====== Install Etherpad Lite on AWS EC2 Amazon Linux 2 AMI ======

  - Login to [[https://console.aws.amazon.com/|AWS EC2 Web Console]]
  - Launch a new **t2.micro** EC2 instance from **Amazon Linux 2 AMI**
  - Allocation new Elastic IP
  - Allocate the Elastic IP to newly create EC2 instance
  - Using [[https://putty.org|PuTTY]] SSH Client and PEM key login, SSH into in the new instance
  - Run the following Linux shell command to update Amazon Linux 2: <code>
sudo yum -y update

</code>
  - Run following Linux shell command to install [[https://nodejs.org/|node.js]]:<WRAP center round info 60%>
[[https://github.com/nodesource/distributions/blob/master/README.md]]
</WRAP><code>
curl -sL https://rpm.nodesource.com/setup_current.x | sudo bash -
sudo yum install -y nodejs git

</code>
  - Run the following Linux shell commands to download and install [[https://etherpad.org/|Etherpad]] Lite:<WRAP center round info 60%>
[[https://github.com/ether/etherpad-lite#installation]]
</WRAP><code>
sudo mkdir /usr/local/etherpad
sudo git clone --branch master https://github.com/ether/etherpad-lite.git /usr/local/etherpad/
sudo /usr/local/etherpad/bin/installDeps.sh
sudo groupadd etherpad
sudo useradd etherpad --system -g etherpad --home /var/etherpad
sudo chown -R etherpad:etherpad /usr/local/etherpad

</code>
  - Setup Etherpad as service so that it can be started during boot by running Linux shell command ''sudo vi /usr/lib/systemd/system/etherpad.service'':<WRAP center round info 60%>
[[https://github.com/ether/etherpad-lite/wiki/How-to-deploy-Etherpad-Lite-as-a-service]]
</WRAP><file text etherpad.service>
[Unit]
Description=Etherpad-lite, the collaborative editor.
After=syslog.target network.target

[Service]
Type=simple
User=etherpad
Group=etherpad
WorkingDirectory=/usr/local/etherpad
Environment=NODE_ENV=production
ExecStart=/usr/bin/node --experimental-worker /usr/local/etherpad/node_modules/ep_etherpad-lite/node/server.js
# use mysql plus a complete settings.json to avoid Service hold-off time over, scheduling restart.
Restart=always

[Install]
WantedBy=multi-user.target

</file>
  - Run following Linux shell commands to enable Etherpad service and start it immediately:<code>
sudo chmod ugo+x /usr/lib/systemd/system/etherpad.service
sudo systemctl enable etherpad
sudo systemctl start etherpad

</code>
  - Run following Linux shell command to install [[https://httpd.apache.org/|Apache httpd]] and [[https://httpd.apache.org/docs/current/mod/mod_ssl.html|Apache SSL Module]]:<code>
sudo yum -y install httpd mod_ssl

