EC2 WordPress

Getting it up and running is straight forward

On a basic image (ami-ed46a784) do the following:

apt-get install -y mysql-server wordpress

hostname=$(curl -s http://169.254.169.254/latest/meta-data/public-hostname/)
ln -s /usr/share/wordpress /var/www/wordpress
bash /usr/share/doc/wordpress/examples/setup-mysql -n wordpress localhost
ln -s config-localhost.php /etc/wordpress/config-$hostname.php
/etc/init.d/apache2 restart
echo Complete installation here: http://$hostname/wordpress

Go to the URL in the past step.

Create the account and note the password. Once in, you can change it.

Done! You are now running wordpress on your server.

Next thing to investigate is how to move the MySQL dB and also the themes, etc.

Securing BlazeDS (https)

I wanted to set up a flex/BlazeDS app to ONLY use https and not http at all!

Key lies in setting up the channels in two places:

1) In services-config.xml, comment out the normal my-amf channel and leave the my-secure-amf only

<!–

<channel-definition id=”my-amf”>
<endpoint url=”http://{server.name}:{server.port}/{context.root}/messagebroker/amf”/>
</channel-definition>
–>
<channel-definition id=”my-secure-amf”>
<endpoint url=”https://{server.name}:{server.port}/{context.root}/messagebroker/amfsecure”/>
<properties>
<add-no-cache-headers>false</add-no-cache-headers>
</properties>
</channel-definition>

2) Secondly comment out the same details in the remoting-config.xml file

<default-channels>
<channel ref=”my-secure-amf”/>
<!–          <channel ref=”my-amf”/> –>
</default-channels>

That’s it. Deploy and check. the first screen on http may appear, but nothing thereafter will work unless you use https://

Eclipse 3.4 Tomcat 6 SSL

Needed to get Tomcat SSL going to do https. Could not figure out how to add this in Eclipse. I would uncomment the https

statements

<Connector SSLEnabled=”true” clientAuth=”false” maxThreads=”150″ port=”8443″ protocol=”HTTP/1.1″ scheme=”https” secure=”true” sslProtocol=”TLS”/>

but each time I start it, no HTTPS???

Finally found out that the file is read when “creating” the server! This means you need to do the following:

1) Go to the configuration on your drive /Users/des/tomcat6/conf/server.xml

2) Uncomment the Connector you want

3) Create a new server in Eclipse

Port 8443 now available

Apache2 Tomcat and mod_proxy_ajp

mod_jk is the old way of doing it, so now with Apache 2.2 mod_proxy_ajp and balancing is the way to go. Few things to configure

load the mod_proxy_ajp module and the balancer module

sudo a2enmod proxy_ajp

sudo a2enmod proxy_balancer

Because we are dealing with a Proxy, edit the /etc/apache2/mods-enabled/proxy.conf proxy file. By default it is restrictive and denies everything. Change it to allow any host to communicate

<IfModule mod_proxy.c>
#turning ProxyRequests on and allowing proxying from all may allow
#spammers to use your proxy to send email.

ProxyRequests Off

<Proxy *>
AddDefaultCharset off
Order deny,allow
#Deny from all
#Allow from .example.com
Allow from all
</Proxy>

# Enable/disable the handling of HTTP/1.1 “Via:” headers.
# (“Full” adds the server version; “Block” removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block

ProxyVia On
</IfModule>

NB. Note the warning about ProxyRequests! Leave it off. It is only used for forward proxies. (not for reverse)

Now configure /etc/apache2/httpd.conf. Here we want to set up a load balance, even if we only have one server. It allows us to set up more servers in the future. Specifically we want to set up the Tomcat server using the ajp protocol. The change is that instead of using mod_jk and communicating with http, we now directly talk ajp to Tomcat.

<Proxy balancer://backtcserver>
BalancerMember ajp://localhost:8009/some_app
</Proxy>
ProxyPass /some_app  balancer://backtcserver/

BalanceMembers are what make up the servers. If you have two servers, add the second one here and Apache will balance the requests between the two servers. There are lots of parameters controlling how this is done, so see the Apache site for details.

