Deploy to AWS
Watch how to deploy OpenReplay in your AWS infrastructure
If you don't like reading, you can follow this video tutorial showing you how to deploy OpenReplay in AWS
OpenReplay stack can be installed on a single machine and AWS EC2 is an ideal candidate.
Launch an EC2 instanceSection titled Launch an EC2 instance
- Go to AWS EC2 Dashboard
- ‘Launch a new instance’
- Select your AMI. For this guide, we’ll be using Ubuntu Server 20.04 LTS
- Choose your instance type. The minimum specs are
2 vCPUs, 8 GB of RAM, 50 GB of storage, otherwise OpenReplay backend services won’t simply start. So, we recommend at least the
t3.large(or an equivalent), which is enough for a low/moderate volume. If you’re expecting high traffic, you should scale from here.
- Configure Instance Details: Tune the Network/Subnet parameters if needed or simply keep the defaults
- Add Storage: Set the size to 50 GB (General Purpose SSD (gp2))
- Add Tags: Tune the parameters or keep the defaults
- Security Groups: Keep the existing SSH rule and add 2 more for HTTP (80) and HTTPS (443) (source: 0.0.0.0/0)
- Click ‘Review and Launch’
- Create/download the SSH key then hit ‘Launch instances’
Deploy OpenReplaySection titled Deploy OpenReplay
- Make sure your instance is
Runningthen connect to it:
## From your terminal SSH_KEY=~/Downloads/openreplay-key.pem #! wherever you've saved the SSH key INSTANCE_IP=REPLACE_WITH_INSTANCE_PUBLIC_IP chmod 400 $SSH_KEY ssh -i $SSH_KEY ubuntu@$INSTANCE_IP
- Install OpenReplay by providing the domain on which it will be running (e.g. DOMAIN_NAME=openreplay.mycompany.com):
sudo wget https://raw.githubusercontent.com/openreplay/openreplay/main/scripts/helmcharts/openreplay-cli -O /bin/openreplay sudo chmod +x /bin/openreplay openreplay -i DOMAIN_NAME
Configure TLS/SSLSection titled Configure TLS/SSL
OpenReplay deals with sensitive user data and therefore requires HTTPS to run. This is mandatory, otherwise the tracker simply wouldn’t start recording. Same thing for the dashboard, without HTTPS you won’t be able to replay user sessions.
The easiest way to handle SSL in AWS is to setup a load balancer (ELB) and run OpenReplay behind it. Another option is to generate or use your own SSL certificate and point your subdomain (i.e. openreplay.mycompany.com) to the OpenReplay instance. More on both options below.
Setup AWS load balancer (option 1)Section titled Setup AWS load balancer (option 1)
- Go to ‘EC2’ > ‘Load Balancers’
- ‘Create Load Balancer’ and pick Application Load Balancer
- Add a listener to HTTPS (keep this one only) and make sure to select the same subnet(s) in which your OpenReplay instance is running.
- Choose an existing certificate (i.e. *.mycompany.com) or generate a new one from AWS Certificate Manager (ACM). You can also import yours.
- Configure Security Groups: Select the security group previously created for the OpenReplay instance (you can find it ‘EC2 Dashboard’ under the ‘Security’ tab)
- Configure Listener and routing: Keep the default protocol and port (
HTTP:80). Now, create a new target group. Give it a name and select
IP addressesin Target Type. Ensure the Health check path is set to
/healthzwhile keeping the other default parameters. Click on ‘Next’ to register targets, add the OpenReplay instance’s private IPv4 (ports
80) then add the target to the list (the private IP can be found in EC2 dashboard). Review then click on ‘Create target group’.
- Now, go back to the LB creation page and forward this new target group to the LB listener.
- Review then ‘Create load balancer’
Once created, go to Route 53 (or your DNS service provider) and create an
A Record that points to the load balancer using its DNS name (can be found in ELB dashboard).
Finally, enable the
use-forwarded-headers, by uncommenting the below line under the
ingress-nginx section, in
ingress-nginx: &ingress-nginx controller: config: use-forwarded-headers: true
You’re all set now, OpenReplay should be securely accessible on the subdomain you just set up. You can create an account by visiting the
/signup page (i.e. openreplay.mycompany.com/signup).
Bring/generate your SSL certificate (option 2)Section titled Bring/generate your SSL certificate (option 2)
Alternatively to creating a load balancer, you can bring (or generate) your own SSL certificate.
First, go to Route 53 (or your other DNS service provider) and create an
A Record. Use the domain you previously provided during the installation step and point it to the instance using its public IP (can be found in EC2 dashboard).
If you’re bringing your own certificate, create an SSL secret using the following command:
kubectl create secret tls openreplay-ssl -n app --key="private_key_file.pem" --cert="certificate.crt".
Note: If you don’t have a certificate, generate one, that auto-renews, for your subdomain (the one provided during installation) using Let’s Encrypt. Simply connect to OpenReplay EC2 instance, run
cd /var/lib/openreplay/openreplay/scripts/helmcharts && bash certmanager.shand follow the steps.
- If you wish to enable http to https redirection (recommended), then uncomment the below block, under the
ingress-nginx: &ingress-nginx controller: config: ssl-redirect: true force-ssl-redirect: true
It’s worth mentioning that our
ingress-nginx runs by default on ports
80|443, but this can be easily changed, if needed, in
ingress-nginx: &ingress-nginx controller: service: ports: http: 80 https: 443
- Finally reinstall OpenReplay NGINX:
You’re all set now, OpenReplay should be accessible on your subdomain. You can create an account by visiting the
/signup page (i.e. openreplay.mycompany.com/signup).
Have questions?Section titled Have questions?
If you encounter any issues, connect to our Slack and get help from our community.