[Other doc versions]
[Doc downloads]
The Atlassian Stash AMI provides a typical deployment of Stash in AWS. It bundles all the components used in a typical Stash deployment (reverse proxy, external database, backup tools, data volume, and temporary storage), pre-configured and ready to launch.
You can use the Atlassian Stash AMI as a "turnkey" deployment of a Stash instance in AWS, or use it as the starting point for customizing your own, more complex Stash deployments.
An instance launched from the Atlassian Stash AMI contains the following components:
Operating system | Amazon Linux 64-bit, 2014.09.1 |
---|---|
Stash | Stash (latest public version or a version of your choice) is downloaded and installed on launch. |
Administrative tools | atlassian-stash-diy-backup pre-installed and configured for AWS native backup, accessible over SSH. |
Reverse proxy | nginx, configured as follows:
|
Database | PostgreSQL 9.3 |
Block devices |
|
The Atlassian Stash AMI can be launched by either
On first boot, the Atlassian Stash AMI reads the file /etc/atl
(if any), which can override variables that enable each of the installed components. So for example to enable a self-signed SSL certificate, you can supply user data to the instance at launch time like this:
#!/bin/bash echo "ATL_SSL_SELF_CERT_ENABLED=true" >>/etc/atl
The following variables can be configured:
Variable name | Default value | Description |
---|---|---|
ATL_NGINX_ENABLED | true | Set to false to disable the Nginx reverse proxy, and leave Stash's server.xml configured to listen on port 7990 with no proxy. |
ATL_POSTGRES_ENABLED | true | Set to false to disable the PostgreSQL service, and leave Stash configured with its internal HSQL database. |
ATL_SSL_SELF_CERT_ENABLED | false | Set to Requires |
See Proxying and securing Stash for more information about Stash's server.xml
configuration file.
When connecting to your instance over SSH, use ec2-user
as the user name, for example:
ssh -i keyfile.pem ec2-user@ec2-xx-xxx-xxx-xxx.compute-1.amazonaws.com
The ec2-user
has sudo
access. The Atlassian Stash AMI does not allow SSH access by root
.
If launched with a self-signed SSL certificate (you selected SSLCertificate Generate a self-signed certificate in Quick Start with Stash and AWS or you set ATL_SSL_SELF_CERT_ENABLED=true
in Launching Stash in AWS manually), Stash will be configured to force HTTPS and redirect all plain HTTP requests to the equivalent https://
URL.
It is highly recommended to replace this self-signed SSL certificate with a proper one for your domain, obtained from a Certification Authority (CA), at the earliest opportunity. See Securing Stash in AWS. Once you have a true SSL certificate, install it as soon as possible.
To replace the self-signed SSL certificate with a true SSL certificate
/etc/nginx/ssl/my-ssl.crt
/etc/nginx/ssl/my-ssl.key
/etc/nginx/nginx.conf
as follows:/etc/nginx/ssl/self-ssl.crt
with /etc/nginx/ssl/my-ssl.crt
/etc/nginx/ssl/self-ssl.key
with /etc/nginx/ssl/my-ssl.key
/etc/nginx/ssl/my-ssl.crt
to the default system PKI bundle (/etc/pki/tls/certs/ca-bundle.crt
) to ensure scripts on the instance (such as DIY backup) can curl
successfully. The Atlassian Stash AMI includes a complete set of Stash DIY Backup scripts which has been built specifically for AWS. For instructions on how to backup and restore your instance please refer to Using Stash DIY Backup in AWS.
To upgrade to a later version of Stash in AWS you first must connect to your instance using SSH, then follow the steps in the Stash upgrade guide.
An EC2 instance launched from the Atlassian Stash AMI can be stopped and started just as any machine can be powered off and on again.
When stopping your EC2 instance, it is important to first
atlstash
and postgresql93
/media/atl
filesystem.When starting your EC2 instance back up again, if you rely on Amazon's automatically assigned public IP address (rather than a fixed private IP address or Elastic IP address) to access your instance, your IP address may have changed. When this happens, your instance can become inaccessible and display a "The host name for your Atlassian instance has changed" page. To fix this you need to update the hostname for your Stash instance.
To update the hostname for your Stash instance
sudo /opt/atlassian/bin/atl-update-host-name.sh
Migrating an existing Stash instance to AWS involves moving consistent backups of your ${STASH_HOME}
and your database to the AWS instance.
To migrate your existing Stash instance into AWS
SYSADMIN
permissions to the instance so you don't get locked out if the new server is unable to connect to your User Directory.STASH_HOME}/shared/stash-config.properties
file.By default, the application data volume in an instance launched from the Atlassian Stash AMI is a standard Linux ext4 filesystem, and can be resized using the standard Linux command line tools.
To resize the data volume in your Stash instance
atlstash
and postgresql93
services./media/atl
filesystem./dev/sdf
./dev/sdf
using resize2fs
, verify that its size has changed, and remount it on /media/atl
. postgresql93
and atlstash
and services.For more information, see Expanding the Storage Space of an EBS Volume on Linux, Expanding a Linux Partition, and the Linux manual pages for resize2fs
and related commands.
Occasionally, you may need to move your Stash data volume to another instance–for example, when setting up staging or production instances, or when moving to an instance to a different availability zone.
There are two approaches to move your Stash data volume to another instance
Launch a new instance from the Atlassian Stash AMI with a snapshot of your existing data volume.
A Stash data volume may only be moved to a Stash instance of the same or higher version than the original.
To launch a new instance from the Stash AMI using a snapshot of your existing Stash data volume
atlstash
and postgresql93
services on your existing Stash instance./media/atl
filesystem./dev/sdf
)./dev/sdf
as seen below and enter the id of the created snapshot.sudo /opt/atlassian/bin/atl-update-host-name.sh
<newhostname>stash-configuration.properties
file (typically located in /var/atlassian/application-data/stash/shared/
), as well as Stash's base URL in the administration screen to reflect this.