web:accesswebec2:aws_web_app_ec2_configuration
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
web:accesswebec2:aws_web_app_ec2_configuration [2017/09/08 23:23] mjallison [Tomcat configuration] |
web:accesswebec2:aws_web_app_ec2_configuration [2017/09/08 23:32] (current) mjallison [Certbot setup] |
||
|---|---|---|---|
| Line 43: | Line 43: | ||
| * Copy ''get-certs'' script to /home/ec2-user (from the AccessWeb GIT repository /tools directory)<code>chmod a+x get-certs</code> | * Copy ''get-certs'' script to /home/ec2-user (from the AccessWeb GIT repository /tools directory)<code>chmod a+x get-certs</code> | ||
| + | ===== Tomcat configuration ===== | ||
| + | Tomcat needs to have a few configuration files modified prior to execution. | ||
| + | * Un-tar the Tomcat distribution | ||
| + | * Modify ''conf/server.xml'' to create a port 80 connector:<code> | ||
| + | <Connector port="80" protocol="HTTP/1.1" | ||
| + | connectionTimeout="20000" | ||
| + | redirectPort="443" /> | ||
| + | </code> | ||
| + | * Modify ''conf/server.xml'' to create a port 443 connector:<code> | ||
| + | <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" | ||
| + | maxThreads="150" SSLEnabled="true"> | ||
| + | <SSLHostConfig> | ||
| + | <Certificate certificateKeystoreFile=".keystore" | ||
| + | certificateKeystorePassword="accessweb" | ||
| + | certificateKeyAlias="tomcat" | ||
| + | type="RSA" /> | ||
| + | </SSLHostConfig> | ||
| + | </Connector> | ||
| + | </code> | ||
| + | * Modify ''conf/web.xml'' to add some security restrictions (toward end of the file):<code> | ||
| + | <!-- AGTEK SETTING --> | ||
| + | <security-constraint> | ||
| + | <web-resource-collection> | ||
| + | <web-resource-name>Entire Application</web-resource-name> | ||
| + | <url-pattern>/*</url-pattern> | ||
| + | </web-resource-collection> | ||
| + | <!-- auth-constraint goes here if you requre authentication --> | ||
| + | <user-data-constraint> | ||
| + | <transport-guarantee>CONFIDENTIAL</transport-guarantee> | ||
| + | </user-data-constraint> | ||
| + | </security-constraint> | ||
| + | </code> | ||
| ===== Certbot setup ===== | ===== Certbot setup ===== | ||
| The script ''get-certs'' is used to register the app server with letsencrypt. | The script ''get-certs'' is used to register the app server with letsencrypt. | ||
| Line 51: | Line 83: | ||
| you should be able to run Tomcat. Note: You need to also install AccessWeb.war. | you should be able to run Tomcat. Note: You need to also install AccessWeb.war. | ||
| + | ===== Test configuration setup ===== | ||
| + | For the pourposes of this document, we're assuming you are setting up "test.agtek.com". | ||
| + | * Enter "test.agtek.com" into a web browser | ||
| + | * You should see the AccessWeb login page. | ||
| + | * Depending on the browser you may be able to tell you are using secure http (https). | ||
| + | * If you are not using a secure connection, something went wrong and needs to be fixed. | ||
| + | * Complete the log-in. | ||
| + | * You should be able to choose the various application sections (Access/Projects/etc) and verify proper behavior. | ||
| + | * If something has gone wrong, it's time to involve the developer to fix this. | ||
web/accesswebec2/aws_web_app_ec2_configuration.1504912985.txt.gz ยท Last modified: 2017/09/08 23:23 by mjallison
Page Tools
