Django Docker Deployment with HTTPS using Letsencrypt

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video i'm going to show you how to deploy a django app to aws using docker while also enabling https so this is a topic that i get asked all the time we have another video on our channel that shows you how to deploy a django app to aws using docker and docker compose however people always say how do you add https to that deployment because https is very important now it's really important to keep your application secure because you don't want to be sending data over clear text communication you want to make sure that everything is encrypted where possible so https is really a must-have when it comes to deploying any application that you're going to make accessible over the web so in this video i'm going to show you how to do that i'm going to show you how to deploy a django application to an aws server using docker docker compose and also how to add https using the free let's encrypt service so what we're going to do in this video is we're going to deploy a django app to ec2 instance on aws and we're going to be enabling https using certbot and then we're going to add a domain name for our application through route 53 so in order to have an ssl certificate you need to have a domain name for that certificate so we have to register one of them using the aws route 53 service so before you get started you need to make sure you have docker installed on your system because we're going to be using docker a lot you need to have it installed and set up and ready to go you also want to make sure you have an aws account so if you don't already have an aws account then head over sign up for the aws free tier most of the services that we're using in this video should be available under the free tier so in theory it shouldn't cost you anything except potentially a domain name as they often cost about 10 a year to register however you need to take responsibility for your own costs and keep an eye on the cost on your account you're also going to need to have a code editor i'm going to be using visual studio code so i recommend using visual studio code as well if you want the steps to be as similar as possible however you're also free to use whatever code editor you prefer so here's a diagram of the architecture that we're going to be creating in this video so what we're going to have is three services that are running using docker compose one called nginx which is our proxy and then we're going to have the cert bot service which is going to be used to retrieve our certificates and then we'll have our django app running in the django service the way that https is going to work is certbot is going to retrieve them from let's encrypt and the way it does that is it sets up what's called a challenge so let's encrypt provides a challenge that cert bot can then share with our web server in order to authenticate the request to get the certificate so what happens is let's encrypt will send the challenge to cert box we're then going to put that challenge in a volume that's set up using docker compose and we're going to put it in the certbot web volume that volume will then make that challenge available to our nginx web server so it can then serve it on the web via the domain name that we've set up this allows let's encrypt to authenticate once it's confirmed that we are legitimate web service then we're serving their challenge then it will generate a certificate for us so cerber will be able to retrieve a certificate which will then be stored in the certbot certs volume which will then also be made available to our nginx service so then engineers can now serve the application using https the other volume that we have here is called proxy dh params and this is going to be used to store our diffie-hellman params that are generated the first time we run our nginx service diffie-hellman plans are basically just a way to strengthen the encryption and it takes some time to generate these params when you first run your server so we're going to store them in a volume so that we don't need to generate them again every time we restart the service because that can introduce unnecessary delays we're just going to generate the first time we deploy and then we're going to store in a volume and then we can reuse them later on once the https is all set up we can then run our nginx reverse proxy which will send requests to our django app but first it will terminate them via https so you should be able to access the web domain for your application using the https prefix and then you should see a valid certificate in the browser so there's going to be three main stages to our deployment the first is getting the certificates and this is going to happen the first time you run the service so it's kind of a one-time process that happens the first time you deploy your application to a server and then after we've set up our certificates the first time we can begin serving https on our web server and this is going to be the main running state of our application and then periodically we're going to be updating the certificates with a renewed certificate so let's encrypt issues certificates for a domain for a maximum of three months so before that three months expires we need to run the cert bot renew command which will be used to generate a new certificate and renew them so that you can have it for another three months and we'll be setting that up using an automated cron job okay so that's what we're going to be doing in this video if you like this video then please give it a thumbs up and please subscribe to find future videos that we post on the channel we also have lots of courses where we go into more detail about topics like devops deployment django rest framework and test driven development so please check them out you can find them on our website or you can find them in the description of this video if you're interested alright so let's go ahead and start creating our project the first thing we're going to do is we're going to be creating a new project on github so go over to your github page and we're going to create a new repository i'm going to call this django hyphen https and in the description django deployed with https i'm going to make it a private repository you can of course make it private or public public means anyone can access it on the internet we're going to be able to deploy using a deploy key so even if you set it as private you'll still be able to access it and download it to the server that we're deploying to we'll add a readme and we're going to add the python git ignore and i'm going to leave the license black okay so let's click create repository now we're going to go ahead and clone this repository to our local system so i'm going to move into my workspace here clone that and then let's open it using visual studio code okay now that's done we can start adding the code for our project the first step is to just set up a basic django project using docker and docker compose so that's what we're going to do and i'm going to do this using my favorite approach of doing everything in docker and docker compose so let's create a new file called requirements.txt and then we're going to add two requirements here so we're going to add django equals equals four point zero point five and then u whiz g equals equals two point zero point two zero now i recommend using the exact versions that i specify here just to make sure that the steps that you're going to be following this video are going to be the same you can always upgrade the version after the video if you want okay so let's save the requirements.txt and now we're going to create a dockerfile for our application so this is the dockerfile that we're going to use one for our local development server and secondly to actually deploy and run our application it's going to be what's runs our django app so let's type from python codon 3.10 hyphen alpine 3.16 and then env python unbuffered one i'll talk through what each of these lines do at the end after we've typed it all out and then copy requirements.txt to forward slash requirements.txt and then run apk add hyphen hyphen upgrade hyphen hyphen no cache build base oops that should be build hyphen base and then linux hyphen headers and then ampersand amazon backslash pip install hyphen hyphen upgrade pip uh amazon amazon backslash and then pip install hyphen r forward slash requirements dot txt then we'll do copy app forward slash to forward slash app and then work the forward slash app and then run add user hyphen hyphen disabled hyphen password iphone i have a no create home django then user django and then cmd uwhiskey hyphen hyphen socket and then colon 9000 that's the port number hyphen hyphen of workers 4 and then hyphen hyphen master hyphen hyphen enabled threads hyphen hyphen module and then app.wsgi okay so let's talk through what this does we'll save the file first so the first line line one is just saying we're going to base from python 3.10 alpine image so i've specified the versions here just to make sure that as you're following the steps they're all going to be the same using the same versions that i used in this video because new versions may introduce some changes i recommend using the exact pinned versions that i specify so then you can guarantee that all the steps should be the same and then you can always upgrade at the end then we have this env python unbuffered and this it just tells python that we want to not buffer the output so basically it just prints all of the outputs that come from our python application directly to the console this is the recommendation if you look at the docker documentation for using python and it just makes sure that the