How to kick start AWS account - part 2

... Continuing

Install the mysql server on ubuntu ec2 instance.

1. sudo apt-get update

2. sudo apt-get install mysql-server

>>> sudo mysql -u root

(note: no -p required as it has not password and sudo is required)

inside mysql create a new user and grant all privliges.

mysql> CREATE USER 'newuser' IDENTIFIED BY 'password';

mysql> GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost';

mysql> FLUSH PRIVILEGES;

mysql> SHOW GRANTS FOR 'newuser'

If you are planning HTTPS...

1. Buy a SSL certificate from any vendor (Preferably from the same vendor where you have the domain). I've purchased from GoDaddy. They have lot of coupons available around internet.

I've purchased the DV (Domain Verification, Standard) SSL for rs824. Last year, I've bought the same for soem around rs500+

2. Use this link to generate tomcat.keystore and csr.csr

https://cl.godaddy.com/help/tomcat-generar-csr-e-instalar-certificados-5239?lang=en

From the generated csr.csr, copy ALL text and paste it in GoDaddy key management csr input field. After that, it will check the domain verification and give you the certificate files with your domain name. Download those and scp to ec2 instance.

Follow below instruction to generate tomcat.keystore and csr.csr on ec2 instance.

To Generate a Keystore and CSR in Tomcat

1. Enter the following command into keytool to create a keystore:
   keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore
2. Enter a Password. The default is changeit.
3. Enter Distinguished Information:
   • First and Last Name — The fully-qualified domain name, or URL, you're securing. If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.coolexample.com.
   • Organizational Unit — Optional. If applicable, you can enter the DBA name in this field.
   • Organization — The full legal name of your organization. The listed organization must be the legal registrant of the domain name in the certificate request. If you are enrolling as an individual, please enter the certificate requestor's name in Organization, and the DBA (doing business as) name in Organizational Unit.
   • City/Locality — Name of the city in which your organization is registered/located — do not abbreviate.
   • State/Province — Name of state or province where your organization is located — do not abbreviate.
   • Country Code — The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.
4. Enter the following command into keytool to create a CSR:
   keytool -certreq -keyalg RSA -alias tomcat -file csr.csr -keystore tomcat.keystore
5. Enter the Password you provided in Step 2.
6. Open the CSR file, and copy all of the text, including 
   ----BEGIN NEW CERTIFICATE REQUEST---- 
   
   and 
   
   ----END CERTIFICATE REQUEST----
7. Paste all of the text into the online request form and complete your application.

For more information about completing the online request form, see Request an SSL certificate (Deluxe or Extended Validation).

After you submit the application, we begin vetting your request. You will receive an email with more information when this process is complete.

Please note, axxx.crt is the issued certificate and gd_bundlexxx.crt is the root and the other gdig2.crt.pem is the intermediate certificate. Run the below command by placing all certs and tomcat.keystore in once place.

Installing Your SSL in Tomcat

After the certificate is issued, download it from the Certificate Manager and place it in the same folder as your keystore. Then, using keytool, enter the following commands to install the certificates.

To Install Your SSL in Tomcat

1. Install the root certificate by running the following command:
   keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file [name of the root certificate]
2. Install the intermediate certificate by running the following command:
   keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file [name of the intermediate certificate]
3. Install the issued certificate into the keystore by running the following command: 
   
   keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file [name of the certificate]
4. Update the server.xml file with the correct keystore location in the Tomcat directory.
    Note: The HTTPS connector is commented out by default. Remove the comment tags to enable HTTPS.
   • Tomcat 4.x — Update the following elements in server.xml for Tomcat 4.x:
     clientAuth="false" 
     protocol="TLS" keystoreFile="/etc/tomcat5/tomcat.keystore" 
     keystorePass="changeit" />
   • Tomcat 5.x, 6.x and 7.x — Update the following elements in server.xml for Tomcat 5.x, 6.x and 7.x:

     <-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
     <Connector 
                port="8443" maxThreads="200"
                scheme="https" secure="true" SSLEnabled="true"
                keystoreFile="[path to your keystore file]" keystorePass="changeit"
                clientAuth="false" sslProtocol="TLS"/>

5. Save your changes to server.xml, and then restart Tomcat to begin using your SSL. Your SSL Certificate is installed. If you have problems, please see Test your SSL's configuration to help diagnose issues.

How to change maximum file upload size for PHP applications

Find the php.ini file. In amazon ec2 linux instance, you can find in "/etc/php/7.0 (your version may vary)/apache2/" folder. Remember it varies from system to system.

