Skip to content
View GuillaumeCisco's full-sized avatar
🎯
Focusing
🎯
Focusing

Block or report GuillaumeCisco

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
GuillaumeCisco/README.md

Guillaume Cisco's interactive website

Installation

This project use yarn and the experimental yarn workspaces for package.json splitting and convenience.

Please install the last version of yarn and run yarn config set workspaces-experimental true

Then run: yarn install

For electron, you need to install libgconf-2-4

sudo apt install libgconf-2-4

For testing and developping on the projet with true hot module replacement, run yarn start

For testing with prod config: yarn start:prod

For testing in electron, run: yarn start:electron-dev

For packaging for electron:

yarn build:electron
yarn build-electron
yarn package-all

For building the production website and deploy it, run: Before deploying, create a file deploy.js in the tools folder with your param

yarn build:main
yarn deploy

You can now stop the task on aws ECS, it will restart automatically, if you did not define an autoscaling policy.

Do no forget to invalidate the cache on your aws redis instance. Connect with ssh to your ec2 instance, then connect to your redis instance as explain in elasticache documentation. https://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/GettingStarted.ConnectToCacheNode.html#GettingStarted.ConnectToCacheNode.Redis.NoEncrypt Then run flushall. You should automatize this part. More information in the cache part below.

Test and Cover

For running the test suite: yarn test

For displaying covering: yarn cover

Eslint

For displaying lint errors: yarn eslint

Cache

This project use a redis cache manager for the server routes. Allowing us not to rerender the same html production by route.
For deploying with amazon, please create a redis cluster by following this documentation:
https://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/GettingStarted.CreateCluster.html
Don't forget to create a isolated security group for opening port 6379 as described in the documentation.
For not paying too much on amazon, you can simply run a redis docker instance on your ec2 instance and get the container instance ip for your redis.

$> docker run --name redis -p 6379:6379 -d redis
$> docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' redis

You will need to go inside this docker for flushing cache in the future.

$> docker exec -it redis bash
# redis-cli flushall

Test

For testing your generated docker with your localhosted redis, update your deploy.js file and do not forget to comment the part that push to your registry, then:

$> redis-cli flushall && docker run -it -v /etc/letsencrypt/:/etc/letsencrypt/ --net="host" -p 8000:8000 docker_image_name:latest

You'll notice I also bind the let's encrypt folder, more information in the next part.

Then head to https://localhost:8001/

Do not forget to redis-cli flushall when testing multiple times.

Disable redis for testing this project in ssl with -p 8001:8443.

Encryption files creation

For creating your own self signed certificates

https://blog.didierstevens.com/2008/12/30/howto-make-your-own-cert-with-openssl/

cd encryption
openssl genrsa -out ca.key 4096
openssl req -new -x509 -days 1826 -key ca.key -out ca.crt
openssl genrsa -out ia.key 4096
openssl req -new -key ia.key -out ia.csr
openssl x509 -req -days 730 -in ia.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out ia.crt

With let's encrypt

Dev mode
sudo certbot certonly --manual -d guillaumecisco.com -d www.guillaumecisco.com

Places the files in the folder ./well-known/acme-challenge and build and deploy your website, then continue the process for validating the ownership of the website. Then places the generated files to the encryption folder.

The certificates will only last for 90 days, so be sure to create a cronjob with the command

sudo certbot renew

for issuing new certificates and rebuild and deploy your docker app.

Ec2

You should run these commands on the server running the docker app i.e the EC2 instance https://www.digitalocean.com/community/tutorials/how-to-use-certbot-standalone-mode-to-retrieve-let-s-encrypt-ssl-certificates

https://medium.freecodecamp.org/going-https-on-amazon-ec2-ubuntu-14-04-with-lets-encrypt-certbot-on-nginx-696770649e76

Be sure you can access you ec2 instance with ssh, then https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html

on your ec2 instance, follow these steps:

$> yum install wget python27-virtualenv
$> wget https://dl.eff.org/certbot-auto
$> chmod a+x certbot-auto

Be careful, when running the next command, you will need to create two files before pressing for the third time continue, and build and deploy your docker app again. These two files need to be placed in .well-known/acme-challenge folder. Make sure the security group of your ec2 instance has ports 80 and 443 opened.

$> ./certbot-auto certonly --manual -d guillaumecisco.com -d www.guillaumecisco.com

After having deployed your app with the new available files, press continue, files will be available now on your ec2 instance.

You now need to make these files accessible to your docker app by modifying its permissions.

$> sudo groupadd certaccess
$> whoami
ec2-user
$> sudo usermod -a -G certaccess ec2-user
$> sudo usermod -a -G certaccess root
$> sudo chown ec2-user.certaccess /etc/letsencrypt/
$> sudo chown ec2-user.certaccess /etc/letsencrypt/live
$> sudo chown ec2-user.certaccess /etc/letsencrypt/archive

Now you need to create a volume on your ECS configuration task /etc/letsencrypt/:/etc/letsencrypt/ https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html

Or run the docker run command like that:

$> docker run -it -v /etc/letsencrypt/:/etc/letsencrypt/ -p 8001:8443 984406419997.dkr.ecr.eu-central-1.amazonaws.com/guillaumecisco:latest

Your site is now secured!

Renewing

For now, we need to do it manually as the docker instance is binded to port 80 and 443. Cerbot need these port to renew the certificates. So we need to stop the docker, launch the command and the docker instance will be automatically renewed thanks to our aws ecs policy.

docker stop `docker ps --format '{{.Names}}' | grep ecs-guillaumecisco` && ./certbot-auto renew --standalone

TODO: create a cronjob for renewing certificate and docker restart container_name

Maybe better use webroot plugin

Tip: For getting container name : docker ps --format '{{.Names}}' | grep ecs-guillaumecisco

Popular repositories Loading

  1. redux-sagas-injector redux-sagas-injector Public

    Helper for loading sagas asynchronously using redux

    JavaScript 69 7

  2. redux-reducers-injector redux-reducers-injector Public

    Dynamically inject reducers in your react reduc app. HMR and SSR compatible.

    JavaScript 32 6

  3. react-json-prettify react-json-prettify Public

    Simple and Lightweight React Component for displaying Json

    JavaScript 7

  4. restaurantdelaposte restaurantdelaposte Public

    JavaScript 5 1

  5. django-lingua django-lingua Public

    Forked from geomin/django-lingua

    Django database translation on the basis of gettext, stored in gettext file. Edit on the fly and the changes are instant available.

    Python 4

  6. django-es django-es Public

    Django ES is a Django wrapper for elasticsearch-dsl-py

    Python 3