Deploying GrowthBook with Nginx as a Sidecar on AWS ECS

Overview

This article provides a step-by-step approach to deploying the GrowthBook application alongside an Nginx reverse proxy for SSL/TLS encryption on AWS ECS using Docker Compose. The setup involves creating a Docker Compose file that defines both the GrowthBook service and the Nginx sidecar container.

Problem Statement

While attempting to deploy using the Docker Compose file, the process creates necessary AWS resources such as Network Load Balancers and ECS task definitions. However, it fails to create the ECS service, resulting in the deletion of all created resources. The error message indicates that the "Nginx sidecar container exited" unexpectedly.

Docker Compose Configuration

Below is the Docker Compose configuration file that sets up the GrowthBook service and the Nginx sidecar:

version: "3"
x-aws-vpc: "vpc-*************"
services:
  growthbook:
    image: "growthbook/growthbook:latest"
    ports:
      - 3000:3000
      - 3100:3100
    environment:
      - MONGODB_URI=<mongo_db_connection_string>
      - JWT_SECRET=<jwt_secret>
    volumes:
      - uploads:/usr/local/src/app/packages/back-end/uploads
  nginx-tls-sidecar:
    image: <nginx_sidecar_image>
    ports:
      - 443:443
    links:
      - growthbook
volumes:
  uploads:

Nginx Sidecar Dockerfile

To build the Nginx sidecar image, use the following Dockerfile:

FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf
COPY ssl.key /etc/nginx/ssl.key
COPY ssl.crt /etc/nginx/ssl.crt

In this Dockerfile, the SSL keys and certificates are self-signed and generated using OpenSSL.

Nginx Configuration

The Nginx configuration file is crucial for setting up SSL termination. Below is a sample configuration:

# Nginx Configuration File
# https://wiki.nginx.org/Configuration

user nginx;
worker_processes auto;
events {
  worker_connections 1024;
}
pid /var/run/nginx.pid;

http {
    server {
        listen [::]:443 ssl;
        listen 443 ssl;
        server_name localhost;

        ssl_protocols TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 24h;
        keepalive_timeout 300;
    }
}

Conclusion

By following this guide, you should be able to successfully deploy GrowthBook with Nginx as a sidecar on AWS ECS. Ensure that all configurations are correctly set, especially the SSL certificates and MongoDB connection string, to avoid any deployment issues.