I needed to move a DigitalOcean Droplet to AWS which was running a Docker application using Docker Compose and had its SSL configured using Let’s Encrypt. I couldn’t find an easy way to convert the DigitalOcean disk snapshots to AWS EBS ones, otherwise, the whole disk could be cloned in AWS with much less effort since Linux configuration is all about the filesystem. I ended up installing needed packages on the target machine and move the configurations. Since I tested everything and it was successful I figured it might be useful to put all the commands and steps in the same place as a quick step-by-step guide. Also, the exact same steps apply to any other cloud as well as the other way around, from AWS to DigitalOcean.
Setup the New Machine
Both the Droplet and AWS EC2 instance are running Ubuntu 18.04 but this guide should work for newer versions of Ubuntu.
First of all, it’s a good idea to make sure that the swap memory is enabled. There is a nice tutorial from DigitalOcean on how to enable the swap space on Ubuntu.
First, start by updating the
apt repository on the new machine:
sudo apt update
sudo apt-get install \ apt-transport-https \ ca-certificates \ curl \ gnupg-agent \ software-properties-common curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - sudo apt-key fingerprint 0EBFCD88 sudo add-apt-repository \ "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) \ stable" sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io # If the user is not root sudo usermod -aG docker $USER
You also need to logout and login again to be able to work with docker without running as root.
Install Docker Compose
sudo curl -L "https://github.com/docker/compose/releases/download/1.26.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose
Install Nginx and Certbot
sudo apt install nginx sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot python3-certbot-nginx
Copy the Application
Copy the application folder including docker-compose files by running the following commands on the source machine:
tar cjvf app.tar.bz2 [APP_DIR] scp -i [PEM_FILE].pem app.tar.bz2 [DESITNATION_MACHINE_SSH]:~/
And on the new machine:
tar xvf app.tar.bz2
Backup and Restore Docker Volumes
You can skip this section if you don’t have any Docker volumes that needs to be moved or you mount your files to the local disk and that will be copied as part of the source code or similar way
On the source machine, run
docker volume ls and find the volume names you need to migrate then run the following command to create a backup of the volume:
docker run --rm \ --volume [VOLUME_NAME]:/home/volume \ --volume $(pwd):/home/backup \ ubuntu \ tar cvf /home/backup/volume.tar /home/volume
The first volume exposes the original volume to this temporary Docker container and the second one allows us to copy the volume back into another path at the host machine. Though instead of copy we create a
tar file using the last command.
Transfer the file to the new machine using
scp as before and then:
docker run --rm \ --volume [VOLUME_NAME]:/home/volume \ --volume $(pwd):/home/backup \ ubuntu \ tar xvf /home/backup/volume.tar -C /home/volume --strip 1
This is the same approach just a different command to extract the
Start the app using Docker Compose
docker-compose up -d --build
Configuring Let’s Encrypt using Certbot
The original server had Let’s Encrypt configured using Certbot and Nginx running on the host machine.
Since Nginx is installed on the new machine, it should work out of the box by just copying the configs and key files from the original machine.
Move the files
The easiest way is to use
scp like copying the source code above. First make
tar.bz2 files from
/etc/letsencrypt folders on the source machine:
tar cjvf nginx.tar.bz2 /etc/nginx/ tar cjvf letsencrypt.tar.bz2 /etc/letsencrypt scp -i [PEM_FILE].pem nginx.tar.bz2 letsencrypt.tar.bz2 [DESITNATION_MACHINE_SSH]:~/
Then on the new machine:
sudo tar xvf nginx.tar.bz2 -C / sudo tar xvf letsencrypt.tar.bz2 -C /
Update your domain
You need to update your domain to point to this new server IP address before being able to enable automatic renewal.
Enable automatic renewal
Just to make sure the renewal is working run:
sudo certbot renew --dry-run