outputs are reliable then we're doing copy requirements.txt to requirements.txt this just copies our requirements.txt file that we created in our project two forward slash requirements.txt in the docker image then we're running apk ad which is kind of like yum or apt-get if you're using centos or ubuntu we're using alpine and they have the alpine package manager which is called apk so we're doing apk ad and then we're doing upgrades so we're going to upgrade our dependencies we're going to say no cache because we don't want to store the cache in the docker image we want to keep the dock image as lightweight as possible then we're doing build base and linux headers so these are the two packages that need to be installed in order for us to install django and you whiskey then we're doing pip install upgrade pip and what this does is just upgrade to pip so we can get rid of some annoying warning messages that we get and then we're doing pip install hyphen r and then requirements so it just says install all of the requirements from the requirements file and this location then we're copying the app directory to forward slash app we haven't created this directory yet but we're going to do in a moment this is where our app is going to be stored so it's where we're going to store our django project and all of our django code then we're switching the default work directory to forward slash app with this line on line 11 and then we're adding a user that we can use to run our django application and we're just calling the user django because we don't really want to run it in root user mode then we switch to this user django and then we run the usb command for starting the service so you whiskey on socket 9000 so it's port 9000 we're running on and then four workers so that's four worker threads that we have on our application and then we want it to run in master which means run it in the foreground so we don't want to run you wizkid in the background because this is going to be deployed as a docker container so the best practice is always to run them in the foreground so you get all of the logs and the outputs from that application directly to docker we're enabling threads just in case you want to have multi-threading in your django app and then we are sending the module to app.wsgi which is something that is going to be auto created by django in a moment okay so make sure you've saved that file the next step is to create a docker compose configuration here so we'll do docker python compose dot yml and then we're going to type version colon 3.9 and then services app colon build colon context colon dot and then command colon sh hyphen c python manage dot p y run server 0 0 0 to zero colon eight thousand and then volumes colon hyphen dot forward slash app colon dot forward slash app and then ports colon hyphen eight thousand to eight thousand okay so save the file this is a docker compose configuration and this is actually the configuration we're going to use for our development server so this isn't what we're going to be using for our deployment it's just for development in order to set up and develop our application locally we're setting up one single service here called app and we're sending the build context to dot which just means set it to this current directory that the docker compose configuration is in which means it will use our docker file that we have here in the root of the project then we're setting the command so this will override the default command that we add to our docker file which would run in uwisky we don't want it to run a new whiz key when we run it locally we want it to run using the django management server so the way that we do that is we run python manage your py run server and then on 0.000 port 8000 then we're setting up a volume from the app directory that we're going to create in a moment to forward slash app on the container this just means that all of the code that we change in our project gets automatically synchronized with our running container so we don't need to manually rebuild every single time then we're mapping port 8000 on our host to port 8000 on the container which will allow us to access the running web server okay now that's done we can go ahead and create our project so what we need to do first is create a new empty directory here called app otherwise when we get to this line it's going to fail saying app doesn't exist so that's just why we need to create an empty directory first then we can open up the terminal change to the location if you're on windows you're going to use command prompt or maybe git bash or whatever it is you like to use for your command line interfaces then what we're going to do is we're going to type docker hyphen compose run hyphen hyphen rm app sh hyphen c django hyphen admin start project app dot make sure there's a space before the app and dot and then close the quotes so what this does is it runs docker compose which will use our default docker compose.yaml file that we just created we're passing rm which means remove this container once it's run because we only want it to run once we don't want it to be lingering around on our system forever so we're going to pass in rm to remove it we're specifying the app service that matches app in our docker compose file and then this is the command here so it's sh hyphen c which says run a shell command and we are running django admin start project app full stop so that just means run django admin start a project called app and the full stop means create that app inside the current directory so don't create a new directory create create it in the current directory that we're working from so hit enter what's going to happen now is it is going to build our container so first it needs to download the dependencies from docker hub then it is going to run through all of the steps in our dockerfile to build our image and then docker compose is going to run the command that we want using that image so it's going to run a container from that image and this should create a new django project for us so we're going to wait for that to finish and then we'll continue [Music] okay brilliant so the command ran let's see what happened here so if we open up our project you can see inside app we now have a new django project so here's the django project it's created a new template for our project so we can test this now by just doing docker compose up and then open up your browser and just head over to 127.0 colon8000 if you see this page then it's all running correctly and you have started your project properly if you don't see this page then something must be wrong so go back see if there's any errors or try and restart the server something like that okay great so what i'm actually going to do now is i'm going to commit this to get so get add git commit hyphen am added new django project now the next step is to create an app inside this project so we can do that by typing docker compose run hyphen hyphen rm app sh hyphen c python manage.py start app home and this is going to create a new app it's very similar to the command we ran previously to create a project except this time we're using the manage.py script that's created in our project and we're calling star app home so this will create a new app in our project called home and we're going to use this to put some basic code that we can just deploy so that we can test whether we've deployed successfully okay so i'm not gonna need a bunch of these files that were created by the template so let's delete migrations let's delete admin let's delete models and then we'll also delete tests so normally you would leave all these files in because you would actually add content to them but we're just creating something like a template that we can deploy just so we know we've deployed our app successfully so we're not actually going to be adding any tests or anything in this project so next what we'll do is we will open up our settings.py file that's in app forward sasha settings.py and we're going to create or add i should say a new app to the installed apps called home so this is the one we just created and this will make sure that our templates are available and things like that then what we're going to do is create a simple template so if you open up app forward slash home create a new directory called templates and then inside that create a new directory called home and inside that create a new file called index.html now we're just going to create some test html here if you look at the blog post that comes with this video then you can just copy and paste this in if you prefer so it's not important that you type it out we have a blog post where it's all written out and we have the code diffs available as well if you wanted to see the differences in the code and what to paste where so i'm just going to do html head and then title django with https and then body we're going to do h1 hello oops and then we're going to do p this is a django app with https enabled okay so that's a simple template that we can use let's save the file now let's open up views.py inside our home app and we're going to create a new view for this so we can delete that we're going to do def index request return render request home slash index.html okay great so we have that set up now we'll add a url so we'll open up app forward slash urls.py i'm going to add a new line here path and just have a blank string here views dot index and then we'll do up here from home import views okay so that should be everything we need just for a very basic app that runs a simple template of course there's no complex functionality here it's just very basic we just want to focus on how to deploy using https so we don't want to go too in depth about creating a django app if you head over to the browser refresh the page you should see this so this is the template that we created and of course we haven't actually enabled https yet even though it says it in the template that's what we're going to be doing in the rest of this video okay so why don't you open up the terminal or the git bash or the command prompt and we'll commit our changes here we get add and then get commit added django app okay great the next step is to set up ng x so this is where it starts to get a little bit more complicated but i will talk through each of the things that we do as we do it so open up the project again and we need to set up our nginx docker image so there's a few different parts to this the first step is to create a new directory called docker and this will be used to store our docker files other than the one for our main project here so we're going to create one for certbot and then we're going to create one for nginx we're going to start with our engine x1 which is going to be it's really going to be a reverse proxy so we'll call it proxy and then inside proxy we're going to create a new folder called nginx oops and that's going to be used for our template configuration files so the first template configuration file is going to be called default.com.tpl now we call them.tpl because these aren't the actual finished configuration files these are going to be template files that are used to generate the configuration files based on environment variables that we pass to our app this will allow us to do things like override the domain name and customize it for our own domain name without having to hard code it in the project okay so open up default.com.tpl and this is going to be the configuration file that serves our web server just on plain http so this is what we need to use when we first start our app and we haven't yet created our certificates the reason we need to use this is because as i mentioned in the beginning of this video we need to be able to handle a challenge file that is sent by certbot so surplus provides a challenge and we need to be able to serve that challenge via plain http in order to initialize our first certificates so we'll create a simple nginx config here we're going to type server and then inside the server block we'll do listen 80 that's the plain http port and then server underscore name is going to be dollar and then the braces here domain and then www is going to be also dollar domain and this dollar domain syntax is the template syntax that we're going to use and we're going to be replacing these these variables here with environment variables that we set in our container okay so next what we need to do is set up a location block so we'll do location forward slash dot well hyphen known forward slash acme forward slash challenge forward slash this is the location where let's encrypt expect to find the challenge file in order to complete our authentication so we need to serve this location and make it accessible in port 80 and we need to serve it from root forward slash vol www forward slash and then don't forget the semicolon at the end this will be mapped to a volume that we can then share with surplus so it can put the file there and then nginx can access the file from that volume okay the next thing we're going to do is add another location block here that's just location forward slash so the way that it works is it handles these location blocks in order so it first sees if the url matches this location block if it does then it will serve it from vol roo www now we need to define what happens if the url doesn't match this so essentially everything else that isn't well known acme challenge we just want to forward to https which will help us for when we actually have our https set up so we'll do that by typing return 301 https code on slash and then host and then the request uri this is the recommended way to forward everything from http to https using nginx so that's everything for the default.conf tpl file so save that file and now the next step is to create the same file but for https so this will be the file that's used when we first start the server before we have the certificate and then we're going to create a second file that's used when we do have a certificate the reason why we need two separate files is if you have the https configuration in this file then nginx will crash because the certificates that it needs to serve https will not be accessible so that's why we need to create two separate files for this so we're going to copy the contents of this file so keep the contents in the clipboard open up the browser here and we're going to add a new file here under the nginx subdirectory we're going to call it default hyphen ssl dot conf dot tpl and then paste the beginning of the file in so this is just the same as the first one and the reason we copy this in is just because we're going to run one file or the other so we still want to serve http without that s for the acme challenge here and we also want to handle the redirect so if someone comes to our website using http we're going to redirect them to https but we also want to add some more things here to the bottom so we're going to add a second block a second server block it's going to be called server and this one is going to do listen 443 ssl so that's listen on port 443 which is the default port for https and we are going to say ssl here so we want to enable ssl server underscore name is going to be the same as above so domain and then www dot domain and then we're going to have ssl underscore certificate forward slash etc let's encrypt forward slash live forward slash domain forward slash full chain dot pm and then ssl underscore certificate underscore key forward slash etc let's encrypt slash live slash and then domain forward slash priv key dot pm and then include forward slash etc engine x slash options hyphen ssl hyphen engine x.conf and as i did before i'll walk through these line by line after we've created it and then ssh underscore dh param forward slash vol proxy slash ssl hyphen dh params.pam and then add underscore header not user header strict transport security max age equals three one five three six zero zero zero include sub oops includes sub domains always okay and then we're going to do location forward slash static alias slash ball static and then location forward slash you whiskey pass app host and then app ports include forward slash gtc engine x slash you whiskey params and then client max body size 10 m okay so save the file i'm going to talk through it line by line i'm going to skip this first block because we already covered that it's the same as the previous file that we created we have a new server block here and we're saying listen on port 443 which is https we're sending the server name to the domain name that's going to be configured via environment variables then we're configuring the ssl certificate here so we are setting ssl certificate to etc let's encrypt live slash the domain name and then full chain dot pvm this will be the volume that we map the certificates to from our serpbot so certbar is going to put the files here under live slash domain slash priv key and we're going to have this mapped to a volume called etc let's encrypt so it gets created by server put there and then it should be accessible to nginx from that location via the volume and this is just the certificate and the certificate key it's the basic configuration that you need in order to serve https on any web server then we're doing the include nginx options ssl.conf here so we're going to be adding this in a minute this is a configuration file that i took from the cert github page and it basically includes the basic configuration that you need for an nginx server so it's the basic configuration that you need in order to serve a serp or generated certificate using nginx so we're going to create that in a moment the next one is this ssl dh param so this is the diffie-hellman params that i mentioned previously and all it is is a way to strengthen the encryption so it generates a set of parameters and it takes some time to do this the first time that we do it so that's why we're going to also map this to a volume that will start on the forward slash volume proxy then we're adding this header here so what this is is it just adds a http header to the requests that tells the browser to remember that this web domain should be accessed via https it's just recommended for security so that the browser doesn't keep trying to access using http this will basically say set a header in the browser so that every time you visit this domain always use https which is what you want whenever you have an application then we're serving the location block for static here this isn't really something we're going to cover in this video because this is more about django static files we have different videos on our youtube channel and on our website that explain how you can set up and serve django static files using a docker deployment then we have this final location block here so this says if we haven't matched any of the previous location blocks then forward the request using you whiskey pass and forward it to our basically our django application so we are forwarding it to app slash app so we're forwarding it to app host app port these are things that will configure via the environment variables when we run our application and then we're including these new whiskey params which again are just a configuration file that's provided by the uwiski documentation in order to pass some headers over so we're going to be creating that in a moment and then this client max body size just says support up to 10 meg in the body size so this is useful if