-
Notifications
You must be signed in to change notification settings - Fork 0
Home
- Create an EC2 T3.nano server based on Ubuntu 18.04 LTS
- Set root volume to have 8 GB of space
- Create an elastic IP and assign to that instance
- Create a 2 GB swap file according to instructions here: https://www.digitalocean.com/community/tutorials/how-to-add-swap-space-on-ubuntu-16-04
sudo fallocate -l 2G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
Add this to /etc/fstab
: /swapfile none swap sw 0 0
Next time allocate a larger disk.
Add a 4GB volume as described here: https://medium.com/@dharanviper/how-to-attach-and-permanent-mount-an-ebs-volume-to-ec2-linux-instance-dec32deba9f2
sudo mkfs -t ext4 /dev/nvme1n1
sudo mkdir /tiles
sudo mount /dev/nvme1n1 /tiles
Create user for the application
sudo adduser app --disabled-password
- Install go 1.12 according to the installation instructions on the Golang site: https://github.com/golang/go/wiki/Ubuntu
- note:
go get
installs to ~/go` by default sudo su app && cd ~
mkdir go
-
go get github.com/consbio/mbtileserver
, this installsmbtilserver
to~/go/bin/mbtileserver
NOTE: you may have to add more swap space to compile.
As ubuntu
user, grant mbtileserver
ability to bind port 80:
sudo setcap CAP_NET_BIND_SERVICE=+eip /home/app/go/bin/mbtileserver
Copy the tiles to /tiles
.
Verify that mbtileserver
starts properly and is able to obtain certificates for HTTPS connections.
From /home/app
directory, run /home/app/go/bin/mbtileserver -d /tiles -p 443 --domain <DOMAIN> --redirect --tls
Note: update <DOMAIN>
to proper domain for this server.
Then make a connection to that URL to force server to obtain certificates from Let's Encrypt. In your browser:
https://<DOMAIN>/services
You should see this on the server, and no errors:
INFO[0000] Found 116 mbtiles files in ./
--------------------------------------
Use Ctrl-C to exit the server
--------------------------------------
HTTPS server started on port 443
⇨ https server started on [::]:443
HTTP server with redirect started on port 80
⇨ http server started on [::]:80
Stop mbtileserver
with CTRL-C.
Paste the following into /etc/systemd/system/mbtileserver.service
, updating variables as needed:
[Unit]
Description=MBTileserver
Documentation=https://github.com/consbio/mbtileserver
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
[Service]
Restart=on-abnormal
RestartSec=60
User=app
WorkingDirectory=/home/app
ExecStart=/home/app/go/bin/mbtileserver -d /tiles -p 8000
ExecReload=/bin/kill -USR1 $MAINPID
[Install]
WantedBy=multi-user.target
Verify that it starts correctly:
sudo service mbtileserver start
-
sudo service mbtileserver status
should report no errors
Register the service to start on server reboot:
sudo systemctl daemon-reload
sudo systemctl enable mbtileserver
Basic instructions here: https://medium.com/@jgefroh/a-guide-to-using-nginx-for-static-websites-d96a9d034940 and here: https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-18-04
sudo apt-get update && sudo apt-get install -y nginx
- update firewall to allow nginx:
sudo ufw allow 'Nginx Full'
- remove the default config file:
sudo rm /etc/nginx/sites-enabled/default
- copy
/deploy/nginx.conf
in the repo directory and rename to/etc/nginx/sites-available/pflcc
sudo ln -s /etc/nginx/sites-available/pflcc /etc/nginx/sites-enabled/
sudo systemctl restart nginx
On production server, using the main nginx.conf
config file, setup SSL support according to the instructions here:
sudo add-apt-repository ppa:certbot/certbot
sudo apt install -y python-certbot-nginx
sudo certbot --nginx -d tiles.climateadaptationexplorer.org -d www.tiles.climateadaptationexplorer.org
Verify that auto-renewal works:
sudo certbot renew --dry-run
Tiles are stored in /home/app/tiles
.
- Upload new tiles to this directory (
cd
ormv
may need to be done assudo
). - restart the tileserver
sudo service mbtileserver restart
- check the status to make sure it started correctly
sudo service mbtileserver status