admin/cmc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
72ff6e4c4d887c39e691d2d2d36830d1b90eef17
cmc/README.md

240 lines
8.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# art-get-arrays-jwt-springsecurity-angular
JSON Web Token (JWT) with Spring Security And Angular - Tutorial from Get Arrays (Udemy)
### Notes
#### Section 19: HTML Template
##### 134. Configuring routes
- Generate AppRoutingModule
- `ng generate module app-routing --flat --module=app`
- Modify `app-routing.module.ts`
#### Section 29: Security Management - Front End
##### 199. Unsubscribe using Subsink library
1. Install [SubSink](https://www.npmjs.com/package/subsink)
- `npm install subsink --save`
2. Use it
#### Section 30: Deployment
##### 202. Creating EC2 instance
Create EC2 instance with custom security rules
- open port 80, 5000, 443(ssh) for everyone
##### 203. Configure EC2 instance
1. Install apache web server
- `sudo service httpd start` -> service not found
- `sudo yum -y install httpd` -> OK
- `sudo service httpd status` -> running
- Go to EC2 public URL -> Apache Server Default Page
2. Test work
- Navigate to server content
- `cd /var/www/html`
- create sample html file
- `sudo nano index.html`
- `<h1>Welcome to AWS Apache server</h1>`
- Ctrl+O
- Ctrl+X
- Go to EC2 public URL -> Our web page
3. Install Java
- `sudo amazon-linux-extras install java-openjdk11`
4. Install MySQL
- `sudo wget https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm`
- `sudo wget https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm`
- `sudo yum localinstall mysql57-community-release-el7-11.noarch.rpm`
- `sudo yum install mysql-community-server`
5. Start MySQL
- `sudo systemctl start mysqld.service`
- `sudo systemctl status mysqld.service`
- Check for temporarily root password
- `sudo grep 'temporary password' /var/log/mysqld.log`
- `A temporary password is generated for root@localhost: idy7c#>jEetF`
- `sudo mysql_secure_installation`
- new password: `Supp0rtP0rta!`
- No for other questions
6. Configure mysql
- `sudo mysql -u root -p` -> enter password
- `show databases;`
- `create database support_portal;`
- `create user 'support_portal_user'@'localhost' identified by 'Supp0rt_Porta!_P@ssword';`
- `grant all privileges on support_portal.* to 'support_portal_user'@'localhost'; `
##### 206. Running in AWS
1. Copy JAR file to EC2 home folder (secured copy)
- `scp -i "certified-dev-assoc-course.pem" "C:\Users\Admin\IdeaProjects\Study\GetArrays\art-get-arrays-jwt-springsecurity-angular\support-portal-backend\target\support-portal.jar" ec2-user@ec2-13-51-129-89.eu-north-1.compute.amazonaws.com:~/`
2. Set Environment Variables
- `export PORTAL_MAIL_USERNAME="{{your_gmail_username}}"`
- `export PORTAL_MAIL_PASSWORD="{{your_gmail_password}}"`
- `export SPRING_PROFILES_ACTIVE="aws-local"`
3. Start java app
- `java -jar support-portal.jar`
4. Run as executable
- `sudo chmod 755 support-portal.jar`
- `ls -lh support-portal.jar` -> view permissions
- `./support-portal.jar`
#### 207. Deploying Angular Application
1. Build Angular Application
- `ng build --prod`
2. Upload dist/support-portal-frontend folder to EC2
- `scp -r -i "certified-dev-assoc-course.pem" "C:\Users\Admin\IdeaProjects\Study\GetArrays\art-get-arrays-jwt-springsecurity-angular\support-portal-frontend\dist\*" ec2-user@ec2-13-51-129-89.eu-north-1.compute.amazonaws.com:~/`
3. Move files to httpd directory
- `sudo cp ~/support-portal-frontend/* /var/www/html`
#### 208. Creating Unix Service
1. Create dedicated user to run this app as a service
- without ability to login
- `sudo adduser --home /var/lib/supporthome --shell /sbin/nologin supportuser`
- `sudo cat /etc/passwrd`
2. Add access for the system processes to access home folder's content
- `cd /var/lib`
- `ls -lh` -> only supportuser has access
- `sudo chmod 755 /var/lib/supporthome`
- owner has full access 7 (rwx) - read write execute
- others - 5 (r-x) - read and execute
