# AWS_2Tier_App

about

Diagram

Create My Network "CIDR and its subnet"

1. Create VPC

1. Go to the VPC Dashboard in AWS Management Console.
2. Click on "Create VPC".
3. Choose the VPC-only option, and set the CIDR block to 192.168.0.0/16.
4. Name the VPC, 'Lec1-Assignment-2-Teir-App'.

2. Create 4 subnets

1. 2 public (Lec1-Assignment-Public-Subnet-1 & Lec1-Assignment-Public-Subnet-2)
2. 2 private (Lec1-Assignment-Private-Subnet-1 & Lec1-Assignment-Private-Subnet-2)

3. Create Internet Gateway

create interent gateway Lec1-Assignment-IGW to make public subnet access interent 'inbound and outbound'

4. create Nat-Gateway

create interent gateway My-Nat-Gateway to make private subnet access interent 'outbound' only, for download and get its package and tools this nat-gateway exist in subnet Lec1-Assignment-Private-Subnet-2

5. Make Route Tables

1. first route table to connect (Lec1-Assignment-Public-Subnet-1 & Lec1-Assignment-Public-Subnet-2) with Lec1-Assignment-IGW
2. second route table to connect (Lec1-Assignment-Private-Subnet-1 & Lec1-Assignment-Private-Subnet-2) with My-Nat-Gateway

Image of Network

Create Public Instances

1. create 2 public instances (Lec1-Assignment-instance-A & Lec1-Assignment-instance-B) each one have elastic public IP to be access to/by the interent easily and can connect using SSH with key-pair each one contain private id too, to be connect with other instance inside the network it contain nginx that run as a forwarding to the private proxy instance which is the engering of teir 2

2. create public proxy instance (Lec1-Assignment-Public-Proxy) it has elastic public IP to be access to/by the interent easily and can connect using SSH with key-pair it contain nginx that run as a load balance between the 2 public instance

test of public proxy with the 2 public instances

Create Private Instances

1. create 2 private instances (Lec1-Assignment-instance-C & Lec1-Assignment-instance-D) each one have only private IP to be connect with other instance inside the network and can connect using SSH with key-pair

2. create private proxy instance (Lec1-Assignment-Private-Proxy) it has only private IP to be connect with other instance inside the network and can connect using SSH with key-pair it contain nginx that run as a load balance between the 2 private instance

test of public proxy to the 2 public instances then to private proxy finally to the 2 private instances

all instance

config inside each instance

for public proxy instance

security group

Allow inbound traffic: Type: HTTP, Protocol: TCP, Port Range: 80, Source: Anywhere (0.0.0.0/0, ::/0). Type: SSH, Protocol: TCP, Port Range: 22, Source: My IP (for secure access)// or anywhere.

configuration inside instance

1. connect using SSH into each instance using the public IP address:

ssh -i 2-Teir-App.pem ec2-user@<public-ip-od-instance>

2. Install NGINX:

sudo yum update -y
sudo yum install nginx1 -y
sudo systemctl start nginx
sudo systemctl enable nginx

3. config the load balance add following to sudo vi /etc/nginx/nginx.conf

http {
    upstream backend {
        server <public-instance-1-private-ip>:80;
        server <public-instance-2-private-ip>:80;
    }

    server {
        listen 80;

        location / {
            proxy_pass http://backend;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}

check the syntax error

sudo nginx -t

apply the configuration by reload nginx

sudo systemctl reload nginx

for privaty proxy instance

security group

Allow inbound traffic: Type: HTTP, Protocol: TCP, Port Range: 80, Source: Anywhere (0.0.0.0/0, ::/0). Type: SSH, Protocol: TCP, Port Range: 22, Source: My IP (for secure access)// or anywhere.

configuration inside instance

0. copy key-pem to a public instance

scp -i 2-Teir-App.pem 2-Teir-App.pem ec2-user@34.200.246.143:/home/ec2-user/

2. connect using SSH into each instance using the public IP address:

ssh -i 2-Teir-App.pem ec2-user@<public-ip-of-any-public-instance-has-the-key>
ssh -i 2-Teir-App.pem ec2-user@<public-ip-of-private-instance>

2. Install NGINX:

sudo yum update -y
sudo yum install nginx1 -y
sudo systemctl start nginx
sudo systemctl enable nginx

3. config the load balance add following to sudo vi /etc/nginx/nginx.conf

http {
    upstream backend {
        server <public-instance-1-private-ip>:80;
        server <public-instance-2-private-ip>:80;
    }

    server {
        listen 80;

        location / {
            proxy_pass http://backend;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}

check the syntax error

sudo nginx -t

apply the configuration by reload nginx

sudo systemctl reload nginx

for public instance

security group

Allow inbound traffic: Type: HTTP, Protocol: TCP, Port Range: 80, Source: Anywhere (0.0.0.0/0, ::/0). Type: SSH, Protocol: TCP, Port Range: 22, Source: My IP (for secure access)// or anywhere.

configuration inside instance

1. connect using SSH into each instance using the public IP address:

ssh -i 2-Teir-App.pem ec2-user@<public-ip-of-instance>

2. Install NGINX:

sudo yum update -y
sudo yum install nginx1 -y
sudo systemctl start nginx
sudo systemctl enable nginx

add following to sudo vi /etc/nginx/conf.d/forwarding.conf

server {
    listen 80;
    server_name _;

    location / {
        # Forward requests to the private proxy instance
        proxy_pass http://192.168.3.139;  
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    error_page 404 /404.html;
    location = /404.html {
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    }
}

add following to sudo vi /etc/nginx/nginx.conf

server {
    listen 80;
    server_name _;

    location / {
        # Forward requests to the private proxy instance
        proxy_pass http://192.168.3.139;  # Make sure this is the correct private IP
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    error_page 404 /404.html;
    location = /404.html {
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    }
}

check the syntax error

sudo nginx -t

apply the configuration by reload nginx

sudo systemctl reload nginx

for private instance

add following to sudo vi /usr/local/bin/update-ip.sh

# Create an HTML page with the private IP address
echo "<!DOCTYPE html>" > /usr/share/nginx/html/index.html
echo "<html>" >> /usr/share/nginx/html/index.html
echo "<head><title>My Private EC2</title></head>" >> /usr/share/nginx/html/index.html
echo "<body>" >> /usr/share/nginx/html/index.html
echo "<h1>Private IP Address IN Private EC2 (Last Node)</h1>" >> /usr/share/nginx/html/index.html
echo "<p>Your private IP address is: <b>$PRIVATE_IP</b></p>" >> /usr/share/nginx/html/index.html

echo "</body>" >> /usr/share/nginx/html/index.html
echo "</html>" >> /usr/share/nginx/html/index.html

Run the Script Again: Execute the updated script manually to verify that it works correctly:

sudo chmod +x /usr/local/bin/update-ip.sh
sudo /usr/local/bin/update-ip.sh

check the syntax error

sudo nginx -t

apply the configuration by reload nginx

sudo systemctl reload nginx