Docket and Let's Encrypt Recently, I’ve been trying out Let’s Encrypt which is a great new service offering SSL certificates and some automated tools to get them for free! I wanted to see how easy it would be to get going with Let’s Encrypt for a dockerized web application. However, to try that out I realised I’d need a Docker host – with a DNS name that I control – running somewhere. So I’ve written the following guide and some scripts to get that setup. Stay tuned for the next post in which I’ll tell you how to get up and running with Let’s Encrypt.

Docker machine basics

Docker machine is awesomesauce for getting a docker instance running out on the internet. The included driver amazonec2 allows you to create a docker daemon with one command:

docker-machine create  
  --driver amazonec2 
  --amazonec2-region "$AWS_REGION" 
  --amazonec2-instance-type "t2.micro"  
  --amazonec2-access-key "$AWS_ACCESS_KEY_ID" 
    --amazonec2-secret-key "$AWS_SECRET_ACCESS_KEY" 
    --amazonec2-vpc-id "$AWS_VPC_ID" 
    --amazonec2-zone c 
    my-lovely-docker-server

Docker machine is installed along with the docker toolbox.

The docker client works just the same as when it’s connected to your local daemon. To view your running docker daemons, type:

$ docker-machine ls
NAME                                 ACTIVE   DRIVER       STATE     URL                         SWARM
default                              -        virtualbox   Saved                                 
my-lovely-docker-server              -        amazonec2    Stopped   tcp://14.191.121.235:2376   

The output of that command shows that default is the name of my local docker daemon, running on virtualbox, and that my-lovely-docker-server is the one running on aws.

To switch your client between docker servers, eval the output from docker-machine env <machine name>

# e.g.
eval "$(docker-machine env my-lovely-docker-server)" 
# or
eval "$(docker-machine env default)" 


Automatic DNS entry with Elastic IP and Route53

If you want other humans or robots to easily use the services you run on your aws docker machine, you’ll need a static IP and DNS entry.

Prerequisites – Amazon

Before running the script you’ll need to set up three things:-

  • An AWS user with the correct rights (incl. its secret key and access key id);
  • A VPC with a public subnet;
  • A Route53 hosted zone.

AWS user

Set up a new user in AWS. Save the secret key and access key, and attach the AmazonEC2FullAccess and AmazonRoute53FullAccess policies to the new user.

Imgur

Create VPC

If you dont already have a VPC to use, go to the VPC wizard, and select the option for ‘VPC with a single public subnet’.

Imgur

Name your VPC and leave the rest of the options as they are.

Imgur

Hosted Zone

Register a domain and set up a hosted zone for it on Route53.

Prerequisites – Your machine

You need to have these three pieces of software installed on your machine for the script to work:-

  • docker-machine: https://www.docker.com/docker-toolbox
  • aws cli: https://aws.amazon.com/cli/
  • jq: https://stedolan.github.io/jq/

Go!

Now, you’ve done the hard part you can run the following to get started.

git clone git@bitbucket.org:automationlogic/docker-machine-on-aws.git
cd docker-machine-on-aws

export AWS_SECRET_ACCESS_KEY=your-secret-access-key
export AWS_ACCESS_KEY_ID=your-access-key-id
export AWS_REGION=your-region-id (I use eu-west-1) 
export AWS_DEFAULT_REGION=$AWS_REGION
export AWS_VPC_ID=your-vpc-id

./createDockerInstance.sh www yourdomain.com

You’ll notice in your aws console:-

  1. A new instance get created by docker-machine
  2. A new elastic IP
  3. Ports 80 and 443 will be added to the docker-machine security group
  4. A resource record for www will be created in the hosted zone yourdomain.com

If you docker run a dockerised web app now, it will be available on www.yourdomain.com.