</code>
  - Edit **httpd.conf** file by running ''sudo vi /etc/httpd/conf/httpd.conf'' Linux shell command with following contents: <WRAP center round alert 60%>
Replace //<<Server Administrator Email address>>// \\ 
Replace //<<Website DNS>>//
</WRAP><file conf httpd.conf>
#Listen 80
ServerAdmin <<Server Administrator Email address>>
ServerName <<Website DNS>>:80
</file>
  - Run the following Linux shell command to enable Apache httpd server to start at boot as well as immediately:<code>
sudo systemctl enable httpd
sudo systemctl start httpd
</code>
  - Update DNS host record with your Domain Registrar or Domain Management Service
  - Generate CloudFlare Origin Certificate
  - Run following Linux shell commands to create certificates:<WRAP center round info 60%>
[[https://www.digicert.com/kb/csr-ssl-installation/apache-openssl.htm#ssl_certificate_install]] \\
[[https://support.cloudflare.com/hc/en-us/articles/115000479507-Managing-Cloudflare-Origin-CA-certificates]]
</WRAP><WRAP center round alert 60%>
Replace //<<domain name>>// with your website's domain name \\
Replace //<<Paste Origin Certificate>>// with Origin Certificate generated in your CloudFlare account \\
Replace //<<Paste Private Key>>// with Private Key for Origin Certificate generated in your CloudFlare account 
</WRAP><code>
sudo mkdir /usr/local/ssl
sudo vi /usr/local/ssl/<<domain name>>.crt
<<Paste Origin Certificate>>
sudo vi /usr/local/ssl/<<domain name>>.crt
<<Paste Private Key>>
sudo vi /usr/local/ssl/cloudflare.crt
<<Paste CloudFlare certificate from below>>
</code>[[https://support.cloudflare.com/hc/article_attachments/360037885371/origin_ca_rsa_root.pem]]<file txt cloudflare.crt>
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIID+rOSdTGfGcwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNV
BAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQwMgYDVQQLEytDbG91
ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMB4XDTE5MDgyMzIx
MDgwMFoXDTI5MDgxNTE3MDAwMFowgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBD
bG91ZEZsYXJlLCBJbmMuMTQwMgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wg
Q2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMw
EQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwEiVZ/UoQpHmFsHvk5isBxRehukP8DG9JhFev3WZtG76WoTthvLJFRKFCHXm
V6Z5/66Z4S09mgsUuFwvJzMnE6Ej6yIsYNCb9r9QORa8BdhrkNn6kdTly3mdnykb
OomnwbUfLlExVgNdlP0XoRoeMwbQ4598foiHblO2B/LKuNfJzAMfS7oZe34b+vLB
yrP/1bgCSLdc1AxQc1AC0EsQQhgcyTJNgnG4va1c7ogPlwKyhbDyZ4e59N5lbYPJ
SmXI/cAe3jXj1FBLJZkwnoDKe0v13xeF+nF32smSH0qB7aJX2tBMW4TWtFPmzs5I
lwrFSySWAdwYdgxw180yKU0dvwIDAQABo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYD
VR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUJOhTV118NECHqeuU27rhFnj8KaQw
HwYDVR0jBBgwFoAUJOhTV118NECHqeuU27rhFnj8KaQwDQYJKoZIhvcNAQELBQAD
ggEBAHwOf9Ur1l0Ar5vFE6PNrZWrDfQIMyEfdgSKofCdTckbqXNTiXdgbHs+TWoQ
wAB0pfJDAHJDXOTCWRyTeXOseeOi5Btj5CnEuw3P0oXqdqevM1/+uWp0CM35zgZ8
VD4aITxity0djzE6Qnx3Syzz+ZkoBgTnNum7d9A66/V636x4vTeqbZFBr9erJzgz
hhurjcoacvRNhnjtDRM0dPeiCJ50CP3wEYuvUzDHUaowOsnLCjQIkWbR7Ni6KEIk
MOz2U0OBSif3FTkhCgZWQKOOLo1P42jHC3ssUZAtVNXrCk3fw9/E15k8NPkBazZ6
0iykLhH1trywrKRMVw67F44IE8Y=
-----END CERTIFICATE-----
</file>
  - Edit **ssl.conf** file by running ''sudo vi /etc/httpd/conf.d/ssl.conf'' Linux shell command with following contents:<WRAP center round alert 60%>
Replace //<<domain name>>// with your website's domain name
</WRAP><file txt ssl.conf>
SSLCertificateFile /usr/local/ssl/<<domain name>>.crt
SSLCertificateKeyFile /usr/local/ssl/<<domain name>>.key
SSLCertificateChainFile /usr/local/ssl/cloudflare.crt

ProxyVia On
ProxyRequests Off
ProxyPreserveHost on

<Location />
    ProxyPass http://localhost:9001/ retry=0 timeout=30
    ProxyPassReverse http://localhost:9001/
</Location>
<Location /socket.io>
    # This is needed to handle the websocket transport through the proxy, since
    # etherpad does not use a specific sub-folder, such as /ws/ to handle this kind of traffic.
    # Taken from https://github.com/ether/etherpad-lite/issues/2318#issuecomment-63548542
    # Thanks to beaugunderson for the semantics
    RewriteEngine On
    RewriteCond %{QUERY_STRING} transport=websocket    [NC]
    RewriteRule /(.*) ws://localhost:9001/socket.io/$1 [P,L]
    ProxyPass http://localhost:9001/socket.io retry=0 timeout=30
    ProxyPassReverse http://localhost:9001/socket.io
</Location>

<Proxy *>
    Options FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
</Proxy>
</file>
  - Run following Linux shell command to restart Apache httpd service:<code>
sudo systemctl restart httpd
</code>
  - Edit Etherpad settings file by running Linux command ''sudo vi /usr/local/etherpad/settings.json''
  - Run following Linux command restart Etherpad service:<code>
sudo systemctl daemon-reload && sudo systemctl restart etherpad

</code>