Deploying web application with HTTPS using AWS

Jangwook Kim
Feb 10 · 4 min read

This is the record when I deployed web application with HTTPS using AWS.
I wrote simply just what I did.

First Step: Build infrastructure

In this step, I build infrastructure that will delpoy my web application.

1. Create VPC

  1. Menu: Services > VPC > Your VPCs > Create VPC
  2. 2. Add Name tag and IPv4 CIDR block
  3. Create
  4. Menu: Services > VPC > Your VPCs > Select created VPC > Actions > Edit DNS resolution
  5. Check DNS resolution: enable
  6. Menu: Services > VPC > Your VPCs > Select created VPC > Actions > Edit DNS hostnames
  7. Check DNS resolution: enable

I input 10.0.0.0/16 as IPv4 CIDR Block.

2. Create Subnet

To offer continuous web services, I should create 2 or more subnets.

  1. Menu: Services > VPC > Subnets > Create subnet
  2. Add Name tag and IPv4 CIDR Block, select VPC what I created before
  3. Create 2 Subnets

I input 10.0.0.0/24, 10.0.1.0/24 as IPv4 CIDR Block.

3. Create EC2 Instance

  1. Menu: Services > EC2 > Instances > Launch Instance
  2. Choose an AMI: Amazon Linux 2 AMI 64bit(x86)
  3. Choose an Instance Type: t2.micro
  4. Choose Network: VPC what I created
  5. Choose Subnet: Subnet what I created
  6. Change Auto-assign Public IP: Enable
  7. Configure to TCP 22 port(SSH) can access from(source) My IP
  8. Configure to TCP 80 port(HTTP) can access from(source) Anywhere
  9. Configure to TCP 443 port(HTTPS) can access from(source) Anywhere
  10. Review and Launch

Set infrastructure can connect to internet

In document, the instance in vpc should be satisfied these all conditions to connect internet.

  1. Attach an internet gateway to your VPC.
  2. Ensure that your subnet’s route table points to the internet gateway.
  3. Ensure that instances in your subnet have a globally unique IP address.
  4. Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance.

Check the following image.

1. Attach IGW to VPC

  1. Menu: Services > VPC > Internet Gateways > Create internet gateway
  2. Add Name tag
  3. Create
  4. Menu: Services > VPC > Internet Gateways > Select created IGW > Actions > Attatch to VPC
  5. Select VPC what I created
  6. Attach

2. Ensure that your subnet’s route table points to the internet gateway.

  1. Menu: Services > VPC > Route Tables > Select route table associated VPC what I created
  2. Actions > Edit routes
  3. Add route: Destination 0.0.0.0/0, Target: Created IGW
  4. Save routes

3. Allocate elastic IP to EC2 Instance: Ensure that instances in your subnet have a globally unique IP address.

  1. Menu: Services > EC2 > Elastic IPs > Allocate Elastic IP address
  2. Allocate
  3. Menu: Services > EC2 > Elastic IPs > Select created IP address > Actions > Associate Elastic IP address
  4. Choose instace what I created
  5. Associate

4. Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance.

I already add roles to secury group when I created EC2 instance.

Execute my web application

1. Connect to EC2 and basic setting

# Connect
$ ssh -i <key-file-path> ec2-user@<ip-address> -o ServerAliveInterval=30
# add user
$ sudo adduser <user-name>
# password setting
$ sudo passwd <user-name>
# group setting
$ sudo usermod -aG wheel <user-name>
# add content of the public key file to last line
$ sudo mkdir -p /home/<user-name>/.ssh
$ sudo vi /home/<user-name>/.ssh/authorized_keys

2. Install PHP 7.4

$ sudo amazon-linux-extras enable epel
$ sudo yum clean metadata
$ sudo yum install -y epel-release
$ sudo rpm -Uvh https://rpms.remirepo.net/enterprise/remi-release-7.rpm
$ sudo yum install — enablerepo remi -y php74 php74-php php74-php-fpm php74-php-mbstring php74-php-dom php74-php-pdo php74-php-posix php74-php-uopz php74-php-xdebug php74-php-soap
$ sudo ln -sf /usr/bin/php74 /usr/bin/php

3. Install and Execute Apache

$ sudo yum install -y httpd
$ sudo systemctl start httpd
$ sudo systemctl enable httpd

4. Install require package

# git
$ sudo yum install -y git
# composer
$ php -r “copy(‘https://getcomposer.org/installer', ‘composer-setup.php’);”
$ php -r “if (hash_file(‘sha384’, ‘composer-setup.php’) === ‘c5b9b6d368201a9db6f74e2611495f369991b72d9c8cbd3ffbc63edff210eb73d46ffbfce88669ad33695ef77dc76976’) { echo ‘Installer verified’; } else { echo ‘Installer corrupt’; unlink(‘composer-setup.php’); } echo PHP_EOL;”
$ php composer-setup.php
$ php -r “unlink(‘composer-setup.php’);”
$ mv composer.phar /usr/local/bin
$ export PATH=”$PATH:/usr/local/bin”

5. Clone web application file from git

$ sudo mkdir -p /var/www/html/<app-name>
$ cd /var/www/html/<app-name>
$ git clone <git-url> .
$ composer install

6. Register domain and set A Record to IP address of the EC2 instance

Omit this process. Check this following tutorial.

7. Add SSL certificates for HTTPS communication

$ sudo yum install -y mod_ssl
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x certbot-auto
$ sudo ./certbot-auto — debug

If you get this error, modify certbot-auto file.

Sorry, I don’t know how to bootstrap Certbot on your operating system!

  1. Find elif [ -f /etc/redhat-release ]; then from the file
  2. Replace whole line to elif [ -f /etc/redhat-release ] || grep ‘cpe:.*:amazon_linux:2’ /etc/os-release > /dev/null 2>&1; then

For more detail information, check this article.

8. Add vhost configuration

<VirtualHost *:80>
ServerName <domain>
ServerAlias <domain>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
DocumentRoot /var/www/html/<app-name>
<Directory /var/www/html/<app-name>>
AllowOverride All
Options Includes FollowSymLinks Indexes
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName <domain>
ServerAlias <domain>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/<domain>/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<domain>/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/<domain>/fullchain.pem
DocumentRoot /var/www/html/<app-name>
<Directory /var/www/html/<app-name>>
AllowOverride All
Options Includes FollowSymLinks Indexes
Require all granted
</Directory>
</VirtualHost>

9. restart apache

$ sudo apachectl restart
Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade