So, you’re ready to enter the world of AWS then. Or, maybe you’re already used to working with AWS and just want to spin up a quick environment to prove a point. Either way, let’s take a look at how to spin up an Apache Tomcat environment on AWS in around 15 minutes so you can get the ball rolling. This clearly isn’t going to be a full production-ready setup, but it will get you going on the right lines.
Step 1 – Spin Up an EC2 Instance
I’m not going to talk through how to do that here. Google it. Click around. It’s a fairly simple setup. For the purposes of this blog post I’m going to assume you’re re-using an SSH Key so we don’t need to talk through how to get one of those setup and configured so you can SSH into your server.
NOTE: Important note on the different versions of the Operating Systems when installing;
- Amazon Linux 2 only supports older versions of Apache Tomcat when using yum, i.e. version 7 and lower (oddly)
- Amazon Linux (aka. version 1) support the later versions of Apache Tomcat when using yum, i.e. versions 8 and higher
Step 2 – Configure the Firewall aka. the AWS Security Group
As part of the setup in Step 1 you will have setup a Security Group, likely a brand new one. So you need to configure this to ensure that you can access your application. Thankfully there are a few simple ports you need to open on the Inbound Interface;
- Port 80 for HTTP traffic
- Port 443 for HTTPS traffic
- Port 8080 or 8084 for Apache Tomcat, depending on the version or configuration you’re using
Once you’ve configured the ports on the firewall you can continue to get everything setup as required.
Step 3 – SSH Into the Server to Configure Things
As part of your setup in Step 1 once your EC2 instance is up and running, it will have a publicly accessible hostname and IP address. One thing to note with EC2 instance is that every time you reboot them the hostname and IP address changes. This doesn’t particularly matter for the purpose of this blog post, but it is something you should be aware of if you’re looking for something more permanent. You can setup Static IP address (which are confusingly known as Elastic IPs in AWS terminology) so that you can configure everything you need from there.
As mentioned earlier, I’m going to assume you can SSH into the server successfully. If not, there is a Console option within the AWS Console interface which allows you to SSH into your new box which is quite handy.
The public hostname will look something along the lines of, http://ec2-{public-ip-address}.{aws-zone}.compute.amazonaws.com/
Step 4 – Install Apache Tomcat and Goodies
Once you’re SSH’d into your server, basically just run the following command which will install Apache Tomcat and all handy tools including the Tomcat Manager which allows you to upload your .war file via a handy interface so you don’t have to worry about copying the files over.
sudo yum install tomcat8 tomcat8-webapps tomcat8-admin-webapps tomcat8-docs-webapp
Step 5 – Configure Apache Tomcat Users
Now you’ve got Apache Tomcat installed, you need to make sure you can actually access the Tomcat Manager interface, so let’s get you an account created. Simply run the command below which will open the configuration file;
sudo nano /etc/tomcat8/tomcat-users.xml
Then un-comment the line in the file which gives you a default admin/adminadmin username/password. Clearly you should make this more secure, but as mentioned, this isn’t a production ready system, we’re trying to do this in 15 minutes. Save the file and exit.
Step 6 – Configure Apache Tomcat to Whitelist a Valid Administration IP Addresses
Next you need to configure Apache Tomcat to ensure you can access the Tomcat Manager easily to upload your .war files to the system. To do this, first you need to find out the IP address of your system. If you’re not on a static IP address from your device (i.e. home dynamic IP address, tethered from a mobile phone or in a coffee shop), then this step is only going to work for a very short period of time for you. Best bet – get yourself a Static IP address if you don’t have one already so you don’t have to keep messing with the configuration files every time you need to deploy your code.
First, edit the Hosts Manager Context.xml file by running the following command;
sudo nano /usr/share/tomcat8/webapps/host-manager/META-INF/context.xml
Then include your IP address within that file.
Second, edit the Manager Context.xml file by running the following command;
sudo nano /usr/share/tomcat8/webapps/ manager/META-INF/context.xml
Then include your IP address within that file.
Note that your current static IP address will need to be in the format of 1\.2\.3\.4. And if you want to whitelist multiple IP addresses, then you can separate them with the Pipe character |.
Save and exit each file in turn.
Step 7 – Access the Apache Tomcat Manager
Accessing the URL that you have in your AWS EC2 instance on the correct port should allow you to connect to the application manager;
http://3.10.224.121:8080/
Note, you’ll need to login with the username/password which you configured previously. Which as a default will be admin/adminadmin. Then from here you can simple manage the deployment of your application with ease.
Step 8 – Productionise the Above Setup
So we’ve flown through how to get an Apache Tomcat environment up and running for Java on AWS using EC2 and if you’ve followed the above steps, you should have had this done within 15 minutes. Some points you’re going to need to consider to get this into a production ready state include;
- Server size
- Server schedule for being turned on/off
- Joining up Apache with Apache Tomcat to ensure you can run the application on port 80/443 instead of 8080/8084
- Setting up SSL certificates using Let’s Encrypt
- Locking down your firewall (aka. AWS Security Group) to ensure only whitelisted IP addresses can access the ports that you have opened
- Setting up server monitoring software either as standalone applications or within AWS CloudWatch
- Configuring any local or remote databases for your application to run on
- Securing the Tomcat Manager and Host Manager applications using SSL Certificates
Hope the above guide has helped to get you up and running.
Michael Cropper