Project Babel

FREDDY CRUZ
ORLANDO, FL

Freddy Cruz
PROJECT BABEL
Table of Contents

Project Overview ........................................................................................................................................... 2

Project Goals & Objectives ........................................................................................................................... 2
Network Infrastructure Requirement .......................................................................................................... 2
Assumptions & Risks ..................................................................................................................................... 2
Network Configuration & Procedural Checklist ........................................................................................... 3
Network Topology Diagram with IP Addresses ........................................................................................... 3
Appendices | Deliverables ............................................................................................................................ 3
Create EC2 Instance(s) on AWS ..................................................................................................................... 3
Install MariaDB on Database Instance ........................................................................................................... 6
Create database and users ............................................................................................................................ 9
Create Web Server .......................................................................................................................................10
Install php packages.....................................................................................................................................15
Duplicate instance in AWS ...........................................................................................................................23
HAproxy Install .............................................................................................................................................25
How to change document root....................................................................................................................28
Create SSL on HAProxy ................................................................................................................................31
Create session persistence between servers ..............................................................................................36

1
Scope of Work
Project Babel
Local Area Network System Implementation

Project Overview
This project aims to design and deploy a private cloud-based system with optimized database servers
with redundancy.

Milestone completion dates:

Milestone I – March 7th, 2023

Milestone II – March 12th, 2023

Milestone III – March 19th, 2023

Milestone IV – March 26th, 2023

Project Goals & Objectives

• Security – Using AWS, it provides better physical security to their servers and SeedDMS allows
for specific access which assist with security.
• Reliability – AWS has the highest reliability with uptime of 99.999%
• Scalability – With it being cloud based, its easier to scale to the needs of the customer and
cheaper in the long run than having to purchase new hardware.

Network Infrastructure Requirement

Computers and internet access to log into the database system (seeddms).

Assumptions & Risks

• The Client will be responsible for providing internet access

• The client and hired IT team will be responsible for maintenance , security and any updates
needed to hardware

2
Network Configuration & Procedural Checklist
1. Create 5 AWS EC2 instances
2. Install SQL database and Apache on 1 server
3. Install and configure SeedDMS and Apahce on 3 other servers
4. Install and configure HAProxy with SSL on last server
5. Create self-signed SSL certification
6. Validate and test redundancy

Network Topology Diagram with IP Addresses

Appendices | Deliverables

Create EC2 Instance(s) on AWS

Navigate to AWS and log in with credentials.

Search for EC2 and select it to get to the EC2 Dashboard.

Select Launch Instance

We will create one instance at a time.

3
Enter Name of first instance, “Database”.

Amazon Linux should be used as the OS image.

You can leave all selections as the default.

Under Key Pair (login), select Create new key pair and be sure to save it somewhere safe.

Make sure to have the Create security Group selected under the Firewall section and ensure that the
check boxes for Allow SSH Traffic from and Allow HTTP Traffic from the internet are selected.

4
This will ensure that we can connect to the database via SSH and allow for traffic from and HTTP.

After that, select Launch Instance.

Once complete, it will show as running on the EC2 dashboard.

We want to make sure to also open Port 3306 in order for MYSQL and MariaDB to operate.

5
Click on the newly created Instance and then the Security tab.

Select the option that is hyperlinked under Security groups

Select Edit Inbound rules, add a rule and use the drop down menu in the Type column to select
MSQL/Aurora which will open port 3306. Use the 0.0.0.0 CIDER block and click Save rules

Install MariaDB on Database Instance

On the EC2 Dashboard, select the Database instance.

Click Connect and select the SSH client tab.

6
From here we are going to connect via SSH using the .pem file we saved with our private key.

Open a terminal and use cd (change directory) command to go to the directory which stores your .pem
file

Change permissions to the .pem file by copy/pasting the chmod command in the terminal

Paste the copied example into the terminal and run the command

7
Run an update once connected via SSH with sudo yum update- y.

Then run the command sudo yum install mariadb-server -y

After the installation, we will need to start the server.

Input the command sudo systemctl start mariadb

To check if it’s working, input the command sudo systemctl status mariadb

8
Finally, input the command sudo systemctl enable mariadb to ensure that MariaDB starts when the
instance begins.

Create database and users

Log into MariaDB by entering sudo mysql

We need to create a user that connect from any use by using the ‘%’ wildcard

9
CREATE USER 'newuser'@'%' IDENTIFIED BY 'Fullsail1!';

We now need to create the database. To do so, we can use the command create database seeddms;

Now grant privileges to the user with

grant all privileges on seeddms. * to 'newuser'@'%';

Create Web Server

Follow the same steps for creating an EC2 instance, but make sure to name it ‘seed_1’ for the first
webserver.