The code above sends all requests to “/some_app” to the balancer, that in turn sends all requests to localhost:8009/some_app

GOTCHA’s

Two errors I encountered while figuring this out

403 Forbidden – You have not changed the permissions in the proxy.conf file

404 Not found – the ajp:// URL is not set correctly to find the served file.

“some_app” needs to be on the URL and on the ProxyPass (Caused issues with Flex)

Simple as ;-)

PS.

Apache uses this concept of “available” and “enabled” if you check the /etc/apache2″ directory you will see this for sites and for modules. It creates links in the enabled directory for what you use from the avalable directory. a2enmod creates a link and a2dismod disables it.

2010/08/18 Update: Don’t forget to open the 8009 port in tomcat server.xml file. It is commented out by default.

Apache 2.2

ok, few things to get through here, so will split this up into chunks.

Firstly need to get my head around all the pieces that need to be configured.

/etc/apache2 has a few files and directories, where all the config is kept.

/etc/apache2# ls -l
total 76
-rw-r–r– 1 root root 10105 2009-09-23 05:20 apache2.conf
drwxr-xr-x 2 root root  4096 2009-09-11 00:59 conf.d
-rw-r–r– 1 root root   378 2009-08-18 14:24 envvars
-rw-r–r– 1 root root   923 2009-09-23 05:20 httpd.conf
drwxr-xr-x 2 root root  4096 2009-09-11 06:44 mods-available
drwxr-xr-x 2 root root  4096 2009-09-11 06:44 mods-enabled
-rw-r–r– 1 root root   513 2009-08-18 14:24 ports.conf
drwxr-xr-x 2 root root  4096 2009-09-17 06:24 sites-available
drwxr-xr-x 2 root root  4096 2009-09-17 06:24 sites-enabled
drwxr-xr-x 2 root root  4096 2009-09-17 06:37 ssl
-rw-r–r– 1 root root   174 2009-09-11 07:48 workers.properties

First thing to do is to always put configs made in httpd.conf and not directly into apache2.conf. The later references httpd.conf anyway.

/etc/init.d/apache2 restart

is used to make the changes effective

Rest to follow………….

Setting up Apache

ok, so now to set up Apache with SSL

taken from https://help.ubuntu.com/community/forum/server/apache2/SSL

sudo apt-get install apache2

Create a Certificate

sudo apt-get install ssl-cert

sudo mkdir /etc/apache2/ssl

sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

(Answer questions)

Install Module

The mod_ssl module adds an important feature to the Apache2 server – the ability to encrypt communications. Thus, when your browser is communicating using SSL encryption, the https:// prefix is used at the beginning of the Uniform Resource Locator (URL) in the browser navigation bar.

sudo a2enmod ssl
sudo /etc/init.d/apache2 force-reload

Create virtualhost

Make a copy of the default virtualhost

sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl

Modify it so it looks something like this

sudo nano -w /etc/apache2/sites-available/ssl
NameVirtualHost *:443
<virtualhost *:443>
ServerAdmin webmaster@localhost

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem

DocumentRoot /var/www/
<directory />
Options FollowSymLinks
AllowOverride None
</directory>

<directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
# Commented out for Ubuntu
#RedirectMatch ^/$ /apache2-default/
</directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog /var/log/apache2/access.log combined
ServerSignature On

Alias /doc/ "/usr/share/doc/"
<directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</directory>

</virtualhost>

Enable SSL virtualhost

sudo a2ensite ssl
sudo /etc/init.d/apache2 reload

don’t forget to modify

sudo nano -w /etc/apache2/sites-available/default
NameVirtualHost *:80
<virtualhost *:80>

[2010-08-10] This is not required. The NamedVirtualHost is already set up in ports.conf. This kept giving an error when restarting server:

[warn] NameVirtualHost *:80 has no VirtualHosts

Restart Apache server

sudo /etc/init.d/apache2 restart

Tried it and it kicks out a cert exception, so just accept that and your done. Now to set up Tomcat to work with this

EC2 users (keypair)

Setting up EC2 the default login is root with a pub/priv key generated on the EC2 site as keypairs. I do not want to log in a root directly and disable this on the server. After a bit of searching I found this site that explained the process.

http://developer.amazonwebservices.com/connect/entry.jspa?externalID=1233

The problem with this method is there are a few errors and also once you do this you are screwed, because you cannot su to root!!!.

So new procedure is below

1) Change the root password!!!!