you need to upload images or something to the django application okay so let's save the file here and the next thing we're going to do is we're going to be adding our options ssl certificate so if we create a new file here inside nginx we're going to call it options oops options hyphen ssl hyphen nginx.conf okay and what we're going to put in this file is i'll show you how to retrieve it you can go ahead and get it from the description of the video or the blog post that we have in this video but i'll show you where you can find it in case you ever want to find configuration files like this again so if you go to github certbot i'll just search that and then it should take us to the cert bot github page okay we're going to choose serpbot and then we're going to choose the version that we're using so we are using 1.28 0.0 so i'm going to choose that and this is just so that your configuration file matches the version that you're using in docker and then what we'll do is we'll navigate to surfboard nginx should be in here somewhere here we go and then internal and then sorry several engine x then serp or nginx again and then internal and then tls configs and then this options ssl nginx here okay so you just copy the contents of this file and we'll head and paste it in here okay so we can save that that's all we need to do for this file now we need to add the usb params so if we go ahead and create a new file here called uwhiskey underscore params okay so you whiskey params is a file that we need in order to send the right headers to our uwiski service from nginx you can find it on the official documentation for you whiskey so if you just search for you whiskey docs and then we'll just choose a usb project and there should be a page here for nginx so nginx support and then in here we should see the usg params file so we can just copy the contents of that file open up our visual studio code and paste it in okay so save the file and now let's move on to the next step okay the next step is to create a run script in order to run our nginx proxy so we're going to create that inside docker proxy and we're going to create a file called run dot sh and this is going to be a bash script that we're going to use to run our proxy but first we're going to do some checks to check for our ssl certificates and to also generate our dh params so let's go ahead and do that i'm gonna add a shabang here at the top bin slash bash and then set hyphen e and then echo checking for dh params.pem if and then this syntax here for an if statement hyphen f uh and then in quotes vol slash proxy slash ssl hyphen dhparams.pem and then we're going to close the square bracket here and then type then so this is like an if then block in bash then fi and then echo dh params.pem does not exist oops that should all be in quotes does not exist creating it open sshl param hyphen out forward slash vol slash proxy slash ssl hyphen dh params.pem2048 okay so this first part of the script here it will check if the edge params exists so it does this check here in this if block so if this file exists or this not symbol here means if it does not exist so if this file does not exist then run this code here and we're just going to echo a message to the screen so we know what it's doing and then we'll run openssl dh param out and that means put the output of the dh params in this location so forward slash evolves proxy ssl dhparams.pam and we're going to use 2048 bits so once this is done the first time then this should no longer pass and it should not run this code again and this volume should also map the configuration here so if we go over to our open ssl configuration actually not open ourselves the default ssl configuration and we do control find you see that it should match the name here so this will tell you if you've got any typos or anything like that okay so back to the run script so that's the first stage the next stage is to create the appropriate configuration file for the mode that we want to run our proxy in so when we first run the proxy we're not going to have a certificate so we need to run using default.com.tpl the second time we run it we should have the certificate so then we run it using default ssl.com.tpl and one other thing that caught me out as well is that these parameters here so this host and request uri these are actually parameters that are set by nginx however our templating command removes them if they don't exist as environment variables so we need to kind of put a work around here to make sure that post and request uri remain inside the finished output file after we run it through our m substitute command so i'll show you how to do that now what we're going to do is we're going to put a comment here just so we know what we're doing avoid replacing these with m subs export host equals backslash dollar sign host export request underscore uri equals backslash dollar sign request underscore uri so all this does is it exports two string variables with the content that we want to remain inside these values here so host here will get replaced but it will get replaced with a string of the same name and the same for request uri it should be you request uri not url okay so now we'll do echo checking for full chain dot pen so full chain dot pem is the file that will exist when our certificates have already been set up so if they exist then we already have ssl if they do not exist then we don't have ssl so we'll do if not hyphen f e t c slash let's encrypt slash live slash domain which should be caps there domain forward slash full chain dot pem and then close this off here then and we will do echo no ssl cert enabling http only and we'll do m substitute so m subst which is short for m environment variable substitute and then the [Music] arrow in here forward slash etc engine x slash default dot conf dot tpl and then the output to forward slash etc slash nginx slash conf dot d forward slash default.conf okay and then we'll do else and in the else but we'll do echo ssl sir exists enabling https and then m substitute etc engineering default hyphen ssl.com.tpl and then output forward slash etc nginx conf dot d forward slash default.conf and then we just do the fi here at the end to end the if block and finally we run nginx hyphen g daemon make sure i spell this right d a e m o n off and then close the semicolon great so let's save the file so what we're doing here is we're checking if our full chain dot pen exists when we first run it we expect it not to exist so when we first run our service and we don't have a certificate it won't exist we will then run using our default.com.tpl so that was this first configuration that we created here that doesn't have the ssl configuration and then the second time we run it after the certificate has been generated and we've passed the authentication challenge we can then enable https so then we're going to use this default hyphen ssl.conf dot tpl which is the template that has all of the ssl configuration here so this will be what we've run most of the time we're only going to need this bit the first time we run our application and get the certificate okay and then we have our nginx g daemon off and this basically starts our nginx server and it runs it in the foreground so we don't want to run it as a background daemon we want to run it in the foreground so that all of the outputs from nginx are piped directly to our docker logs okay so that's what we need for the script the last step of this proxy step or the last step of adding the proxy is to create a new docker files so inside docker slash proxy i'm going to create a new file called docker file and then we're going to create a docker file for our proxy so we're going to do from engine x colon one point two three point zero hyphen alpine and then copy dot four slash engine x forward slash and then the asterisks here for etc nginx [Applause] and then copy dot forward slash run.sh forward slash run.sh and then env app underscore host equals app env app underscore port equals 9000 and then run apk add hyphen hyphen no hyphen cache open ssl bash and then run chmod hyphen x forward slash run dot sh and then volume forward slash vol static and volume forward slash slash www and then cmd forward slash run glass h okay so save the file what we're doing here is we're creating a new docker image based off nginx version 1.23 and then we are copying our config so dot nginx forward slash asterix copies everything inside this directory here into forward slash etc engine x so we get all of these configs available inside our nginx image then we're also copying the run script and because we didn't put it inside nginx because it's not an nginx config we need to specify it specifically so we say dot forward slash run.sh this file here copy in at forward slash run dot sh on the image then we specify these two env values so these are just default environment variable values that we can override if we want to so the default is going to be what works most the time but we can override this in the future if we want to then we're running apk ad no cache and we're installing open ssl and bash which are things that are needed for our script and then we're doing chmod which is shmod plus x on forward slash run.sh which just makes sure that our run script is executable so the plus x means add executable permissions to the run script then we're specifying these two volumes here so static will be used for static files if we need and then www will be used to serve the certbot challenge from our server volume then we're specifying the default command to run.sh okay so that's everything we need to do for our dockerfile we can check that this builds by doing cd docker slash proxy docker build and then dot here and this