[LINUX] How to deploy a web application on Alibaba Cloud as a freelancer

Throughout this article, I would like to share the best practices I use when deploying web applications in the cloud.

** This blog is a translation from the English version. You can check the original from here. We use some machine translation. We would appreciate it if you could point out any translation errors. ** **

This article is Medium Blogging Platform But it is also published.

In this article, I would like to share the best practices I use when deploying web applications in the cloud. I work as a freelancer, but recently one of my clients asked me to set up SuiteCRM for a small organization. I write Alibaba Cloud tutorials so often that I encouraged clients to use the same cloud platform. For nearly 100 users and more than 30 concurrent users, the configuration I recommend is:

  1. PHP-2 vCPUs for installing Nginx with FPM, ECS instance with 4GB of RAM.
  2. ApsaraDB for RDS, core 1GB, RAM 1GB, storage 10GB for RDS instance for MySQL. 3, Direct Mail for sending emails.

The steps I took are very simple and can be used in almost any PHP-based application.

If you are new to Alibaba Cloud, please sign up for Alibaba Cloud from this link (https://account.alibabacloud.com/register/intl_register.htm?spm=a2c65.11461447.0.0.3a3757aaxK9yJs&biz_params=%7B%22intl % 22:% 22% 7B% 5C% 22referralCode% 5C% 22:% 5C% 22fmj2og% 5C% 22% 7D% 22% 7D) Please. You can get new user credits worth US $ 300 for free, which you can use to try out various Alibaba Cloud products.

Create an ECS instance

Alibaba Cloud documents almost all the information you need to get started with the cloud platform. For information on how to get started with Alibaba Cloud, see Getting Started Tutorials and Tech Share Blog. You can use spm = a2c65.11461447.0.0.3a3757aazuE4B9). The most straightforward steps can be found in the Quick Start Guide (https://www.alibabacloud.com/help/en/doc-detail/25422.htm) for best practices to use when creating an ECS instance. I will explain.

Log in to the Alibaba Cloud console and go to the Elastic Compute Service interface. You can easily create an instance by clicking the Create Instance button. The points to note are as follows.

1, Region: Alibaba Cloud has data centers all over the world, so always choose a region that is geographically close to your application users. If your data center is close to your users, your website will load much faster due to less network latency. In my case, the organization was based in Mumbai, so I chose the Mumbai region. 2. Billing method: If you want to operate your instance 24 hours a day, 365 days a year, you should always choose monthly billing because the price will be less than half that of pay-as-you-go billing if you choose monthly billing. For example, a monthly subscription cost for an ECS instance with two vCPUs and a shared type of 4GB RAM is $ 23, but if you use the same instance with Pay-As-You-Go, the cost per hour is $ 0.103. .. The monthly cost will be $ 0.103 * 24 \ * 30 = $ 74.16 USD.

3, Instance type: Select the instance type according to your requirements. You can increase resources later if needed. 4, Image: You can find the application you want to install on your ECS instance in the Marketplace image, but it is always recommended to install it yourself with a clean official image. Later, if your application encounters an error, you will know where to look. 5, Storage: The system disk will be deleted when the ECS instance is released. Use data disks whenever possible, as the disk will be preserved if the instance is accidentally deleted. The settings I used are:

image.png

You can select the VPC that will be created by default. You can add 4092 instances in it. I'm using a different security group for each ECS instance, so I can configure it individually and make sure no unused ports are open.

Another important thing is to use key-based authentication instead of passwords. If you already have a key pair, add the public key to Alibaba Cloud. If you don't have one, you can create one using Alibaba Cloud. Keep the key in a very secure place and make sure the key itself is encrypted with a passphrase.

image.png

That's all for the points to note when creating an ECS instance.

ECS instance settings

After creating an instance and logging in to the terminal, there are some things to consider before setting up your website.

  1. Instead of using the root account to execute the command, set the sudo user on the first connection and always use the sudo user to execute the command. You can also set key-based authentication for sudo users too and disable root login altogether.
  2. Always update the base image. For example, run the following command on Ubuntu Server. 3, Alibaba base image does not have extra packages that are not needed. Also, be careful not to install packages you don't need.
  3. If something goes wrong during the installation, you can always reset the instance by changing the system disk. There is no need to delete and recreate the instance.

