Deploying web application with HTTPS using AWS

This is the record when I deployed web application with HTTPS using AWS.
I wrote simply just what I did.

First Step: Build infrastructure

In this step, I build infrastructure that will deploy my web application.

1. Create VPC

  1. Menu: Services > VPC > Your VPCs > Create VPC
  2. 2. Add Name tag and IPv4 CIDR block
  3. Create
  4. Menu: Services > VPC > Your VPCs > Select created VPC > Actions > Edit DNS resolution
  5. Check DNS resolution: enable
  6. Menu: Services > VPC > Your VPCs > Select created VPC > Actions > Edit DNS hostnames
  7. Check DNS hostname: enable

I input 10.0.0.0/16 as IPv4 CIDR Block.

2. Create Subnet

To offer continuous web services, I should create 2 or more subnets.

  1. Menu: Services > VPC > Subnets > Create subnet
  2. Add Name tag and IPv4 CIDR Block, select VPC what I created before
  3. Create 2 Subnets

I input 10.0.0.0/24, 10.0.1.0/24 as IPv4 CIDR Block.

3. Create EC2 Instance

  1. Menu: Services > EC2 > Instances > Launch Instance
  2. Choose an AMI: Amazon Linux 2 AMI 64bit(x86)
  3. Choose an Instance Type: t2.micro
  4. Choose Network: VPC what I created
  5. Choose Subnet: Subnet what I created
  6. Change Auto-assign Public IP: Enable
  7. Configure to TCP 22 port(SSH) can access from(source) My IP
  8. Configure to TCP 80 port(HTTP) can access from(source) Anywhere
  9. Configure to TCP 443 port(HTTPS) can access from(source) Anywhere
  10. Review and Launch

Set infrastructure can connect to internet

In document, the instance in vpc should be satisfied these all conditions to connect internet.

  1. Attach an internet gateway to your VPC.
  2. Ensure that your subnet’s route table points to the internet gateway.
  3. Ensure that instances in your subnet have a globally unique IP address.
  4. Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance.

Check the following image.

1. Attach IGW to VPC

  1. Menu: Services > VPC > Internet Gateways > Create internet gateway
  2. Add Name tag
  3. Create
  4. Menu: Services > VPC > Internet Gateways > Select created IGW > Actions > Attach to VPC
  5. Select VPC what I created
  6. Attach

2. Ensure that your subnet’s route table points to the internet gateway.

  1. Menu: Services > VPC > Route Tables > Select route table associated VPC what I created
  2. Actions > Edit routes
  3. Add route: Destination 0.0.0.0/0, Target: Created IGW
  4. Save routes

3. Allocate elastic IP to EC2 Instance: Ensure that instances in your subnet have a globally unique IP address.

  1. Menu: Services > EC2 > Elastic IPs > Allocate Elastic IP address
  2. Allocate
  3. Menu: Services > EC2 > Elastic IPs > Select created IP address > Actions > Associate Elastic IP address
  4. Choose instance what I created
  5. Associate

4. Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance.

I already add roles to security group when I created EC2 instance.

Execute my web application

1. Connect to EC2 and basic setting

# Connect
$ ssh -i <key-file-path> ec2-user@<ip-address> -o ServerAliveInterval=30
# add user
$ sudo adduser <user-name>
# password setting
$ sudo passwd <user-name>
# group setting
$ sudo usermod -aG wheel <user-name>
# add content of the public key file to last line
$ sudo mkdir -p /home/<user-name>/.ssh
$ sudo vi /home/<user-name>/.ssh/authorized_keys

2. Install PHP 7.4

$ sudo amazon-linux-extras enable epel
$ sudo yum clean metadata
$ sudo yum install -y epel-release
$ sudo rpm -Uvh https://rpms.remirepo.net/enterprise/remi-release-7.rpm
$ sudo yum install — enablerepo remi -y php74 php74-php php74-php-fpm php74-php-mbstring php74-php-dom php74-php-pdo php74-php-posix php74-php-uopz php74-php-xdebug php74-php-soap
$ sudo ln -sf /usr/bin/php74 /usr/bin/php

3. Install and Execute Apache

$ sudo yum install -y httpd
$ sudo systemctl start httpd
$ sudo systemctl enable httpd

4. Install require package

# git
$ sudo yum install -y git
# composer
$ php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
$ php -r "if (hash_file('sha384', 'composer-setup.php') === 'e0012edf3e80b6978849f5eff0d4b4e4c79ff1609dd1e613307e16318854d24ae64f26d17af3ef0bf7cfb710ca74755a') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
$ php composer-setup.php
$ php -r "unlink('composer-setup.php');"
$ mv composer.phar /usr/local/bin/composer
$ export PATH="$PATH:/usr/local/bin"

5. Clone web application file from git

$ sudo mkdir -p /var/www/html/<app-name>
$ cd /var/www/html/<app-name>
$ git clone <git-url> .
$ composer install

6. Register domain and set A Record to IP address of the EC2 instance

Omit this process. Check this following tutorial.

7. Add SSL certificates for HTTPS communication

$ sudo yum install -y mod_ssl
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x certbot-auto
$ sudo ./certbot-auto — debug

If you get this error, modify certbot-auto file.

Sorry, I don’t know how to bootstrap Certbot on your operating system!

  1. Find elif [ -f /etc/redhat-release ]; then from the file
  2. Replace whole line to elif [ -f /etc/redhat-release ] || grep ‘cpe:.*:amazon_linux:2’ /etc/os-release > /dev/null 2>&1; then

For more detail information, check this article.

8. Add vhost configuration

<VirtualHost *:80>
ServerName <domain>
ServerAlias <domain>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
DocumentRoot /var/www/html/<app-name>
<Directory /var/www/html/<app-name>>
AllowOverride All
Options Includes FollowSymLinks Indexes
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName <domain>
ServerAlias <domain>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/<domain>/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<domain>/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/<domain>/fullchain.pem
DocumentRoot /var/www/html/<app-name>
<Directory /var/www/html/<app-name>>
AllowOverride All
Options Includes FollowSymLinks Indexes
Require all granted
</Directory>
</VirtualHost>

9. restart Apache

$ sudo apachectl restart

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jangwook Kim

Jangwook Kim

Korean, live in Japan. The programmer. I love to learn something new things. I’m publishing my toy projects using GitHub. Visit https://www.jangwook.net.