The AGTEK WebApps are written as a web application using the Apache Tomcat application server. The web app hosts a REST api that the browser side portion can use to interact with the AGTEK Access server. Initial deployments of the AccessWeb app are likely to be deployed on a separate AWS EC2 instance, which might be behind a load balancer, or may include several instances to assist shouldering the load.

Configuring the deployment environment is picky enough that a detailed recipe is required to be successful. This page details that configuration. Note that this does NOT discuss the development environment, nor does it does where you will obtain the AccessWeb.war application image.

Because of the intertwined nature of some of these packages, you may need to revisit some configurations a couple of times.

• EC2 virtual machine
• Amazon Linnux AMI
• Java Server release, version 1.8
• Apache Tomcat application server
• EFF Certbot (for SSL/TLS security certificates)

• Log into AWS
• Allocate an EC2 instance, Linux Amazon AMI, 64 bit (size should match the current deployment size for the webapp array)
• Suggestion is to use the same PEM for security as the access.agtek.com
• The EC2 instance should be inside the Access VPC
• Make sure that the port 80 and 443 are open. (VPC net ACLs will likely have these open as they are required).

• Download the Java Server distribution (tar.gz for Linux 64 bit)
  • Un-tar the distribution to /home/ec2-user to get somethink like /home/ec2-user/jdk1.8.0_144
• Download the Apache Tomcat distribution(tar.gz)
  • Un-tar the distribution to /home/ec2-user to get something like /home/ec2-user/apache-tomcat-9.0.0
• Download the certbot script to /home/ec2-user

  wget https://dl.eff.org/certbot-auto
  chmod a+x certbo-auto

• Adjust the .bashrc to have the following:

  JAVA_HOME=/home/ec2-user/jdk1.8.0_144
  export JAVA_HOME
  
  JRE_HOME=$JAVA_HOME
  export JRE_HOME
  
  PATH=$JAVA_HOME/bin:$PATH
  export PATH
  
  TOMCAT_HOME=/home/ec2-user/apache-tomcat-9.0.0.M26
  export TOMCAT_HOME

• Copy get-certs script to /home/ec2-user (from the AccessWeb GIT repository /tools directory)

  chmod a+x get-certs

Tomcat needs to have a few configuration files modified prior to execution.

• Un-tar the Tomcat distribution
• Modify conf/server.xml to create a port 80 connector:

      <Connector port="80" protocol="HTTP/1.1"
                 connectionTimeout="20000"
                 redirectPort="443" />

• Modify conf/server.xml to create a port 443 connector:

      <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
                 maxThreads="150" SSLEnabled="true">
          <SSLHostConfig>
              <Certificate certificateKeystoreFile=".keystore"
                           certificateKeystorePassword="accessweb"
                           certificateKeyAlias="tomcat"
                           type="RSA" />
          </SSLHostConfig>
      </Connector>

• Modify conf/web.xml to add some security restrictions (toward end of the file):

  <!-- AGTEK SETTING -->
  <security-constraint>
      <web-resource-collection>
          <web-resource-name>Entire Application</web-resource-name>
          <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <!-- auth-constraint goes here if you requre authentication -->
      <user-data-constraint>
          <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
  </security-constraint>

The script get-certs is used to register the app server with letsencrypt. This script create the Tomcat keystore, fetch the certificate and install it into the Tomcat keystore. Run the script:

./get-certs

Once the Tomcat configuration has done, and this step has been done you should be able to run Tomcat. Note: You need to also install AccessWeb.war.

For the pourposes of this document, we're assuming you are setting up “test.agtek.com”.

• Enter “test.agtek.com” into a web browser
• You should see the AccessWeb login page.
• Depending on the browser you may be able to tell you are using secure http (https).
  • If you are not using a secure connection, something went wrong and needs to be fixed.
• Complete the log-in.
  • You should be able to choose the various application sections (Access/Projects/etc) and verify proper behavior.
  • If something has gone wrong, it's time to involve the developer to fix this.