Keep all the defaults selected, but do select “SeedDMS” as the key pair name.

10
Be sure to also select the same Security group, and continue to select the same security groups for any
other instances that will be made.

Select Launch Instance

Once launched, navigate to the Instance, select Connect, then select the SSH Client tab. Copy the
example script and paste it into a new Terminal window to log in via SSH.

11
Begin by running sudo yum update -y

12
Once updated, make sure to switch to root user by entering sudo du

Download apache by using yum install httpd -y

13
Once downloaded, it should look like the image above when completed.

Now we will enable Apache so that it begins at start up or reboot automatically.

14
Enter the command

systemctl enable httpd

systemctl start httpd

and then systemctl status httpd to verify that it is running.

Navigate back to and select the web server instance on AWS.

From there, click on open address under the Public IPv4 DNS link. It should open a tab and bring you to
the Apache Test Page. But first, you must make sure the URL is showing “http” instead of “https”

Install php packages

In terminal, run the following command to view php packages

15
Sudo amazon-linux-extras enable php7.4

From here, you can see available packages.

Enter the following the command to install all packages that are needed for the webserver.

Sudo yum install php php-gd php-mbstring php-xml php-json php-mysqlnd -y

We are to now download and extract SeedDMS by inputting

wget https://sourceforge.net/projects/seeddms/files/seeddms-5.1.22/seeddms-quickstart-
5.1.22.tar.gz

Once it downloads, extract the contents by using the command:

tar -zxvf seeddms-quickstart-5.1.22.tar.gz

16
When completed, you should have a new directory will appear called seeddms51x

Navigate to the seeddms51x directory with cd seeddms51x

List the files with ls

17
Move all files in “seeddms51x” folder to “/var/www/html” folder with sudo mv * /var/www/html

Now navigate to the HTML directory with cd /var/www/html/ and list the files to confirm SeedDMS
files have been moved with ls.

Now we must update Apache permissions to both the “data” and “conf” folders.

sudo chown apache:apache data

sudo chown apache:apache conf

18
Go to “/var/www/html/conf” folder and delete “setting.xml” file

Sudo rm setting.xml

Now we must create an “ENABLE_INSTALL_TOOL” file with sudo touch ENABLE_INSTALL_TOOL

command

Return back to AWS and navigate to the web server instance and navigate to the public IPv4 address by
selecting “open address” by the IP address and adding “seeddms” to the end of the URL

19
If done correctly, you should be taken to a blank site that has a link to run the install tool.

Once the hyperlink is clicked, edit the Extra PHP include Path: section and input /var/www/html/pear

By the Server name, input the PRIVATE IP address of our database instance and include the username
and password for the user we created earlier. The first time you connect to the database, we must check
the “Create database tables” and then click apply.

20
If done correctly you should not see any red error lines on the next page

Now we can select Delete file ENABLE_INSTALL_TOOL if possible, to delete said file we created earlier.
As we no longer need it.

To verify it’s been deleted, navigate back to the terminal that is showing the web server instance and
run an ls command in the conf folder.

21
The created file is now deleted and replaced with a new settings.xml file

Back on the SeedDMS site, click on the Configure more settings. Default login: admin/admin link

Log in with the admin/admin credentials.

Change the Site Name to SeedDMS_1 in order to distinguish between future servers.

22
Duplicate instance in AWS

Navigate to the EC2 dashboard

Select the seed_1 instance

Once selected, click “Actions” on the top right of the dashboard,

Enter a name for the image, as we will be creating an instance from this saved image.

Click “Create image”

Now click on “AMIs” on the table that is on the left under “Images”

23
After several minutes, the status of the image will go from “pending” to “available”

Click on the create image and then “Launch instance from AMI”

Now you have the option of naming the instance. Name it accordingly

Scroll down and select the custom key pair login we created earlier.

Select “Select existing security group” and choose the custom security croup we created earlier.

24
Select Launch Instance

Repeat to create as many instances as needed

HAproxy Install

On the AWS EC2 dashboard, select “Launch instances”

Input the name “HAproxy” and select Ubuntu, Ubuntu Server 20.04 from the image selection

25
Under “Key Pair (login) make sure to select the custom key pair that was made and also select the
custom security group.

