Part of a Series: Designing a Full-Featured WebApp with Rust
Part 1: Piecing Together a Rust Web Application
Part 2: My Next Step in Rust Web Application Dev
Part 3: It’s Not a Web Application Without a Database
Part 4: Better Logging for the Web Application
Part 5: Rust Web App Session Management with AWS
Part 6: OAuth Requests, APIs, Diesel, and Sessions
Part 7: Scraping off the Dust: Redeploy of my Rust web app
Part 8: Giving My App Secrets to the AWS SecretManager
Life has been busy – no apologies or excuses, but, ya know, it’s 2020. Yet, I’m trying to slowly make my way back into playing with Rust. I decided to move my EC2 instance from AWS-Linux to the Ubuntu image; for one, I got tired of fighting with LetsEncode to get it to renew my SSL cert every 3 months. Also, I wanted to see how a redeploy of my Rust web app would go and if it still worked (why wouldn’t it?). So, lets see how tough it is to get my environment back to the same place. I took some notes (in case I needed to restart, sigh), so let’s go through it.
Go back to Part 1 to see what this fake web app is about and how I got here – I need to reread it myself! So, first, this is what I ended up needing to add to what I got from the default Ubuntu image:
sudo apt install build-essential checkinstall zlib1g-dev pig-config libssl-dev libpq-dev postgresql postgresql-contrib -y
Lots of that was needed in order to get OpenSSL installed, I was following along hints here. Continuing those instructions, I did:
cd /usr/local/src/ sudo wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz sudo tar -xf openssl-1.1.1g.tar.gz cd openssl-1.1.1g sudo ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib sudo make sudo make test sudo make install sudo echo "/usr/local/ssl/lib" > /etc/ld.so.conf.d/openssl-1.1.1g.conf sudo ldconfig -v sudo mv /usr/bin/c_rehash /usr/bin/c_rehash.backup sudo mv /usr/bin/openssl /usr/bin/openssl.backup sudo nano /etc/environment # to add "/usr/local/ssl/bin" to the PATH
Next, instead of solely storing my code on a potentially tenuous EC2 server, I wanted to keep it backed up on my Google Drive (or whatever you like, this solution works with MANY network storage). I used rclone for my Raspberry Pi photo frame so I was familiar with that already. This is weird though, I don’t really need this for projects I store in GitHub… gotta think about it… maybe I just need a /gdrive synced dir for “things”.
curl https://rclone.org/install.sh | sudo bash rclone config # to add google drive and authorize it mkdir ~/projects mkdir ~/projects/rust
Ok, the most fun step!!
curl https://sh.rustup.rs -sSf | sh cd ~/projects/rust git clone git@github.com:jculverhouse/pinpoint_shooting.git
I need nginx for my app
sudo apt install nginx sudo service nginx start
And now the much more reliable LetsEncrypt using Ubuntu 18.04
# follow instructions at https://certbot.eff.org/lets-encrypt # setup root cronjob to renew once/week
For my Rocket-powered Rust app, I followed some reminders here to connect it to nginx. Simple enough, really. What’s mostly relevant:
...
server_name pinpointshooting.com; # managed by Certbot
location / {
proxy_pass http://127.0.0.1:3000;
}
...
What? Nginx still has TLS 1 and 1.1 turned on by default? Followed this and removed those, tested the config, and restarted nginx. All of that I checked with SSLLabs via https://www.ssllabs.com/ssltest/analyze.html :
sudo nano /etc/nginx/nginx.conf # to remove TLS1 TLS1.1 from any line sudo nano /etc/letsencrypt/options-ssl-nginx.conf # to remove TLS1 TLS1.1 from any line sudo nginx -t sudo service nginx reload
I’ll need Postgres for my PinpointShooting app as well, found some steps to follow here, plus I needed to setup for my own app and run the initial migrations to get it up-to-date. That involved another change so I could login with the password from a non-user-account.
cargo install diesel_cli --no-default-features --features posters psql -d postgres -U postgres create user pinpoint password 'yeahrightgetyourown'; # save this in file .env in app dir create database pinpoint; grant all privileges on database pinpoint to pinpoint; sudo nano /etc/postgresql/10/main/pg_hba.conf # to edit "local all all" line to be md5 instead of peer sudo service postgresql restart psql -d postgres -U pinpoint # to test password above; just exit cd ~/projects/rust/pinpointshooting diesel migration run
Finally:
rustup default nightly # because Rocket, sigh... cargo update cargo build --release target/release/pps &
And, we’re back online! Turns out, a redeploy of my Rust web app was about as easy as I could expect! If the app happens to be running, check it out here (though, there isn’t much to see or anything to do): pinpointshooting.com. Also, browse the repo and feel free to send me comments on how to be better about using idiomatic Rust!