Deploying web application with HTTPS using AWS
4 min readFeb 10, 2020
This is the record when I deployed web application with HTTPS using AWS.
I wrote simply just what I did.
First Step: Build infrastructure
In this step, I build infrastructure that will deploy my web application.
1. Create VPC
- Menu: Services > VPC > Your VPCs > Create VPC
- 2. Add
Name tagandIPv4 CIDR block - Create
- Menu: Services > VPC > Your VPCs > Select created VPC > Actions > Edit DNS resolution
- Check DNS resolution:
enable - Menu: Services > VPC > Your VPCs > Select created VPC > Actions > Edit DNS hostnames
- Check DNS hostname:
enable
I input 10.0.0.0/16 as IPv4 CIDR Block.
2. Create Subnet
To offer continuous web services, I should create 2 or more subnets.
- Menu: Services > VPC > Subnets > Create subnet
- Add
Name tagandIPv4 CIDR Block, selectVPCwhat I created before - Create 2 Subnets
I input 10.0.0.0/24, 10.0.1.0/24 as IPv4 CIDR Block.
3. Create EC2 Instance
- Menu: Services > EC2 > Instances > Launch Instance
- Choose an AMI:
Amazon Linux 2AMI 64bit(x86) - Choose an Instance Type:
t2.micro - Choose Network: VPC what I created
- Choose Subnet: Subnet what I created
- Change Auto-assign Public IP:
Enable - Configure to TCP 22 port(SSH) can access from(source)
My IP - Configure to TCP 80 port(HTTP) can access from(source)
Anywhere - Configure to TCP 443 port(HTTPS) can access from(source)
Anywhere - Review and Launch
Set infrastructure can connect to internet
In document, the instance in vpc should be satisfied these all conditions to connect internet.
- Attach an internet gateway to your VPC.
- Ensure that your subnet’s route table points to the internet gateway.
- Ensure that instances in your subnet have a globally unique IP address.
- Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance.
Check the following image.
1. Attach IGW to VPC
- Menu: Services > VPC > Internet Gateways > Create internet gateway
- Add
Name tag - Create
- Menu: Services > VPC > Internet Gateways > Select created IGW > Actions > Attach to VPC
- Select VPC what I created
- Attach
2. Ensure that your subnet’s route table points to the internet gateway.
- Menu: Services > VPC > Route Tables > Select route table associated VPC what I created
- Actions > Edit routes
- Add route: Destination 0.0.0.0/0, Target: Created IGW
- Save routes
3. Allocate elastic IP to EC2 Instance: Ensure that instances in your subnet have a globally unique IP address.
- Menu: Services > EC2 > Elastic IPs > Allocate Elastic IP address
- Allocate
- Menu: Services > EC2 > Elastic IPs > Select created IP address > Actions > Associate Elastic IP address
- Choose instance what I created
- Associate
4. Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance.
I already add roles to security group when I created EC2 instance.
Execute my web application
1. Connect to EC2 and basic setting
# Connect
$ ssh -i <key-file-path> ec2-user@<ip-address> -o ServerAliveInterval=30# add user
$ sudo adduser <user-name># password setting
$ sudo passwd <user-name># group setting
$ sudo usermod -aG wheel <user-name># add content of the public key file to last line
$ sudo mkdir -p /home/<user-name>/.ssh
$ sudo vi /home/<user-name>/.ssh/authorized_keys
2. Install PHP 7.4
$ sudo amazon-linux-extras enable epel
$ sudo yum clean metadata
$ sudo yum install -y epel-release
$ sudo rpm -Uvh https://rpms.remirepo.net/enterprise/remi-release-7.rpm
$ sudo yum install — enablerepo remi -y php74 php74-php php74-php-fpm php74-php-mbstring php74-php-dom php74-php-pdo php74-php-posix php74-php-uopz php74-php-xdebug php74-php-soap
$ sudo ln -sf /usr/bin/php74 /usr/bin/php3. Install and Execute Apache
$ sudo yum install -y httpd
$ sudo systemctl start httpd
$ sudo systemctl enable httpd4. Install require package
# git
$ sudo yum install -y git# composer
$ php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
$ php -r "if (hash_file('sha384', 'composer-setup.php') === 'e0012edf3e80b6978849f5eff0d4b4e4c79ff1609dd1e613307e16318854d24ae64f26d17af3ef0bf7cfb710ca74755a') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
$ php composer-setup.php
$ php -r "unlink('composer-setup.php');"
$ mv composer.phar /usr/local/bin/composer
$ export PATH="$PATH:/usr/local/bin"
5. Clone web application file from git
$ sudo mkdir -p /var/www/html/<app-name>
$ cd /var/www/html/<app-name>
$ git clone <git-url> .
$ composer install6. Register domain and set A Record to IP address of the EC2 instance
Omit this process. Check this following tutorial.
7. Add SSL certificates for HTTPS communication
$ sudo yum install -y mod_ssl
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x certbot-auto
$ sudo ./certbot-auto — debugIf you get this error, modify certbot-auto file.
Sorry, I don’t know how to bootstrap Certbot on your operating system!
- Find
elif [ -f /etc/redhat-release ]; thenfrom the file - Replace whole line to
elif [ -f /etc/redhat-release ] || grep ‘cpe:.*:amazon_linux:2’ /etc/os-release > /dev/null 2>&1; then
For more detail information, check this article.
8. Add vhost configuration
<VirtualHost *:80>
ServerName <domain>
ServerAlias <domain> RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] DocumentRoot /var/www/html/<app-name>
<Directory /var/www/html/<app-name>>
AllowOverride All
Options Includes FollowSymLinks Indexes
Require all granted
</Directory>
</VirtualHost><VirtualHost *:443>
ServerName <domain>
ServerAlias <domain> SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/<domain>/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<domain>/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/<domain>/fullchain.pem DocumentRoot /var/www/html/<app-name>
<Directory /var/www/html/<app-name>>
AllowOverride All
Options Includes FollowSymLinks Indexes
Require all granted
</Directory>
</VirtualHost>
9. restart Apache
$ sudo apachectl restart