2) follow these steps

adduser des
(Need a password here)

ssh-keygen -b 1024 -f des -t dsa
(Need a passphrase here)

cd ~des
mkdir .ssh
chmod 700 .ssh
chown des:des .ssh

cp /root/des* .ssh/
chown  des:des .ssh/des
chown  des:des .ssh/des.pub
cat /root/des.pub > .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
chown des:des .ssh/authorized_keys

test if it works

ssh -i /home/des/.ssh/des -l des sfx.carrierfx.com

copy key to local machine. Easiest is to print it out and copy it to a text file on local machine as des.pem

cat .ssh

That’s it. Once this works fine, then change the

PermitRootLogin no

Postgres & PLJava continued

ok, so progressing. Found that pljava was already part of the Postgres install on OSX. It is under the /Library/Postgres/8.4/lib/postgresql directory

Setting up the environment is proving to be a little tricky. There are many posts explaining that you need a lot of stuff. In the end I needed to add the following three lines to the postgres.conf file, which is in the /Library/Postgres/8.4/data directory. Except that this directory is off limits for users other than postgres. So I sudo to it,

sudo vi postgresql.conf

Once in, I added this at the end of the file:

#——————————————————————————
# PLJava OPTIONS
#——————————————————————————
custom_variable_classes = ‘pljava’
pljava.classpath = ‘/Library/PostgreSQL/8.4/lib/postgresql/pljava.jar’
dynamic_library_path = ‘$libdir:/Library/PostgreSQL/8.4/lib/postgresql’

NB.!!!  – Careful of Typos and remember the ” ‘ “

The docos say to change the LD_LIBRARY_PATH in Linux, but a quick tour of Google showed that this is actually DYLD_LIBRARY_PATH under OSX. However this article seems to indicate that it is not needed, so I left it

http://osdir.com/ml/db.postgresql.pljava/2006-07/msg00008.html

Next step is to run the PLJava installer under /Library/PostgresSQL/8.4/share/pljava/pljava.sql. This set up the environment for clients like pgadmin.

Test the install by running

SELECT sqlj.install_jar(‘file:///Library/PostgreSQL/8.4/share/pljava/examples.jar’, ‘samples’,  true);

If it works the query will return – install_jar void -

next is to now test the actual java code ….

Postgres & Java

I’m looking into the PLJava package for Postgres. Looks interesting from what I have read already and may open a new level of integration. Some of the copelling reasons are from the readme….

PL/Java is designed with the objective to enable the power of Java to the database itself so that database intensive business logic can execute as close to the actual data as possible.

The PL/Java 1.2.0 release of PL/Java provides the following features.

1. Ability to write both functions and triggers using Java 1.4 or higher.
2. Standardized utilities (modeled after the SQL 2003 proposal) to install and maintain Java code in the database.
3. Standardized mappings of parameters and result. Complex types as well as sets are supported.
4. An embedded, high performance, JDBC driver utilizing the internal PostgreSQL SPI routines.
5. Metadata support for the JDBC driver. Both DatabaseMetaData and ResultSetMetaData is included.
6. The ability to return a ResultSet that origins from a query as an alternative to build a ResultSet row by row
7. Full support for PostgreSQL 8.0 savepoints and exception handling.
8. Ability to use IN, INOUT, and OUT parameters when used with PostgreSQL 8.1
9. Two language handlers, one TRUSTED (the default) and one that is not TRUSTED (language tag is javaU to conform with the defacto standard)
10. Transaction and Savepoint listeners enabling code execution when a transaction or savepoint is commited or rolled back.
11. Integration with GNU GCJ on selected platforms.

Watch this space for developments…..

EC2 bundles

Finally figured out how to rebundle the image with the installed software. It is really easy.

Using the AWS tool:

Right click on EC2 Instances and select Bundle AMI.

Next you need to select a S3 bucket, and this is where the S3 firefox orginiser comes in. Download this plugin and create a bucket first. Do not try and be fancy with the name. Just name is with no underscores, since this is turned into a command line.

Use the bucket name and some name for the image name.

It will go off and create the AMI and your done. You can now load and associate the image as before, but if it fails you have the software installed and can be up and running again….

Simple as

Follow

Get every new post delivered to your Inbox.