web:accesswebec2:aws_web_app_ec2_configuration
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
web:accesswebec2:aws_web_app_ec2_configuration [2017/09/08 23:22] mjallison [Certbot setup] |
web:accesswebec2:aws_web_app_ec2_configuration [2017/09/08 23:32] (current) mjallison [Certbot setup] |
||
|---|---|---|---|
| Line 43: | Line 43: | ||
| * Copy ''get-certs'' script to /home/ec2-user (from the AccessWeb GIT repository /tools directory)<code>chmod a+x get-certs</code> | * Copy ''get-certs'' script to /home/ec2-user (from the AccessWeb GIT repository /tools directory)<code>chmod a+x get-certs</code> | ||
| + | ===== Tomcat configuration ===== | ||
| + | Tomcat needs to have a few configuration files modified prior to execution. | ||
| + | * Un-tar the Tomcat distribution | ||
| + | * Modify ''conf/server.xml'' to create a port 80 connector:<code> | ||
| + | <Connector port="80" protocol="HTTP/1.1" | ||
| + | connectionTimeout="20000" | ||
| + | redirectPort="443" /> | ||
| + | </code> | ||
| + | * Modify ''conf/server.xml'' to create a port 443 connector:<code> | ||
| + | <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" | ||
| + | maxThreads="150" SSLEnabled="true"> | ||
| + | <SSLHostConfig> | ||
| + | <Certificate certificateKeystoreFile=".keystore" | ||
| + | certificateKeystorePassword="accessweb" | ||
| + | certificateKeyAlias="tomcat" | ||
| + | type="RSA" /> | ||
| + | </SSLHostConfig> | ||
| + | </Connector> | ||
| + | </code> | ||
| + | * Modify ''conf/web.xml'' to add some security restrictions (toward end of the file):<code> | ||
| + | <!-- AGTEK SETTING --> | ||
| + | <security-constraint> | ||
| + | <web-resource-collection> | ||
| + | <web-resource-name>Entire Application</web-resource-name> | ||
| + | <url-pattern>/*</url-pattern> | ||
| + | </web-resource-collection> | ||
| + | <!-- auth-constraint goes here if you requre authentication --> | ||
| + | <user-data-constraint> | ||
| + | <transport-guarantee>CONFIDENTIAL</transport-guarantee> | ||
| + | </user-data-constraint> | ||
| + | </security-constraint> | ||
| + | </code> | ||
| ===== Certbot setup ===== | ===== Certbot setup ===== | ||
| - | The script <code>get-certs</code> is used to register the app server with letsencrypt. | + | The script ''get-certs'' is used to register the app server with letsencrypt. |
| This script create the Tomcat keystore, fetch the certificate and install it into the | This script create the Tomcat keystore, fetch the certificate and install it into the | ||
| Tomcat keystore. Run the script: | Tomcat keystore. Run the script: | ||
| <code>./get-certs</code> | <code>./get-certs</code> | ||
| Once the Tomcat configuration has done, and this step has been done | Once the Tomcat configuration has done, and this step has been done | ||
| - | you should be able to run Tomcat. | + | you should be able to run Tomcat. Note: You need to also install AccessWeb.war. |
| - | ===== Tomcat configuration ===== | + | |
| + | ===== Test configuration setup ===== | ||
| + | For the pourposes of this document, we're assuming you are setting up "test.agtek.com". | ||
| + | * Enter "test.agtek.com" into a web browser | ||
| + | * You should see the AccessWeb login page. | ||
| + | * Depending on the browser you may be able to tell you are using secure http (https). | ||
| + | * If you are not using a secure connection, something went wrong and needs to be fixed. | ||
| + | * Complete the log-in. | ||
| + | * You should be able to choose the various application sections (Access/Projects/etc) and verify proper behavior. | ||
| + | * If something has gone wrong, it's time to involve the developer to fix this. | ||
web/accesswebec2/aws_web_app_ec2_configuration.1504912922.txt.gz · Last modified: 2017/09/08 23:22 by mjallison
Page Tools
