Function as a Service

Doing some playing around with a self-hosted FaaS idea. This is just research/notes for myself.

Create an EC2 instance

Using Debian since it has all of the packages I need.

image_id_debian="ami-0fec2c2e2017f4e7b"
#image_id_red_hat="ami-016eb5d644c333ccb"
image_id_ubuntu="ami-007855ac798b5175e"

# Pick an image
image_id="$image_id_debian"

key_name="some-key-pair"
security_group_id="ID HERE"
subnet_id="ID HERE"

aws ec2 run-instances \
  --image-id "$image_id" \
  --count 1 \
  --instance-type t2.micro \
  --key-name "$key_name" \
  --security-group-ids "$security_group_id" \
  --subnet-id "$subnet_id"

Install packages

SSHed into the box do:

sudo apt-get update

Get lighttpd

sudo apt-get install lighttpd

Get certbot

sudo apt-get install certbot

Route domain

First create an elastic IP

TODO

Then assign the subdomain to that.

AWS_INPUT=$(jq -n '{Comment: "Add a new A record", Changes:[{Action: "UPSERT", "ResourceRecordSet":{Name:"subdomain.example.com", Type: "A", TTL: 300, ResourceRecords:[{Value: "IP ADDRESS"}]}}]}')

aws route53 change-resource-record-sets --hosted-zone-id $HOSTED_ZONE_ID --change-batch "$AWS_INPUT"

Create certificate

certbot certonly --webroot -w /var/www/subdomain.example.com -d subdomain.example.com

TODO update directory permissions

Update the configuration file:

vim /etc/lighttpd/conf-available/10-ssl.conf
ssl.privkey="/path/to/privkey.pem"
ssl.pemfile="/path/to/fullchain.pem"

Enable SSL

sudo lighty-enable-mod ssl
sudo service lighttpd force-reload

Forward HTTP to HTTPS

sudo echo '$HTTP["scheme"] == "http" {
    url.redirect = ("" => "https://${url.authority}${url.path}${qsa}")
    url.redirect-code = 308
}' > /etc/lighttpd/conf-available/redirect-http-to-https.conf

Containers

Install LXD

Should already be installed with the Ubuntu image.

Run init

lxd init

Creating container

lxc launch ubuntu:22.10 nodefns