====== Setup EC2 for AGTEK WebApps ======
The AGTEK WebApps are written as a web application using the Apache Tomcat application server. The web app hosts a REST api that the browser side portion can use to interact with the AGTEK Access server. Initial deployments of the AccessWeb app are likely to be deployed on a separate AWS EC2 instance, which might be behind a load balancer, or may include several instances to assist shouldering the load.

Configuring the deployment environment is picky enough that a detailed recipe is required to be successful. This page details that configuration. Note that this does NOT discuss the development environment, nor does it does where you will obtain the AccessWeb.war application image.

Because of the intertwined nature of some of these packages, you may need to revisit some configurations a couple of times.

===== AccessWeb environmental technologies =====

  * EC2 virtual machine
  * Amazon Linnux AMI
  * Java Server release, version 1.8
  * Apache Tomcat application server
  * EFF Certbot (for SSL/TLS security certificates)

===== EC2 setup =====
  * Log into AWS
  * Allocate an EC2 instance, Linux Amazon AMI, 64 bit (size should match the current deployment size for the webapp array)
  * Suggestion is to use the same PEM for security as the access.agtek.com
  * The EC2 instance should be inside the Access VPC
  * Make sure that the port 80 and 443 are open. (VPC net ACLs will likely have these open as they are required).

===== Framework installs =====
  * Download the Java Server distribution (tar.gz for Linux 64 bit)
    * Un-tar the distribution to /home/ec2-user to get somethink like /home/ec2-user/jdk1.8.0_144
  * Download the Apache Tomcat distribution(tar.gz)
    * Un-tar the distribution to /home/ec2-user to get something like /home/ec2-user/apache-tomcat-9.0.0
  * Download the certbot script to /home/ec2-user <code>wget https://dl.eff.org/certbot-auto
chmod a+x certbo-auto</code>
  * Adjust the .bashrc to have the following:<code>
JAVA_HOME=/home/ec2-user/jdk1.8.0_144
export JAVA_HOME

JRE_HOME=$JAVA_HOME
export JRE_HOME

PATH=$JAVA_HOME/bin:$PATH
export PATH

TOMCAT_HOME=/home/ec2-user/apache-tomcat-9.0.0.M26
export TOMCAT_HOME
</code>
   * Copy ''get-certs'' script to /home/ec2-user (from the AccessWeb GIT repository /tools directory)<code>chmod a+x get-certs</code>

===== Tomcat configuration =====
Tomcat needs to have a few configuration files modified prior to execution. 
  * Un-tar the Tomcat distribution
  * Modify ''conf/server.xml'' to create a port 80 connector:<code>
    <Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443" />
</code>
  * Modify ''conf/server.xml'' to create a port 443 connector:<code>
    <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate certificateKeystoreFile=".keystore"
                         certificateKeystorePassword="accessweb"
                         certificateKeyAlias="tomcat"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>
</code>
  * Modify ''conf/web.xml'' to add some security restrictions (toward end of the file):<code>
<!-- AGTEK SETTING -->
<security-constraint>
    <web-resource-collection>
        <web-resource-name>Entire Application</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <!-- auth-constraint goes here if you requre authentication -->
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
</code>
===== Certbot setup =====
The script ''get-certs'' is used to register the app server with letsencrypt. 
This script create the Tomcat keystore, fetch the certificate and install it into the 
Tomcat keystore. Run the script:
<code>./get-certs</code>
Once the Tomcat configuration has done, and this step has been done
you should be able to run Tomcat. Note: You need to also install AccessWeb.war.

===== Test configuration setup =====
For the pourposes of this document, we're assuming you are setting up "test.agtek.com". 
  * Enter "test.agtek.com" into a web browser
  * You should see the AccessWeb login page.
  * Depending on the browser you may be able to tell you are using secure http (https).
    * If you are not using a secure connection, something went wrong and needs to be fixed. 
  * Complete the log-in. 
    * You should be able to choose the various application sections (Access/Projects/etc) and verify proper behavior. 
    * If something has gone wrong, it's time to involve the developer to fix this.