Once the core Linux server is up, we can install more packages. The AMI I use in this case is for Ubuntu 10.10. It has a nice command
sudo tasksel –section server
to help to install some predefined servers, but I still prefer to install them by myself.
My plan is to install below servers first – Apache, Subversion so I can use this server as SVN source code control. Also, I want to install the load-balancer Haproxy.
First, do update of the Linux package
sudo apt-get -y update
sudo apt-get upgrade -y
Now install Apache
sudo apt-get -y install apache2 libapache2-mod-jk
(I install mod-jk because I want to use Tomcat later)
sudo a2enmod jk proxy proxy_http ssl
(to enable some modules)
sudo /etc/init.d/apache2 restart
(restart Apache server)
Now let’s test the Apache installation – wait, we don’t have the port 80 open. So, install curl
sudo apt-get install curl
then do a test
curl http://localhost to verify that Apache server is running fine.
Now we will add two “A” records through the GoDaddy’s DNS Management Tool to point the domain name to this particular IP address.
Here is the address https://dns.godaddy.com/default.aspx?sa=
Click “Edit Zone” to get to the zone file. I created two A records, one for “@” host, one for “*” wildcard, both pointing to the same IP address.
It might take a while for the DNS record to be effective.
Back to the EC2
Next, I want to change the Apache server port from 80/443 to other ports like 6080/6443, the reason is later I want to install the load-balancer Haproxy, which will occupy 80/443.
We will change two files: /etc/apache2/ports.conf and /etc/apache2/sites-enabled/000-default, replace “80”, “443” with “6080” and “6443”.
Save the changes, and restart Apache2 “sudo /etc/init.d/apache2 restart”
Then verify with “curl http://localhost”, and “curl http://localhost:6080”
Now install Subversion and create repository
sudo apt-get -y install subversion libapache2-svn
svnadmin create ~/svn-repository
sudo chown -R www-data:www-data ~/svn-repository
(to give access to Apache)
Add couple of user account/password
sudo htpasswd -c /etc/subversion/passwd user-name-1
(because this is the first time we set Subversion user name/password, above command must have -c option)
sudo htpasswd /etc/subversion/passwd user-name-2
Now we need to integrate SVN to Apache – we will create a virtual host like http://svn.mydomain.com
We will add a “site” file “SVN” to the /etc/apache2/sites-available directory. It has content
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
CustomLog /var/log/apache2/access.log combined
Enable it with command
sudo a2ensite svn
sudo /etc/init.d/apache2 reload
Now we are done with the basic setting up of Apache-Subversion, but we can not use it yet because the port 6080 is protected by the firewall – we want to install the load-balancer Haproxy as the front-end of our server.
Install haproxy with command
sudo apt-get -y install haproxy
sudo /etc/init.d/haproxy restart
Then go back to the AWS Management Console to add port 80 to allowed connections.
Now if we start browser and visit http://www.mydomain.com or http://svn.mydomain.com, the requests will reach the load-balancer but will not go to Apache because Haproxy is not configured yet to forward requests to Apache at port 6080
make sure to edit /etc/default/haproxy
sudo cp haproxy.cfg haproxy.cfg.original
(for backup purpose only)
The haproxy.cfg file already has some nice example settings, but we will use a different way to configure our virtual hosts – we will add “ACL” rules
listen host 0.0.0.0:80
# cookie SERVERID insert indirect nocache
acl acl_www hdr_dom(host) -i http://www.mydomain.com
acl acl_svn hdr_dom(host) -i demo.mydomain.com
use_backend www_server if acl_www
use_backend svn_server if acl_svn
# server inst1 127.0.0.1:8080 cookie server01 check inter 2000 fall 3
# server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3
capture cookie vgnvisitor= len 32
option httpclose # disable keep-alive
rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address
listen ssl 0.0.0.0:443
server inst1 127.0.0.1:6443 check inter 2000 fall 3
# server inst2 192.168.110.57:443 check inter 2000 fall 3
# server back1 192.168.120.58:443 backup
server server2 127.0.0.1:6080 check
server server1 127.0.0.1:6080 check
server server1 127.0.0.1:80 cookie check
This basically tells Haproxy to forward any “www” and “svn” requests to 127.0.0.1 port 6080.
Now start haproxy
sudo /etc/init.d/haproxy start
ps -ef|grep haproxy
However it shows nothing, and no error logged either. What happening here is haproxy by default log to syslog server with UDP port 514, while Ubuntu by default uses “rsyslogd”. So we need to configure rsyslogd to accept haproxy log requests. To do so, put below content into a file /etc/rsyslog.d/haproxy.conf
#put below content to a file /etc/rsyslog.d/haproxy.conf
# .. otherwise consider putting these two in /etc/rsyslog.conf instead:
# ..and in any case, put these two in /etc/rsyslog.d/haproxy.conf:
Now start Haproxy and check the process is running, also verify the log at
tail -f /var/log/haproxy*.log