will just check that we've created our dockerfile okay and that it's building [Music] okay so that's everything for the proxy next we need to add our surfboard image so we're going to create a new image here inside surfboard so we're going to do docker slash certbot and then we're going to create our first certify hyphen init.sh file so this is going to be a script that we use to certify the first time we run our service so in this script we're going to type a shabang as bin sh and then waits for proxy to be available then gets the first certificate set hyphen e and we're going to say until nc hyphen zed proxy 80 colon do and then done echo waiting for proxy dot dot dot sleep 5s and wait okay so what this script needs to do is we need to first wait for the proxy to be available so when you start services using docker compose you can specify that one service depends on another which means it will wait for one service to start before the other starts however it doesn't guarantee that the application running in that service has had time to start it only guarantees that the service itself has started so it's kind of like guaranteeing turning on a computer but not guaranteeing that you've loaded up your web browser on the computer so that's essentially what's happening we need to make sure that our nginx server is actually up and running and that it's done everything like generate the dh params and things like that that takes some time the first time so we need to wait until that happens and the way that we do that is we use this netcat command and netcat just lets you check to see whether a tcp port is accessible so you could do that by typing until nc hyphen said proxy is the name of the container that we're going to be checking for we're going to do port 80 and then we're going to do and we're just going to echo which is just output a message saying waiting for proxy and then sleep for five seconds wait and then try again so keep doing this until the proxy is available so when the proxy's available we can then do echo getting certificate and then we'll do certbot cert only backslash hyphen hyphen web route backslash hyphen hyphen webroot path vol or forward slash vol www forward slash and then hyphen height or just one hyphen this time d and then here we're gonna do domain backslash actually there's no squiggly brackets around this one because we're just inserting it directly in the script and then hyphen hyphen email email backslash hyphen hyphen rsa high from key hyphen size 4096 backslash hyphen hyphen agree tos backslash hyphen ivan non interactive okay so save the file there's a few things here so i'll just talk us through it so what we're doing is we're waiting for the proxy and then we're running bot sir only so with sirbot it's kind of designed to actually set up and do all the configuration for you on nginx we're not doing that because we want to run it in docker and i want it to kind of be reproducible and i want it to run as a docker service alongside our existing services so in order to do that you need to provide the cert only flag to the command so sir only tells certboard that we don't want it to actually set up our nginx service for us because that wouldn't work because we're not running it straight on a server we're running it in a separate docker service what we wanted to do is just generate a certificate for us and then we'll do the configuration of that certificate ourselves which we've already done through volumes and through our nginx configuration so we're saying sir only get the certificate only we want the webroot method of authentication there's different ways that you can do the challenge the webroot is the one that works best for this type of deployment and then we're specifying the web root path as forward slash vol www so this says the web root of our server that we're going to use to serve the authentication challenge is at forward slash www and that's where it's going to put the challenge then we specify hyphen d and the domain name so whenever you have a certificate it has to be created for a specific domain name so we're giving it the domain name that we want to create the certificate for then we specify the email which is just a requirement of using certbot he needs to specify a valid email address so this should be your own email address we're going to pass these in as variables when we run the service so that's why we're using the dollar sign email here then we're doing rsa key size so 4096 is the recommended key size for keys when you're using certbot and then we do agree tos which means we agree to the cert bot terms of service that you can read on their website then we specify non-interactive and this just means that we're not doing this process manually so we can't enter any inputs when we deploy our application so if it asks any questions like hit yes if you want to continue then it wouldn't work so we specified non-interactive to tell it we just wanted to do the job that we specify based on everything that we pass in here don't ask any questions when we start the service okay so now that we've got this script here we just need to create a little docker file for our server bot so inside docker slash server docker file we're going to type from cert bot slash certbot and then v one point two seven point zero and then copy certify hyphen in it dot s h four slash opt and then run chmod plus x forward slash opt slash certify hyphen init.sh and then entry point we're going to set to blank list here which is basically just override the entry point and then cmd cert bot and then renew so the default will be renew and the reason we set that as default is because that's what we'll be doing after we deploy our service 99 of the usage of this doc image will be for renewals we only ever need to generate using our certificate uh generation script here we only need to do that one time ever basically for a deployment okay so save the file so what we're doing here is we're basing from our existing surfboard docker image that's available for free on docker hub and this is the official image for cert bot then we're copying our script certifying it dot sh two forward slash opt which is like the directory for storing optional scripts on a service so we're doing run chmod plus x to make this script executable and we override the entry point and then we specified the default command here okay so now we've added all of the different components that we need in order to deploy and use https the next step is to configure our django app and also create a docker compose configuration specifically for our deployment so we'll start by configuring our django app so what we need to do i'm just going to close off some of these tabs here and then i'm going to open up forward slash app slash app slash settings.py and then at the top i'm just going to add import os and what we want to do is pull in the security key you see how it says django insecure this is because you need to set this at runtime with a secret value that isn't hard coded in the project so what we'll do is we'll just replace this with os.environ.get django underscore secret underscore key and then the default will be set me in prop so this will pull an environment variable called django secret key and it will set the secret key based on that and if we don't specify then the default will just be set me in prod which is used for our local development so in our local development we don't need to worry about having a secure key but when we're deployed to a server that's accessible we definitely do want to worry about that so that's why we pull this in here then we're going to override this debug here so we'll do debug equals bool int and then os dot environ dot get and we're going to get django underscore debug and then comma zero actually that should be inside the quote here so comma zero okay so what this does is it allows us to toggle debug mode using an environment variable so when we're running on the local machine we can set debug to one which will then set debug to true and then when we're running on a deployed service we can leave debug mode off and again this is recommended as it says in the comment here you don't want to leave debug mode turned on in production next we're going to update the allowed host here so we'll do allowed host equals a blank string if debug else os dot environment get django allowed hosts dot split and this will just allow us to specify various allowed hosts so allowed host is a security feature and it should be set to the domain names that you want to access the application on and it just stops anyone being able to access using the ip address or any other domain name that they set up that points to your server you want to make sure anyone accessing your server is using only the approved domain names so if we're in debug mode we'll just leave this as a blank string otherwise we're going to pull in os environment. django allowed hosts and we're going to split that up by commas which basically says do a comma separated list so we can specify more allowed hosts if we need most of the time we're just going to be specifying one allowed host which is the single domain name we're going to be using for our application it's often used if you want to use something like www dot as well as just the domain name without the www dot okay so save the settings.py file now we're going to go ahead and update our docker compose that we already have here so we're just going to update this we're going to add environment oops this should just be lowercase environment django underscore debug equals one this just means that when we're in debug mode which is what we're going to use this docker compose file for we're going to set the application to debug mode so this