Skip to content

Instantly share code, notes, and snippets.

@ferrao

ferrao/procedure.md

Last active December 18, 2024 18:07
Show Gist options
  • Save ferrao/792b81463de1f1417808683427c9445e to your computer and use it in GitHub Desktop.
Save ferrao/792b81463de1f1417808683427c9445e to your computer and use it in GitHub Desktop.
Download ZIP
Javabank Deployment
Raw
procedure.md

Deployment Workshop

Architecture

Diagram

Procedure

AWS Account

Will require a credit card, make sure to create only AWS resources belonging to the free tier not to inccur in any charges.

  • Create a new AWS account
  • Create a new Keypair

Keypair pem file needs to be saved under ~/.ssh/ with proper file permissions for both the directory and the pem file:

ssh directory (~/.ssh) : 700 ( drwx------ )
private key ( ~/.ssh/aws.pem ): 600 ( -rw------- )

Create EC2 Instance

  • AWS AL2023 Instance
  • Public IP address
  • Default VPC
  • Security Group

Connect to instance

ec2-user is the admin user, can escalate privileges with sudo

ssh -i ~/.ssh/keypair.pem ec2-user@<server-domain-name>

Install Tomcat

sudo dnf update
sudo dnf install java tomcat10 tomcat10-webapps tomcat10-admin-webapps tomcat10-docs-webapp

sudo systemctl enable tomcat10
sudo systemctl start tomcat10
sudo systemctl status tomcat10

journalctl -u tomcat10.service -f
  • Will run on port 8080, validate access to tomcat, need to open aws security group
  • Try to access manager app, can only be accessed from the local machine

Install Nginx

sudo dnf install nginx
sudo systemctl enable nginx
sudo systemctl start nginx
sudo systemctl status nginx

journalctl -u tomcat10.service -f

Will run on port 80, validate default nginx website

Configure Reverse Proxy

/etc/nginx/nginx.conf

This is required in case your server domain name is too big for the defaults.

http {
    server_names_hash_bucket_size 128;
}

/etc/nginx/conf.d/reverse_proxy.conf

server {
	listen 80;
	server_name <server-domain-name>;

	location / {
		proxy_pass http://localhost:8080;

		# Add headers to http when proxying:

        # helps the backend server know which hostname was used in the original request
		proxy_set_header Host $http_host;

		# Useful for logging and authentication in the backend server
		proxy_set_header X-Real-IP $remote_addr;

		# Tells the backend server whether the original request used HTTP or HTTPS
        # Important for security and generating correct URLs in the application
		proxy_set_header X-Forwarded-Proto $scheme;
    }
}
  • Restart nginx sudo systemctl restart nginx
  • Verify tomcat manager can be accessed

Configure Tomcat Manager Authentication

/etc/tomcat10/tomcat-users.xml

<user username="admin" password="<safe-password>" roles="manager-gui,manager-status,manager-script,manager-jmx,admin-gui"/>

Deploy Backend Java Application

scp -i "~/.ssh/keypair.pem" ./<app-name>.war ec2-user@<server-domain-name>:

sudo cp .<app-name>.war /usr/share/tomcat10/webapps

Create RDS Database

  • Postgres or MySQL
  • FreeTier
  • Connect to EC2 Instance
  • Install client: sudo dnf install postgresql16 or sudo dnf install mariadb105

Configure Tomcat Environment Variables

/etc/tomcat10/tomcat10.conf

DB_HOST="javabank.ctgui2cgwge6.eu-west-1.rds.amazonaws.com"
DB_NAME="javabank"
DB_PASSWORD="postgres"
DB_USERNAME="postgres"

Create Database

  • Postgres:
psql -U postgres -h <db-domain-name>
create database <database-name>
\q
  • MySQL:
mysql -u postgres -h <db-domain-name>
create database <database-name>
exit

Deploy Frontend HTML/CSS/JS Application

tar zcvf <app-name>.tgz <app-folder>
scp -i "~/.ssh/keypair.pem" ./<app-name>.tgz ec2-user@<server-domain-name>:

cd /usr/share/nginx/
sudo mv html html.orig
sudo tar zxvf <app-name>.tgz
sudo mv <app-folder> html

Edit reverse proxy configuration:

server {

    location /<app-name> {

    }

}

systemctl nginx restart

@ferrao
Copy link
Author

ferrao commented Dec 18, 2024

deployment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment