Deploy to AWS

Video Tutorial

Watch how to deploy OpenReplay in your AWS infrastructure

If you don't like reading, you can follow this video tutorial showing you how to deploy OpenReplay in AWS

OpenReplay stack can be installed on a single machine and AWS EC2 is an ideal candidate.

Launch an EC2 instance

Section titled Launch an EC2 instance
  1. Go to AWS EC2 Dashboard
  2. ’Launch a new instance’
  3. Select your AMI. For this guide, we’ll be using Ubuntu Server 20.04 LTS
  4. Choose your instance type. The minimum specs are 2 vCPUs, 8 GB of RAM, 50 GB of storage, otherwise OpenReplay backend services won’t simply start. So, we recommend at least the t3.large (or an equivalent), which is enough for a low/moderate volume. If you’re expecting high traffic, you should scale from here.
  5. Configure Instance Details: Tune the Network/Subnet parameters if needed or simply keep the defaults
  6. Add Storage: Set the size to 50 GB (General Purpose SSD (gp2))
  7. Add Tags: Tune the parameters or keep the defaults
  8. Security Groups: Keep the existing SSH rule and add 2 more for HTTP (80) and HTTPS (443) (source: 0.0.0.0/0)
  9. Click ‘Review and Launch’
  10. Create/download the SSH key then hit ‘Launch instances’

Deploy OpenReplay

Section titled Deploy OpenReplay
  1. Make sure your instance is Running then connect to it:
## From your terminal
SSH_KEY=~/Downloads/openreplay-key.pem #! wherever you've saved the SSH key
INSTANCE_IP=REPLACE_WITH_INSTANCE_PUBLIC_IP
chmod 400 $SSH_KEY
ssh -i $SSH_KEY ubuntu@$INSTANCE_IP
  1. Install OpenReplay by providing the domain on which it will be running (e.g. DOMAIN_NAME=openreplay.mycompany.com):
sudo wget https://raw.githubusercontent.com/openreplay/openreplay/main/scripts/helmcharts/openreplay-cli -O /bin/openreplay 
sudo chmod +x /bin/openreplay
openreplay -i DOMAIN_NAME

Configure TLS/SSL

Section titled Configure TLS/SSL

OpenReplay deals with sensitive user data and therefore requires HTTPS to run. This is mandatory, otherwise the tracker simply wouldn’t start recording. Same thing for the dashboard, without HTTPS you won’t be able to replay user sessions.

The easiest way to handle SSL in AWS is to setup a load balancer (ELB) and run OpenReplay behind it. Another option is to generate or use your own SSL certificate and point your subdomain (i.e. openreplay.mycompany.com) to the OpenReplay instance. More on both options below.

Setup AWS load balancer (option 1)

Section titled Setup AWS load balancer (option 1)
  1. Go to ‘EC2’ > ‘Load Balancers'
  2. 'Create Load Balancer’ and pick Application Load Balancer
  3. Add a listener to HTTPS (keep this one only) and make sure to select the same subnet(s) in which your OpenReplay instance is running.
  4. Choose an existing certificate (i.e. *.mycompany.com) or generate a new one from AWS Certificate Manager (ACM). You can also import yours.
  5. Configure Security Groups: Select the security group previously created for the OpenReplay instance (you can find it ‘EC2 Dashboard’ under the ‘Security’ tab)
  6. Configure Listener and routing: Keep the default protocol and port (HTTP:80). Now, create a new target group. Give it a name and select IP addresses in Target Type. Ensure the Health check path is set to /healthz while keeping the other default parameters. Click on ‘Next’ to register targets, add the OpenReplay instance’s private IPv4 (ports 80) then add the target to the list (the private IP can be found in EC2 dashboard). Review then click on ‘Create target group’.
  7. Now, go back to the LB creation page and forward this new target group to the LB listener.
  8. Review then ‘Create load balancer’

Once created, go to Route 53 (or your DNS service provider) and create an A Record that points to the load balancer using its DNS name (can be found in ELB dashboard).

Finally, enable the use-forwarded-headers, by uncommenting the below line under the ingress-nginx section, in /var/lib/openreplay/vars.yaml:

ingress-nginx: &ingress-nginx
  controller:
    config:
      use-forwarded-headers: true

You’re all set now, OpenReplay should be securely accessible on the subdomain you just set up. You can create an account by visiting the /signup page (i.e. openreplay.mycompany.com/signup).

Bring/generate your SSL certificate (option 2)

Section titled Bring/generate your SSL certificate (option 2)

Alternatively to creating a load balancer, you can bring (or generate) your own SSL certificate.

  1. First, go to Route 53 (or your other DNS service provider) and create an A Record. Use the domain you previously provided during the installation step and point it to the instance using its public IP (can be found in EC2 dashboard).

  2. If you’re bringing your own certificate, create an SSL secret using the following command: kubectl create secret tls openreplay-ssl -n app --key="private_key_file.pem" --cert="certificate.crt".

Note: If you don’t have a certificate, generate one, that auto-renews, for your subdomain (the one provided during installation) using Let’s Encrypt. Simply connect to OpenReplay EC2 instance, run cd /var/lib/openreplay/openreplay/scripts/helmcharts && bash certmanager.sh and follow the steps.

  1. If you wish to enable http to https redirection (recommended), then uncomment the below block, under the ingress-nginx section, in /var/lib/openreplay/vars.yaml:
ingress-nginx: &ingress-nginx
  controller:
    config:
      ssl-redirect: true
      force-ssl-redirect: true

It’s worth mentioning that our ingress-nginx runs by default on ports 80|443, but this can be easily changed, if needed, in vars.yaml:

ingress-nginx: &ingress-nginx
  controller:
    service:
      ports:
        http: 80
        https: 443
  1. Finally reinstall OpenReplay NGINX:
openreplay -R

You’re all set now, OpenReplay should be accessible on your subdomain. You can create an account by visiting the /signup page (i.e. openreplay.mycompany.com/signup).

Have questions?

Section titled Have questions?

If you encounter any issues, connect to our Slack or check out our Forum and get help from our community.