will basically be debug equals true okay now we're actually going to create our deployment docker compose so the reason why we have a separate docker compose is because often your deployment environment is going to be very different from your local development environment so in the development environment we just need to have the minimal services we don't need to have the reverse proxy we're just going to use the django development server for our deployment one we're going to have a few more different moving parts so we want to keep those files separate so that we can have a separate configuration for our deployed app and our local app so for the deployment one we're going to create a new file here called docker iphonecompose.deploy.yml and here we're going to type version 3.9 so then we're going to type services colon app colon build colon context colon and then or just context colon dot and then level with build we're going to type restart always and then environment and then in here we're going to type django underscore secret underscore key equals django underscore secret underscore key and then django underscore allowed underscore hosts equals domain okay so this is our first app it's very similar to the development one except we're not overriding the command here to specify the development server so we're going to use the default u whiz key command and we're also setting restart always so if it crashes then it will automatically restart and then we're specifying these environment variables here so we specify django's secret key and we set that to django secret key and this will allow us to define these these configuration values in a file in our project that we keep out of get so we can pull them from an environment variables file and we can pass them into the running containers using this syntax here then we'll create django allowed host and we're passing that to or we're passing in the value of domain okay so that's the app service next we need the proxy service so we do proxy and then build and this time we'll do context dot forward slash docker proxy because that's where the docker file for this proxy service is and then we'll do restart always so again if it crashes it also restarts depends on and this is going to depend on the app so we want to make sure the app starts before the proxy okay now we're going to define ports and for this we're going to need port 80 to 0.80 and port 443 to port 443 so that's port 80 which is http and port 443 that is https and now we specify volumes so before we add the volumes here let's create a volumes block at the bottom of the file so these will define like named volumes that will persist on the server unless we explicitly delete them so do volumes the first one's called sirbot web and then proxy hyphen dh params colon and then cert bot hyphen certs colon so the colon is just because we're not going to specify a specific path that we want to use for this we're just going to let docker manage the path for us we will then be able to access these named versions just or these named volumes just based on the name here so we've set up the volume now we can go back to our proxy and we can type under volumes hyphen certbot hyphen web colon forward slash vol www and then hyphen proxy hyphen dh params colon forward slash proxy and then hyphen certbot hyphen certs forward slash etc let's encrypt okay then we specify environment colon and then domain equals domain so this sets up our proxy service so here we have a build context of the location where our dockerfile and our configurations are and then we set restart always just as we did before and we're saying depends on the app so that it waits for the app to start first and then we're mapping the ports here and then we are setting the volumes up so we're saying certbot web map this to vol www which is then going to be used to serve the base of our configuration so or our web server so we go into our docker slash proxy slash engine x just default you can see it's serving from vol www then dh params we're going to serve from vol proxy so similarly if we open up the proxy nginx config here and we look in our default ssl config you can see that it's serving ssl dh prime from vol proxy so that's this volume here then we're getting the cert bot certs and we're putting them at etc let's encrypt so again if you look here etc let's encrypt will be the volume that we're in a minute gonna connect up to cert bar then we're setting the environment variable domain so that when we create our configs here we can populate it with the correct domain name that we want to run on that nginx service okay next what we're going to do is create our cert bot service so underneath the proxy we'll type certbot colon build colon and then context colon dot forward slash docker certbot and then command colon echo skipping because most of the time when we start our service using docker compose up we're just going to skip serb up we only want to run it when we're doing either renewal or we're doing a um first time initialization but we want to define it as a service here so that we can easily use it through the docker compose command and also have access to these volumes so we've overridden the command then we'll do environment colon and then email equals acme default email and then domain equals domain and then volumes code on certbot hyphen web forward slash vol slash www should be three w's and then ford's um hyphen sirbot hyphen certs forward slash etc let's encrypt forward slash and then depends on proxy okay so this is our servbot service that we'll use to retrieve our initial certificates and also renew certificates we're skipping the command when we do like docker compose up but when we want to run it we can specify the command directly in the command that we're using to run the service and then we i have an environment variable here so email equals the acme default email that we're going to configure domain equals the domain name that we're going to configure and then we're just mapping the volumes up here so serb.web is used to share the challenge and servebot certs is going to be used to store the certificates that we then give to our nginx service okay great so now what we'll do is we'll create a basic configuration file so we're going to configure this using a file but what's best practice is to create a sample file that you can use to change when you deploy it so we'll do dot m dot sample and then we'll do django secret key equals secret key one two three and again this is just a sample this shouldn't be the actual values you use we're going to change these values when we deploy it to our actual server the acme default email equals email example.com oops example.com and then domain equals example.com okay so you can save this file now and then we'll go ahead and commit the changes to get so we'll just go to the root of the project get git commit am finished deployment code okay and then push this to your remote repository great so now what we need to do is actually create a server so this is everything we need to do to set up our project we should in theory be ready to deploy now as long as there wasn't any typos or errors in code so we're going to open up the brave browser here and i'm going to head over to aws so make sure you are logged into aws with your aws account okay so the first thing we need to do is add an ssh key that we can use to authenticate with the server that we create so from the ec2 page we're going to open up the key pairs section and i'm going to import my key from my local machine so if you already have a key then you probably already do have a key of you using github and stuff so you want to import that key so that you can use the same key in order to authenticate so i'm going to click actions import key i'm going to call this mark mvp for mark macbook pro and then i'm going to do cat then the home directory forward slash ssh slash id ed25519.pub so you only want to print the public key you don't want to print the private key which should be kept secret on your machine at all times so you're going to copy the contents of the public key and then you're just going to paste it in here and do import key pair okay so now this is set up we can use this key to authenticate with our server that we create next we'll go ahead and actually create the server so let's head over to the ec2 dashboard launch instance launch instance and then we're going to do we're going to give the server a name so i'm going to call this django https and then i'm going to use amazon linux 2 which is the default here i'm going to leave this as 64-bit and i'm going to leave it on the t2 micro which as it says is free tier eligible so in theory it should be free to use this if you're on the free tier um if you want to actually deploy a real application you probably want more memory than this so you probably want to up the resources here but just bear in mind that there's a different cost associated with all the different types and some of these instances can get quite expensive so you just make sure that you're aware of that when you're deploying a project because you don't want to run up a huge bill for yourself again this is just a very simple app that we're deploying so one gig should be fine of memory and then one cpu so i'm going to do t2 micro and then i'm going to select key pair that i just uploaded so that's mark mvp and then in the security group i'm just going to allow ssh because that's what we'll use to authenticate and control the server and then allow https and allow http and these are required because you have to have http to handle the certificate challenge when you want to generate a certificate now i recommend giving a bit extra storage here because we do need to