Skip to content

opam.ocaml.org and www.ocaml.org on AWS ECS Fargate

Jump to bottom
mtelvers edited this page Aug 16, 2022 · 2 revisions

This note details the manual deployment of a Docker container on AWS ECS Fargate. These steps are completed automatically via the OCaml Deployer pipeline running at https://deploy.ci.ocaml.org. Instructions are available available for a non-AWS deployment

Docker

Install Docker and then download and install Docker Compose "Cloud Integrations"

curl -L https://raw.githubusercontent.com/docker/compose-cli/main/scripts/install/install_linux.sh | sh

Docker Context

Visit the AWS console and create an access secret.

Create a Docker Context

$ docker context create ecs awsecs
? Create a Docker context using: AWS secret and token credentials
Retrieve or create AWS Access Key and Secret on https://console.aws.amazon.com/iam/home?#security_credential
? AWS Access Key ID *****************
? Enter AWS Secret Access Key ****************************************
? Region eu-north-1
Successfully created ecs context "awsecs"

Use the context

docker context use awsecs

SSL Certificates

Visit AWS Certificate Manager and create SSL certificates for the required domain names. In order to prove ownership you must have access to the DNS records of the domain and temporarily publish validation CNAME records. The result of this process will yield an ARN number such as arn:aws:acm:us-east-1:867081712685:certificate/941be8db-4733-49c9-b634-43ff0537890c which needs to be inserted into the Docker compose file (see below).

OPAM

Create docker-compose.yaml as follows. Note EphemeralStorage: 50. The image is 18GB and we need space for the image plus the extracted image.

version: '3.4'
services:
  live:
    image: ocurrent/opam.ocaml.org:live
    command: --root /usr/share/caddy
    ports:
      - 80:80
    deploy:
      replicas: 2

x-aws-logs_retention: 30

x-aws-cloudformation:
  Resources:
    LiveService:
      Properties:
        DeploymentConfiguration:
          MaximumPercent: 100
          MinimumHealthyPercent: 50
    LiveTaskDefinition:
      Properties:
        EphemeralStorage: 50
    Default80Ingress:
      Properties:
        FromPort: 443
        Description: live:443/tcp on default network
        ToPort: 443
    LiveTCP80Listener:
      Properties:
        Certificates:
          - CertificateArn: "arn:aws:acm:us-east-1:867081712685:certificate/941be8db-4733-49c9-b634-43ff0537890c"
        Protocol: HTTPS
        Port: 443

Create the stack

docker compose -p opam-3 up

WWW

Create docker-compose.yaml as follows. Note memory: 2048M. Steady state requires at least 1GB of RAM.

version: "3.4"
services:
  live:
    image: ocurrent/v3.ocaml.org-server:live@sha256:a1264e9ef3cc25665f5ebd73a3d95d5be52c5e711857093a625023673d5b61e4
    ports:
      - target: 8080
        x-aws-protocol: http
    deploy:
      replicas: 2
      resources:
        limits:
          cpus: '0.500000'
          memory: 2048M

x-aws-logs_retention: 30

x-aws-cloudformation:
  Resources:
    LiveService:
      Properties:
        DeploymentConfiguration:
          MaximumPercent: 100
          MinimumHealthyPercent: 50
    Default8080Ingress:
      Properties:
        FromPort: 443
        Description: live:443/tcp on default network
        ToPort: 443
    Live8080Listener:
      Properties:
        Certificates:
          - CertificateArn: "arn:aws:acm:us-east-1:867081712685:certificate/24cde0e9-42c0-41ef-99d8-0fe8db462f36"
        Protocol: HTTPS
        Port: 443

Create the stack

docker compose -p www up
Clone this wiki locally