{"id":25322750,"url":"https://github.com/ccjmne/orca-deploy","last_synced_at":"2025-04-07T22:41:47.174Z","repository":{"id":47266643,"uuid":"70650604","full_name":"ccjmne/orca-deploy","owner":"ccjmne","description":"Docker project for NCLS Development's Orca solution.","archived":false,"fork":false,"pushed_at":"2025-04-02T17:27:51.000Z","size":158,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-02T18:31:22.407Z","etag":null,"topics":["aws","aws-ec2","certbot","devops","docker","ec2","ec2-ubuntu","nginx","tomcat","tomcat9"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ccjmne.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-10-12T01:34:29.000Z","updated_at":"2025-04-02T17:27:55.000Z","dependencies_parsed_at":"2024-02-20T23:31:22.023Z","dependency_job_id":"b02f00cb-e84b-4ec5-8237-a93f58c19558","html_url":"https://github.com/ccjmne/orca-deploy","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ccjmne%2Forca-deploy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ccjmne%2Forca-deploy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ccjmne%2Forca-deploy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ccjmne%2Forca-deploy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ccjmne","download_url":"https://codeload.github.com/ccjmne/orca-deploy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247744129,"owners_count":20988779,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-ec2","certbot","devops","docker","ec2","ec2-ubuntu","nginx","tomcat","tomcat9"],"created_at":"2025-02-13T23:48:07.504Z","updated_at":"2025-04-07T22:41:47.155Z","avatar_url":"https://github.com/ccjmne.png","language":"Shell","readme":"# orca-deploy\n\nPackager project for NCLS Development's [Orca](https://www.orca-solution.com/) solution.\n\n## Usage\n\n1. Build and publish a [Docker](https://www.docker.com/) image of the Web server using the instructions found under [`app/`](./app).\n2. Deploy the environment either using either:\n\n - [Elastic Beanstalk](https://aws.amazon.com/elasticbeanstalk/) (see [`eb/`](./eb)), or\n - directly onto a simple [EC2 instance](https://aws.amazon.com/ec2/) (see [`ec2/`](./ec2)).\n\n The main difference between these two approaches is the SSL setup.\n\n\u003e [!TIP] \n\u003e Don't forget to compile and publish `setup.tag.gz` with each release:\n\u003e\n\u003e ```shell\n\u003e tar --directory ec2/setup -czvf setup.tar.gz .\n\u003e ```\n## app\n\nThis section is used to create and publish a new version of Orca's Web application as a [Docker](https://www.docker.com/) image.\n\n### Requirements\n\nYou'll need to have both the [AWS CLI](https://aws.amazon.com/cli/) and the [Docker CLI](https://docs.docker.com/engine/reference/commandline/cli/) installed and available. \nThe image will be published to our [AWS ECS](https://aws.amazon.com/ecs/) registry (`424880512736.dkr.ecr.eu-west-1.amazonaws.com/orca`).\n\n\u003e [!TIP] \n\u003e You will need to have configured a CLI profile named `ncls` that has **write** access to [ECR](https://aws.amazon.com/ecr/) on the `424880512736` account.\n\n### Usage\n\n- Make sure to have the webapp available under the `webapps/` directory\n- Execute `compose.sh \u003cversion\u003e`.\n## eb\n\n\u003e [!WARNING] \n\u003e This method doesn't deploy puppeteer-html2pdf, which is required for PDF generation.\n\nThis section creates a application bundle for [AWS Elastic Beanstalk](https://aws.amazon.com/elasticbeanstalk/) to run a [Multi-Container Docker environment](http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker_ecs.html) with a ready-to-use Orca Web server.\n\nUsing Elastic Beanstalk, the SSL certificates are managed via [AWS Certificate Manager (ACM)](https://aws.amazon.com/certificate-manager/) and installed on a front-facing [Elastic Load Balancer (ELB)](https://aws.amazon.com/elasticloadbalancing/). The distributed certificate is a wildcard, whose renewal is automatically handled by ACM.\n\n\u003e [!NOTE]\n\u003e\n\u003e - **Pro:** Easiest setup possible.\n\u003e - **Con:** Uses an ELB (per environment), which is somewhat pricy and downright overkill, considering our current needs.