Hello Fiends, In this article I will help you to set up Apache server on EC2 Linux instance. I will cover the details in step by step. And this will help you to set up your own Apache server. I have divided this article in two sections mentioned below:
Apache has been the most popular web server on the Internet Apache HTTP Server httpd was launched in 1995 and it has been the most popular web server on the Internet since April 1996.Latest release from the 2.4.x stable branch represents the best available version of Apache HTTP Server. To set up a LAMP web server on Amazon Linux AMI, see Tutorial: Install a LAMP web server on the Amazon Linux AMI. Now that your instance is current, you can install the Apache web server, MariaDB, and PHP software packages. Use the yum install command to install multiple software packages and all related dependencies at the same time.
- Spinning up a Linux EC2 instance
- Configuring the EC2 instance to host Apache server.
The web server runs on an Amazon EC2 instance using Amazon Linux, and the MySQL database is an MySQL DB instance. Both the Amazon EC2 instance and the DB instance run in a virtual private cloud (VPC) based on the Amazon VPC service.
Spinning up a Linux EC2 instance:
- Login to your aws console preferably using an IAM user. Please never use a root account in real time scenarios to login and create new services.
- Go the Services tab in the top left corner in the AWS console. Select EC2 under compute section.
- Once you are on EC2 Dashboard, Click on the Running instance link. Under the running instance slink you can see that there are no instances running if you are logging for the first time in the console.
- Going forward on the top of the screen click Launch Instances.
- Now you should be able to see the screen as Step 1: Choose an Amazon Machine Image(AMI).
- Select any one of the AMI from the available list. Make sure that the AMI you select is Free tier eligible for not getting billed. I have selected the one shown in the figure below.
- Now choose the instance type. Instance types comprise varying combinations of CPU, memory, storage, and networking capacity and give you the flexibility to choose the appropriate mix of resources for your applications. Here I have selected t2. micro which is again free tier eligible. We get 750 hours of usage free of cost within the first one year of creation of the AWS account.
- Once you have selected the instance type. Click Next: Configure Instance Details at the right bottom of the page. In this screen you have to select the VPC (VPC is a virtual data center created for you to host your resources. It separates your resources from other resources in the cloud). I have already written post on how to create a public subnet in a VPC in one of my post : https://www.dotnetforall.com/creating-your-first-aws-vpc-for-publicly-accessible-resource-on-internet/.
As you can see in the figure above, the VPC I used it already created by me in previous post. And finally the subnet used is the public subnet.
- In the “Add Storage” screen keep the default options.
- In the “Add Tags” add the Key as “Name” and Value as “WebDMZ”.
- Next in the “Configure Security Group” screen, select the “Add Security Group” option. Here we will create a new security group which allows SSH and HTTP traffic from the web.
Though it is not recommended to allow SSH from the 0.0.0.0/0 IP address range as it opens a vulnerability for the EC2 instance. Notably ours is a demo instance that is I allowed here.
- Finally Click “Review and Launch” and “Launch”. Eventually we are in the “Select Key pair screen” to select the key pair. In one of my previous posts I have mentioned how to create a key pair and hence login to Linux instance from windows : https://www.dotnetforall.com/how-to-login-to-aws-ec2-linux-instance-from-windows-using-putty/ . Accordingly I have selected a key pair which I had already crated.
AWS Cloud EC2 Linux Instance with Apache
- Once you are able to login to EC2 instance run the command “sudo su” to execute further commands as root user.
- Thereupon execute the below commands one by one.
sudo yum update (to update the EC2 instance with latest updates)
yum install httpd -y (to install the apache service)
service httpd start (to start the apache service)
chkconfig httpd on (always start the apache service on restart of instance)
service httpd status (to check the status of service)
Creating My First Web Application On Apache Server
- Once you done with above steps. Go to the folder “/var/www/html” as shown in the below figure.
- Use “ls” commands to see the contents of the folder. There are no files present in the folder currently. Furthermore use “nano index.html” to create a new file in the above folder.
- Once you done with creating of the file you can browse the file from any where in the world using the public IP of the aws ec2 instance.
Conclusion:
In this article I have configured an AWS Cloud EC2 Linux Instance with Apache and installed my first web application. Moreover it was a simple single page hello world example but it can definitely help someone who is struggling to do the initial setup. Once you can successfully do the necessary setup, consequently it is more easier to try more complicated things.
My Learning Resource
Excel your system design interview
In this article I cover how to install Apache HTTP Server into Ubuntu 18.04 LTS.
This article is part 2 of a series on how to create a Tomcat server in AWS. In part 1 we created an Ubuntu 18.04 LTS server in AWS EC2. We now add Apache HTTP Server as a front-end for Tomcat.
Motivations
When discussing reasons why you should have an Apache Web Server as a front-end to Tomcat, people usually talk about load balancing, fast serving of static content, enhanced security and so forth. These are all good reasons. My main reason though is that I want to serve custom-branded pages even when Tomcat is down.
Installation
Apache is a very mature software. You can make life marginally more difficult for yourself by trying to install a specific version. Or you can just take the easy option and install the version packaged with the Ubuntu. I choose to embrace the lazy pragmatist within, so I’ve gone for the latter.
This installs Apache to the /etc/apache2 directory. You can check what version is installed using:
With Apache installed, you can immediately test it by confirming that its default page is accessible at the Public IP or domain name of your server.
Configuration
Remove Default Virtual Host
OK, we’ve seen the default Apache web page for long enough. Time to get rid of it. If you actually took the time to read the default page, the following command will make sense.
Static Content
We need to create a directory to hold the static content for our site. It seems the Apache convention is to make a sub-directory in /var/www
What you will want to put in here is entirely up to you. For the purposes of my example, I’m going to put just one HTML file.
With trivial contents.
For a real site, you would build a rather more impressive page.
Proxy AJP
Although Tomcat isn’t installed yet, let’s jump right in and enable Apache’s Proxy AJP module. We will use it to forward requests to Tomcat in the next article.
Virtual Host
Now we need to create a so-called virtual host for our website. For the purposes of this post, we’ll cover just a HTTP (port 80) virtual host file. HTTPS (port 443) is covered later in the series.
I elect to create a common file that can be shared, eventually, by both the HTTP and HTTPS virtual host configurations.
With contents:
The DocumentRoot element sets the root to the static content directory we created earlier.
The ErrorLog and CustomLog elements can be almost anything you want. What I have done is quite conventional.
I have told Apache to pass all requests through to Tomcat, except for requests to /error.html. All requests to Tomcat, and responses from it, are handled by the Proxy AJP module we enabled earlier.
If Tomcat is down (or not installed), we expect the AJP request to return a 503 (Service Unavailable). In that case, Apache will serve /error.html.
With the common file in place, we can now create the HTTP (port 80) virtual host file.
With contents:
The virtual host can then be enabled.
Instruct Apache to reload its settings.
And if we surf now to the Public IP or domain name, voila, we see the error page. This is because Tomcat is not yet installed, so all the Proxy AJP forwards fail. Therefore we will get this error page served for any URI.
Please remember, you can make your custom error document look a lot better than my trivial example.
Hardening
In the references, I include links to guides on how to harden an Apache installation. Most of the advice is already incorporated in a default installation of Apache Web Server in Ubuntu. What follows is a couple of steps I recommend.
Aws Apache Web Servers
Server Signature
If we didn’t have a custom error document, Apache would serve the following page when Tomcat was down (or not installed). This would reveal details, such as server version, that can give an attacker a head start.
To get rid of this signature from default pages, we need to edit the security configuration.
And disable the the ServerSignature.
Server Tokens
Aws Apache Server
Even with the ServerSignature off, responses from Apache still report the server version in the HTTP response header. This can be viewed using Firefox or Chrome web development tools.
To remove this, again edit the security configuration.
And set ServerTokens to the least revealing setting.