ChirpStack on Amazon EC2 with SSL

Dec 6 2023

This tutorial will guide you through the process of setting up ChirpStack on an Amazon EC2 instance and securing it with an SSL certificate.

Prerequisites

• An Amazon EC2 instance running Amazon Linux 2023.
• Docker and Docker Compose installed on the instance.
• A registered domain name pointing to the public IP of your EC2 instance.

Steps

Step 1: Install Docker and Docker Compose

Update your system and install Docker:

sudo yum update -y
sudo yum install docker
sudo systemctl start docker
sudo systemctl enable docker
sudo curl -L "https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

Step 2: Install ChirpStack

Clone the repository and navigate to the directory:

git clone https://github.com/chirpstack/chirpstack-docker.git
cd chirpstack-docker

Step 3: Configure ChirpStack

Run ChirpStack using Docker Compose:

docker-compose up -d

Step 4: Set Up Nginx as a Reverse Proxy

Install Nginx

sudo yum install nginx
sudo systemctl start nginx
sudo systemctl enable nginx

Configure Nginx Create and edit the Nginx configuration for your domain:

sudo nano /etc/nginx/sites-available/yourdomain.com

Add the following configuration:

server {
listen 80;
server_name yourdomain.com;

    location / {
        proxy_pass http://localhost:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

}

Enable the Site

sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

Step 5: Install Certbot for SSL

Prepare Certbot manually:

sudo dnf install -y augeas-libs
sudo python3 -m venv /opt/certbot/
sudo /opt/certbot/bin/pip install --upgrade pip
sudo /opt/certbot/bin/pip install certbot certbot-nginx
sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot
sudo ln -s /opt/certbot/bin/certbot-nginx /usr/bin/certbot-nginx

Obtain an SSL certificate:

sudo certbot --nginx

Step 6: Configure SSL in Nginx

Edit the Nginx configuration for SSL:

sudo nano /etc/nginx/sites-available/yourdomain.com

Update the server block:

server {
listen 443 ssl;
server_name yourdomain.com;

    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

    location / {
        proxy_pass http://localhost:8080;
        # Other settings...
    }

}

Step 7: Auto-Renew SSL Certificate

Install cronie:

sudo yum install cronie
sudo systemctl start crond
sudo systemctl enable crond

Add a cron job for renewal:

sudo crontab -e

Add the line:

0 0,12 \* \* \* sudo certbot renew --quiet --post-hook "sudo systemctl reload nginx" 9. Finalize and Test

Step 8: Finalize and Test

Test the Nginx configuration:

sudo nginx -t.

Reload Nginx:

sudo systemctl reload nginx.

Confirm SSL is working by visiting https://yourdomain.com.

Conclusion Your ChirpStack instance on Amazon EC2 is now secure with SSL. Regular monitoring and updates are essential for maintaining security and performance.