AWS notes
This page will contain notes specific to deploying a Geoserver docker-based cluster on Amazon Web Services (AWS).
https://docs.aws.amazon.com/efs/latest/ug/performance.html There are two modes for EFS: general purpose vs throughput optimized.
https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/raid-config.html
https://docs.aws.amazon.com/acm/latest/userguide/import-certificate-prerequisites.html
From AWS CLI:
aws iam upload-server-certificate
--server-certificate-name ExampleCertificate
--certificate-body file://Certificate.pem
--certificate-chain file://CertificateChain.pem
--private-key file://PrivateKey.pem
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html
- Modify the config for the 8080 connector in conf/server.xml (see https://willwarren.com/2014/01/27/running-apache-tomcat-with-ssl-behind-amazon-elb/):
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
proxyPort="443"
scheme="https"
secure="true"
proxyName="test.wfas.net"
URIEncoding="UTF-8" />
This can be done once, when building the tomcat image. Here test.wfas.net is the subdomain registered on Rackspace for the load balancer.
- The target group should have the exposed Tomcat port as a registered target:
- Load balancer--I configured an application load balancer to redirect port 80 to port 443. Then I added a listener for port 443 to forward to the target group of geoserver instances. Also, I picked the IAM certificate that I imported for wfas.net
Everything now should be over https, including images:
