Setting up an Amazon EC2 AWS Server with Tomcat7 (running on ports 80 & 443), MySQL & Oracle JDK 1.7 and linking it to a domain

I’ve been wanting to give AWS a try for a long time, but until yesterday I wasn’t fully convinced on using it. I’m sharing the experience I had with my first setup on it since it might help other people who wants to do the same thing (and save them some time surfing for guides to do it).

Here’s my scenario: I’ve been developing a java application which uses a MySQL Database and runs on Tomcat 7. I wanted to be able to publish it on the internet, so I decided to buy a domain a few weeks ago. I didn’t bought it on amazon, I bought it from a 3rd party, and I wanted to link it to my AWS DNS.

So, these are the steps I followed to achieve this:

  • Creating an Amazon Web Services Account:
    If you don’t have an AWS account, the first thing to do would be to create one. You can go to http://aws.amazon.com/, click on “Create an AWS Account” and follow the steps. Keep in mind that you need to enter a valid phone number and have it verified before using the service. You’ll get a call from amazon asking you to enter your PIN code on the phone. Also, you need to enter your card’s data even if you’re using only the free tier (in case you start using the paid services).
Figure 1. Creating an AWS Account
  • Launching an EC2 Instance:
    Once you’re on the AWS control panel, you need to find the EC2 service, click on it and then click on the “Instances” section. After that, you need to select “Launch Instance”. Then you need to select a virtual machine to launch. In my case, I selected an “Amazon Linux AMI 2015.09 (HVM), SSD Volume Type”, which applies to the free tier. Then you need to set a name/tag to your instance, and then you need to create and download a key pair. It is very important to save this key pair in a safe place, and create a backup just in case, because there’s no way of recovering this file if you lose it, and you need it to remotely connect to your instance.
    After downloading the file, you need to open your console and type in the following command:
$ chmod 400 my-key-pair.pem
Figure 2. Choosing the EC2 instance Machine
  • Configuring your instance’s firewall:
    To finish your instance configuration you need to configure your firewall by creating a new security group, and setting a SSH rule (so you can remotely access the machine), an “ALL ICMP” rule (for enabling ping) and a custom TCP rule for port 8080, so you can access the tomcat server default port. I also added HTTP and HTTPS rules, since I’m planning on using those ports for accessing Tomcat.
  • Getting your server’s public IP
    Once you’ve launched your machine, you need to go to the “instances” section on the EC2 control panel, and find the “Public DNS row”. This is your server’s public IP, which you can use to remotely connect to it.
Figure 3. Finding the instance’s public IP
  • Connecting to your instance
    If you’re using windows, you’ll need to use a ssh software like PuTTY. If you’re using linux or a mac, you can use the terminal. You can login by navigating to the folder where you have your key file and using a command like this:
ssh -i MY_KEY_FILE.pem ec2-user@MY-SERVER-PUBLIC-URL.us-west-2.compute.amazonaws.com

Once logged, you'll see something like this:
Authenticating with public key "AWS-Tomcat"
Passphrase for key "AWS-Tomcat":

__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|

See /usr/share/doc/system-release/ for latest release notes.
No packages needed for security; 16 packages available
  • Updating the server:
    This is quite easy, you only need to run the following command:
$ sudo yum update
  • Installing Oracle’s JDK 1.7
    By default, AWS instances come with Open JDK 1.7, which is not bad, but sometimes you’ll prefer the Oracle version of it. If that’s the case, you need to log in via ssh to your instance and type the following commands:
# Downloading the JDK
$ wget — no-cookies — no-check-certificate — header “Cookie: oraclelicense=accept-securebackup-cookie” “http://download.oracle.com/otn-pub/java/jdk/7u55-b13/jdk-7u55-linux-x64.rpm" -O jdk-7-linux-x64.rpm
# Installing the JDK
$ sudo rpm –ivh jdk-7-linux-x64.rpm
# Checking if the server’s default java version is Sun JDK (usually it is OpenJDK)
$ java -version
# Creating an alternative for Sun JDK
$ sudo /usr/sbin/alternatives — install /usr/bin/java java /usr/java/jdk1.7.0_55/bin/java 20000
# Setting Sun JDK as the default JVM
$ sudo /usr/sbin/alternatives — config java
# Checking if the change was performed correctly
$ java -version
  • Installing Tomcat 7:
    In order to download and install Tomcat7, you need to type the following commands in the console:
# Installing Tomcat
$ sudo yum install tomcat7
# Starting Tomcat
$ sudo service tomcat7 start
# Installing Tomcat documentation, examples & webapps administrator
$ sudo yum install tomcat7-webapps tomcat7-docs-webapp tomcat7-admin-webapps
# Checking that tomcat is running fine in port 8080:
$ sudo fuser -v -n tcp 8080

