SL-run-xx: Add Multitenancy to dev deployment

[scouillard]

Overview:

This pull request introduces multitenancy support for our application through the use of wildcard SSL certificates. These certificates are crucial in securely managing multiple subdomains under a specific domain, a necessity in a multitenant architecture.

We employ the Certbot plugin for Amazon Route53 to automate the DNS-01 challenge, streamlining the process of obtaining and renewing these wildcard certificates.

The key change in this setup is the switch from the generic Certbot Docker image to the Certbot/Route53 Docker image. This adjustment enables DNS-based validation via Route53 during the certificate issuance process, effectively automating the "_acme-challenge" procedure.

Setting up a Scalelite Development Environment with Multitenancy

Please note that the following guide is for users using the AWS suite.

Pre-requisites:

• An AWS account with EC2 and Route53 services.
• IAM role with AmazonRoute53FullAccess policy attached.
• SSH access to your EC2 instance.
• Docker and Docker Compose installed on your EC2 instance.
• The Scalelite application codebase.

Steps:

1. Set up your EC2 instance:
Launch your EC2 instance and ensure that it has an IAM role attached with the AmazonRoute53FullAccess policy. This will allow the EC2 instance to make changes in the Route53 service.

Here are the steps to create an IAM role with AmazonRoute53FullAccess:

• Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
• In the navigation pane, choose "Roles" and then choose "Create role".
• Choose "AWS service" for the type of trusted entity.
• Choose "EC2" as the service that will use this role and then choose "Next: Permissions".
• In the search box, type "AmazonRoute53FullAccess" and select the checkbox next to it.
• Choose "Next: Tags" to add any optional metadata tags to your role, and then choose "Next: Review".
• Give your role a name and description, then choose "Create role".

Now, you can assign this role to the EC2 instance running your application. When applications or services on this EC2 instance make AWS API requests, AWS will use the role's permissions to determine whether the request is allowed or denied.

2. Set up Docker and Docker Compose:
Ensure Docker and Docker Compose are installed on your EC2 instance. You'll be using Docker to run the Certbot container and Docker Compose to manage your Scalelite application services. You can follow the instructions from the Scalelite deployment guide to install Docker and Docker Compose.

3. Set up DNS:
Create a hosted zone in AWS Route53 for your domain (e.g., sl-dev.aws.blindside-dev.com). Then, add a wildcard DNS record (e.g., *.sl-dev.aws.blindside-dev.com) to this hosted zone.

4. Generate a wildcard SSL certificate with automatic DNS challenge:
For secure communication, Scalelite requires an SSL certificate. We are using Certbot's Route53 plugin to generate a wildcard SSL certificate. The plugin will automatically handle the ACME DNS challenge, creating and deleting the necessary DNS TXT records (_acme-challenge.yourdomain.com). It is crucial to generate a certificate for both the base domain and the wildcard domain to avoid SSL issues in the browsers.

Note: the first certificates have to be generated manually (by the docker command below). The renewal of the certificates should be automated.

Here's the Docker command to generate the original certificates:

docker run -it --rm --name certbot \
    -v "$(pwd)/data/certbot/conf:/etc/letsencrypt" \
    -v "$(pwd)/log/certbot:/var/log/letsencrypt" \
    certbot/dns-route53 certonly \
    --dns-route53 \
    -d "yourdomain.com,*.yourdomain.com" \
    --email [email protected] \
    --agree-tos \
    --non-interactive

In the above command, replace yourdomain.com with your actual domain and [email protected] with your actual email address. The generated certificates will be stored in the $(pwd)/data/certbot/conf:/etc/letsencrypt directory on your host machine, which will be mounted into the Scalelite containers for secure communication.

5. Set up your scalelite-run application:
Clone the scalelite-run application to your EC2 instance. Make sure the following variables are configured in your .env file:

SECRET_KEY_BASE=
LOADBALANCER_SECRET=
URL_HOST=
DOMAIN_NAME=
NGINX_SSL=true
MULTITENANCY=true
CERTBOT_IMAGE=certbot/dns-route53

6. Run the scalelite-run application
docker-compose -f docker-compose-dev.yml up -d

7. Validate your setup:
You can now validate your setup by navigating to your domain in a web browser. You should confirm your Scalelite deployment with Multitenancy is working by accessing yourdomain.com and *.yourdomain.com in your browser and seeing the success message.

Remember, the details of these steps may vary depending on the specifics of your setup. If you are having issues, you can fall back on the Scalelite deployment guide.