Launch LRS AMI
A simple way to get started with Launch LRS in just a few clicks.
The Launch LRS Amazon Machine Image (AMI) provides all the information required to launch an EC2 instance pre-installed with your Launch LRS.
Amazon Web Services (AWS) provides on-demand cloud computing platforms and APIs to individuals, companies, and governments. Their Elastic Compute Cloud (EC2) web service provides secure, resizable compute capacity in the cloud.
If you do not have an Amazon Web Services account sign up for a free account.
What you’ll launch
An EC2 instance running Amazon Linux 2 with the following installed:
- Amazon Corretto 11
- NGINX as a reverse proxy for the Launch Learning LRS application
- The latest version of Launch LRS
Instructions are also provided for configuring a database connection and setting up an SSL certificate.
How to deploy
Step 1: Sign in to AWS and launch an instance
Sign in to your AWS Console and navigate to the EC2 dashboard. Select Launch Instance. View the AWS launch instance documentation for more information.
Step 2: Select the Launch LRS AMI
Search the community AMI’s for Launch LRS and select the AMI with the most recent date. If you cannot cannot find the Launch AMI in the region you wish to use please contact us.
Step 3: Select the instance type
A t2.micro instance will be sufficient for most environments. The instance type can be changed at a later date if required. Select Review and Launch.
Step 4: Edit the security group and launch the instance
Allow SSH from your IP address, HTTP from anywhere and HTTPS from anywhere, select Review and Launch. Then select Launch at the next step.
Step 5: Access your Launch LRS
Once your instance is running, select it in your EC2 dashboard to view the public DNS. Navigate to this DNS in your browser to check your Launch LRS is available. You should see the following page:
After confirming access to your Launch LRS you can sign in and test it immediately. Select manage and sign in with the following credentials:
You will be required to change your password on first sign in.
Production use configuration
For the security and integrity of your data, before using Launch LRS in a production environment, we recommend the following:
- Setting a domain name for easier access and also to allow the SSL setup
- Configuring a SSL certificate to ensure a secure connection to your Launch LRS
- Configuring Launch LRS to use a database to persist your data into
If you wish to use Launch LRS in a production environment please follow the steps below.
Connecting to your instance
Within your EC2 dashboard select your Launch LRS instance. Connect to your instance via the connect option in the actions menu, choosing SSH client as the connection method. Follow the instructions provided, using ec2-user instead of root to connect.
For more information on how to connect to an EC2 instance view the AWS documentation.
Setting up a domain name
Step 1: Configure an AWS elastic IP address
Navigate to your AWS EC2 dashboard and select Elastic IP’s from the left menu. Select Allocate an Elastic IP address and then select Allocate.
Select the Elastic IP address you have just created, then select Associate Elastic IP address from the Actions dropdown menu. Select the ID of the Launch LRS instance from the instance search field and then Associate.
Make a note of the IP address, it will be used in step 2.
Step 2: Add a Route 53 domain name record
Within Route 53 select a hosted zone to use.
Note: To use your EC2 instance to host a public website, you must own or control the domain you plan to use. If you don’t already have one you can register a new domain with Amazon Route 53. For domains registered elsewhere you can transfer the DNS service for your domain to Route 53 or refer to your providers own documentation to create a domain name record that points to the IP of your instance. Customers with an active licence can contact us for additional help.
Select Create record. Choose the Simple routing policy. Select Next.
Select Define simple record.
Enter a sub-domain for your Launch LRS. Choose IP address from the endpoint dropdown, add the IP address created in step 1. Select A record for the type.
Select Define simple record, then Create records.
Step 3: Verify the record was created
You can verify the record was created by entering the record name into your browser, the Launch LRS page should now be displayed. It may take a short time for the record to propagate.
Configuring a SSL certificate
Let’s Encrypt, a certificate authority, provides an easy way to obtain and install free TLS/SSL certificates. Let’s Encrypt requires the Certbot package, which is available in the Extra Packages for Enterprise Linux (EPEL).
A domain name you own or control, configured to point to the Elastic IP address of your Launch LRS instance as described in the section above.
Step 1: Install and enable EPEL
Connect to your instance.
