Configuring server
Start with AWS Lightsail Ubuntu 18.04 LTS
Install Nginx
sudo apt update
sudo apt upgrade
sudo apt install nginx
Configure domain name
Check public IP address in browser (HTTP).
In Lightsail > Networking, add static IP address to server.
Check static IP address in browser (HTTP).
In AWS > Route53 > Hosted Zone for ianwdavis.com,
create an A
record for happyhour.ianwdavis.com pointing to the static IP.
Wait for this to take effect -- may be a few minutes.
Confirm new domain name in browser (HTTP).
Configure SSH
In ~/.ssh/config
:
Host happyhour
HostName happyhour.ianwdavis.com
User ubuntu
IdentityFile ~/.ssh/LightsailDefaultKey-us-east-1.pem
Push code
git clone https://github.com/iwd32900/happyhour.git
cd happyhour
sudo apt install python3-pip python3-venv
python3 -m venv venv
source venv/bin/activate
pip3 install -r requirements.txt
mkdir static
python3 server.py
Configure Nginx as reverse proxy
Resources:
- https://flask-socketio.readthedocs.io/en/latest/#using-nginx-as-a-websocket-reverse-proxy
- https://docs.aiohttp.org/en/stable/deployment.html#nginx-configuration
- https://www.nginx.com/blog/websocket-nginx/
cd /etc/nginx/sites-enabled/
sudo ln -s ~/happyhour/happyhour.nginx
In /etc/nginx/nginx.conf
:
gzip off;
Having gzip on
leads to lots of 400 errors with WebSockets!
Test config: sudo nginx -t
Restart: sudo systemctl restart nginx
Configure SSL
sudo apt install python3-certbot-nginx
sudo certbot --nginx -d happyhour.ianwdavis.com
Test to make sure auto-renewal is working: sudo certbot renew --dry-run
Make Python start automatically
sudo apt install monit
cd /etc/monit/conf-enabled/
sudo ln -s ~/happyhour/happyhour.monit
In /etc/monit/monitrc
, uncomment:
set httpd port 2812 and
use address localhost # only accept connection from localhost
allow localhost # allow localhost to connect to the server and
and do sudo monit reload; sudo monit status
.
The thing that took me forever was to figure out that happyhour.sh
had to start the server as a background process.
Otherwise, startup timed out, and Monit killed the process after 30 sec.
Deploy updates
cd happyhour
git pull
pgrep -f happyhour # optional
sudo monit restart happyhour
pgrep -f happyhour # optional, should show different process ID
Server security updates
It looks like unattended-upgrades is enabled by default on the Lightsail Ubuntu 18.04 instances.
Nginx log analysis
sudo apt install goaccess
goaccess --log-format=COMBINED <(zcat -f /var/log/nginx/access.log*) --ignore-crawlers
TODO
- allow naming tables
- broadcast chat messages to all participants
- re-broadcast which room people are in periodically (to make sure things are in sync)