AWS - Elastic Beanstalk

Now you want to use Otoroshi on AWS. There are multiple options to deploy Otoroshi on AWS, for instance :

You can deploy the Docker image on Amazon ECS
You can create a basic Amazon EC2, access it via SSH, then deploy the otoroshi.jar
Or you can use AWS Elastic Beanstalk

In this section we are going to cover how to deploy Otoroshi on AWS Elastic Beanstalk.

AWS Elastic Beanstalk Overview

Unlike Clever Cloud, to deploy an application on AWS Elastic Beanstalk, you don’t link your app to your VCS repository, push your code and expect it to be built and run.

AWS Elastic Beanstalk does only the run part. So you have to handle your own build pipeline, upload a Zip file containing your runnable, then AWS Elastic Beanstalk will take it from there.

Eg: for apps running on the JVM (Scala/Java/Kotlin) a Zip with the jar inside would suffice, for apps running in a Docker container, a Zip with the DockerFile would be enough.

Prepare your deployment target

Actually, there are 2 options to build your target.

Either you create a DockerFile from this Docker image, build a zip, and do all the Otoroshi custom configuration using ENVs.

Or you download the otoroshi.jar, do all the Otoroshi custom configuration using your own otoroshi.conf, and create a DockerFile that runs the jar using your otoroshi.conf.

For the second option your DockerFile would look like this :

FROM openjdk:11
VOLUME /tmp
EXPOSE 8080
ADD otoroshi.jar otoroshi.jar
ADD otoroshi.conf otoroshi.conf
RUN sh -c 'touch /otoroshi.jar'
ENV JAVA_OPTS=""
ENTRYPOINT [ "sh", "-c", "java $JAVA_OPTS -Djava.security.egd=file:/dev/./urandom -Dconfig.file=/otoroshi.conf -jar /otoroshi.jar" ]

I’d recommend the second option.

Now Zip your target (Jar + Conf + DockerFile) and get ready for deployment.

Create an Otoroshi instance on AWS Elastic Beanstalk

First, go to AWS Elastic Beanstalk Console, don’t forget to sign in and make sure that you are in the good region (eg : eu-west-3 for Paris).

Hit Get started

Specify the Application name of your application, Otoroshi for example.

Choose the Platform of the application you want to create, in your case use Docker.

For Application code choose Upload your code then hit Upload.

Browse the zip created in the previous section from your machine.

As you can see in the image above, you can also choose an S3 location, you can imagine that at the end of your build pipeline you upload your Zip to S3, and then get it from there (I wouldn’t recommend that though).

When the upload is done, hit Configure more options.

Right now an AWS Elastic Beanstalk application has been created, and by default an environment named Otoroshi-env is being created as well.

AWS Elastic Beanstalk can manage multiple environments of the same application, for instance environments can be (prod, preprod, expriments…).

Otoroshi is a bit particular, it doesn’t make much sense to have multiple environments, since Otoroshi will handle all the requests from/to backend services regardless of the environment.

As you see in the image above, we are now configuring the Otoroshi-env, the one and only environment of Otoroshi.

For Configuration presets, choose custom configuration, now you have a load balancer for your environment with the capacity of at least one instance and at most four. I’d recommend at least 2 instances, to change that, on the Capacity card hit Modify.

Change the Instances to min 2, max 4 then hit Save. For the Scaling triggers, I’d keep the default values, but know that you can edit the capacity config any time you want, it only costs a redeploy, which will be done automatically by the way.

Instances size is by default t2.micro, which is a bit small for running Otoroshi, I’d recommend a t2.medium.
On the Instances card hit Modify.

For Instance type choose t2.medium, then hit Save, no need to change the volume size, unless you have a lot of http call faults, which means a lot more logs, in that case the default volume size may not be enough.

The default environment created for Otoroshi, for instance Otoroshi-env, is a web server environment which fits in your case, but the thing is that on AWS Elastic Beanstalk by default a web server environment for a docker-based application, runs behind an Nginx proxy. We have to remove that proxy. So on the Software card hit Modify.

For Proxy server choose None then hit Save.

Also note that you can set Envs for Otoroshi in same page (see image below).

To finalise the creation process, hit Create app on the bottom right.

The Otoroshi app is now created, and it’s running which is cool, but we still don’t have neither a datastore nor https.

Create an Otoroshi datastore on AWS ElastiCache

By default Otoroshi uses non persistent memory to store it’s data, Otoroshi supports many kinds of datastores. In this section we will be covering Redis datastore.

