Launch LRS AMI

A simple way to get started with Launch LRS in just a few clicks.

The Launch LRS Amazon Machine Image (AMI) provides all the information required to launch an EC2 instance pre-installed with your Launch LRS.

Amazon Web Services (AWS) provides on-demand cloud computing platforms and APIs to individuals, companies, and governments. Their Elastic Compute Cloud (EC2) web service provides secure, resizable compute capacity in the cloud.

If you do not have an Amazon Web Services account sign up for a free account.


What you’ll launch

An EC2 instance running Amazon Linux 2 with the following installed:

  • Amazon Corretto 11
  • NGINX as a reverse proxy for the Launch Learning LRS application
  • The latest version of Launch LRS

Instructions are also provided for configuring a database connection and setting up an SSL certificate.


How to deploy

Step 1: Sign in to AWS and launch an instance

Sign in to your AWS Console and navigate to the EC2 dashboard. Select Launch Instance. View the AWS launch instance documentation for more information.

Step 2: Select the Launch LRS AMI

Search the community AMI’s for Launch LRS and select the AMI with the most recent date. If you cannot cannot find the Launch AMI in the region you wish to use please contact us.

Step 3: Select the instance type

A t2.micro instance will be sufficient for most environments. The instance type can be changed at a later date if required. Select Review and Launch.

Step 4: Edit the security group and launch the instance

Allow SSH from your IP address, HTTP from anywhere and HTTPS from anywhere, select Review and Launch. Then select Launch at the next step.

Step 5: Access your Launch LRS

Once your instance is running, select it in your EC2 dashboard to view the public DNS. Navigate to this DNS in your browser to check your Launch LRS is available. You should see the following page:

After confirming access to your Launch LRS you can sign in and test it immediately. Select manage and sign in with the following credentials:
username: admin 
password
: password
You will be required to change your password on first sign in.

Production use configuration

For the security and integrity of your data, before using Launch LRS in a production environment, we recommend the following:

  • Setting a domain name for easier access and also to allow the SSL setup
  • Configuring a SSL certificate to ensure a secure connection to your Launch LRS
  • Configuring Launch LRS to use a database to persist your data into

If you wish to use Launch LRS in a production environment please follow the steps below.


Connecting to your instance

Within your EC2 dashboard select your Launch LRS instance. Connect to your instance via the connect option in the actions menu, choosing SSH client as the connection method. Follow the instructions provided, using ec2-user instead of root to connect.

For more information on how to connect to an EC2 instance view the AWS documentation.


Setting up a domain name

Step 1: Configure an AWS elastic IP address

Navigate to your AWS EC2 dashboard and select Elastic IP’s from the left menu. Select Allocate an Elastic IP address and then select Allocate.

Select the Elastic IP address you have just created, then select Associate Elastic IP address from the Actions dropdown menu. Select the ID of the Launch LRS instance from the instance search field and then Associate.

Make a note of the IP address, it will be used in step 2.

Step 2: Add a Route 53 domain name record

Within Route 53 select a hosted zone to use.

Note: To use your EC2 instance to host a public website, you must own or control the domain you plan to use. If you don’t already have one you can register a new domain with Amazon Route 53. For domains registered elsewhere you can transfer the DNS service for your domain to Route 53 or refer to your providers own documentation to create a domain name record that points to the IP of your instance. Customers with an active licence can contact us for additional help.

Select Create record. Choose the Simple routing policy. Select Next.

Select Define simple record.

Enter a sub-domain for your Launch LRS. Choose IP address from the endpoint dropdown, add the IP address created in step 1. Select A record for the type.

Select Define simple record, then Create records.

Step 3: Verify the record was created

You can verify the record was created by entering the record name into your browser, the Launch LRS page should now be displayed. It may take a short time for the record to propagate.


Configuring a SSL certificate

Let’s Encrypt, a certificate authority, provides an easy way to obtain and install free TLS/SSL certificates. Let’s Encrypt requires the Certbot package, which is available in the Extra Packages for Enterprise Linux (EPEL).

Prerequisite

A domain name you own or control, configured to point to the Elastic IP address of your Launch LRS instance as described in the section above.

Step 1: Install and enable EPEL

Connect to your instance.

Download and install the EPEL repository using the following commands:

[ec2-user ~]$ sudo wget -r --no-parent -A 'epel-release-*.rpm' http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/
[ec2-user ~]$ sudo rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-*.rpm
[ec2-user ~]$ sudo yum-config-manager --enable epel*

Step 2: Install the Certbot Let’s Encrypt Client using the EPEL repository

Install the certbot-nginx package:

[ec2-user ~]$ sudo yum install certbot-nginx

Step 3: Update the NGINX configuration file with your domain name

Edit the NGINX configuration file:

[ec2-user ~]$ sudo vi /etc/nginx/nginx.conf

Find the following server_name line in the file:

server_name _;

Replace the _ underscore with your domain name to allow Certbot to automatically configure SSL for NGINX. For example:

server_name lrs.example.com;

Save the file and quit your editor. Then reload NGINX to load the new configuration:

[ec2-user ~]$ sudo systemctl reload nginx

Step 4: Obtain a certificate

Run Certbot with the –nginx plugin, using -d to specify the domain name for the certificate:

[ec2-user ~]$ sudo certbot --nginx -d lrs.example.com

You will be prompted to enter an email address and agree to the terms of service. Certbot will then communicate with the Let’s Encrypt server and run a challenge to verify that you control the domain you’re requesting a certificate for.

By default, the created certificate will have a short, 90-day expiration time. Your system can be configured to renew the certificate automatically by setting up a cron job. This will require running the certbot command manually before expiration.

Step 5: Verify your Launch LRS is secure

Once Certbot confirms that the verification is successful, data sent to and from your Launch LRS will be secured. You can confirm that your site is secure by viewing your Launch LRS in your browser, your browser should indicate that your site is properly secured.


Configuring Launch LRS to use a database

If a database is not specified, the Launch LRS application will use an in-memory database which will be wiped every time you restart the Launch LRS application.

For a production environment we recommend configuring the Launch LRS database on a different host to the Launch LRS application.

Step 1: Install a database

Launch LRS currently supports MySQL, MariaDB, PostgreSQL, SQL Server and H2. If you don’t already have database we recommend using AWS RDS.

For testing purposes, instructions are provided for setting up and configuring a local database using MariaDB.

Step 2: Configure your database

Create and open an application.properties file in the same directory as the Launch LRS application:

[ec2-user ~]$ sudo vi /opt/launch/lrs/application.properties

Insert the configuration below into the application.properties file, substituting the following:

dbms: mysql, sqlserver or postgresql 
endpoint: URL of your database server. For internal database installations use localhost
dbname: name of the database you intend to use for Launch LRS
user: a username with full permissions to the specified database
changeMe: password for the user

spring.datasource.url=jdbc:dbms://endpoint:3306/dbname?zeroDateTimeBehavior=convertToNull
spring.datasource.username=user
spring.datasource.password=changeMe

Save and quit.

The full list of configuration properties can be found within the Launch LRS documentation.

Step 3: Restart Launch LRS

[ec2-user ~]$ sudo systemctl restart launch-lrs

If you now access Launch LRS in your browser you should notice the in-memory warning message at the bottom of the screen has gone.

If you receive 502 Bad Gateway, ensure you’re credentials, endpoint and port are correct in the configuration file.

If you changed your password during the initial setup, it will have been set back to the default when the database was specified. Select manage and sign in with the following credentials:
username: admin 
password
: password
You will be required to change your password on first sign in after specifying a database.

Install MariaDB on the Launch LRS instance

These instructions are to install MariaDB using the Amazon Linux Extras package.

First connect to your Launch LRS instance and ensure that all of your software packages are up to date:

[ec2-user ~]$ sudo yum update -y

Step 1: Install the required Amazon Linux Extra repositories

To get the latest version of MariaDB install the following package:

[ec2-user ~]$ sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2

Step 2: Install MariaDB server

Install MariaDb:

[ec2-user ~]$ sudo yum install -y mariadb-server

Start MariaDB:

[ec2-user ~]$ sudo systemctl start mariadb

Step 3: Secure the database server

Run the mysql_secure_installation command to set a root password and remove the insecure features from your installation:

[ec2-user ~]$ sudo mysql_secure_installation
  1. By default, the root account does not have a password set. Press Enter.
  2. Type Y to set a password, and type a secure password twice.
  3. Type Y to remove the anonymous user accounts.
  4. Type Y to disable the remote root login.
  5. Type Y to remove the test database.
  6. Type Y to reload the privilege tables and save your changes.

Step 4: Connect to your database server

Use the following command and the password created.

[ec2-user ~]$ mysql -u root -p

Step 5: Create a database

mysql> CREATE DATABASE lrs;

Step 6: Create a user for the database

Create a user substituting changeMe for a secure password:

[mysql]> CREATE USER 'launch'@'localhost' IDENTIFIED BY 'changeMe';
[mysql]> GRANT ALL PRIVILEGES ON lrs.* TO 'launch'@'localhost';

Exit MySQL:

mysql> \q

Refer to the database configuration instructions within the Launch LRS documentation to connect the Launch LRS application to your database.


Costs and licensing

The only cost is the AWS infrastructure cost, however, Launch LRS is optimised to work on a small instance size so can be used on Amazon’s free tier. Launch LRS is included in the formation and can be used without a licence.

If additional statement storage is required beyond the free tier, a storage plan licence can be purchased.