web:accesswebec2:aws_web_app_ec2_configuration
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
web:accesswebec2:aws_web_app_ec2_configuration [2017/09/08 17:54] mjallison created |
web:accesswebec2:aws_web_app_ec2_configuration [2017/09/08 23:32] (current) mjallison [Certbot setup] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Setup EC2 for AGTEK WebApps ====== | ====== Setup EC2 for AGTEK WebApps ====== | ||
| - | The AGTEK Access WebApps are written with a mix of technologies: | + | The AGTEK WebApps are written as a web application using the Apache Tomcat application server. The web app hosts a REST api that the browser side portion can use to interact with the AGTEK Access server. Initial deployments of the AccessWeb app are likely to be deployed on a separate AWS EC2 instance, which might be behind a load balancer, or may include several instances to assist shouldering the load. |
| + | |||
| + | Configuring the deployment environment is picky enough that a detailed recipe is required to be successful. This page details that configuration. Note that this does NOT discuss the development environment, nor does it does where you will obtain the AccessWeb.war application image. | ||
| + | |||
| + | Because of the intertwined nature of some of these packages, you may need to revisit some configurations a couple of times. | ||
| + | |||
| + | ===== AccessWeb environmental technologies ===== | ||
| * EC2 virtual machine | * EC2 virtual machine | ||
| * Amazon Linnux AMI | * Amazon Linnux AMI | ||
| Line 6: | Line 13: | ||
| * Apache Tomcat application server | * Apache Tomcat application server | ||
| * EFF Certbot (for SSL/TLS security certificates) | * EFF Certbot (for SSL/TLS security certificates) | ||
| + | |||
| + | ===== EC2 setup ===== | ||
| + | * Log into AWS | ||
| + | * Allocate an EC2 instance, Linux Amazon AMI, 64 bit (size should match the current deployment size for the webapp array) | ||
| + | * Suggestion is to use the same PEM for security as the access.agtek.com | ||
| + | * The EC2 instance should be inside the Access VPC | ||
| + | * Make sure that the port 80 and 443 are open. (VPC net ACLs will likely have these open as they are required). | ||
| + | |||
| + | ===== Framework installs ===== | ||
| + | * Download the Java Server distribution (tar.gz for Linux 64 bit) | ||
| + | * Un-tar the distribution to /home/ec2-user to get somethink like /home/ec2-user/jdk1.8.0_144 | ||
| + | * Download the Apache Tomcat distribution(tar.gz) | ||
| + | * Un-tar the distribution to /home/ec2-user to get something like /home/ec2-user/apache-tomcat-9.0.0 | ||
| + | * Download the certbot script to /home/ec2-user <code>wget https://dl.eff.org/certbot-auto | ||
| + | chmod a+x certbo-auto</code> | ||
| + | * Adjust the .bashrc to have the following:<code> | ||
| + | JAVA_HOME=/home/ec2-user/jdk1.8.0_144 | ||
| + | export JAVA_HOME | ||
| + | |||
| + | JRE_HOME=$JAVA_HOME | ||
| + | export JRE_HOME | ||
| + | |||
| + | PATH=$JAVA_HOME/bin:$PATH | ||
| + | export PATH | ||
| + | |||
| + | TOMCAT_HOME=/home/ec2-user/apache-tomcat-9.0.0.M26 | ||
| + | export TOMCAT_HOME | ||
| + | </code> | ||
| + | * Copy ''get-certs'' script to /home/ec2-user (from the AccessWeb GIT repository /tools directory)<code>chmod a+x get-certs</code> | ||
| + | |||
| + | ===== Tomcat configuration ===== | ||
| + | Tomcat needs to have a few configuration files modified prior to execution. | ||
| + | * Un-tar the Tomcat distribution | ||
| + | * Modify ''conf/server.xml'' to create a port 80 connector:<code> | ||
| + | <Connector port="80" protocol="HTTP/1.1" | ||
| + | connectionTimeout="20000" | ||
| + | redirectPort="443" /> | ||
| + | </code> | ||
| + | * Modify ''conf/server.xml'' to create a port 443 connector:<code> | ||
| + | <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" | ||
| + | maxThreads="150" SSLEnabled="true"> | ||
| + | <SSLHostConfig> | ||
| + | <Certificate certificateKeystoreFile=".keystore" | ||
| + | certificateKeystorePassword="accessweb" | ||
| + | certificateKeyAlias="tomcat" | ||
| + | type="RSA" /> | ||
| + | </SSLHostConfig> | ||
| + | </Connector> | ||
| + | </code> | ||
| + | * Modify ''conf/web.xml'' to add some security restrictions (toward end of the file):<code> | ||
| + | <!-- AGTEK SETTING --> | ||
| + | <security-constraint> | ||
| + | <web-resource-collection> | ||
| + | <web-resource-name>Entire Application</web-resource-name> | ||
| + | <url-pattern>/*</url-pattern> | ||
| + | </web-resource-collection> | ||
| + | <!-- auth-constraint goes here if you requre authentication --> | ||
| + | <user-data-constraint> | ||
| + | <transport-guarantee>CONFIDENTIAL</transport-guarantee> | ||
| + | </user-data-constraint> | ||
| + | </security-constraint> | ||
| + | </code> | ||
| + | ===== Certbot setup ===== | ||
| + | The script ''get-certs'' is used to register the app server with letsencrypt. | ||
| + | This script create the Tomcat keystore, fetch the certificate and install it into the | ||
| + | Tomcat keystore. Run the script: | ||
| + | <code>./get-certs</code> | ||
| + | Once the Tomcat configuration has done, and this step has been done | ||
| + | you should be able to run Tomcat. Note: You need to also install AccessWeb.war. | ||
| + | |||
| + | ===== Test configuration setup ===== | ||
| + | For the pourposes of this document, we're assuming you are setting up "test.agtek.com". | ||
| + | * Enter "test.agtek.com" into a web browser | ||
| + | * You should see the AccessWeb login page. | ||
| + | * Depending on the browser you may be able to tell you are using secure http (https). | ||
| + | * If you are not using a secure connection, something went wrong and needs to be fixed. | ||
| + | * Complete the log-in. | ||
| + | * You should be able to choose the various application sections (Access/Projects/etc) and verify proper behavior. | ||
| + | * If something has gone wrong, it's time to involve the developer to fix this. | ||
web/accesswebec2/aws_web_app_ec2_configuration.1504893285.txt.gz · Last modified: 2017/09/08 17:54 by mjallison
Page Tools
