feat: add deployment files for aws

EnricoBausenhart · EnricoBausenhart · commit 5f64de40241f · 2025-05-28T15:13:17.000+02:00
diff --git a/.github/workflows/deploy_docker_aws.yml b/.github/workflows/deploy_docker_aws.yml
@@ -0,0 +1,48 @@
+name: Deploy Docker Images
+
+on:
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment:
+      name: AWS
+      url: "https://client.${{ vars.EC2_PUBLIC_IP }}.nip.io"
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: Copy Docker Compose File From Repo to VM Host
+        uses: appleboy/scp-action@v0.1.7
+        with:
+          host: ${{ vars.EC2_PUBLIC_IP }}
+          username: ${{ vars.AWS_EC2_USER }}
+          key: ${{ secrets.AWS_EC2_PRIVATE_KEY }}
+          source: "./compose.aws.yml"
+          target: /home/${{ vars.AWS_EC2_USER }}
+
+      - name: SSH to VM and Create .env.prod
+        uses: appleboy/ssh-action@v1.0.3
+        with:
+          host: ${{ vars.EC2_PUBLIC_IP }}
+          username: ${{ vars.AWS_EC2_USER }}
+          key: ${{ secrets.AWS_EC2_PRIVATE_KEY }}
+          script: |
+            rm .env.prod
+            touch .env.prod
+            echo "CLIENT_HOST=client.${{ vars.EC2_PUBLIC_IP }}.nip.io" >> .env.prod
+            echo "SERVER_HOST=api.${{ vars.EC2_PUBLIC_IP }}.nip.io" >> .env.prod
+            echo "PUBLIC_API_URL=https://api.${{ vars.EC2_PUBLIC_IP }}.nip.io/api" >> .env.prod
+
+      - name: SSH to VM and Execute Docker-Compose Up
+        uses: appleboy/ssh-action@v1.0.3
+        with:
+          host: ${{ vars.EC2_PUBLIC_IP }}
+          username: ${{ vars.AWS_EC2_USER }}
+          key: ${{ secrets.AWS_EC2_PRIVATE_KEY }}
+          script: |
+            echo "Logging into Docker registry..."
+            echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+            echo "Starting Docker Compose..."
+            docker compose -f compose.aws.yml --env-file=.env.prod up --pull=always -d
diff --git a/deployment/compose.aws.yml b/deployment/compose.aws.yml
@@ -0,0 +1,110 @@
+services:
+  reverse-proxy:
+    image: traefik:v3.4
+    command:
+      - "--providers.docker=true"
+      - "--providers.docker.exposedByDefault=false"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
+      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
+      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
+      - "--certificatesresolvers.letsencrypt.acme.email=admin@tum.de"
+      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./letsencrypt:/letsencrypt
+    networks:
+      - backend
+
+  gateway-service:
+    image: ghcr.io/aet-devops25/w05-template/gateway:latest
+    container_name: gateway-service
+    environment:
+      - SPRING_PROFILES_ACTIVE=docker
+    restart: unless-stopped
+    depends_on:
+      - chat-service
+      - matching-service
+      - user-service
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.gateway.rule=Host(`${SERVER_HOST}`)"
+      - "traefik.http.services.gateway.loadbalancer.server.port=8080"
+      - "traefik.http.routers.gateway.entrypoints=websecure"
+      - "traefik.http.routers.gateway.tls.certresolver=letsencrypt"
+    networks:
+      - backend
+
+  chat-service:
+    image: ghcr.io/aet-devops25/w05-template/chat:latest
+    container_name: chat-service
+    environment:
+      - SPRING_PROFILES_ACTIVE=docker
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.chat.rule=Host(`${SERVER_HOST}`) && PathPrefix(`/api/chat`)"
+      - "traefik.http.services.chat.loadbalancer.server.port=80"
+      - "traefik.http.routers.chat.entrypoints=websecure"
+      - "traefik.http.routers.chat.tls.certresolver=letsencrypt"
+    networks:
+      - backend
+
+  matching-service:
+    image: ghcr.io/aet-devops25/w05-template/matching:latest
+    container_name: matching-service
+    environment:
+      - SPRING_PROFILES_ACTIVE=docker
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.matching.rule=Host(`${SERVER_HOST}`) && PathPrefix(`/api/matching`)"
+      - "traefik.http.services.matching.loadbalancer.server.port=80"
+      - "traefik.http.routers.matching.entrypoints=websecure"
+      - "traefik.http.routers.matching.tls.certresolver=letsencrypt"
+    networks:
+      - backend
+
+  user-service:
+    image: ghcr.io/aet-devops25/w05-template/user:latest
+    container_name: user-service
+    environment:
+      - SPRING_PROFILES_ACTIVE=docker
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.user.rule=Host(`${SERVER_HOST}`) && PathPrefix(`/api/user`)"
+      - "traefik.http.services.user.loadbalancer.server.port=80"
+      - "traefik.http.routers.user.entrypoints=websecure"
+      - "traefik.http.routers.user.tls.certresolver=letsencrypt"
+    networks:
+      - backend
+
+  client:
+    image: ghcr.io/aet-devops25/w05-template/client:latest
+    environment:
+      - PUBLIC_API_URL=${PUBLIC_API_URL}
+    depends_on:
+      - gateway-service
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.client.rule=Host(`${CLIENT_HOST}`)"
+      - "traefik.http.services.client.loadbalancer.server.port=3000"
+      - "traefik.http.routers.client.entrypoints=websecure"
+      - "traefik.http.routers.client.tls.certresolver=letsencrypt"
+      - "traefik.http.middlewares.client-compress.compress=true"
+      - "traefik.http.routers.client.middlewares=client-compress"
+      - "traefik.http.routers.client.priority=1"
+    networks:
+      - backend
+
+networks:
+  backend:
+    driver: bridge
