ChirpStack on Amazon EC2 with SSL

December 6, 2023

ChirpStack

EC2

SSL

Certbot

This tutorial will guide you through the process of setting up ChirpStack on an Amazon EC2 instance and securing it with an SSL certificate.

Prerequisites

An Amazon EC2 instance running Amazon Linux 2023.
Docker and Docker Compose installed on the instance.
A registered domain name pointing to the public IP of your EC2 instance.

Steps

Step 1: Install Docker and Docker Compose

Update your system and install Docker:

sudo yum update -y
sudo yum install docker
sudo systemctl start docker
sudo systemctl enable docker
sudo curl -L "https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

Step 2: Install ChirpStack

Clone the repository and navigate to the directory:

git clone https://github.com/chirpstack/chirpstack-docker.git
cd chirpstack-docker

Step 3: Configure ChirpStack

Run ChirpStack using Docker Compose:

docker-compose up -d

Step 4: Set Up Nginx as a Reverse Proxy

Install Nginx

sudo yum install nginx
sudo systemctl start nginx
sudo systemctl enable nginx

Configure Nginx Create and edit the Nginx configuration for your domain:

sudo nano /etc/nginx/sites-available/yourdomain.com

Add the following configuration:

server {
listen 80;
server_name yourdomain.com;

    location / {
        proxy_pass http://localhost:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

}

Enable the Site

sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

Step 5: Install Certbot for SSL

Prepare Certbot manually:

sudo dnf install -y augeas-libs
sudo python3 -m venv /opt/certbot/
sudo /opt/certbot/bin/pip install --upgrade pip
sudo /opt/certbot/bin/pip install certbot certbot-nginx
sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot
sudo ln -s /opt/certbot/bin/certbot-nginx /usr/bin/certbot-nginx

Obtain an SSL certificate:

sudo certbot --nginx

Step 6: Configure SSL in Nginx

Edit the Nginx configuration for SSL:

sudo nano /etc/nginx/sites-available/yourdomain.com

Update the server block:

server {
listen 443 ssl;
server_name yourdomain.com;

    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

    location / {
        proxy_pass http://localhost:8080;
        # Other settings...
    }

}

Step 7: Auto-Renew SSL Certificate

Install cronie:

sudo yum install cronie
sudo systemctl start crond
sudo systemctl enable crond

Add a cron job for renewal:

sudo crontab -e

Add the line:

0 0,12 \* \* \* sudo certbot renew --quiet --post-hook "sudo systemctl reload nginx" 9. Finalize and Test

Step 8: Finalize and Test

Test the Nginx configuration:

sudo nginx -t.

Reload Nginx:

sudo systemctl reload nginx.

Confirm SSL is working by visiting https://yourdomain.com.

Conclusion Your ChirpStack instance on Amazon EC2 is now secure with SSL. Regular monitoring and updates are essential for maintaining security and performance.