# You’ll get something like this if everything’s fine
USER PID ACCESS COMMAND
8080/tcp: tomcat pid F…. java
# Stopping Tomcat (only use it if you need to stop the server)
$ sudo service tomcat7 stop
  • Creating a GUI user for using the Tomcat webapps manager:
    Tomcat has a web interface that you can use to manage your webapps, but you need to configure your users file to do so. I configured mine like this:
$ sudo nano /etc/tomcat7/tomcat-users.xml
# The file should look similar to this one:
<tomcat-users>
<role rolename=”tomcat”/>
<role rolename=”role1"/>
<role rolename=”manager-gui”/>
<user username=“myUser” password=“myPass” roles=”tomcat,role1,manager-gui/>
<tomcat-users>
  • Installing MySQL:
    You need to type the following commands in the console to get MySQL Running:
# Installing it
$ sudo yum install mysql-server

# After the installation you’ll get some commands that I recommend to run if you’re planning to use the database in a production environment
# Setting the database to start when the instance does
$ sudo chkconfig mysqld on
# Starting MySQL
$ sudo service mysqld start
  • Setting tomcat to run in ports 80 & 443:
    There are many ways to achieve this. Some of them need you to install an apache server, and handle the different XML configuration files, but I think that this is a quite easy way, and you don’t need to install anything else, you just need to learn a little bit on how to use iptables so you can redirect the requests from port 80 to 8080 and from port 443 to 8443.
    To do so, you can type in the following commands in your console:
# Checking the current iptables content on the prerouting table
$ sudo /sbin/iptables -L -n -t nat
# Adding the rules:
$ sudo /sbin/iptables -t nat -I PREROUTING -p tcp —-dport 80 -j REDIRECT --to-port 8080
$ sudo /sbin/iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
# Checking that the rules were added succesfully
$ sudo /sbin/iptables -L -n -t nat
# Saving the rules
$ sudo /sbin/service iptables save
# Restarting ipTables:
$ sudo /etc/init.d/iptables restart
# Checking that the rules were saved succesfully
$ sudo /sbin/iptables -L -n -t nat
  • Setting a Static IP to your instance:
    If you want to associate a domain to your EC2 instance, you need to have a static IP. For this, amazon provides you with the “Elastic IP”, which you can find on the EC2 control panel (under “Network & Security”). Once you click on this section, you need to allocate a new address and associate it to your instance (the user interface is quite intuitive for this).
    Keep in mind that once you do this, the public ip from your instance will change, and you’ll have to go back to the EC2 control panel to copy the new address and log in again from your terminal with the new address.
Figure 4. Allocating a new Static IP Address
  • Associating a domain to your EC2 instance
    To associate your domain, you need to get your domain name servers addresses. For this, we need to use another AWS service called Route 53, which is the one in charge of domain management. The url for this service is https://console.aws.amazon.com/route53/.
    Once you’re on the Route 53 control panel, you need to create a Public hosted zone. You need to give it the name of the domain you’re going to use. When it’s ready, you can check the “Record Sets” and you’ll find an entry with 4 name servers in it. These are the ones you need to enter on your domain management platform. In my case, since I bought my domain from Hostgator, I’m using the domain admin console they have to change the default name servers and replace them with the ones on the “Record Sets” entry.
    Finally, once you’re done with this, you need to go back to Route 53 and create a new record set, type A — IPv4 address, value: your static IP (you can get it from the Elastic IP section on the EC2 control panel). Leave the “name” field empty.
    Once you finish with this, you can wait for a little bit so that the new name servers are associated with your domain and then enter your domain to see the Tomcat homepage as your landing page :D
Figure 5. Getting the name servers and setting the static ip from your instance in AWS Route 53

That’s it!
My next steps would be adding a SSL Certificate to my instance, but I haven’t done this yet. Once I’ve done it, I’ll update the entry with this new step.

Of course I didn’t came up with this guide myself, I researched and read a lot of guides on the different topics and I put them all in this entry, so I’m leaving the urls of the different webpages I consulted so you can check them out and see where I got all this stuff.