-
Notifications
You must be signed in to change notification settings - Fork 61
Dev ~ Deploying the OMF Web Service
David Pinney edited this page Dec 26, 2020
·
19 revisions
Please note that these instructions in this document refer to hosts and directories that are specific to omf.coop.
See the Developer Documentation.
- Bring up an Ubuntu 18.04 LTS machine.
- Complete the developer installation production server.
- Enable the service by
cp /omf/omf.service /etc/systemd/system/omf.service. - Make sure we're starting on boot via
sudo systemctl enable omf. - Add the SSL certificates to /omf/omf/omfDevCert.pem, /omf/omf/omfDevKey.pem, and /omf/omf/certChain.ca-bundle (ask David for it).
- Add the emailCredentials.key to /omf/omf/ (ask David for it).
- Start the service by running
systemctl start omf. - Updates to prod can be done by running the cloudDeploy.sh script.
- Create a key pair with
openssl genrsa -des3 -out sslCert_KEY.pem 4096 - CSR request creation with
openssl req -new -key .\sslCert_KEY.pem -out sslCert_CSR.pem - Upload CSR text to the CA. We use Thawte via thesslstore.com. Do their email verification. Download completed cert as sslCert_CERT.cert and chain of vertification as sslCert_CHAIN.pem.
- Translate cert to pem format:
openssl x509 -in sslCert_CERT.crt -out sslCert_CERT.der -outform DER; openssl x509 -in sslCert_CERT.der -inform DER -out sslCert_CERT.pem -outform PEM. - Put on server as described above.
If you are testing SSL on a test instance, you can generate self-signed keys via the instructions in webProd.py.
We use AWS backup to store weekly snapshots of the production instance.
Restoration process:
- Create a volume from the EBS snapshot. Make sure it's in the same region as the EC2 instance you will attach it to.
- Attach the volume to an instance. Choose (e.g.) /dev/xvdb as the device ID.
- SSH in to the instance you attached it to, and as root do (e.g.)
mkdir /backup; mount /dev/xvdb1 /backup. The 1 indicates first partition. - When you're done,
umount /dev/xvdb1