pull down a few docker images to the service i'm going to get mine 25 gig that's usually plenty as it says here free tier customers get up to 30 gig okay so now that this is all set up we can click launch instance this will go ahead and create a new server for us in aws once this is created you can click view all instances and this will take you to the instance here so here we have django https and here you can see it's got a public ipv4 dns now unfortunately we can't use this to actually create a certificate because it's been blacklisted by certbot because anyone can just go ahead and create these servers and get a new domain name here so we're only going to use this for our authentication and managing the server later on we're going to be creating a new uh dns entry inside route 53 that we'll use for a real name for our server okay so if you copy the public dns here the next step is to actually connect to the server so open up terminal if you're on windows then you probably need to use powershell for this because you need to use the ssh command so we're going to type ssh and we're going to ssh ec2 hyphen user at and then the host name that we copied here so ec2 user is the default user that is created on amazon linux 2. okay i'm going to click yes to add the fingerprint okay now i'm connected to the server so what we'll do now is we'll do sudo yum update y which will just update all the existing packages on the server we'll let that finish [Music] okay great now that that's updated we'll do sudo amazon hyphen linux hyphen extras install hyphen y docker so this will install docker in our um server here so we obviously need to have docker and docker compose installed in order to be able to actually uh run a docker on this server so we'll install that okay now that's installed we'll do sudo systemctl enable docker.service that just enables docker as a service and it will mean that it auto restarts when we restart our server we'll do sudo system ctl start docker.service and that just starts the service now then we'll type sudo user mod hyphen a then capital g docker ec2 user and this will give our ect user the permission to be able to actually run docker so it adds it to the docker group so that we can actually run docker and run our project okay now we need to install docker compose so the way that i recommend doing it is follow these steps that i have in the blog post that comes with this video so basically you want to download docker compose directly from their github so i'm going to type the command out it's quite long you can actually go ahead and copy it from the blog post if you find that easier so we'll do wget https colon slash slash github.com forward slash docker slash compos slash releases forward slash latest forward slash download forward slash docker hyphen compose hyphen and then this dollar and then a curved bracket here you name hyphen s which i believe is just the name of the linux operating system and then the eu name hyphen m which i think is the version of the operating system so we hit download it should download the file here so we do yeah here you can see so it's docker composed linux and then the architecture here and then we'll do sudo mv and we'll move this newly downloaded file and we'll store it in four slash usr slash local slash bin slash docker hyphen compose and then we'll do sudo chmod plus x forward slash usr slash local slash bin slash docker compose the reason we download it like that is because i find that if you install it from the package manager then usually get a really out of date version if you install it through pip then sometimes you get issues with paths and things like that this is just a nice clean way to install it without having to install a bunch of extra dependencies okay so now we can install the final dependency which is git which we're going to need to clone our project so we'll do sudo yum install hyphen white get okay so that's going to install git onto the system once that's done you can type exit to disconnect from the server and then reconnect to the server and the reason you need to do this is so that your user gets the updated permissions it doesn't happen automatically you need to kind of log out and log back in which is what you do by typing exit and then reconnecting okay so now that we've logged down and logged back into the server what we're going to do is just check it's installed okay so we'll do docker hyphen hyphen version and you should see a docker version here and then docker compose hyphen hyphen version and you should see a docker compose version if it says command or found then there's probably an issue and you might need to rerun the steps that we just did to install docker and docker compose okay now we run docker run hello world this will run the hello world image and just double check that everything is installed so yeah if this happens then you have successfully installed docker and you're ready to go okay so now we're going to generate an ssh key on the server in order to add a deploy key to our github project so i'm going to type ssh hyphen keygen and this should be run while you're connected to the server using the ec2 user hyphen t ed 25519 hyphen capital c github deploy key we'll leave this default location here and then i'm going to leave it with no passphrase feel free to add a passphrase for that extra layer of security basically it just means that you're going to have to enter the passphrase every time you clone the code from github to your server okay so now what we'll do is we will output that key so the cat ford uh this tilt character forward slash dot ssh forward slash ed and then um id underscore ed25519 [Music] remember to use the public key not the private key copy that key there and then head over to github and you want to head over to your github project where you have all of the code that you want to deploy so go to settings and then go to deploy keys and add a new deploy key paste the key in and you can call it like aws server and all this does is it allows you to add authentication from a server to your github project in order to have read only access to the code you can give it right access here but we don't need to do that so i recommend not doing that this key will just allow us to authenticate from the server to github in order to claim the project so click add key and then the key gets added here and now what we'll do is we'll actually clone the project so i'm going to go back to code we're going to do clone or sorry code and then the url for ssh it's important to use ssh and not https otherwise you'll be prompted for the username and password so from the server location you're going to do git clone paste the name of the git repo clone it type yes and this will climb the project okay so now that the project's cloned we have the um we basically have all of the code on the server we're ready to go the only thing to do now is set up the dns so as i was saying you can't use this url because it's blacklisted so what you need to do is you need to go over to route 53 and in route 53 you can actually register your own domain so you will be charged to register domain if you already have a domain then you can set it up to point to a hosted zone inside aws so that's what i have here if you don't already have a domain and you want to register one then you can basically do that by following the instructions in the register domain here so you're going to check the domain so let's say example.com and it will tell you if it's available i know that it's not available and it should give you some suggestions and things like that and then you can follow these steps to purchase and then your domain should appear inside the hosted zones here once you're done so just bear in mind that you will be charged it's usually like 10 a year depending on the domain name that you want okay so once we're set up here we're going to point this domain to our server so i'm actually going to add a sub domain and i'll do that by creating a record here so add create record i'm just going to call this django and i'm going to give it a c name and the c name is going to point to the server name in aws so if you open up the ec2 tab the cname can point to the fully qualified domain name for this django instance here so public ipv4 dns copy that you're going to paste that in there and then i'm just going to set it to one minute so that it refreshes quickly and we make any mistakes okay now i'll do create record so now the name is here so this is the dns name that i'm using yours will be a bit different because yours will be whatever your sub domain and primary domain is okay so now that we have this domain name we can continue with the deployment okay so what we'll do next is we'll make sure we're connected to the server that we're deploying to and we're going to make sure that we as inside the project so we want to do cd into the project i'm already in it here so i don't need to do it again i'm going to cp dot m dot sample dot emv this is just going to copy our template here and then i'm going to use vi you can also use nano we'll use nano because it's a bit easier to use nano dot m and we're going to edit these this information here so this i'll just change it to real secret key and i'll make it a bit more complicated of course this is all in the video so i'm going to delete this after the video and then i'm going to add my email address here so again it has to be a valid email address i'm going to use my own email address here and then domain we are going to add the domain name that we just registered so i it needs to be the actual fully qualified domain name that you're using for the server so mine is django.aws.londonapp.dev so i'm going to paste that in there okay and now i'm going to exit and save you just and then you should have the configuration created here so if you do ls ls hyphen la you should see the m file here and this contains your configuration now if you're doing a real deployment here then you want to copy this configuration and make sure it's backed up in a secure password manager or something like that in case you need to recreate the server because if the server gets compromised or you accidentally delete your server you want to make sure those configuration values are maintained somewhere and it's best to put them in a safe secure storage like a password manager okay so now we are ready to start our service for the first time so the first step on the first deployment is to generate the initial certificates and we generate the initial certificates by typing docker compose hyphen f to specify our deployment docker compose config dockercompose.deploy.yaml run hyphen hyphen rm sirbot forward slash opt slash certify hyphen init.sh so hit enter and what it's going to do is the first time you run it it's going to download and build all of our docker images so basically it does it the first time and then they're cached on the system so the second time you run it should be a lot faster but we're just going to wait for this to finish it's basically building all of the different services that are required for our project and then it will go ahead and it will run our certified command in order to hopefully get the first certificate and we'll see if there's any errors or issues with that in a moment [Music] okay so you can see that the images are built and now it's waiting for the proxy so what's probably happening in the background is hopefully it's generating the dh params and this can take a few minutes so we basically just need to wait for that to happen and then when it happens you see it switches to get certificate and then you can see it says account registered requesting a certificate for django dot aws.londonapp.dev and here you can see it's successfully retrieved the certificate so we've completed the first step we've got the certificate which should now be stored in the volume the next step is to run docker compose hyphen f docker compose deploy down and the reason we run down is just to stop the http server which will currently be running using standard http we need to restart the server now that we have the certificate so that it can run in https mode once it's all stopped we then type up and this will recreate our service and you see i've got an error here enabled threads i think i put typo there it should be enable threads but it looks like everything else is working so if i go back to the code and i look for that typo so if i go to the app here dockerfile i think the typo is here so it should be enable threads this will be a good opportunity to show you how to redeploy to code to the server so i've saved the file here i've changed enable threads to enable threads sorry enable threads to enable threads and now what i'm going to do is in the project on my local machine i'm going to go git add git commit hyphen am fixed enable threads get push and now on the server i will go control c to stop the service docker compose down and then i'll do git pull origin this should pull the changes to the local machine and then docker compose hyphen if actually you need to specify docker compose hyphen f deploy down to stop the service and then up so you need to do down and then build to rebuild our image with the new changes and then up and we'll see if this works this time okay it looks a bit more promising let's see oh we had a failure here so no such file or directory here four is actually etc so you can see here i have another typo apologies for all the typos if you spotted these and already fixed them then good for you if not then i'll go ahead and fix these now so you got let's encrypt should be let's encrypt so let's go ahead and fix that here so we'll open up docker slash proxy slash the config here so here's the typo here so let's encrypt okay so we'll save that now hopefully this can be saved here so we will go ahead and do git add git commit fixed proxy type i get push origin and again we'll stop the service we'll do docker compose hyphen f docker compose deploy down get pull origin should pull this layers change docker compose hyphen f docker compose deploy build it's important to rebuild the image because you need to take the new changes and then we'll do up and we'll see this time if it worked okay so it looks like it's working okay let's go ahead and open up the browser now this bot we intended to fail here so we don't want to run it when we're running our actual service we're going to run certbot when we are actually needing to do a renewal so we open up the browser and now let's head over to our django aws.londonapp.dev and you can see here that it redirects us nicely to https if you click on the lock symbol here you can see the connection is secure we have a certificate here so it looks like everything is being deployed successfully using https okay brilliant so now what we might want to do is we probably want to run this in the background so the way that we can do that is we can stop the service by doing control c and we'll just let that stop on its own it should stop in a few minutes okay and now if you run the same command but you just do hyphen d at the end it should run it in the daemon mode which means it runs in the background so it's not running in the foreground because now what we need to do is add the final step which is to handle the auto renewal of the certificates as i mentioned right at the beginning the certificates that are issued by let's encrypt are only valid for three months so within that three month period we need to make sure we are checking for a renewal and renewing the certificate if it is possible so the way we do a renewal manually is we can do docker compose hyphen f docker iphone compose.deploy.yaml run hyphen hyphen rm sirbot sh hyphen c certbot renew and if you run this now you should see it runs through the renewal and it says that it's not due for renewal yet so it's not going to try but what we need to do is make sure that we don't forget to run this so you could just run this manually but then you need to set up a reminder within every three months to make sure you're logging on and manually doing it that's not very user friendly it's easy to forget very prone to error so what we'll do is we'll create a little script that we can use to do this for us so we'll do um in the home directory we'll do cd and then the tild and then we'll just do nano and we'll create a new script called renewed or sh and we'll add the shebang here at the top you could put this in the um code as well but i think it's just very specific for the server and in most cases you'll probably want to automate all of this using github actions or something like that anyway we're just doing a simple demo now to show you for https so we're just going to create the script manually directly in the root directory of the server well not the root directory the home directory of the user of the server already set hyphen e and then cd slash home slash ect user the name of the project which was called django hyphen https and then forward slash user slash local slash bin slash docker compose hyphen f docker compose.deploy.yaml and then run hyphen hyphen rm servbot renew the reason why we do the command like this is because we're going to run this using cron and sometimes cron doesn't always have the correct path set up so we're going to specify the specific path where docker composes just to make sure it runs reliably okay so you can save this by doing control x and then y and then we'll write the changes and then we'll do crontab hyphen e so we'll set this up on zero so we'll do crontab hyphen e zero dot space zero then the two asterisks here and then six and then sh and then there's a name of that script so home slash ec2 user slash renew.sh so what this is is crontab now if you're not familiar with crontab you can look up online what it is and how it works but essentially you set a schedule here and it will run to that schedule so this schedule says that for the zero minute at the zero hour of every day of the month for every month on the sixth day of the week we're going to run this command so essentially what that translates into is run this every saturday at midnight so you can actually look this up if you go to crontab dot guru it's a great resource that turns this into like a human understandable name so it tells you exactly when it will run and it allows you to tweak it so that you can play around with it and change the schedule if you want but essentially this runs every week and then we run it every week so that we know it will get renewed it's kind of the recommendation is to run it every week even though we only need to renew every three months we run it every week just to check and make sure the renewals get done early in case anything goes wrong or the service goes down or something like that okay so i'm going to save this here and that's everything we need to do this is basically how you set up a django deployment to an aws server using docker and then also set up https i hope you found this useful if you enjoyed this and you found it useful then you might also find our other courses and other resources interesting so feel free to check out our website or our youtube channel make sure you subscribe and like this video if you found it helpful thanks a lot for watching i'll see you next time

Info

Channel: London App Developer

Views: 51,288

Rating: undefined out of 5

Keywords:

Id: 3_ZJWlf25bY

Channel Id: undefined

Length: 94min 43sec (5683 seconds)

Published: Mon Aug 15 2022