Another retrospective post this week looking at how the backend of this website was created and hosted.
First off here is the architecture layout.
I have an EC2 instance sitting on a public subnet (again not highly available) and a PostgreSQL DB running in RDS on AZ-a with a read replica (RR) sat in AZ-b.
With the architecture sorted the next steps were setting up the server. I fired up an EC2 instance on Ubuntu 22.04 and followed these steps to install and setup Nginx on the server.
Next up was a case of installing pip3 and other necessary packages. I then created a virtual environment using "python3-venv."
Now inside the venv, using the pip command, I installed wheel followed by gunicorn and flask.
The website, which I had already created in the past using Flask and jinja, was up on my GitHub and so I cloned the repository and used the requirements.txt to install the rest of the dependencies.
By opening port 5000 on the ufw I was able to trial run my site using the command “python main.py”.
I was able to access any static pages such as index.html or about.html but any pages with forms were not loading due to the database connection not being established.
From here I followed this guide to modify my WSGI entry point, configure Gunicorn and configure Nginx to proxy requests for port 80. I was now able to access my tylerhardwick.co.uk via http://.
Securing the application was similar to the LAMP server however this time I used the command python3-certbot-nginx to install certbot. While certbot did make changes to the file in etc/nginx/sites-available/ I did need to make minor changes to it and change some permissions in order to access it via https://.
At this stage https://tylerhardwick.co.uk was accessible however I was unable to open any pages with forms in which the webserver needed to establish a connection with the database. As this was my first time connecting to a PostgreSQL database within AWS I created a test DB in a public subnet that I could access and test remotely in order to troubleshoot. Using a tool called DBeaver I was able to confirm I was able to establish a connection and modify my Python code to match.
I mirrored this in my prod environment pointing to the correct DB, restarted the service using the command “sudo systemctl restart tylerhardwick.co.uk” and confirmed that the pages were now loading successfully.
The next issue I faced was inputting data to the DB. After some troubleshooting I found SECRETKEYs saved in the local env needed moving over to AWS. I made some changes to the code to test and then moved the keys over to AWS Secrets Manager. The webserver was now fully up and running.