On mac, it is at "/private/etc"

post_max_size = 2M

upload_max_filesize = 2M

Change the above two values to your desired value in MB. And restart the apache post update.

sudo service apache2 restart

Or

sudo /usr/sbin/apachectl graceful

AWS HTTP error: Client error: `POST https://s3.amazonaws.com/[…]` resulted in a `400 Bad Request` response: InvalidRequestYou must specify at least one part

S3 PHP SDK V3 COMPLETEMULTIPARTUPLOAD ERROR USING LOW LEVEL API OR COMING FROM V2 SDK

If you’re upgrading from the v2 to v3 SDK or following the low level API documentation for Multipart uploads such as http://docs.aws.amazon.com/AmazonS3/latest/dev/LLuploadFilePHP.html you will run into an impassable error. I ran into this problem while working on adding the new S3 SDK into BackupBuddy.

The Error:

Error executing “CompleteMultipartUpload” on “https://s3.amazonaws.com/[…]”; AWS HTTP error: Client error: `POST https://s3.amazonaws.com/[…]` resulted in a `400 Bad Request` response: InvalidRequestYou must specify at least one part

The problem is that the CompleteMultipartUpload function parameters have changed but Amazon has not updated their documentation properly and it is missing from their migration guide.

Solution:

The “Parts” parameter now needs to be placed in a new array named “MultipartUpload”.

Incorrect parameters (as per documentation or v2 SDK):
$result = $s3->completeMultipartUpload(array(
'Bucket' => $bucket,
'Key' => $key,
'UploadId' => $uploadId,
'Parts' => $parts,
));

Correct parameters for v3 SDK:
$result = $s3->completeMultipartUpload(array(
'Bucket' => $bucket,
'Key' => $key,
'UploadId' => $uploadId,
'MultipartUpload' => array(
'Parts' => $parts,
),
));

Credits: http://dustinbolton.com/s3-php-sdk-v3-completemultipartupload-error-using-low-level-api-or-coming-from-v2-sdk/

How to kick start aws account - 1

1. Sign up first
2. Add a payment method, 2rs will be deducted and your account will be on hold till Amazon validate the payment method with bank. Takes upto 24 hrs.
3. Once the payment is verified, you can delete the card associated. But before deleting you have to add another Valid card and make it default.
4. Go to ec2 console and create a "key pair". Name it such that your email address is in it.
5. 'pem' file will be downloaded after creation, save it.
6. Back to ec2 dashboard and create an instance (Ubuntu plain preferred). No need to change any other options if you are opting for free tier.
7. Launch the instance
8. Now, you can connect to it by it's public ip or domain name (you can find from view instances and clicking on the instance).

>>> ssh -i <private-file>.pem ubuntu@<public-ip/domain-name>

ssh -i <my-private-key>.pem [email protected]

Before that, you have to alter permission for pem file.

>>> chmod 400 <private-file>.pem

9. Buy a domain from Godaddy
10. Back to EC2 - Create an Elastic IP
11. Associate the Elastic IP created with the EC2 instance already launched (Go to Elastic Ips dashboard, select the created IP and click Actions -> Associate Address)
12. Update the A record from DNS management of Godaddy with the Elastic IP ONLY

Done

Making your EC2 instance ready.

1. scp -i myfile.pem ~/Desktop/apache-tomcat-7.0.72.zip ubuntu@ElasticIP:/home/ubuntu/


First change the public permissions of pem file.

a) chmod 600 file.pem

2. SSH -i <your-private-pem-file> ubuntu@ElasticIP

3. sudo apt-get install unzip

4. unzip apache-tomcat-7.0.72.zip

5. Install Java
    a) sudo add-apt-repository ppa:webupd8team/java
    b) sudo apt-get update
    c) sudo apt-get install oracle-java7-installer

5.  If above is not working, that's because recently Oracle has changed it's archives and it's not fixed it. Following the below procedure in that case,

Download the tar.gz (Java SE Development Kit)  from below location. http://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloads-javase7-521261.html

SCP it to aws.

unzip the tar.gz file and update this folder location in catalina.sh file of tomcat as,

(tar xvf <jdk-sdk-file>.tar.gz)


JAVA_HOME='/home/ubuntu/javase_folder'

The above will set all to run the tomcat server.

6. chmod +x  apache-tomcat-7.0.72/bin/catalina.sh

7. sh apache-tomcat-7.0.72/bin/Startup.sh


Note: By default, tomcat runs in 8080, so to hit your public ip and see tomcat start page, you have to open the 8080 from custom protocol.

Goto the corresponding security group of the ec2 instance. You can find in the ec2 dashboard options, Click on it.

In the "Inbound", ADD a rule with below options.

Custom TCP Rule  -> TCP -> 8080  -> remaining default. Access should from "anywhere"


8) Now redirect 80 requests to a web service which is listening on 8080. For that

1. sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

9) You need to add 80 port in the security group inbound rule just like you did for 8080. This is to access the default 80 port.


Update: Java 8 link, https://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html