Deploying web application with HTTPS using AWS

This is the record when I deployed web application with HTTPS using AWS.
I wrote simply just what I did.

First Step: Build infrastructure

In this step, I build infrastructure that will deploy my web application.

  1. Menu: Services > VPC > Your VPCs > Create VPC
  2. 2. Add Name tag and IPv4 CIDR block
  3. Create
  4. Menu: Services > VPC > Your VPCs > Select created VPC > Actions > Edit DNS resolution
  5. Check DNS resolution: enable
  6. Menu: Services > VPC > Your VPCs > Select created VPC > Actions > Edit DNS hostnames
  7. Check DNS hostname: enable

I input 10.0.0.0/16 as IPv4 CIDR Block.

To offer continuous web services, I should create 2 or more subnets.

  1. Menu: Services > VPC > Subnets > Create subnet
  2. Add Name tag and IPv4 CIDR Block, select VPC what I created before
  3. Create 2 Subnets

I input 10.0.0.0/24, 10.0.1.0/24 as IPv4 CIDR Block.

  1. Menu: Services > EC2 > Instances > Launch Instance
  2. Choose an AMI: Amazon Linux 2 AMI 64bit(x86)
  3. Choose an Instance Type: t2.micro
  4. Choose Network: VPC what I created
  5. Choose Subnet: Subnet what I created
  6. Change Auto-assign Public IP: Enable
  7. Configure to TCP 22 port(SSH) can access from(source) My IP
  8. Configure to TCP 80 port(HTTP) can access from(source) Anywhere
  9. Configure to TCP 443 port(HTTPS) can access from(source) Anywhere
  10. Review and Launch

Set infrastructure can connect to internet

In document, the instance in vpc should be satisfied these all conditions to connect internet.

  1. Attach an internet gateway to your VPC.
  2. Ensure that your subnet’s route table points to the internet gateway.
  3. Ensure that instances in your subnet have a globally unique IP address.
  4. Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance.

Check the following image.

Image for post
Image for post
  1. Menu: Services > VPC > Internet Gateways > Create internet gateway
  2. Add Name tag
  3. Create
  4. Menu: Services > VPC > Internet Gateways > Select created IGW > Actions > Attach to VPC
  5. Select VPC what I created
  6. Attach
  1. Menu: Services > VPC > Route Tables > Select route table associated VPC what I created
  2. Actions > Edit routes
  3. Add route: Destination 0.0.0.0/0, Target: Created IGW
  4. Save routes
  1. Menu: Services > EC2 > Elastic IPs > Allocate Elastic IP address
  2. Allocate
  3. Menu: Services > EC2 > Elastic IPs > Select created IP address > Actions > Associate Elastic IP address
  4. Choose instance what I created
  5. Associate

I already add roles to security group when I created EC2 instance.

Execute my web application

# Connect
$ ssh -i <key-file-path> ec2-user@<ip-address> -o ServerAliveInterval=30
# add user
$ sudo adduser <user-name>
# password setting
$ sudo passwd <user-name>
# group setting
$ sudo usermod -aG wheel <user-name>
# add content of the public key file to last line
$ sudo mkdir -p /home/<user-name>/.ssh
$ sudo vi /home/<user-name>/.ssh/authorized_keys
$ sudo amazon-linux-extras enable epel
$ sudo yum clean metadata
$ sudo yum install -y epel-release
$ sudo rpm -Uvh https://rpms.remirepo.net/enterprise/remi-release-7.rpm
$ sudo yum install — enablerepo remi -y php74 php74-php php74-php-fpm php74-php-mbstring php74-php-dom php74-php-pdo php74-php-posix php74-php-uopz php74-php-xdebug php74-php-soap
$ sudo ln -sf /usr/bin/php74 /usr/bin/php
$ sudo yum install -y httpd
$ sudo systemctl start httpd
$ sudo systemctl enable httpd
# git
$ sudo yum install -y git
# composer
$ php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
$ php -r "if (hash_file('sha384', 'composer-setup.php') === 'e0012edf3e80b6978849f5eff0d4b4e4c79ff1609dd1e613307e16318854d24ae64f26d17af3ef0bf7cfb710ca74755a') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
$ php composer-setup.php
$ php -r "unlink('composer-setup.php');"
$ mv composer.phar /usr/local/bin/composer
$ export PATH="$PATH:/usr/local/bin"
$ sudo mkdir -p /var/www/html/<app-name>
$ cd /var/www/html/<app-name>
$ git clone <git-url> .
$ composer install

Omit this process. Check this following tutorial.

7. Add SSL certificates for HTTPS communication

$ sudo yum install -y mod_ssl
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x certbot-auto
$ sudo ./certbot-auto — debug

If you get this error, modify certbot-auto file.

Sorry, I don’t know how to bootstrap Certbot on your operating system!

  1. Find elif [ -f /etc/redhat-release ]; then from the file
  2. Replace whole line to elif [ -f /etc/redhat-release ] || grep ‘cpe:.*:amazon_linux:2’ /etc/os-release > /dev/null 2>&1; then

For more detail information, check this article.

<VirtualHost *:80>
ServerName <domain>
ServerAlias <domain>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
DocumentRoot /var/www/html/<app-name>
<Directory /var/www/html/<app-name>>
AllowOverride All
Options Includes FollowSymLinks Indexes
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName <domain>
ServerAlias <domain>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/<domain>/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<domain>/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/<domain>/fullchain.pem
DocumentRoot /var/www/html/<app-name>
<Directory /var/www/html/<app-name>>
AllowOverride All
Options Includes FollowSymLinks Indexes
Require all granted
</Directory>
</VirtualHost>
$ sudo apachectl restart

Korean, live in Japan. The programmer. I love to learn something new things. I’m publishing my toy projects using GitHub. Visit https://www.jangwook.net.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store