\n\n### Usage\n\n- Create an [Elastic Beanstalk](https://aws.amazon.com/elasticbeanstalk/) environment configured as follows:\n 1. Use an Elastic Load Balancer and listen for both HTTP and HTTPS\n 2. Select [Multi-Container Docker environment](http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker_ecs.html)\n 3. Set up the [required environment variables](#environment-variables)\n- Create a `zip` archive from the `Dockerrun.aws.json` and the `nginx-config` directory.\n- Upload to the desired [Elastic Beanstalk](https://aws.amazon.com/elasticbeanstalk/) environment.\n## ec2\n\nThis section guides you through setting up client configuration and building tools to deploy Orca directly onto an [EC2 instance](https://aws.amazon.com/ec2/).\n\nManaging your own EC2 instance \"manually\" will use certificates issued by [Let's Encrypt](https://letsencrypt.org/).\n\n\u003e [!NOTE]\n\u003e\n\u003e - **Pro:** No additional costs, other than the EC2 instance and data transfer.\n\u003e - **Con:** More complex setup.\n\n### Usage\n\n1. Launch an EC2 instance configured as follows:\n\n- Choose an instance of type _Amazon Linux 2023 AMI_ (e.g.: `ami-0fc3317b37c1269d3`).\n- Pick a preconfigured [Security Group](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) that opens `HTTP` (`:80/tcp`), `HTTPS` (`:443/tcp`) and `SSH` (`:22/tcp`).\n\n - Also ensure that `[::]:80`, `[::]:443` and `[::]:22` are open, for IPv6 support.\n\n- Grant it the `ec2-orca-install` [IAM Role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) that allows:\n\n | Policy | Service | Reason |\n | ------------------------------------ | --------------------------------- | --------------------------------- |\n | `AmazonEC2ReadOnlyAccess` | [EC2](https://aws.amazon.com/ec2) | List instance tags |\n | `AmazonS3ReadOnlyAccess` | [S3](https://aws.amazon.com/s3) | Get client-specific configuration |\n | `AmazonEC2ContainerRegistryReadOnly` | [ECR](https://aws.amazon.com/ecr) | Access Orca's docker container |\n\n2. Create the DNS record for `\u003cclient id\u003e.orca-solution.com` pointing to the right instance (use an [Elastic IP](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html)).\n3. Set the [expected environment variables](#environment-variables):\n\n - Edit the [configuration template](/ec2/utils/orca.conf.tpl)\n - Upload it as `\u003cclient id\u003e.conf` in the `orca-clients` S3 bucket (`arn:aws:s3:::orca-clients`).\n\n4. Connect onto the machine and install the latest release via the setup script on `master` branch:\n\n ```shell\n ssh -i /path/to/key.pem ec2-user@\u003cclient-id\u003e.orca-solution.com\n bash \u003c(curl -s https://raw.githubusercontent.com/ccjmne/orca-deploy/pre-revamp/ec2/utils/deploy.sh)\n ```\n\n\u003e [!TIP] \n\u003e Ensure the DNS records have properly propagated before proceeding to step 4.\n\n### Update Orca\n\nUse the `update.sh` script installed during the deployment in your home directory (`/home/ec2-user`) as follows:\n\n```shell\n./update.sh \u003cversion\u003e\n```\n\nWhere `\u003cversion\u003e` corresponds to a tag for our web app's Docker container and defaults to `latest`.\n\n### Create new versions of the setup script\n\nCreate a new release on GitHub and upload the `setup.tar.gz` archive as an asset, generated as follows:\n\n```shell\ntar --directory setup -czvf setup.tar.gz .\n```\n## Environment variables\n\n| Name | Description |\n| --------------------- | ------------------------------------------------------------------------- |\n| `AWS_ACCESS_KEY_ID`\\* | Access Key ID of user with full access to `arn:aws:s3:::orca-resources` |\n| `AWS_SECRET_KEY`\\* | Secret Key of user with full access to `arn:aws:s3:::orca-resources` |\n| `ORCA_DB_HOST`\\* | [RDS](https://aws.amazon.com/rds/) hostname |\n| `ORCA_DB_NAME`\\* | [RDS](https://aws.amazon.com/rds/) database name |\n| `ORCA_DB_USER`\\* | Database user name |\n| `ORCA_DB_PASS`\\* | Database user password |\n| `ORCA_DEMO_ENABLED` | `true` iff the demo mode should be enabled |\n| `ORCA_INIT_SECRET` | Used to trigger a (re)initialisation of the database or a demo data reset |\n| `CORS_ORIGIN` | Used to set the `Access-Control-Allow-Origin` header |\n\n\u003e **\\*** - Required\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fccjmne%2Forca-deploy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fccjmne%2Forca-deploy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fccjmne%2Forca-deploy/lists"}