Introduction
Definitions
To be able to launch an EC2 owned IriusRisk application you need first to buy a valid license and we will share the required AMI with your AWS account. From that point you should be able to follow the steps below.
Launching the AMI
To set up an IriusRisk instance from the AMI, follow the usual steps to create an EC2 instance from an AMI. If you are having problems to find the shared AMI, please follow AWS documentation here http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/usingsharedamis-finding.html.
IriusRisk requires a t2.medium or greater instance to work properly.
Providing User Data to the AMI
The AMI needs a User Data script with setup data to be started, the User Data script to be used reads as follows:
#!/bin/bash hostname="SET_YOUR_HOSTNAME_HERE" #PLEASE EDIT cat << EOF > /home/ec2-user/docker/update.sh #!/bin/bash # Do a backup /usr/bin/sudo -u ec2-user /home/ec2-user/bin/iriusmanage.sh backup # First of all upgrade IriusRisk /usr/local/bin/docker-compose -f /home/ec2-user/docker/docker-compose.yml stop /usr/local/bin/docker-compose -f /home/ec2-user/docker/docker-compose.yml pull /usr/local/bin/docker-compose -f /home/ec2-user/docker/docker-compose.yml up -d docker exec iriusrisk-tomcat8 sh /bin/change_host.sh $hostname docker exec iriusrisk-nginx sh /bin/change_host.sh $hostname docker cp /home/ec2-user/docker/cert.pem iriusrisk-nginx:/etc/nginx/ssl/star_iriusrisk_com.crt docker cp /home/ec2-user/docker/key.pem iriusrisk-nginx:/etc/nginx/ssl/star_iriusrisk_com.key /usr/local/bin/docker-compose -f /home/ec2-user/docker/docker-compose.yml restart EOF cat << EOF > /home/ec2-user/docker/cert.pem #PLEASE EDIT -----BEGIN CERTIFICATE----- MIIGATCCA+mgAwIBAgIJALmZM0RRN1JyMA0GCSqGSIb3DQEBCwUAMIGWMQswCQYD VQQGEwJFUzEOMAwGA1UECAwFU3BhaW4xDzANBgNVBAcMBkh1ZXNjYTEbMBkGA1UE CgwSQ29udGludXVtIFNlY3VyaXR5MRIwEAYDVQQLDAlDb250aW51dW0xCjAIBgNV BAMMASoxKTAnBgkqhkiG9w0BCQEWGmluZm9AY29udGludXVtc2VjdXJpdHkubmV0 [...] -----END CERTIFICATE----- EOF cat << EOF > /home/ec2-user/docker/key.pem #PLEASE EDIT -----BEGIN PRIVATE KEY----- MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDS6a7UGlUQrv6D axsyytMsrnl1B3mv3P6JtjnCwxhmebGDF5m5Ow5ZnTuSeTTexscMvdcXvpEN7dyy Esx/sN+3XBTO6hotfTh1k7TUc99iwQTm73zxAVM5UwMxki8BjEM/3PIAYxO90ftQ [...] -----END PRIVATE KEY----- EOF chmod u+x /home/ec2-user/docker/update.sh chown ec2-user:ec2-user /home/ec2-user/docker/update.sh # ***change the hostname on the docker-compose file:*** sed -i "s/localhost/$hostname/g" /home/ec2-user/docker/docker-compose.yml bash /home/ec2-user/docker/update.sh
In this script you have to modify the following sections:
hostname="SET_YOUR_HOSTNAME_HERE" #i.e. iriusrisk.example.com
And the certificate/certificate chain and private key:
cat << EOF > /home/ec2-user/docker/cert.pem #Substitute the certificate chain below with yours -----BEGIN CERTIFICATE----- MIIGATCCA+mgAwIBAgIJALmZM0RRN1JyMA0GCSqGSIb3DQEBCwUAMIGWMQswCQYD VQQGEwJFUzEOMAwGA1UECAwFU3BhaW4xDzANBgNVBAcMBkh1ZXNjYTEbMBkGA1UE CgwSQ29udGludXVtIFNlY3VyaXR5MRIwEAYDVQQLDAlDb250aW51dW0xCjAIBgNV [...] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGATCCA+mgAwIBAgIJALmZM0RRN1JyMA0GCSqGSIb3DQEBCwUAMIGWMQswCQYD VQQGEwJFUzEOMAwGA1UECAwFU3BhaW4xDzANBgNVBAcMBkh1ZXNjYTEbMBkGA1UE CgwSQ29udGludXVtIFNlY3VyaXR5MRIwEAYDVQQLDAlDb250aW51dW0xCjAIBgNV [...] -----END CERTIFICATE----- EOF cat << EOF > /home/ec2-user/docker/key.pem #And substitute this section with your private key. -----BEGIN PRIVATE KEY----- MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDS6a7UGlUQrv6D axsyytMsrnl1B3mv3P6JtjnCwxhmebGDF5m5Ow5ZnTuSeTTexscMvdcXvpEN7dyy Esx/sN+3XBTO6hotfTh1k7TUc99iwQTm73zxAVM5UwMxki8BjEM/3PIAYxO90ftQ [...] -----END PRIVATE KEY----- EOF
This data will be written into the nginx's HTTPS configuration to be used as the default certificate chain for the server.
Once you have modified the sections, you can launch the instance and after a couple of minutes of initialization you should be able to access it.
If you are having trouble accessing the instance, check your DNS settings for this domain and the Security Groups to make sure you have opened up the access from your source.
Comments
0 comments
Please sign in to leave a comment.