본문 바로가기

클라우드/AWS

AWS를 이용한 운영 서버 환경 구축

인스턴스 생성

bitvise를 통해 접속

 

보안그룹 생성

 

보안그룹 변경

 

nvm(노드 버전 관리자: Node Version Manager) 설치

[ec2-user@ip-172-31-38-230 ~]$ curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.11/install.sh | bash

 

 

 

[ec2-user@ip-172-31-38-230 ~]$ nvm install 10.13.0

 

[ec2-user@ip-172-31-38-230 ~]$ node -e "console.log('Running Node.js ' + process.version)"

 

 

25 ~ 42페이지 소스코드 배포

 

git 설치에 필요한 패키지 설치

[ec2-user@ip-172-31-38-230 ~]$ sudo yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel

 

[ec2-user@ip-172-31-38-230 ~]$ cd /var
[ec2-user@ip-172-31-38-230 var]$ sudo mkdir www
[ec2-user@ip-172-31-38-230 var]$ sudo chown ec2-user www

[ec2-user@ip-172-31-38-230 var]$ cd /var/www
[ec2-user@ip-172-31-38-230 www]$ git clone https://github.com/deopard/aws-exercise-a.git
[ec2-user@ip-172-31-38-230 www]$ cd aws-exercise-a/
[ec2-user@ip-172-31-38-230 aws-exercise-a]$ tree .

.

├── app.js

├── LICENSE

├── package.json

├── package-lock.json

└── public

 

1 directory, 4 files

 

[ec2-user@ip-172-31-38-230 aws-exercise-a]$ cat app.js

const express = require('express');

const app = express();

 

app.get('/', (req, res) => {

  res.send('AWS exercise의 A project입니다.');

});

 

app.listen(3000, () => {

  console.log('Example app listening on port 3000!');

});

 

app.get('/health', (req, res) => {

  res.status(200).send();

});

 

 

[ec2-user@ip-172-31-38-230 aws-exercise-a]$ cat package.json

{

  "name": "aws-exercise-a",

  "version": "1.0.0",

  "description": "AWS exercise project A",

  "main": "index.js",

  "scripts": {

    "test": "echo \"Error: no test specified\" && exit 1"

  },

  "repository": {

    "type": "git",

    "url": "git+https://github.com/deopard/aws-exercise-a.git"

  },

  "author": "Tom Kim",

  "license": "ISC",

  "bugs": {

    "url": "https://github.com/deopard/aws-exercise-a/issues"

  },

  "homepage": "https://github.com/deopard/aws-exercise-a#readme",

  "dependencies": {

    "express": "^4.16.3"

  }

}

 

 

[ec2-user@ip-172-31-38-230 aws-exercise-a]$ npm install

added 50 packages from 47 contributors and audited 50 packages in 1.599s

found 0 vulnerabilities

 

웹 서버와 웹 애플리케이션 서버로 이원화 

웹 서버 => nginx

웹 애플리케이션 서버 => Phusion Passenger 

 

[ec2-user@ip-172-31-38-230 www]$ wget https://s3.amazonaws.com/phusion-passenger/releases/passenger-5.3.6.tar.gz



[ec2-user@ip-172-31-38-230 www]$ sudo mkdir /var/passenger

[ec2-user@ip-172-31-38-230 www]$ sudo chown ec2-user /var/passenger/

[ec2-user@ip-172-31-38-230 www]$ tar -xzvf passenger-5.3.6.tar.gz -C /var/passenger/

https://rvm.io/rvm/install 페이지에서 GPG 키 복사

[ec2-user@ip-172-31-38-230 www]$ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB



[ec2-user@ip-172-31-38-230 www]$ curl -sSL https://get.rvm.io | bash -s stable

[ec2-user@ip-172-31-38-230 www]$ source ~/.rvm/scripts/rvm
[ec2-user@ip-172-31-38-230 www]$ rvm reload
[ec2-user@ip-172-31-38-230 www]$ rvm requirements run

[ec2-user@ip-172-31-38-230 www]$ rvm install 2.4.3

[ec2-user@ip-172-31-38-230 www]$ echo export PATH=/var/passenger/passenger-5.3.6/bin:$PATH >> ~/.bash_profile
[ec2-user@ip-172-31-38-230 www]$ source ~/.bash_profile

[ec2-user@ip-172-31-38-230 www]$ passenger-install-nginx-module

 

*** 스왑(가상) 메모리 오류 발생 ***

[ec2-user@ip-172-31-38-230 www]$ sudo dd if=/dev/zero of=/swap bs=1M count=1024

1024+0 records in

1024+0 records out

1073741824 bytes (1.1 GB) copied, 13.8014 s, 77.8 MB/s

 

[ec2-user@ip-172-31-38-230 www]$ sudo mkswap /swap

mkswap: /swap: insecure permissions 0644, 0600 suggested.

Setting up swapspace version 1, size = 1024 MiB (1073737728 bytes)

no label, UUID=609a5eda-088f-48c2-bc80-a23ca704ec37

 

[ec2-user@ip-172-31-38-230 www]$ sudo swapon /swap

swapon: /swap: insecure permissions 0644, 0600 suggested.

 

[ec2-user@ip-172-31-38-230 www]$ passenger-install-nginx-module

*** 권한 오류 발생 ***

[ec2-user@ip-172-31-38-230 www]$ export ORIG_PATH="$PATH"

[ec2-user@ip-172-31-38-230 www]$ rvmsudo -E /bin/bash

[root@ip-172-31-38-230 www]# export PATH="$ORIG_PATH"

[root@ip-172-31-38-230 www]# export rvmsudo_secure_path=1

[root@ip-172-31-38-230 www]# /home/ec2-user/.rvm/gems/ruby-2.4.3/wrappers/ruby /var/passenger/passenger-5.3.6/bin/passenger-install-nginx-module

 

[ec2-user@ip-172-31-36-12 aws-exercise-a]$ sudo vi /opt/nginx/conf/nginx.conf
worker_processes  1;

events {
    worker_connections 1024;
}


http {
    server_names_hash_bucket_size 256;
    passenger_root /var/passenger/passenger-5.3.6;
    passenger_ruby /home/ec2-user/.rvm/gems/ruby-2.4.3/wrappers/ruby;

    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen                 80;
        server_name            15.164.163.12;
        root                   /var/www/aws-exercise-a/public;
        passenger_enabled      on;
        passenger_app_type     node;
        passenger_startup_file /var/www/aws-exercise-a/app.js;
    }
}

 

[ec2-user@ip-172-31-36-12 www]$ sudo /opt/nginx/sbin/nginx

 

nginx 구동 ⇒ $ sudo /opt/nginx/sbin/nginx

nginx 중지 ⇒ $ sudo /opt/nginx/sbin/nginx -s stop

nginx 재실행 ⇒ $ sudo /opt/nginx/sbin/nginx -s reload

 

[ec2-user@ip-172-31-36-12 aws-exercise-a]$ cd /etc/init.d
[ec2-user@ip-172-31-36-12 init.d]$ sudo vi nginx
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemin
#
# chkconfig:   - 85 15 
# description:  Nginx is an HTTP(S) server, HTTP(S) reverse \
#               proxy and IMAP/POP3 proxy server
# processname: nginx
# config:      /opt/nginx/conf/nginx.conf
# pidfile:     /opt/nginx/logs/nginx.pid
# modified from http://articles.slicehost.com/2009/2/2/centos-adding-an-nginx-init-script

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0

nginx="/opt/nginx/sbin/nginx"
prog=$(basename $nginx)

