Disclaimer
While Joget does not officially support running on ECS, this guide act as a proof of concept to deploy Joget on ECS. Please visit AWS official documentation website for support and information.
Prerequisites
- An AWS Account
- Installed AWS CLI
Deploy Joget on ECS
Create Elastic File Storage(EFS)
Reference: https://docs.aws.amazon.com/efs/latest/ug/gs-step-two-create-efs-resources.html
Since Fargate storage is ephemeral(volatile), you will need to utilize EFS in order to persist the storage
- Go to EFS console.
- Click Create File System.
- Choose the VPC you want to provision the EFS. Ensure that it is provisioned in the same VPC as the ECS Cluster.
- Click Create.
Create ECS Task Execution Role
Reference: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html#create-task-execution-role
- Go to Identity And Access Management(IAM) console.
- On sidebar, click Roles.
- Click Create Role.
- Choose AWS Service under Trusted Entity Type.
- Under Use Case, search and choose Elastic Container Service and choose Elastic Container Service Task and click Next.
- Under Permission Policies, choose AmazonECSTaskExecutionRolePolicy and AmazonSSMFullAccess. Then click Next.
- Enter the Role Name and Description, and review the permissions.
- Click Create Role.
Creating ECS Cluster
Reference: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-cluster-console-v2.html
- Go to Elastic Container Service(ECS) console.
- Click Create Cluster.
- Enter the Cluster Name.
- Choose the Infrastructure (Fargate, EC2, External).
- Click Create.
Create ECS Task Definition
Reference: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-task-definition.html#json-validate-for-create
- On the sidebar, click Task Definition.
- Click New Create Task Definition.
- Enter the Task Definition name.
- On Infrastructure Requirements, choose the launch type and specify the specs required.
- Under Task Role, choose the role created in Create ECS Task Execution Role.
- Under Task Execution Role, choose the role created in Create ECS Task Execution Role.
- Under container, enter the container name.
- Use jogetworkflow/joget-dx8-tomcat9 for the image.
- Enter 8080 and 9080 for Container Port.
- Add the following Environment Variable:
- Key: JAVA_OPTS
- Value: ${JAVA_OPTS_MEMORY} -Dwflow.home=${WFLOW_HOME} -Dwflow.systemkey=domain -javaagent:${LIB_HOME}/wflow-cluster.jar -javaagent:${LIB_HOME}/aspectjweaver-${ASPECTJ_VERSION}.jar -javaagent:${LIB_HOME}/glowroot/glowroot.jar "
- Under Storage, click Add Volume.
- Enter the volume name, and choose EFS as Volume Type.
- Choose the EFS on File System ID.
- Enter / as the root directory.
- Under Container Mount Points, lick Add Mount Point
- Select Container and Source Volume
- Enter Container Path as /opt/joget/wflow
- Click Create.
Create ECS Service(HTTP)
Reference: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-service-console-v2.html
If you wish to setup Joget with HTTPS right away, click here
- Click on one of the Cluster on ECS Dashboard.
- Under Services tab, click Create Service.
- Under Compute Options, choose one - If you are planning to use multiple Infrastructure, choose Capacity Provider Strategy. If you are using only one type of Infrastructure, choose Launch Type.
- On Deployment Configuration, choose Service as Application Type.
- Choose the Task Definition create above on Family dropdown.
- Enter the Desired Task number, depending on the load expected(Leave at one for testing purpose).
- Under networking, you may choose your own VPC if available. You can leave as default for testing(Ensure that the VPC chosen is the same as where the EFS being provisioned).
- Under Load Balancing, choose Application Load Balancer.
- Create or choose Existing Load Balancer.
- Enter the Load Balancer name.
- Enter 30 in the Health Check Grace Period .
- Choose container 8080:8080.
- Specify the Listener and the Target Group:
- Use port 8080 in when creating new Listener.
- Enter /jw on the Health Check path.
- Click Create.
Modify Load Balancer Properties
Update Target Group Health Check Settings
- Go to EC2 > Load Balancers > Target Group > ECS Target Group.
- Click on Health Check and click Edit.
- Change the timeout to 30 seconds and interval to 40 seconds.
- Update the healthy status code to 200-399.
- Click Save Changes.
Updating Permission on Joget wflow folder
Reference: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html
Updating ECS Service to Allow execute-command
- Open CLI/Terminal.
- Execute the following command:
aws ecs update-service --service <ecs-service> --cluster <cluster-name> --enable-execute-command --force-new-deployment
- Wait until the deployment is complete before proceeding to the next step. You can view the status through AWS Console.
Accessing Container in ECS Task
- Go to ECS Cluster and click the cluster that has been created.
- Go to Services tab and click the service that is in use.
- Go to Tasks tab and click copy icon beside the Task ID.
- Open CLI/Terminal.
- Execute the following command:
aws ecs execute-command --cluster <cluster-name> --task <task-arn> --container <container-name> --command "/bin/bash" --interactive
Note: container-name is name given to the container in Task Definition. - Once accessed the task, run:
chown -R tomcat:joget /opt/joget/wflow
- Verify the ownership of the folder by running: . Ensure that the owner would be tomcat instead of root.
Note: You will only need to go through the above steps once as the folder will be shared through EFS.
Accessing Joget Through Load Balancer
Once Joget has been deployed and the health check is complete, you can access the application through the load balancer DNS.
- Go to EC2 console > Load Balancers.
- On the Load Balancer page, click the copy icon under the DNS Name column.
- Paste the link in the browser.
Deploy Joget on ECS Fargate with HTTPS Support
Reference: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
Request SSL Certificate from Amazon Certificate Manager(ACM)
Before requesting the SSL certificate, ensure that the domain name that will be used to request the certificate has been created beforehand as it will be used for DNS validation in the following steps.
- Go to ACM Console.
- Click Request.
- Leave the selection at Request a Public Certificate.
- Enter the fully qualified domain.
- Use DNS validation as the Validation Method.
- Click Request.
- Click on the Certificate ID that has just been requested.
- Under domains, there are information regarding the DNS validation.
- If you are using Route 53, you can quickly create the record set by clicking on Create Records on Route 53.
- If you are using different DNS provider, you will need to copy the CNAME Name and CNAME Value, and create a new record set with them.
- Once you have created the record sets, the DNS will be validated. It may take a moment to propagate.
Create ECS Service(HTTPS)
- Click on one of the Cluster on ECS Dashboard.
- Under Services tab, click Create Service.
- Under Compute Options, choose one - If you are planning to use multiple Infrastructure, choose Capacity Provider Strategy. If you are using only one type of Infrastructure, choose Launch Type.
- On Deployment Configuration, choose Service as Application Type.
- Choose the Task Definition create above on Family dropdown.
- Enter the Desired Task number, depending on the load expected(Leave at one for testing purpose).
- Under Networking, you may choose your own VPC if available. You can leave as default for testing.
- Under Load Balancing, choose Application Load Balancer.
- Create or choose Existing Load Balancer.
- Enter or choose the Load Balancer name.
- Enter 30 in the Health Check Grace Period.
- For HTTPS, choose container 9080:9080.
- Specify the Listener and the Target Group:
- Use port 9080 in when creating new Listener.
- Use HTTPS protocol.
- Choose the ACM Certificate that you have requested and validated.
- Enter /jw on the Health Check path.
- Click Create.
For further deployment steps, you may continue from here.
Applying Joget License
To apply license, you may visit here.
The System Key may be different from the guide, as it is using Domain as the System Key. Regardless, the process will remain the same.