This document describes how to set up Voice on a new AWS EC2 server.
You will need an Amazon Web Services account, which will require a credit card for any expenses that you incur. Be very aware of what you do with AWS. It is the candy store of temptation. Your credit card will be charged. At best, you can restrict your usage to free services, which often have time limitations. Monitor your usage constantly and set up appropriate notifications so that you can curtail or adjust use before incurring unwanted charges.
These instructions were tested in the N. California data center and these instructions may not apply to other regions. Choose your AWS region appropriately:
T2 servers are the bread-and-butter starter servers. Modest in size, they are still quite capable and are normally cost-effective or even free.
You'll see a long list of servers. To shorten the list, select Free tier only and type ubuntu into the search box. You want a Free-Tier Ubuntu 20.4 server:
Confirm selection and click the Next: Configure Instance Details button (!!!)
Leave the settings on the "Configure Instance Details" page as they are.
NOTE: If you have a pre-defined Voice-Server
IAM Role, you can choose it here.
Replace the 8
with 30
:
Click Next: Add Tags
Click Add Tag to add a sensible name for your new server:
Note: To save time in the long run, it may be best to set up a security group (under Network & Security in the AWS admin panel) with the following permissions and assign it to any new relevant instances created rather than assign them individually.
This is an important step that specifies what network access is allowed. We want to enable IPV4 and IPV6 TCP access for:
Click Add Rule (if needed):
Click Add Rule:
Click Add Rule:
If you need to add other rules, do so now.
Click Review and Launch.
If you already have AWS credentials, use them for your new server. Otherwise, create and download SSH credentials (.pem) for logging in to your new T2 instance via SSH.
Download and save the .pem file in your ~/.aws
folder as sabbamitta-ssh2.pem
.
Also change the file permissions to 400, which is only readable by user:
chmod 400 ~/.aws/sabbamitta-ssh2.pem
Now you can finally launch your server. Pay attention to everything on the Launch Status page. It matters!
Your 12 month free usage clock starts now. Be sure to shut down your instance when not in use!
We need to create an IAM Role that defines what our new server can do. For security, AWS EC2 servers are prohibited from doing anything with other servers or services. Although we can set up each individual server to with its appropriate permissions, it is better to set up a Identity and Access Management (IAM) role that can be assigned to our new server. In the following we will create the Voice-Server IAM role using the EC2 Console.
Actions|Security|Modify IAM Role
Voice-Server
IAM role in the dropdownVoice-Server
is not shown, click Create new IAM roleVoice-Server
is shown, select it and click Apply and skip the instructions on creating an IAM role.polly
into the search box and select AmazonPollyFullAccess permissionsEC2
into the search box and select AmazonEC2ReadOnlyAccess permissionsNext:Review :
Voice-Server
as the Role name and click Create roleConnect to your instance using your previously downloaded ssh certificate:
ssh -i ~/.aws/sabbamitta-ssh2.pem ubuntu@MY_NEW_AWS_SERVER_IP
This should open up an ssh connection to your new AWS server.
Connect to AWS server using ssh
and install Voice.
sudo chown -R $(whoami):$(whoami) ~
git clone https://github.com/sc-voice/sc-voice.git
cd sc-voice
sudo chown -R $(whoami):$(whoami) .
./scripts/init.sh
sudo chown -R $(whoami):$(whoami) .
Update Voice but do not reboot:
./scripts/update-latest
Launch Voice in HTTP mode for port 80
sudo npm start
Verify that Voice is running by using a browser to view the public IP of the AWS server. Don't press any buttons (e.g., audio won't work) The HTTP port 80 Voice server is temporary. We are just using it to verify that Voice can run on the AWS server.
After verifying that Voice functions as expected on HTTP port 80, we will need to shut down the HTTP port 80 server
CTRL-C
sudo chown -R $(whoami):$(whoami) * .*
We'll now return to your own machine to upload ssl certifate...
exit
Open up SuttaCentral Discuss&Discover to get the SSL Certificate:
search messages
checkboxVoice Admin
and press Enterscp -i ~/.aws/sabbamitta-ssh2.pem voice-ssl.tar.gz ubuntu@MY_NEW_AWS_SERVER_IP:sc-voice/local
ssh -i ~/.aws/sabbamitta-ssh2.pem ubuntu@MY_NEW_AWS_SERVER_IP
cd sc-voice/local
gunzip voice-ssl.tar.gz
tar -xvf voice-ssl.tar
cd ../
./scripts/sc-voice-daemon.sh
sudo shutdown -r now
Voice uses AWS services which require authentication. Once the Voice server has rebooted, you will need to add AWS credentials by logging in as admin.
Every time an AWS EC2 server is restarted, it will be given a new public IP.
Generally speaking, it is important to have a public static IP available at all times.
DNS mapping requires that SuttaCentral be able to map a
fully qualified name such as staging.voice.suttacentral.net
to a specific static IP.
Every AWS account is allowed one free Elastic IP (i.e., static public IP) that is mapped to an AWS EC2 running instance. Note that "running" is critical here. You will be charged for having a static IP that is not in use.
To practice Elastic IP setup, do the following: