フィードバックを送信

Making Liferay Public in AWS

Now that you have Liferay installed, all that’s left is to make it publicly available and then configure HTTPS for secure communication.

Install the nginx Ingress Controller

Liferay is running, but you need an ingress controller (nginx, Traefik, or Amazon Elastic Load Balancer) to expose Liferay running on your private subnet to the public Internet. This example uses nginx.

  1. Install the nginx ingress controller:

       helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
   helm repo update
   helm upgrade nginx-ingress-controller ingress-nginx/ingress-nginx \
       --create-namespace \
       --install \
       --namespace nginx-ingress-controller \
       --set "controller.service.annotations.service\.beta\.kubernetes\.io/aws-load-balancer-backend-protocol=tcp" \
       --set "controller.service.annotations.service\.beta\.kubernetes\.io/aws-load-balancer-scheme=internal" \
       --set "controller.service.annotations.service\.beta\.kubernetes\.io/aws-load-balancer-type=nlb" \
       --set-string "controller.service.annotations.service\.beta\.kubernetes\.io/aws-load-balancer-internal=false" \
       --version 4.13.3

  2. Check to see that the Liferay workload is ready:

    kubectl rollout status statefulset liferay-default --namespace liferay-system

  3. Extract the ingress’s public hostname:

    kubectl get service nginx-ingress-controller-ingress-nginx-controller \
    --namespace nginx-ingress-controller \
    --output jsonpath='{.status.loadBalancer.ingress[0].hostname}'

  4. Use the ingress’s public hostname and a web browser to access Liferay.

  5. Retrieve Liferay’s admin password:

    kubectl get secret liferay-default \
    --namespace liferay-system \
    --output jsonpath='{.data.LIFERAY_DEFAULT_PERIOD_ADMIN_PERIOD_PASSWORD}' \
    | base64 --decode

  6. Log into Liferay using test@liferay.com for the email and the password you retrieved.

Congratulations! You now have access to your own Liferay DXP installation on AWS!

Configure for Production

To make your installation ready for use, you must

  • Add a license
  • Configure domains and certificates

To configure a domain, you must have already registered an existing domain with DNS records that resolve to the AWS load balancer you created when you provisioned the ingress controller. You must also have a valid TLS certificate.

Note

Make sure you use the --reuse-values flag in the commands below and whenever you perform additive value updates with helm upgrade. This flag preserves existing values, only merging new overrides you create via --set and --values flags.

Edit the values.yaml file to reflect all desired release values. This avoids unintentionally losing release state.

  1. Specify the path to your license in place of [Your License Here] below:

    helm upgrade liferay "${DXP_CHART}" \
    --namespace liferay-system \
    --reuse-values \
    --set "liferay-default.customEnv.x-aws[0].name=LIFERAY_DISABLE_TRIAL_LICENSE" \
    --set "liferay-default.customVolumeMounts.x-aws[0].mountPath=/etc/liferay/mount/files/deploy/license.ml" \
    --set "liferay-default.customVolumeMounts.x-aws[0].name=liferay-configmap" \
    --set "liferay-default.customVolumeMounts.x-aws[0].subPath=license.xml" \
    --set-file "liferay-default.configmap.data.license\.xml=[Your License Here]" \
    --set-string "liferay-default.customEnv.x-aws[0].value=true"

  2. Gather your hosts, secret name, certificate, and key file paths.

  3. Upgrade the Liferay Helm installation with your ingress TLS configuration, specifying the items in the step above in place of the variables:

       helm upgrade liferay "${DXP_CHART}" \
       --namespace liferay-system \
       --reuse-values \
       --set "liferay-default.ingress.className=nginx" \
       --set "liferay-default.ingress.enabled=true" \
       --set "liferay-default.ingress.rules[0].http.paths[0].backend.service.name=liferay-default" \
       --set "liferay-default.ingress.rules[0].http.paths[0].backend.service.port.name=http" \
       --set "liferay-default.ingress.rules[0].http.paths[0].path=/" \
       --set "liferay-default.ingress.rules[0].http.paths[0].pathType=ImplementationSpecific" \
       --set "liferay-default.ingress.tls[0].secretName=${SECRET_NAME}" \
       --set "liferay-default.service.type=ClusterIP" \
       --set-file "liferay-default.ingress.tls[0].cert=${CERT_FILE_PATH}" \
       --set-file "liferay-default.ingress.tls[0].key=${KEY_FILE_PATH}" \
       --set-string "liferay-default.ingress.rules[0].host=${HOST_1}" \
       --set-string "liferay-default.ingress.tls[0].hosts[0]=${HOST_1}"

  4. Use your web browser to verify HTTPS works and the certificate has been applied.

Note

Note that when you reconfigure the ingress, you must specify all the operations because Helm does not allow entry edits. If you fail to specify all values, Helm recreates the entries, and you lose configuration.

Capability:
Cloud
DXP Self-Hosted Installation, Maintenance, and Administration
Resource Type:
Official Documentation
Deployment Approach:
Liferay PaaS
Liferay Self-Hosted