HomebrewDIY derivative for AWS Lightsail.
- Create an AWS account
- Setup AWS account users
- Create a Lightsail Instance
- Select a region
- Linux distro
- Node app
Additional customization may be needed as desired such as setting your timezone.
From the Lightsail instance in the management console click the 'prompt > icon'_ to open a connection window in a browser window directly to the instance.
From the Lightsail instance in the management console click the 'vertical ... icon' to open the instance management window.
Note the CONNECT TO public IP address. This is the host to which Putty will connect. Enter into the Putty configuration. Note: May change if not a static IP.
Scroll to the bottom and click the 'Download default key'. Save the file to a secure location. Use PuttyGen to convert the .pem file to a .ppk file. Load the file then Save as Private Key.
Enter the file file location into Putty settings under Connections | SSH | Auth | Private key file for authentication.
Under Connections | Data | Auto-login username enter bitnami.
Set any other desired settings such as colors then save settings.
Open to create a connection.
The Lightsail Linux/NodeJS blueprint defaults to running the Apache web server at the standard http (80) and https (443) ports.
You have at least 4 ways to run the Homebrew code in the AWS Lightsail cloud environemnt. Basic setup for each requires dealing with this default Apache setup in one way or another. Each method has pros and cons as outlined in the descriptions below.
In this setup you configure Apache to proxy requests sent to the standard ports onto the NodeJS app configured ports.
Pros/Cons
- Apache dependency
- Minimal impact/changes to default setup
- Automatic certificate handling
- Multiple NodeJS endpoints with more involved/complex virtual hosts setup.
For this method you configure Apache to proxy requests to the localhost:port defined for the NodeJS app. Create the /opt/bitnami/apache/conf/vhosts/app-https-vhost.conf file with the following contents...
<VirtualHost _default_:443>
ServerName YOUR_SERVER_NAME
SSLEngine on
SSLCertificateFile "/opt/bitnami/apache/conf/bitnami/certs/server.crt"
SSLCertificateKeyFile "/opt/bitnami/apache/conf/bitnami/certs/server.key"
RequestHeader set X-Forwarded-Port "443"
RequestHeader set X-Forwarded-Proto "https"
ProxyPass / http://localhost:PORT/
ProxyPassReverse / http://localhost:PORT/
</VirtualHost>
Be sure to change YOUR_SERVER_NAME and PORT to those of your app.
Note, that when later setting up a site certificate, the script will make other changes to this file needed for certificate requests and renewal.
After defining your domain/hosts and ensuring proper DNS setup, run the following command:
sudo /opt/bitnami/bncert-tool
This will create a Let's Encrypt certificate, setup automatic renewal, and redirect http requests to https.
In this setup you configure Apache to use alternate ports so the NodeJS app can use the standard ports.
Pros/Cons
- Apache dependency
- Minimal impact/changes to default setup
- Certificate handling?
- NodeJS app run as root or IP tables configured to forward privileged ports to non-privileged ports. (Note: by design the Homebrew apps all assume non-root operation.)
Apache uses the default web hosting ports, which you will want to reassign so user can access your app using the defaults ports, 80 and 443.
Edit the /opt/bitnami/apache2/conf/httpd.conf file and change the line
Listen 80
to the lines
#Listen 80
Listen 8080
Where port 8080 (or other port of your choice) is the new Apache port. Save and exit.
Then edit the /opt/bitnami/apache2/conf/bitnami/bitnami.conf file and change the line
<VirtualHost _default_:80>
to
<VirtualHost _default_:8080>
Where the port number matches the value set above in the httpd.conf file.
Then restart apache using the bitnami control script
sudo /opt/bitnami/ctlscript.sh restart apache
Then open the firewall for the specific port... Open the Lightsail management console for the instance and click Networking. Scroll down to IPv4 Firewall and add a rule for port 8080 (or port of choice defined above).
#################################
TBD: Then same must be done for port 443.
#################################
Ports 80 and 443 are then available for the Homebrew app use. Note, Linux considered ports below 1024 as privileged requiring root permissions. The iptables command can be used (as described elsewhere in Homebrew documentation) to map the privileged ports to non-privileged ports.
In this setup you disable the Apache server altogether and use the HomebrewDIY code to proxy to one or more backend NodeJS apps.
Pros/Cons
- No Apache dependency
- Greater changes to the default setup
- Certificate handling?
- NodeJS app run as root or IP tables configured to forward privileged ports to non-privileged ports. (Note: by design the Homebrew apps all assume non-root operation.)
- Multiple NodeJS apps or services run from a single IP address.
To disable Apache, first stop the server by running
sudo /opt/bitnami/ctlscript.sh stop
Then disable the service from running again at startup
sudo systemctl disable apache
This totally disables Apache. In this case you will need a fully featured NodeJS app such as HomebrewDIY to manage everything.
In this setup you leave the default Apache server setup and run the NodeJS at alternate ports such as the common 8080. While this method is not user friendly (since external users must include the port number in the request URL, it does offer a simple setup for internal API operations.
Pros/Cons
- No Apache dependency
- No changes to the default setup
- Certificate handling?
- NodeJS app runs on alternate ports, which must be specified in http/s requests.
- Multiple NodeJS apps or services run from a single IP address.
- Requires opening additional ports, which creates a large security cross-section.
This method requires no changes to Apache. Instead simply install your NodeJS app on port(s) of choice. Access it with http://SERVER-IP:PORT.
Then open the firewall for the specific port... Open the Lightsail management console for the instance and click Networking. Scroll down to IPv4 Firewall and add a rule for port 8080 (or port of choice defined above).
#################################
#################################
Install your NodeJS app or a temporary one. Install the default sample as follows.
sudo mkdir /opt/bitnami/projects
sudo chown $USER /opt/bitnami/projects
cd /opt/bitnami/projects
express --view pug sample
cd sample
npm install
Start this app with
DEBUG=sample:* ./bin/www
Access it with http://SERVER-IP:3000/ via a SSH tunnel