Before starting, using a datastore hosted by AWS is not at all mandatory, feel free to use your own if you like, but if you want to learn more about ElastiCache, this section may interest you, otherwise you can skip it.

Go to AWS ElastiCache and hit Get Started Now.

For Cluster engine keep Redis.

Choose a Name for your datastore, for instance otoroshi-datastore.

You can keep all the other default values and hit Create on the bottom right of the page.

Once your Redis Cluster is created, it would look like the image below.

For applications in the same security group as your cluster, redis cluster is accessible via the Primary Endpoint. Don’t worry the default security group is fine, you don’t need any configuration to access the cluster from Otoroshi.

To make Otoroshi use the created cluster, you can either use Envs APP_STORAGE=redis, REDIS_HOST and REDIS_PORT, or set otoroshi.storage=redis, otoroshi.redis.host and otoroshi.redis.port in your otoroshi.conf.

Create SSL certificate and configure your domain

Otoroshi has now a datastore, but not yet ready for use.

In order to get it ready you need to :

Configure Otoroshi with your domain
Create a wildcard SSL certificate for your domain
Configure Otoroshi AWS Elastic Beanstalk instance with the SSL certificate
Configure your DNS to redirect all traffic on your domain to Otoroshi

Configure Otoroshi with your domain

You can use ENVs or you can use a custom otoroshi.conf in your Docker container.

For the second option your otoroshi.conf would look like this :

   include "application.conf"
   http.port = 8080
   app {
     env = "prod"
     domain = "mysubdomain.oto.tools"
     rootScheme = "https"
     snowflake {
       seed = 0
     }
     events {
       maxSize = 1000
     }
     backoffice {
       subdomain = "otoroshi"
       session {
         exp = 86400000
       }
     }
     
     storage = "redis"
     redis {
        host="myredishost"
        port=myredisport
     }
   
     privateapps {
       subdomain = "privateapps"
     }
   
     adminapi {
       targetSubdomain = "otoroshi-admin-internal-api"
       exposedSubdomain = "otoroshi-api"
       defaultValues {
         backOfficeGroupId = "admin-api-group"
         backOfficeApiKeyClientId = "admin-client-id"
         backOfficeApiKeyClientSecret = "admin-client-secret"
         backOfficeServiceId = "admin-api-service"
       }
       proxy {
         https = true
         local = false
       }
     }
     claim {
       sharedKey = "myclaimsharedkey"
     }
   }
   
   play.http {
     session {
       secure = false
       httpOnly = true
       maxAge = 2147483646
       domain = ".mysubdomain.oto.tools"
       cookieName = "oto-sess"
     }
   }

Create a wildcard SSL certificate for your domain

Go to AWS Certificate Manager.

Below Provision certificates hit Get started.

Keep the default selected value Request a public certificate and hit Request a certificate.

Put your Domain name, use *. for wildcard, for instance *.mysubdomain.oto.tools, then hit Next.

You can choose between Email validation and DNS validation, I’d recommend DNS validation, then hit Review.

Verify that you did put the right Domain name then hit Confirm and request.

As you see in the image above, to let Amazon do the validation you have to add the CNAME record to your DNS configuration. Normally this operation takes around one day.

Configure Otoroshi AWS Elastic Beanstalk instance with the SSL certificate

Once the certificate is validated, you need to modify the configuration of Otoroshi-env to add the SSL certificate for HTTPS. For that you need to go to AWS Elastic Beanstalk applications, hit Otoroshi-env, then on the left side hit Configuration, then on the Load balancer card hit Modify.

In the Application Load Balancer section hit Add listener.

Fill the popup as the image above, then hit Add.

You should now be seeing something like this :

Make sure that your listener is enabled, and on the bottom right of the page hit Apply.

Now you have https, so let’s use Otoroshi.

Configure your DNS to redirect all traffic on your domain to Otoroshi

It’s actually pretty simple, you just need to add a CNAME record to your DNS configuration, that redirects *.mysubdomain.oto.tools to the DNS name of Otoroshi’s load balancer.

To find the DNS name of Otoroshi’s load balancer go to AWS Ec2

You would find something like this :

There is your DNS name, so add your CNAME record.

Once all these steps are done, the AWS Elastic Beanstalk Otoroshi instance, would now be handling all the requests on your domain. ;)

Next: Scaling Otoroshi