Blog upgrade with aws

This is such a long detour of setups, don't follow alone cause most of these setups is likely not needed at all.

This is less of a tutorial but more of a Recap of what I did and what I did wrong

Previous Setup

• aws lightsail
• nginx

Setup Dockerfile

Try to encapulse my blog into a docker image, containerization yeah!

Setup jekyll

Use the jekyll/jekyll docker image from docker hub

Issues

• bundle install execute with no error on my laptop, yet can not build on lightsail VPC

Solutions

• That's why I decide to push docker image from my own computer, and use ECR to serve my blog

Setup nginx

Issues

1. Error: No permission to proxy_pass localhost:4000 where jekyll serve runs
2. Error: No permission to access /root/blog
3. Error: circular access

Solutions:

1. Use jekyll build instead of jekyll serve (Shouldn't serve for prd env either)
2. Put contents inside /usr/share/nginx/html, solved no permission issue

Setup aws-cli

This step is not mandatory if you can directly use codebuild to build you docker image without any check.

Install aws-cli to setup your docker image and push to ecr later on

Setup AWS IAM

You should use a AWS IAM role for aws-cli api call(like docker operations that we'll talk about later)

In order to use ecr with current IAM role, you also need to attach ecr policy to it.

Setup ecr

aws ecr let's you push & store your docker images to it

Setup ecs cluster

ecs cluster provide the ip and networking for your ecr docker images. So that user can directly access your docker contents

Setup Route53

To redirect your domain name request to the IP of previous ecr clouster ip

Setup ecs task

So that ecs cluster can be updated

Setup codebuild

codebuild let you update your entire build process automatically when some specific action is triggered, normally a git push

First, create build project

codebuild is a general tool, when used with ecr, you also need to:

1. tick privileged
2. tick set up webhook
3. you need to attach AmazonEC2ContainerRegistryFullAccess policy to the role used for codebuild

buildspec.yml

You need to create a buildspec yaml file for codebuild to follow alone.

codebuild succeed

Setup code pipeline

So that you can connect of of these together!

Setup artifacts

This is plain required for codepipeline

Failed and aborted. Try other ways afterwards.

Setup S3 website hosting

Why:

What I actually need for a docker is merely a static site server(Nginx on my mind), then I thought this is stupid and find out that you can directly host static site from aws S3.

But still there's a lot of tweaks that I may forget instantly for doing that.

Achieved

• Can serve my blog using S3
• DNS correctly points to related S3 bucket

Resolved issues

• S3 doesn't provide a way to redirect blog.com/page to blog.com/page.html, so I changed the Jekyll config

Unresolved

• Network not stable, I tried with different proxies(JP, NL, and CN without proxy), sometimes it returns Nginx 502 error. (I did not change anything)

Setup Cloudfront

Why:

This blog is quite un-stable after initail setup using S3. Half of the time it works, yet half of the time it shows Nginx 502 error. I thought it was some network issue, and for a faster delivery, I tried to use cloudfront

Achieved

• Setup a Cloudfront distribution and can successfully access my blog contents using cloudfront URL

Un-resolved

• Can not setup dns to point the domain name of this blog to the cloudfront address. (the actual issue is that I can not find any )
  • 

Website Bacis

Cache busting

SEO

Monitoring

Logging (mostly devops side)