NGINX_CONF_FILE="/opt/nginx/conf/nginx.conf"

lockfile=/var/lock/subsys/nginx

start() {
    [ -x $nginx ] || exit 5
    [ -f $NGINX_CONF_FILE ] || exit 6
    echo -n $"Starting $prog: "
    daemon $nginx -c $NGINX_CONF_FILE
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
}

stop() {
    echo -n $"Stopping $prog: "
    killproc $prog -QUIT
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}

restart() {
    configtest || return $?
    stop
    start
}

reload() {
    configtest || return $?
    echo -n $"Reloading $prog: "
    killproc $nginx -HUP
    RETVAL=$?
    echo
}

force_reload() {
    restart
}

configtest() {
  $nginx -t -c $NGINX_CONF_FILE
}

rh_status() {
    status $prog
}

rh_status_q() {
    rh_status >/dev/null 2>&1
}

case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart|configtest)
        $1
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit 0
            ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
        exit 2
esac

 

[ec2-user@ip-172-31-36-12 init.d]$ sudo chmod 755 nginx

nginx 종료 ⇒ $ sudo service nginx stop

nginx 실행 ⇒ $ sudo service nginx start

[ec2-user@ip-172-31-36-12 init.d]$ sudo chkconfig --add nginx
[ec2-user@ip-172-31-36-12 init.d]$ sudo ntsysv

 

P41 하나의 서버에서 두 개의 애플리케이션 서비스

[ec2-user@ip-172-31-36-12 init.d]$ cd /var/www
[ec2-user@ip-172-31-36-12 www]$ git clone https://github.com/deopard/aws-exercise-b.git
[ec2-user@ip-172-31-36-12 www]$ cd aws-exercise-b
[ec2-user@ip-172-31-36-12 aws-exercise-b]$ tree .

├── app.js

├── package.json

├── package-lock.json

└── public

[ec2-user@ip-172-31-36-12 aws-exercise-b]$ npm install

[ec2-user@ip-172-31-36-12 aws-exercise-b]$ cat app.js
const express = require('express');
const app = express();

app.get('/', (req, res) => {
  res.send('AWS exercise의 B project입니다.');
});

app.listen(3000, () => {
  console.log('Example app listening on port 3000!');
});

app.get('/health', (req, res) => {
  res.status(200).send();
});

 

[ec2-user@ip-172-31-36-12 aws-exercise-b]$ sudo vi /opt/nginx/conf/nginx.conf
worker_processes  1;

events {
    worker_connections 1024;
}


http {
    server_names_hash_bucket_size 256;
    passenger_root /var/passenger/passenger-5.3.6;
    passenger_ruby /home/ec2-user/.rvm/gems/ruby-2.4.3/wrappers/ruby;

    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen                 80;
        server_name            15.164.163.12;
        root                   /var/www/aws-exercise-a/public;
        passenger_enabled      on;
        passenger_app_type     node;
        passenger_startup_file /var/www/aws-exercise-a/app.js;
    }
    server {
        listen                 80;
        server_name            ec2-15-164-163-12.ap-northeast-2.compute.amazonaws.com;
        root                   /var/www/aws-exercise-b/public;
        passenger_enabled      on;
        passenger_app_type     node;
        passenger_startup_file /var/www/aws-exercise-b/app.js;
    }
}

 

[ec2-user@ip-172-31-36-12 aws-exercise-b]$ sudo service nginx restart

 

 

P48 Auto Scaling 그룹 생성

시작 템플릿 생성

 

Auto Scaling그룹 생성

책보고 집에서 해보자..>!

 

 

P65 Auto Scaling 그룹, 대상 그룹, 로드 밸러서 구성

[Load Balancer 유형 선택 > HTTP/HTTPS 선택]

[Load Balancer 구성]

[보안 그룹 구성]

[라우팅 구성]

 

[Auto Scaling그룹 > 로드밸런싱 > 방금 만든 로드밸런싱 추가해줌]

 

 

[Load Balancer > DNS주소로 접속 > 로드 밸런서를 통해 해당 인스턴스로 매칭...?]

P73 장애 조치 아키텍처 구성

이것도 책보고 해보자...