How to LightSail
Last Revised: 10th October, 2022
Reading Time: 5 minutes
This is a quick 'How to LightSail' guide for members of the LCDS who are thinking of creating an accessible, public facing dashboard. This is a work in progress, and all comments and feedback are welcome! More advanced comments are noted after the enumerated list:
- Ensure that you have an account under the institutional LCDS umbrella org (or use your own private account as appropriate).
- Ensure that you've already registered the domain name that you want your application to be served to with an appropriate provider (GoDaddy, Route53, or otherwise). We're going to come back to this provider later to change name-servers and authenticate LightSail to take control of what gets shown on this domain.
- Navigate yourself to the AWS LightSail console page.
- Create yourself an instance of the appropriate size, choosing the operating system that you feel most comfortable with. For most things, relatively smaller tier instances will more than suffice.
- Either using the SSH key which it provides, or using their handy in-browser terminal function, log into the instance.
- Deploy your application to the instance: this could be from GitHub, and it could optionally be wrapped into one of Doug's awesome Docker containers for easy redeployment.
- Ensure that your application is running, and that it's serving to port 80 (or otherwise as appropriate). This instance is otherwise known as the 'Origin'.
- Click 'Networking', and create a "Static IP" address.
- Next, also in the Networking tab, create a 'Distribution' with the appropriate plan and settings.
- Within this distribution, assign your 'Origin' and 'Static IP' to it.
- Next, also in the 'Networking' tab, create your 'DNS Zone'.
- After you've created your DNS Zone, you need to go back to the place where you registered your domain name (see 2., above), and copy and paste in the four 'nameservers' which it gives you into your domain name provider's portal.
- Lets now attach an SSL certificate to authenticate our domain (this allows secure connections over https). Go back to the Distribution you created above (in the 'Networking' tab), and navigate to 'Custom Domains'.
- First, create an SSL certificate, noting down the 'Name' and 'Value' in a text editor for easy copy and pasting later. You might very well want to not just create a certificate for 'domain.com', but also 'www.domain.com' (as an 'alternate'): this can be filled in the 'alternative names' field (where the 'www.' acts as a subdomain to the root domain).
- Importantly, note here that your 'domain name' e.g. 'domain.com' cannot be registered as a Distribution in any other part of the AWS infrastructure within or outside of LightSail.
- Navigate to the DNS Zone created above, and click on 'Add Record'. This record should be a 'CNAME' type, and here you should copy in the value form step 14. into the 'subdomain' placeholder. This is very important: Do not copy the 'domain' part of your Value. If your Value is '123abc.domain.com', only copy in '123abc', as LightSail has pre-propagated the domain for you. Copying it all in would result in a subdomain of '123abc.domain.com.domain.com'. In the 'Maps to' section, paste in the full 'Name' value of your SSL certificate.
- If you've created Value/Name pairs for not just the root domain (e.g domain.com), but also for things like 'www.domain.com', you should also fill in CNAME entries for these.
- This should result in a status on your SSL certificate in your Distribution changing to 'Validation in Progress...', which can take an ambiguous amount of time to actually validate, but usually resolves in 5-30 minutes in my experience.
- This should allow us to proceed to the final step: pointing things at our instance. Navigate to the DNS Zone created above, and create 'A' (address) name DNS entries for your root (@.domain.com) and also your subdomains (www.domain.com). Point these at the Distribution which you've created above via the dropdown menu. Again, you might need to wait an ambiguous but short amount of time for your DNS records to propagate across the internet.
- Viola! Your application should now be online!
This guide is deliberately introductory. There are an additional number of things that you might want to consider. If there's demand, we can expand this file to discuss such things. These include, but aren't limited to:
- Setting up the firewall either on the instance or via LightSail, and importantly: restricting ssh access to an IP within the University's range (e.g. the VPN, the socsci network/VPN, PES, your private VPN, or otherwise).
- Deciding whether you want your origin to serve your distribution with HTTP/HTTPS.
- Changing Cache settings, or choosing a Static or Dynamic distribution.
- Using things like
whatsmydns.netto check on the propagation status.
- How to integrate shinyproxy.
- How to configure loadbalancers.