Differences

This shows you the differences between two versions of the page.

--- web:accesswebec2:aws_web_app_ec2_configuration [2017/09/08 18:52]
mjallison
+++ web:accesswebec2:aws_web_app_ec2_configuration [2017/09/08 23:32] (current)
mjallison [Certbot setup]
@@ Line 26: / Line 26: @@
   * Download the Apache Tomcat distribution(tar.gz)
     * Un-tar the distribution to /home/ec2-user to get something like /home/ec2-user/apache-tomcat-9.0.0
-  * Download the certbot script to /home/ec2-user
+  * Download the certbot script to /home/ec2-user <code>wget https://dl.eff.org/certbot-auto
-    * wget https://dl.eff.org/certbot-auto
+chmod a+x certbo-auto</code>
-    * chmod a+x certbo-auto
+  * Adjust the .bashrc to have the following:<code>
-  * Adjust the .bashrc to have the following:
+JAVA_HOME=/home/ec2-user/jdk1.8.0_144
-''
+export JAVA_HOME
-      JAVA_HOME=/home/ec2-user/jdk1.8.0_144
-      export JAVA_HOME
 JRE_HOME=$JAVA_HOME
@@ Line 42: / Line 40: @@
 TOMCAT_HOME=/home/ec2-user/apache-tomcat-9.0.0.M26
 export TOMCAT_HOME
-''
+</code>
-===== Certbot setup =====
+   * Copy ''get-certs'' script to /home/ec2-user (from the AccessWeb GIT repository /tools directory)<code>chmod a+x get-certs</code>
 ===== Tomcat configuration =====
+Tomcat needs to have a few configuration files modified prior to execution.
+  * Un-tar the Tomcat distribution
+  * Modify ''conf/server.xml'' to create a port 80 connector:<code>
+    <Connector port="80" protocol="HTTP/1.1"
+               connectionTimeout="20000"
+               redirectPort="443" />
+</code>
+  * Modify ''conf/server.xml'' to create a port 443 connector:<code>
+    <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+               maxThreads="150" SSLEnabled="true">
+        <SSLHostConfig>
+            <Certificate certificateKeystoreFile=".keystore"
+                         certificateKeystorePassword="accessweb"
+                         certificateKeyAlias="tomcat"
+                         type="RSA" />
+        </SSLHostConfig>
+    </Connector>
+</code>
+  * Modify ''conf/web.xml'' to add some security restrictions (toward end of the file):<code>
+<!-- AGTEK SETTING -->
+<security-constraint>
+    <web-resource-collection>
+        <web-resource-name>Entire Application</web-resource-name>
+        <url-pattern>/*</url-pattern>
+    </web-resource-collection>
+    <!-- auth-constraint goes here if you requre authentication -->
+    <user-data-constraint>
+        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+    </user-data-constraint>
+</security-constraint>
+</code>
+===== Certbot setup =====
+The script ''get-certs'' is used to register the app server with letsencrypt.
+This script create the Tomcat keystore, fetch the certificate and install it into the
+Tomcat keystore. Run the script:
+<code>./get-certs</code>
+Once the Tomcat configuration has done, and this step has been done
+you should be able to run Tomcat. Note: You need to also install AccessWeb.war.
+===== Test configuration setup =====
+For the pourposes of this document, we're assuming you are setting up "test.agtek.com".
+  * Enter "test.agtek.com" into a web browser
+  * You should see the AccessWeb login page.
+  * Depending on the browser you may be able to tell you are using secure http (https).
+    * If you are not using a secure connection, something went wrong and needs to be fixed.
+  * Complete the log-in.
+    * You should be able to choose the various application sections (Access/Projects/etc) and verify proper behavior.
+    * If something has gone wrong, it's time to involve the developer to fix this.

AGTEK R & D Wiki

User Tools

Site Tools

Differences

Page Tools