECS task, when above command ran once X == 1, for every update X increases by one.
# will have too double check docs how to get latest
aws ecs run-task --cluster default --task-definition load-balancer:X --count 1
#!/bin/bash
echo ECS_CLUSTER=default >> /etc/ecs/ecs.config
echo ECS_BACKEND_HOST= >> /etc/ecs/ecs.config
echo ECS_ENABLE_TASK_CPU_MEM_LIMIT=false >> /etc/ecs/ecs.config
echo 'ECS_RESERVED_PORTS=[2375, 2376, 51678]' >> /etc/ecs/ecs.config
sudo mkdir /data
sudo echo 'fs-105c7858:/ /data efs defaults,nofail 0 2' >> /etc/fstab;
sudo yum install -y amazon-efs-utils && sudo mount /data
sudo sed -i 's/OPTIONS=\"/OPTIONS=\"-H tcp:\/\/127\.0\.0\.1:2375 -H unix:\/\/\/var\/run\/docker.sock /g' /etc/init.d/docker
sudo etc/init.d/docker restart
sudo sed -i 's/#Port 22/Port 2222 /g' /etc/ssh/sshd_config
sudo /etc/init.d/sshd restart
[{
"name": "nginx-proxy",
"image": "jwilder/nginx-proxy",
"portMappings": [{
"containerPort": 80,
"hostPort": 80
},{
"containerPort": 443,
"hostPort": 443
}],
"memory": 128,
"mountPoints": [{
"sourceVolume": "nginx-certs",
"containerPath": "/etc/nginx/certs",
"readOnly": false
}, {
"sourceVolume": "nginx-vhosts",
"containerPath": "/etc/nginx/vhost.d",
"readOnly": false
}, {
"sourceVolume": "nginx-default",
"containerPath": "/usr/share/nginx/html",
"readOnly": false
}, {
"sourceVolume": "docker-socket",
"containerPath": "/tmp/docker.sock",
"readOnly": true
}, {
"sourceVolume": "proxy-log",
"containerPath": "/var/log",
"readOnly": false
}],
"environment": [{
"name": "DEBUG",
"value": "true"
}]
}, {
"name": "nginx-proxy-letsencrypt",
"image": "jrcs/letsencrypt-nginx-proxy-companion",
"memory": 128,
"volumesFrom": [{
"sourceContainer": "nginx-proxy",
"readOnly": false
}],
"mountPoints": [{
"sourceVolume": "docker-socket",
"containerPath": "/var/run/docker.sock",
"readOnly": true
}, {
"sourceVolume": "letsencrypt-log",
"containerPath": "/var/log",
"readOnly": false
}],
"environment": [{
"name": "DEFAULT_EMAIL",
"value": "qoto@qoto.org"
},{
"name": "DEBUG",
"value": "true"
}]
}]
version: '2'
services:
nginx-proxy:
image: jwilder/nginx-proxy
volumes:
- "/data/proxy/etc/nginx/certs:/etc/nginx/certs"
- "/data/proxy/etc/nginx/vhost.d:/etc/nginx/vhost.d"
- "/data/proxy//usr/share/nginx/html:/usr/share/nginx/html"
- "/var/run/docker.sock:/tmp/docker.sock:ro"
ports:
- "80:80"
- "443:443"
nginx-proxy-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
volumes_from:
- nginx-proxy:rw
environment:
- "DEFAULT_EMAIL=qoto@qoto.org"
[{
"name": "nginx-certs",
"host": {
"sourcePath": "/data/proxy/etc/nginx/certs"
}
}, {
"name": "nginx-vhosts",
"host": {
"sourcePath": "/data/proxy/etc/nginx/vhost.d"
}
}, {
"name": "nginx-default",
"host": {
"sourcePath": "/data/proxy//usr/share/nginx/html"
}
}, {
"name": "docker-socket",
"host": {
"sourcePath": "/var/run/docker.sock"
}
}, {
"name": "proxy-log",
"host": {
"sourcePath": "/data/proxy/var/log"
}
}, {
"name": "letsencrypt-log",
"host": {
"sourcePath": "/data/letsencrypt/var/log"
}
}]