Select “Launch instance”

26
Once the instance is completed, log in via the SSH function by copying the example on the SSH client tab

Once in the instance via SSH, run the following commands to install HAProxy packages

apt-get install --no-install-recommends software-properties-common

add-apt-repository ppa:vbernat/haproxy-2.6

apt-get install haproxy=2.6.\*

Once the installation has finished, double check it with haproxy --version

27
How to change document root

Repeat these steps for each web server instance

On the EC2 dashboard, select a web server instance.

Log into it via SSH

Navigate to the conf file with cd/etc/httpd/conf

You should see the httpd.conf file and magic file when you ls

Sudo nano into the conf file and scroll down till you reach the Document Root section. Edit the line and
add “/seeddms” to the end of the path, then exit and save.

Since we made an edit to the server, we must restart it for the change to take effect.

28
Run the command sudo systemctl restart httpd

Now go back to the EC2 instance and navigate to the public IP on a browser.

It should show a Not Found error

Back on the terminal that is SSH’d into the instance, navigate to cd /var/www/html/ and then into the
conf file with cd conf

Remove the settings.xml file with sudo rm settings.xml

Back on the browser, refresh the page that was showing the Not Found error and there should now be a
“run the install tool first”

29
Click on the hyperlink and copy “ENABLE_INSTALL_TOOL”, as we need to create the file in the conf
directory

Create the file with sudo touch ENABLE_INSTALL_TOOL

Back on the browser, refresh the page.

You should now see the SeedDMS installation page

Input /var/www/html/pear into the “Extra PHP include path” section, add the private IP from the
database into the “Server name” section. Finally make sure to match up the database, username and
password to what was created earlier.

Seeddms

Newuser

Fullsail1*

30
Click Apply

If done correctly, you shouldn’t see any errors and will be able to click “delete file enable_install_tool if
possible”. Do so.

Then click on “configure more settings” and login in using the default login credentials. admin/admin

Once you log in, change the site name to the appropriate SeedDMS name (1,2 or 3)

Once done, click save.

Create SSL on HAProxy

Make sure all instances are running and SSH into the HAProxy instance.

First, create a self-signed SSL certificate

sudo apt-get -y install openssl

31
Use the following command to create your self-signed SSL certificate and move it to /etc/ssl/private.

openssl req -nodes -x509 -newkey rsa:2048 -keyout /etc/ssl/private/test.key -out

/etc/ssl/private/test.crt -days 30

Once ran, you may leave the fields blank

Now create a pem file by copying key and certificate to a file. That goes with:

cat /etc/ssl/private/test.key /etc/ssl/private/test.crt > /etc/ssl/private/test.pem

I first had to run sudo -s to log in as root and then proceeded with the above command.

I then moved the .pem file to the /etc/haproxy path with mv test.pm /etc/haproxy

Navigate to haproxy directory with cd /etc/haproxy

Enter the haproxy.cfg with nano haproxy.cfg

32
In the config file, we will be adding the following information after the “defaults” info

frontend localnodes

bind *:80

bind *:443 ssl crt /etc/haproxy/test.pem

mode http

default_backend nodes

stats uri /stats

backend nodes

mode http

balance roundrobin

server web01 172.31.50.101:80 check

server web02 172.31.50.30:80 check

server web03 172.31.49.2:80 check

33
Once input, exit and save.

Now verify that the HAproxy config was configured correctly with:

haproxy -c -V -f /etc/haproxy/haproxy.cfg

We now need to reboot the load balancer

systemctl restart haproxy

and then systemctl status haproxy to verify services are running

34
Navigate to the EC2 HAProxy instance and open the public ip domain

You will be created with a warning page

Select “Advanced” and “proceed to …”

35
It should then take you to one of the web servers at random. Continue to refresh the page to make sure
that it alternates servers to show that the load balancer is working properly.

Create session persistence between servers

Log into the HAProxy server instance

Navigate to the haproxy configuration file by using cd /etc/haproxy

Open up the haproxy.cfg with sudo nano haproxy.cfg

Scroll down to the backend nodes section and update the following lines to enable cookies and
redundancy

backend nodes

mode http

balance roundrobin

cookie SERVERID insert indirect nocache

server web01 172.31.50.101:80 check cookie web01

server web02 172.31.50.30:80 check cookie web02

server web03 172.31.49.2:80 check cookie web03

Exit and save.

Restart the server

Run systemctl restart haproxy and then systemctl status haproxy to ensure that it is running.

36