Skip to main content
AWS3 nodes require building a new nginx Docker image with updated SSL certificates and deploying via Docker stack.
Complete the SSL Certificate Renewal process before building the Docker image.

Prerequisites

Before starting the deployment process, ensure you have:
  • Access to the infrastructure repository with certificate files
  • Docker installed locally
  • SSH access to AWS3 node servers
  • Certificate files from the renewal process

Build Process

1

Prepare Certificate Files

Ensure you have the certificate files from the renewal process:
  • certs/letsencrypt/devops.arabiaweather.com/fullchain.crt
  • certs/letsencrypt/devops.arabiaweather.com/privkey.pem
2

Create Dockerfile

Create a Dockerfile to build the new nginx image with updated certificates:
# Dockerfile to build new nginx image with updated SSL certificates

FROM registry.docker.devops.arabiaweather.com/aws3-nginx:v2024.10.31-0

# Copy SSL certificates from local certs directory
# Using devops.arabiaweather.com certificates
COPY certs/letsencrypt/devops.arabiaweather.com/fullchain.crt /ssl/chained.crt
COPY certs/letsencrypt/devops.arabiaweather.com/privkey.pem /ssl/private.key

# Ensure proper permissions on the private key
RUN chmod 600 /ssl/private.key
Update the base image tag (v2024.10.31-0) to the current version you’re building from.
3

Build Docker Image

Build the new image locally:
docker build -t registry.docker.devops.arabiaweather.com/aws3-nginx:<new-tag> .
Replace <new-tag> with an appropriate version tag (e.g., v2025.01.15-0).
4

Push Image to Registry

Push the built image to the Docker registry:
docker push registry.docker.devops.arabiaweather.com/aws3-nginx:<new-tag>
5

Deploy to AWS3 Nodes

SSH to the AWS3 node server (e.g., node01):
ssh root@node01
Navigate to the service stack directory:
cd /data/service-stack
Edit the current.yml file to update the image tag:
vi current.yml
Update the image reference to use the new tag you built.
6

Deploy Docker Stack

Deploy the updated stack:
docker stack deploy -c current.yml --with-registry-auth minio
This will update both services:
  • minio_nginx - Nginx service with updated certificates
  • minio_server - MinIO server service
7

Verify Deployment

Check the service status:
docker service ps minio_nginx
docker service ps minio_server
Verify that the services are running with the new image.
The Docker stack deployment will cause a brief service interruption. Monitor the service status to ensure it restarts successfully.

Verification Checklist

After deploying the Docker stack:
  • Docker image built with new certificates
  • Image pushed to registry successfully
  • Docker stack deployed without errors
  • minio_nginx service running with new image
  • minio_server service running
  • Services accessible with new certificates