Assure Support Site

Repository and information for the Assure Support Site

Structure

.
├── README.md               # This file
├── docker-compose.yml      # Launches the web service in two containers
├── q2a_site/               # Question2Answer website source code
└── startup.sh              # Startup script for launching on remote server

Local Startup

Make sure the following credentials are set:

• In q2a_site/qa-config.php
  • QA_MYSQL_HOSTNAME
    • Must be set to the name of the DB container defined in docker-compose.yml
  • QA_MYSQL_USERNAME
    • Matches the MYSQL_USER environment variable below
  • QA_MYSQL_PASSWORD
    • Matches the MYSQL_PASSWORD environment variable below
  • QA_MYSQL_DATABASE
    • Matches the MYSQL_DATABASE environment variable below
• In ./docker-compose.yml
  • MYSQL_ROOT_PASSWORD
  • MYSQL_DATABASE
  • MYSQL_USER
  • MYSQL_PASSWORD

Then run:

docker compose up -d

Finally, navigate to http://localhost in your web browser

Launching to AWS

1. Create a new EC2 instance
   • Name can be anything
2. Select an image (Ubuntu 20.04 was used for testing, Amazon Linux works if you change a line in the startup script)
3. Select/create a key pair for ssh access
4. Select/create a network security group with the following rules:
   • Type: HTTP, Protocol: TCP, Port Range: 80, Source: 0.0.0.0/0
   • Type: ssh, Protocol: TCP, Port Range: 22, Source:
5. Click Launch Instance
6. While waiting for the instance to boot, click on it and copy its public IPv4 address
7. Connect to your instace with the following command (note you may need to sudo, depending on file permissions):
   • ssh -i @
   • will either be ubuntu or ec2-user, depending on whether you chose Ubuntu or Amazon Linux as the image
8. Once connected, run the following commands:
   • sudo yum install -y git
   • git clone https://github.com/ubsicap/assure_support_site.git
   • cd assure_support_site
     • Note: If you chose Amazon Linux, change the line near the bottom of the startup script to install_dependencies "Amazon Linux"
   • sh startup.sh
9. You will be prompted to create a MySQL root password, account username, account password, and database name.
10. Once you have created credentials, the docker-compose.yml file will be ran and two containers will start.
11. Open your web browser to http://
12. You will be prompted to create an administrator account for the website.
13. Once created, you can access the site through the aforementioned IP address.

Custom Domain Name

Setting up a custom domain is split into multiple parts, listed below:

Elastic IP

1. From the AWS EC2 Console, search for "Elastic IP"
2. Click "Allocate Elastic IP Address"
   • Note there is a charge for this if the address does not get associated with an EC2 instance
3. Select the IPv4 address pool option desired
   • For development, we used "Amazon's pool of IPv4 addresses"
4. Allocate the address
5. After the IP was generated, click "Actions" and then "Associate"
6. Associate the Elastic IP with the EC2 instance running the server

More info can be found here.

Register Domain Name

1. Register a domain name through your service of choice
   • freenom was used for development
   • Dev domain name is supportsitetest.tk
   • Used "freenom DNS" instead of custom name server
2. Create the following DNS records:

   NAME	TYPE	TTL	TARGET
   	A	3600
   www	A	3600

Link Together

Once the above steps have been taken, you should be able to navigate to http:// OR http:// and you will arrive at the same web page.

SSL Certification

Using Certbot

Before attempting this, please ensure that HTTPS traffic is not yet allowed by navigating to https:// in your web browser. Do not attempt the following steps if the site is already certified.

Note: This requires a custom domain name to bet set up first. Also, every time docker compose down or an equivalent command is run to terminate the q2a-apache container, this process will need to be repeated.

VERY IMPORTANT NOTE: If you are developing, be sure to include the --test-cert flag when running certbot, otherwise you risk being rate limited! For production, simply omit this flag.

1. Ensure that the web server is live (EC2 instance & Docker containers).

2. Connect to the EC2 instance (ssh -i @, just like above)

3. Once connected, run the following two commands:

   # Install certbot & apache plugin (if needed)
   docker exec q2a-apache apt-get install -y certbot python3-certbot-apache
   
   # Run certbot interactively
   docker exec -it q2a-apache certbot --test-cert --apache

4. You will be prompted for your email, two y/n questions, and the domain name of the site

   • The email is used for contact about SSL renewal
   • The questions should be answered Y then N

5. If successful, you will see a message stating that the site is now certified

6. Navigate to https:// and verify that HTTPS traffic is allowed

More information can be found here.

Manually (For development ONLY)

Note: In order for this to work, the following files must be located on the EC2 instance in /home/$USER/ssl_keys/:

• certificate.crt
• ca_bundle.crt
• private.key

Once these files are in place, open startup.sh and comment out the call to ssl_certify at the end of the file. Also, uncomment manual_ssl_cert.

Now re-run sh startup.sh and navigate to https:// in your browser to verify that HTTPS traffic is allowed.

More information can be found here.