AWS configure application environment

Details

After creating and starting an AWS EC2 instance, and installing nginx and the latest php
you will probably want to configure the application environments, deployment user, permissions, and re-configure nginx and php.

Goal

Create a user to be the owner of the deployed code (application abbreviation, internal code, etc)
               professor

Create environment-based directories for the application (/data could be an external volume)
       /data/prod/fry/www/html
       /data/dev/fry/www/html
       /data/qa/fry/www/html

Create environment-based urls for the application
       fry.domain.com
       fry-qa.domain.com
       fry-dev.domain.com

Note: while this should allow multiple apps per EC2, it may be better and simpler to have one app per EC2, in which case, there would not necessarily be a need for the /fry directory, although it may add clarity when view logs and debugging deployments.

 

Setup

Note: To facilitate getting stuff done, and to minimize permission problems, disable selinux.
If you have utilized and configured used services with selinux successfully before, then keep enabled and configure it appropriately.
https://serverfault.com/questions/30796/reasons-to-disable-enable-selinux

Temporarily disable selinux
> # sudo setenforce 0 

Permanently disable selinux
> sudo vi /etc/selinux/config
SELINUX=disabled

Create or obtain your ssh key pairs
You can create key pairs from AWS EC2ssh-keygen, or putty
Note: Be sure to securely store/backup your private key and distribute the public key as needed

Add a user to be used for deploying code
Note, there could be a user per app too, but for now, one user, 
which could be based on company name, or something generic
> sudo adduser professor

Change to the app user
> sudo su - professor

Enable ssh

Enable ssh access using key pairs

Make sure in /home/professor
> pwd

Create the file to store the public key
> mkdir .ssh
> chmod 700 .ssh
> touch .ssh/authorized_keys
> chmod 600 .ssh/authorized_keys

Copy in the public key (pem) for this user
> vi .ssh/authorized_keys
> # cat >> .ssh/authorized_keys # append pasted in text, ctrl c

Note: The public key should be in the format
ssh-rsa ABC…123== rsa-key-20200110

Putty on Windows will store the format as
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20200110"
ABC…123
---- END SSH2 PUBLIC KEY ----

You can use PuttyGen, open the private key, and view the proper format
or do some simple text editing of the surrounding delimiters.

From another shell, you should now be able to
> ssh -i professor.pem ec2host

Permissions

Add professor to nginx group, to view logs etc
> sudo usermod -a -G nginx professor

Add nginx to professor group as app dirs will be owned by professor
> sudo usermod -a -G professor nginx

Make app dirs (-p = recursive)
The application directory can be named for the application, an abbreviation, internal code/name, etc
> sudo mkdir -p /data/prod/fry/www/html
> sudo mkdir -p /data/dev/fry/www/html
> sudo mkdir -p /data/qa/fry/www/html

Change perms to professor (nginx) (-R recursive)
> sudo chown -R professor:professor /data/prod/fry
> sudo chown -R professor:professor /data/dev/fry
> sudo chown -R professor:professor /data/qa/fry

Keep data and prod/dev/qa owned by root, but accessible to professor
> sudo chown root:professor /data/prod
> sudo chown root:professor /data/dev
> sudo chown root:professor /data/qa
> sudo chown root:professor /data

Configure

Organize nginx sites in a new dir sites.d
Note: Inspired by Debian configuration
> sudo mkdir /etc/nginx/sites.d

Add sites.d to nginx conf
> sudo vi /etc/nginx/nginx.conf
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites.d/*.conf;

Add sites conf to sites.d
Configure prod/dev/qa in same file, or separate files
Note: This is just a modification of the default nginx config, you may have to adjust it per your framework or application
> sudo vi /etc/nginx/sites.d/fry.domain.com.conf
server {
        listen 80;
        server_name fry.domain.com;
        root   /data/prod/fry/www/html/;  
        access_log /var/log/nginx/fry.domain.com_access_log;
        error_log  /var/log/nginx/fry.domain.com_error_log error;
        location / {
               # modify based on framework
               try_files $uri $uri/ /index.php?$query_string;
        }
        # include php; replace if framework requires
        # index index.php index.html index.htm;
        # location ~ \.php$ { }
        include /etc/nginx/default.d/php.conf;      
}

server {
        listen 80;
        server_name fry-dev.domain.com;
        root   /data/dev/fry/www/html/; 
        access_log /var/log/nginx/fry-dev.domain.com_access_log;
        error_log  /var/log/nginx/fry-dev.domain.com_error_log error;
        location / {
               # modify based on framework
               try_files $uri $uri/ /index.php?$query_string;
        }
        # include php; replace if framework requires
        # index index.php index.html index.htm;
        # location ~ \.php$ { }
        include /etc/nginx/default.d/php.conf;      
}

server {
        listen 80;
        server_name fry-qa.domain.com;
        root   /data/qa/fry/www/html/;   
        access_log /var/log/nginx/fry-qa.domain.com_access_log;
        error_log  /var/log/nginx/fry-qa.domain.com_error_log error;
        location / {
               # modify based on framework
               try_files $uri $uri/ /index.php?$query_string;
        }
        # include php; replace if framework requires
        # index index.php index.html index.htm;
        # location ~ \.php$ { }
        include /etc/nginx/default.d/php.conf;      
}

Configure default ec2 to go to a dev site
> sudo vi /etc/nginx/sites.d/ec2.conf

server {
        listen 80;
        server_name ec2-1-2-3-4.us-east-9.compute.amazonaws.com;
        # point aws ec2 to a dev location
        root   /data/dev/fry/www/html/; 
        access_log /var/log/nginx/fry-dev.domain.com_access_log;
        error_log  /var/log/nginx/fry-dev.domain.com_error_log error;
        location / {
               # modify based on framework
               try_files $uri $uri/ /index.php?$query_string;
        }
        # include php; replace if framework requires
        # index index.php index.html index.htm;
        # location ~ \.php$ { }
        include /etc/nginx/default.d/php.conf;      
}

Support long AWS EC2 server names, using a new config
> sudo vi /etc/nginx/conf.d/http.conf
server_names_hash_bucket_size  128;

Validate config before restart
> sudo nginx -t

Restart nginx
> sudo systemctl restart nginx

Remove prior test page, if any
> sudo rm /usr/share/nginx/html/info.php

Create a test php page
Assuming the default AWS EC2 page goes to the development dir (ec2.conf)
> sudo vi /data/dev/fry/www/html/info.php
<?php

echo date(DATE_RFC2822);
phpinfo();

Verify
http://ec2-1-2-3-4.us-east-9.compute.amazonaws.com/info.php

Application code can be deployed to separate environment-based directories as professor


-End of Document-
Thanks for reading

Search

Similar Items

Tags

php 21 git 10 windows 10 aws 9 nodejs 7 security 6 virtualbox 6 android 5 portable 4 redhat 4 ubuntu 4 react native 3 reactjs 3 docker 3 devops 3 nginx 3 bash 3 symfony 3 apache 3 ide 2

Most Read Posts

Older Posts