Download and install the EPEL repository using the following commands:
[ec2-user ~]$ sudo wget -r --no-parent -A 'epel-release-*.rpm' http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/
[ec2-user ~]$ sudo rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-*.rpm
[ec2-user ~]$ sudo yum-config-manager --enable epel*
Step 2: Install the Certbot Let’s Encrypt Client using the EPEL repository
Install the certbot-nginx package:
[ec2-user ~]$ sudo yum install certbot-nginx
Step 3: Update the NGINX configuration file with your domain name
Edit the NGINX configuration file:
[ec2-user ~]$ sudo vi /etc/nginx/nginx.conf
Find the following server_name line in the file:
Replace the _ underscore with your domain name to allow Certbot to automatically configure SSL for NGINX. For example:
Save the file and quit your editor. Then reload NGINX to load the new configuration:
[ec2-user ~]$ sudo systemctl reload nginx
Step 4: Obtain a certificate
Run Certbot with the –nginx plugin, using -d to specify the domain name for the certificate:
[ec2-user ~]$ sudo certbot --nginx -d lrs.example.com
You will be prompted to enter an email address and agree to the terms of service. Certbot will then communicate with the Let’s Encrypt server and run a challenge to verify that you control the domain you’re requesting a certificate for.
By default, the created certificate will have a short, 90-day expiration time. Your system can be configured to renew the certificate automatically by setting up a cron job. This will require running the certbot command manually before expiration.
Step 5: Verify your Launch LRS is secure
Once Certbot confirms that the verification is successful, data sent to and from your Launch LRS will be secured. You can confirm that your site is secure by viewing your Launch LRS in your browser, your browser should indicate that your site is properly secured.
Configuring Launch LRS to use a database
If a database is not specified, the Launch LRS application will use an in-memory database which will be wiped every time you restart the Launch LRS application.
For a production environment we recommend configuring the Launch LRS database on a different host to the Launch LRS application.
Step 1: Install a database
Launch LRS currently supports MySQL, MariaDB, PostgreSQL, SQL Server and H2. If you don’t already have database we recommend using AWS RDS.
For testing purposes, instructions are provided for setting up and configuring a local database using MariaDB.
Step 2: Configure your database
Create and open an application.properties file in the same directory as the Launch LRS application:
[ec2-user ~]$ sudo vi /opt/launch/lrs/application.properties
Insert the configuration below into the application.properties file, substituting the following:
dbms: mysql, sqlserver or postgresql
endpoint: URL of your database server. For internal database installations use localhost
dbname: name of the database you intend to use for Launch LRS
user: a username with full permissions to the specified database
changeMe: password for the user
spring.datasource.url=jdbc:dbms://endpoint:3306/dbname?zeroDateTimeBehavior=convertToNull spring.datasource.username=user spring.datasource.password=changeMe
Save and quit.
The full list of configuration properties can be found within the Launch LRS documentation.
Step 3: Restart Launch LRS
[ec2-user ~]$ sudo systemctl restart launch-lrs
If you now access Launch LRS in your browser you should notice the in-memory warning message at the bottom of the screen has gone.
If you receive 502 Bad Gateway, ensure you’re credentials, endpoint and port are correct in the configuration file.
If you changed your password during the initial setup, it will have been set back to the default when the database was specified. Select manage and sign in with the following credentials:
You will be required to change your password on first sign in after specifying a database.
Install MariaDB on the Launch LRS instance
These instructions are to install MariaDB using the Amazon Linux Extras package.
First connect to your Launch LRS instance and ensure that all of your software packages are up to date:
[ec2-user ~]$ sudo yum update -y
Step 1: Install the required Amazon Linux Extra repositories
To get the latest version of MariaDB install the following package:
[ec2-user ~]$ sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2
Step 2: Install MariaDB server
[ec2-user ~]$ sudo yum install -y mariadb-server
[ec2-user ~]$ sudo systemctl start mariadb
Step 3: Secure the database server
Run the mysql_secure_installation command to set a root password and remove the insecure features from your installation:
[ec2-user ~]$ sudo mysql_secure_installation
- By default, the root account does not have a password set. Press Enter.
Yto set a password, and type a secure password twice.
Yto remove the anonymous user accounts.
Yto disable the remote root login.
Yto remove the test database.
Yto reload the privilege tables and save your changes.
Step 4: Connect to your database server
Use the following command and the password created.
[ec2-user ~]$ mysql -u root -p
Step 5: Create a database
mysql> CREATE DATABASE lrs;
Step 6: Create a user for the database
Create a user substituting changeMe for a secure password:
[mysql]> CREATE USER 'launch'@'localhost' IDENTIFIED BY 'changeMe';
[mysql]> GRANT ALL PRIVILEGES ON lrs.* TO 'launch'@'localhost';
Refer to the database configuration instructions within the Launch LRS documentation to connect the Launch LRS application to your database.
Costs and licensing
The only cost is the AWS infrastructure cost, however, Launch LRS is optimised to work on a small instance size so can be used on Amazon’s free tier. Launch LRS is included in the formation and can be used without a licence.
If additional statement storage is required beyond the free tier, a storage plan licence can be purchased.