3. Copy jar into supportuser home
- `cd ~`
- `sudo cp support-portal.jar /var/lib/supporthome`
4. Change ownership of jar file
- `ls -lh` -> owner is root
- `sudo chown supportuser:supportuser support-portal.jar`
- `ls -lh` -> owner is supportuser
5. Change permission to read and execute only for supportuser
- `sudo chmod 500 support-portal.jar`
6. Protect the file from accident deletion
- `sudo chattr +i support-portal.jar` - change attribute `+i` (add immutable)
- `rm support-portal.jar` ->
- ` cannot remove support-portal.jar: Operation not permitted`
- `sudo rm -f support-portal.jar` ->
- ` cannot remove support-portal.jar: Operation not permitted`
- (for deletion we need first remove immutability - `sudo chattr -i support-portal.jar`)
7. Create symbolic link
- `sudo ln -s /var/lib/supporthome/support-portal.jar /etc/init.d/supportapi`
- `ln` - link
- `-s` - symbolic
- `/etc/init.d` - init directory
- `supportapi` - name of service
- `cd /etc/init.d`
- `ls` -> we have supportapi
8. Start service
- `sudo service supportapi start`
- `sudo service supportapi status`
9. View logs
- `cd /var/log` -> `ls`
- `cat /var/log/supportapi.log`
- **or**
- `sudo vim supportapi.log` -> :qa for quit
- **or**
- `sudo tail -f /var/log/supportapi.log`
10. Setting Permanent Global Environment Variables for All Users
- `sudo nano /etc/environment`
- `SPRING_PROFILES_ACTIVE=aws-local`
#### 208.2 Creating Unix Service - Correct Way
- cd /etc/systemd/system
- Create a file named your-service.service and include the following:
```shell script
[Unit]
Description=Support Portal API
[Service]
User=supportuser
WorkingDirectory=/var/lib/supporthome
ExecStart=/var/lib/supporthome/support-portal.jar
Restart=always
Environment="SPRING_PROFILES_ACTIVE=aws-local"
[Install]
WantedBy=multi-user.target
```
- Reload the service files to include the new service.
- `sudo systemctl daemon-reload`
- Start your service
- `sudo systemctl start supportapi.service`
- To check the status of your service
- `sudo systemctl status supportapi.service`
- To enable your service on every reboot
- `sudo systemctl enable supportapi.service`
#### 209. Testing in Production
- Test with:
- Username: `art.shyshkin`
- Password: `17aH!?o>CJ`
- and another
- Username: `shyshkin.art`
- Password: `5C<"0dVx=>`
#### 33 deploy frontend into s3 bucket
1. S3 console
- Create bucket: `portal.shyshkin.net`
2. Build Angular app
- create `environment.test.ts`
- modify `angular.json`
- `ng build -c test`
3. Copy files from `dist/support-portal-frontend` to the bucket
4. Static website hosting
- Enable
- index.html
5. Allow public access
- `Block public access (bucket settings)` - All OFF
6. Edit bucket policy
- `{`
- ` "Version": "2012-10-17",`
- ` "Statement": [`
- ` {`
- ` "Sid": "PublicRead",`
- ` "Effect": "Allow",`
- ` "Principal": "*",`
- ` "Action": [`
- ` "s3:GetObject",`
- ` "s3:GetObjectVersion"`
- ` ],`
- ` "Resource": "arn:aws:s3:::portal.shyshkin.net/*"`
- ` }`
- ` ]`
- `}`
7. Visit `http://portal.shyshkin.net.s3-website.eu-north-1.amazonaws.com`
8. Make an Alias to Website
- Route 53 console
- Hosted zone: shyshkin.net
- Add record
- Name: portal
- Record Type: A
- Routing policy: Simple routing
- Alias: true
- Alias to S3 website endpoint
- Stockholm
- s3-website.eu-north-1.amazonaws.com
9. Tune CORS for backend
- add `http://portal.shyshkin.net`
##### 35.1 deploy MySQL into AWS RDS - with public access
1. RDS Console
- MySQL 8.0.23
- Dev/Test
- DB instance identifier: `portal-db`
- Master username: portal_user
- Master password: Supp0rt_Porta!_PAssword
- DB Instance: db.t3.micro
- Public access: yes
2. Additional configuration
- Initial database name: support_portal
3. Create DB
4. Create Security Group MySQLFromEverywheere
- allow port 3306 from everywhere (for testing purposes)
5. Attach SG MySQLFromEverywheere to DB instance
Reference in New Issue View Git Blame Copy Permalink