Hello. Inspired by the Post linked on the previous page, and an inherent feeling of laziness, here is a CloudFormation / Service Catalog ready template to spin up new instances of a Signal Relay.
Requirements:
AWSTemplateFormatVersion: "2010-09-09"
Description: >-
CloudFormation Template for Signal Relay
Parameters:
Domain:
Description: The Domain for the Relay
Type: String
DNSHostedZoneId:
Description: The Domain ID to use from Route53
Type: String
pHttpIPSpace:
Type: String
Description: Allow SSH from this single IP Address
AMI:
Type: String
Description: The AMI id to use.
Default: ""
EC2Key:
Type: String
Description: The name of the SSH key to use for login.
VPCID:
Type: String
Description: The Public VPC ID to use for the subnet
PublicSubnet:
Type: String
Description: The Public Subnet ID to use for the instance
Resources:
Ec2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref AMI
InstanceType: "t2.nano"
NetworkInterfaces:
- AssociatePublicIpAddress: "true"
DeviceIndex: "0"
GroupSet:
- Ref: "EC2SecurityGroup"
SubnetId:
Ref: "PublicSubnet"
KeyName: !Sub "${EC2Key}"
UserData:
Fn::Base64:
!Join [ "\n", [
"#!/bin/bash",
"yum update",
"yum install -y docker git",
"curl -SL https://github.com/docker/compose/releases/download/v2.11.1/docker-compose-linux-x86_64 -o /bin/docker-compose",
"chmod +x /bin/docker-compose",
"systemctl start docker",
"systemctl enable docker",
"mkdir /relay",
"cd /relay",
"if [[ -d Signal-TLS-Proxy ]]; then",
" rm -rf Signal-TLS-Proxy",
"fi",
"git clone https://github.com/signalapp/Signal-TLS-Proxy.git",
"cd Signal-TLS-Proxy",
"rm -rf ./data/certbot",
"echo 'Updating init-certs file'",
"sed -ie 's/read -p \"Enter domain name (eg. www.example.com): \" domains/domains=\"$1\"/' init-certificate.sh",
"sleep 120",
!Join [ '', [
"./init-certificate.sh ",
!Join [ '', [
!Select [
"0",
!Split [ "-", !Select [ "2", !Split [ "/", !Ref "AWS::StackId" ] ] ],
],
!Sub ".${Domain}"
] ]
] ],
"docker-compose up -d"
] ]
EC2SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Sets up Lab Access to EC2 Signal Relay
GroupName: !Join [ '', [ !Ref 'AWS::Region', ., !Join [ '', [
!Select [
"0",
!Split [ "-", !Select [ "2", !Split [ "/", !Ref "AWS::StackId" ] ] ],
]
] ], ., !Ref 'Domain' ] ]
VpcId: !Ref VPCID
SecurityGroupIngress:
- CidrIp: !Join [ '', [ !Ref pHttpIPSpace, "/32" ] ]
Description: Allow SSH From Single IP
FromPort: 22
ToPort: 22
IpProtocol: tcp
- CidrIp: 0.0.0.0/32
Description: Allow Port 80/TCP
FromPort: 80
ToPort: 80
IpProtocol: tcp
- CidrIp: 0.0.0.0/32
Description: Allow Port 443/TCP
FromPort: 443
ToPort: 443
IpProtocol: tcp
Tags:
- Key: billing_entity
Value: signal:relay
DNSEntry:
Type: AWS::Route53::RecordSet
Properties:
Comment: Signal Relay A Record
ResourceRecords:
- !GetAtt Ec2Instance.PublicIp
HostedZoneId: !Ref DNSHostedZoneId
Name: !Join [ '', [
!Select [
"0",
!Split [ "-", !Select [ "2", !Split [ "/", !Ref "AWS::StackId" ] ] ],
],
!Sub ".${Domain}" ] ]
Type: A
TTL: 900
Outputs:
ProxyName:
Description: The SignalRelay to share
Value: !Join [ '', [ "https://signal.tube/",
!Select [
"0",
!Split [ "-", !Select [ "2", !Split [ "/", !Ref "AWS::StackId" ] ] ],
], !Sub ".${Domain}" ] ]
PublicIp:
Description: The PublicIP to connect to with the SSH key
Value: !GetAtt Ec2Instance.PublicIp
SSHCommand:
Description: The command to execute to ssh to the node
Value: !Join ['', [!Sub "ssh -i ~/.ssh/${EC2Key}.pem ec2-user@", !GetAtt Ec2Instance.PublicIp]]