Setup Instructions
Launch the image on any of the available instance types. Consider attaching an additional EBS volume or setting a larger size for the root volume. Make sure that the attached security group allows traffic on port 80 and 443 if you plan to access the server via the browser interface, and port 3389 if you plan to use the Remote Desktop Protocol. Allow a couple of minutes for the instance to boot.
The web interface can be accessed through your browser on the public IP (or private IP for enterprise VPCs) of the EC2 instance (e.g. https://18.245.21.43 where 18.245.21.43 is the public IP address of the instance).
Most browsers will display a certificate warning. This warning can safely be ignored by clicking on "Continue to this webpage" (Internet Explorer) or "Advanced" and then "Proceed to website" (Chrome).
The default user is ubuntu and the default password is the instance ID.
Alternatively, you can reach your desktop environment through a Remote Desktop Client (such as the Microsoft Remote Desktop Application, preinstalled on Windows and available on the Apple App Store for MacOS). The hostname is simply the public IP (or private IP for enterprise VPCs). Make sure you enter the username and password before you connect, otherwise the connection will not be established (on Windows, click Show Options and fill in the username and password).
Let's Encrypt
These instructions for acquiring a Let's Encrypt host certificate do not work unless you own a registered and hosted DNS domain. These instructions do not work with the public DNS hostnames assigned by AWS.
The AMI ships with the Let's Encrypt certbot client preinstalled. To obtain certificates from Let's Encrypt, execute the following steps:
- Create a custom domain name for the instance using Route 53 or an alternate DNS provider. Hostnames under the
amazonaws.comsubdomain are not supported by Let's Encrypt. - Log in as
ec2-userand change to the directory/etc/xworkspace. - Make sure that port 80 and 443 are accessible from the internet while running the next command. Otherwise, Let's Encrypt will be unable to verify the domain name.
- Run
docker-compose run certbot certonly --webroot --webroot-path /var/www/letsencryptand follow the instructions on the screen. - Update the SSL certificates to point at the Let's Encrypt repository (replace
{DOMAINNAME}with your domain name).sudo rm /etc/xworkspace/var/server.*
sudo ln -s /etc/letsencrypt/live/{DOMAINNAME}/fullchain.pem /etc/xworkspace/var/server.crt
sudo ln -s /etc/letsencrypt/live/{DOMAINNAME}/privkey.pem /etc/xworkspace/var/server.key
sudo chown 1000.1000 -R /etc/letsencrypt/ - Restart the web server with
docker-compose restart server - The renewal command is executed automatically on a daily basis (see
/etc/cron.daily/certbot.sh). If you want to manually renew the certificates simply executedocker-compose run certbot renew
Add a User
You can add additional users to the environment which can log in through the web interface and work concurrently on a single instance. To add a new user newuser, open a terminal session and execute the following command.
sudo useradd -m -s /bin/zsh newuser
You can control whether the user will have access to the docker daemon or super-user privileges by adding them to the corresponding groups.
# allow access to docker daemon
sudo usermod -G docker newuser
# super-user privileges
sudo usermod -G sudo newuser
Lastly, set the password for newuser to newpassword.
echo newuser:newpassword | sudo chpasswd
Reset Password
The web interface requires a username and password. In case you forgot the password you can reset it by logging in to the server using SSH and the ubuntu username. Then run sudo passwd ubuntu to reset the password for the ubuntu user.
Patch System
To keep the system up to date, run the following command from a terminal. This will also update packages from custom repositories such as NodeJS, Visual Studio Code and Google Chrome.
sudo aptitude update && sudo aptitude full-upgrade
Prewarm EBS Volume
When launching from the image for the first time, the EBS volume will be "cold" which means that not all blocks have been transferred from the image to the EBS volume yet which impacts performance negatively when a file is first accessed. To prewarm the EBS execute the following command.
sudo fastdd