Anvil @ Oracle Cloud Infrastructure

Show and Tell
1

Full step by step guide to deploying an anvil app on anvil’s open source app server on Oracle Cloud Infrastructure.

If you know me, you know I’m a big fan of UK-based, wicked smart Python development platform Anvil.

There has, however, been a gap in the Anvil Works docs when it comes to deploying a standalone app-server deployment on Oracle Cloud…until now!

Step 1: You’ll be needing a VM.

  1. Create a compartment called Application and, in Compute, create a virtual machine instance called “app_compute” in the Application compartment.

  2. Use a VM.Standard.A1.Flex shape on Ampere with 2 OCPUs, 8GB memory, and boot volume only.

  3. Use a canonical Ubuntu 24.04 image.

  4. Use the wizard to create a vcn called “app_vcn_1” with a public and private IP.

  5. Call the subnet “app_subnet_1.”

  6. Make sure you have a VNIC attached, called “app_primary_vnic” on app_subnet_1.

  7. Make sure you have an IGW called “Internet Gateway app_vcn_1.”

  8. Call the NSG “app_igwNSG.”

  9. Make sure you download the SSH key for the machine when prompted.

  10. Configuration of application virtual machine is complete, start the instance.

Step 2: You’ll be wanting some network traffic rules.

  1. On the NSG you will need the following additional Rules:

a. Egress, TCP, CIDR 0.0.0.0/0, Port 80

b. Egress, TCP, CIDR 0.0.0.0/0, Port 443

c. Ingress, TCP, CIDR 0.0.0.0/0, Port 443

  1. You do not need to make any changes to the Security List.

Step 3: You’ll be needing to configure your more secure VM.

  1. Copy the path of your SSH key.

  2. Open terminal and use the following command:

a. chmod 400 “key path”

  1. Copy the VM’s Public IP Address from the instance and Open Terminal.

  2. Use SSH to connect using this command in Terminal:

a. ssh -i “key path” ubuntu@“machine’s public ip”

  1. Once connected, first ensure you set a password for ubuntu:

a. sudo passwd ubuntu

  1. Also set a password for root:

a. su root

b. passwd

  1. Change back to the ubuntu user:

a. su ubuntu

  1. Update ubuntu:

a. sudo apt-get update

  1. If required (as for our example) install the required Java package:

a. sudo apt-get install python3-venv openjdk-8-jdk

  1. Enable service creation on port 443:

a. su root
b. echo ‘net.ipv4.ip_unprivileged_port_start=0’ > /etc/sysctl.d/50-unprivileged-ports.conf
c. sysctl –system

  1. Do not use UFW, which is disabled by default by Oracle for security reasons. Instead:

a. sudo nano /etc/iptables/rules.v4
b. Below the port 22 line add:
-A INPUT -p tcp -m state –state NEW -m tcp –dport 80 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 443 -j ACCEPT

c. CTL+X and save the buffer.
d. sudo iptables-restore < /etc/iptables/rules.v4
e. You can view the changes:
sudo iptables -L INPUT

  1. Lastly, as a Python compatibility measure (IMP is removed in 3.12 and may be needed):

a. sudo add-apt-repository ppa:deadsnakes/ppa
b. sudo apt-get update
c. sudo apt-get install python3.10 python3.10-venv

Step 4: You’ll be needing to prepare your standalone app server:

  1. Activate the virtual environment:

a. source py_venv/bin/activate

  1. We need the following libraries:

i. pip install oci (OCI’s Python Library)
ii. pip install anvil-app-server

  1. On this occasion we will clone the app to the machine using git clone:

a. git clone ssh://“clone link”
b. enter Anvil Works password when prompted.

  1. Deactivate the virtual environment:

a. deactivate

  1. Anvil Works applications use a secure, embedded secrets manager. As secrets are not copied through the git clone process we need to create a config file on the machine:

a. cd “app folder path”
b. sudo nano app_config.conf
c. Create secrets you need in the empty file:

secret:
secret_1: “secret1”
secret_2: “secret2”

d. CTL+X and save the buffer.
e. Make sure the file is accessible to ubuntu:
sudo chown ubuntu app_config.conf

Step 5: You’ll be needing to set up DNS:

  1. Copy the VM Instance public IP.

  2. Create A Record for https:// with the IP.

  3. Create A Record for www. with the IP.

Please note, in this case Anvil App Server forces https by default.

Step 6: You’ll be happily launching your application:

  1. Use tmux to keep the session alive in SSH.

a. tmux new -s app_session
b. source py_venv/bin/activate
c. anvil-app-server –app “app name” –config-file /home/ubuntu/“app folder”/app_config.conf –origin https://
d. CTL+B then D to exit the tmux session and leave the app running.

  1. List existing sessions:

a. tmux list-sessions

  1. To kill the session, enter it and use CTL+C

Please note, in the case of the Anvil App Server it handles certificates using Let’s Encrypt and reverse proxy using Traefik automatically without additional configuration required.

And that’s it!

Small Print:

I work for Oracle but these views are my own and may not present those of my employer.

I don’t work for Anvil but they are a thoroughly good bunch and more people should know about their platform.

5 Likes