I created a sudo user and set key based auth in it. I updated the base image and set up an unmanned system upgrade. I installed Nginx web-server and then used PHP-FPM to install PHP 7.2, following the tutorial for installing Nginx web-server. PHP 7.2 is the latest version of PHP currently available. By using the latest software, there are no bugs, the processing speed becomes faster, and stable operation becomes possible. Finally, I downloaded the Suite CRM archive from the official website and deployed it to Nginx.

To install the application, use Getting started tutorial and [Tutorial written by the author of Tech Share](https://www.alibabacloud. Please refer to com / blog? spm = a2c65.11461447.0.0.3a3757aaPzSq8i).

Security group rule settings

It is very important that you do not open unused ports in the security group of your ECS instance. Take a look at the security group rules I used for my SuiteCRM instance.

image.png

You can see that only ports 22, 80, 443 are allowed with all ICMP packets. Port 22 is used for SSH connection. Port 80 is an insecure HTTP port, in my case redirecting to HTTPS port 443. ICMP packets are used to ping to see if the host is alive. It's okay to delete the ICMP packet, but you won't be able to ping the instance.

Create an RDS instance

The first question that comes to mind before creating an RDS instance is why you need it. You can also install open source database servers such as MySQL, MariaDB, PostgreSQL, and MongoDB on the ECS instance itself.

The answer to this question is that ApsaraDB for RDS Instances is optimized for speed and security. is. By default, the created instance is only accessible to whitelisted instances.

Let's take a look at the points to note when creating an ECS instance.

  1. Region: ECS instance will be created When creating a database instance, be sure to select the same region. Also, make sure they are in the same VPC. This allows you to take advantage of free intranet data transfer between hosts in the same network. Another advantage is that you only need to whitelist the private IP addresses of your ECS instances. This greatly improves the security of the database.
  2. Billing: Again, the cost of your monthly subscription is lower than the Pay-As-You-Go method. Choose according to your needs. 3, Capacity: You can start with a low-end configuration such as 1 core, 1 GB instance, and 5 GB storage. Later requirements can increase resources. 4, Account: Never create a master account for a MySQL 5.6 instance unless you need to. Create a database and a database user for each database. Below are the RDS settings I used with Suite CRM.

image.png

Once the MySQL RDS instance was enabled, I whitelisted the ECS instance from the Instance Security tab. As soon as I whitelisted the IP address, I got the hostname and port number of the RDS instance, which was the MySQL default port "3306". I created a database named "suitecrm" and a database user named "suitecrm" and gave them read and write access.

Use of HTTPS

With the development of the Internet, many websites are added every day. Since the Let's Encrypt Certificate Authority started offering SSL certificates for free, the trend has been to use SSL on all websites. It is very important to use SSL in your web application to ensure security. If the data being exchanged is not encrypted, it can be eavesdropped on the network and sensitive information can be extracted.

Alibaba Cloud also offers SSL certificates, which is quite expensive in my sense. However, expensive ones come with an extra warranty. The SSL certificate provided by Alibaba Cloud is suitable for corporate users.

With the introduction of SuiteCRM, we also used Let's Encrypt's free SSL to ensure the security of SuiteCRM web applications. In order for Certbot, the client application of Let's Encrypt CA, to generate a certificate, the domain must be directed to the server.

Alibaba Cloud offers a domain name with free whois protection at a very reasonable price. In my case, the client already had a domain name purchased from elsewhere. I created a subdomain and pointed that domain to an ECS instance. I installed Certbot and was able to easily generate a certificate. Remember to set up a cron job to automatically renew your certificate, as the certificate expires every three months.

Direct mail settings

Creating an enterprise-grade web server requires expertise and time, and is very expensive to maintain, so you should avoid setting up your own mail server. Even a small misconfiguration can cause email to go directly into your spam folder.

Alibaba Cloud Direct Mail Service offers an inexpensive way to send mail from your application using SMTP. The first 200 mails are free every day. In my case, 200 emails a day is enough, and emails that exceed the free limit are also very cheap. I tried adding a new mail subdomain to direct mail. When I added the domain, I was asked to update the DNS. I tried as instructed, but it took a long time to verify the DNS. Once done, I added the sender address to make the SMTP server available to my application.

Web-based installation

Finally, everything is ready. Suite CRM application hosted on ECS. The database server is hosted on ApsaraDB for RDS. It was easy to do a web-based installation to install the software.

