Documentation: Flowy on AWS using EC2

Please support us to improve our service. We would like to use statistics anonymously.

We do not pass on your data! You can find more information in our privacy policy.

Decline

< Back to documentation

Assumptions

The following guide assumes that separate Load Balancers shall be set-up for the admin respective processing services and that CloudFront is used (at least) to serve the Flowy admin portals content.

Preparation

  1. Consider a host naming convention. A suggestion:
    • admin.example.com for the admin front-end, to be used by the users, will point to CloudFront
    • admin.lb.example.com will be used for the admin load balancer
    • processing.lb.example.com will be used for the admin load balancer
  2. Look up and write down the IP address range configured for the VPC

Execution

  1. Set up a S3 bucket, enable static website hosting and upload Flowy front-end. Please ensure that the index.html is displayed within the root folder of the bucket.
  2. Set up the ec2 instance(s) and install the admin respective processing services. The services can run on the same or different ec2 instances. Make sure to write down the ports being used, by default 8080 for admin and 8081 for processing.
  3. Create and assign security groups to the ec2 instance(s). It is highly recommended to limit access to these internal port by defining the VPC CIDR (=the VPC's internal IP range) as only allowed IP. Alternatively, it is also possible to limit the access to the Load Balancers IP, see the according AWS documentation What's the source IP address of the traffic that Elastic Load Balancing sends to my web servers?open in new window .
  4. Set up public certificates in N. Virginia (!) and complete the validation; this certificate will be used for CloudFront.
  5. Set up a CloudFront distribution, configure the domain name and the newly generated certificate. Add the s3 bucket as default source and make sure to set "Redirect HTTP to HTTPS" as viewer protocol policy.
  6. Set up public certificates to be used for the load balancers, these must be created in the same region as the EC2 and load balancers.
  7. Configure load balancer in front of both services and consider the two different health check URLs:
    • admin: /api/actuator/health
    • processing: /actuator/health (depending on the usage of CloudFront)
  8. Create DNS entries for both services and point them to the load balancers.
  9. Open the previously generated CloudFront distribution and create a new source pointing to the admin DNS entry and using /api as path pattern. Make sure to set "Redirect HTTP to HTTPS" as viewer protocol policy, allow all HTTP methods (GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE) and configure CachingDisabled as cache policy respective AllViewer as origin request policy.
  10. Add a second source pointing to the processing service and use /rest as path pattern. Use the same settings as for the admin service.
  11. Create DNS entry for admin (and optionally for processing) and point it to the CloudFront.
  12. Done: your newly configured environment is ready to be used!

The above guide intends to provide overview of the necessary actions. Please check and follow the AWS guides and experts to ensure that your environment is hardened and safe for public usage.

HINT

Consider setting the <flowyContextPath> in order to support prefixes like i.e. /api. See Flowy Configuration for details.