The following are the settings provided to the database server during the web-based installation of SuiteCRM.

image.png

Similarly, I filled in all the required information and provided the SMTP server details.

image.png

Eventually, my application was deployed on Alibaba Cloud. In addition, use ApsaraDB for Memcache to save the SuiteCRM session cache and then [WAF](https: // www. I suggested to the client to use alibabacloud.com/en/product/waf) to protect the application from invading threats. However, the client refused to implement these proposals because of the increased monthly billing. However, the client was very pleased to see the performance of the application on Alibaba Cloud platform.

I frequently write tech blogs on the Alibaba Cloud Tech Share platform. Please visit the following link to read the tutorial I wrote. Please find it. Also, I will write a detailed guide to the steps and commands I follow to install SuiteCRM on Ubuntu 16.04 on Alibaba Cloud Tech Share platform.

Recommended Posts

How to deploy a web application on Alibaba Cloud as a freelancer
How to deploy a Django application on Alibaba Cloud
How to deploy a Streamlit application to GCP (GAE)
How to deploy a Go application to an ECS instance
How to deploy a web app made with Flask to Heroku
How to register a package on PyPI (as of September 2017)
How to deploy django-compressor on Windows
How to test on a Django-authenticated page
Until you publish (deploy) a web application made with bottle on Heroku
How to build an application from the cloud using the Django web framework
How to disguise a ZIP file as a PNG file
Steps to develop a web application in Python
How to live a decent life on 2017 Windows
Go beginner tried to create a cloud native web application using Datastore / GAE
A record of the time it took to deploy mysql on Cloud9 + Rails
How to run a Django application on a Docker container (development and production environment)
How to install Fast.ai on Alibaba Cloud GPU and run it on Jupyter notebook
Deploy a Python 3.6 / Django / Postgres web app on Azure
(Python) Try to develop a web application using Django
How to set up a VPN gateway to establish a connection between Alibaba Cloud and AWS
A memorandum on how to use keras.preprocessing.image in Keras
Deploy a Django application on Google App Engine (Python3)
How to build a Django (python) environment on docker
How to display DataFrame as a table in Markdown
How to install git on Linux such as EC2
How to run Django on IIS on a Windows server
[Tips] How to use iPhone as webcam on Linux
How to build a Python environment on amazon linux 2
Deploy a web app created with Streamlit to Heroku
[Code Pattern] How to deploy a sample currency app to OpenShift on IBM Cloud using Red Hat Universal Base Image (UBI)
How to connect to Cloud SQL PostgreSQL on Google Cloud Platform from a local environment with Java
How to use GitHub on a multi-person server without a password
A memo on how to easily prepare a Linux exercise environment
How to run a trained transformer model locally on CloudTPU
How to build a new python virtual environment on Ubuntu
How to convert an array to a dictionary with Python [Application]
Encrypt ACME on Alibaba Cloud: Concepts Related to SSL Certificates
How to make a multiplayer online action game on Slack
How to print characters as a table with Python's print function
How to deploy the easiest python textbook pybot on Heroku
How to mount a Windows 10 directory on Ubuntu-Server 20.04 on VMware Workstation 15
(Failure) Deploy a web app made with Flask on heroku
Setting up a CentOS 7 server hosted on Alibaba Cloud ECS
A note on how to load a virtual environment in PyCharm
How to use cuML SVC as a Gridsearch CV classifier
[Introduction to AWS] A memorandum of building a web server on AWS
How to use a file other than .fabricrc as a configuration file
How to import NoteBook as a module in Jupyter (IPython)
Deploy a Django application on EC2 with Nginx + Gunicorn + Supervisor
To deploy Java application on VPS (Apache / Tomcat installation / linkage)
How to hack a terminal
Run the output code on the local web server as "A, pretending to be B" in python
How to make Python 3.x and 2.x coexist on Mac (I also included opencv as a bonus)
How to install OpenCV on Cloud9 and run it in Python
A note on how to check the connection to the license server port
Build a game leaderboard on Alibaba cloud using Python and Redis
Build a Flask / Bottle-like web application on AWS Lambda with Chalice
How easy is it to synthesize a drug on the market?
How to customize U-Boot with OSD335X on a custom board (memo)
How to build a Python environment using Virtualenv on Ubuntu 18.04 LTS
How to make a .dylib library from a .a library on OSX (El Capitan)