Deploying a POCO REST API Server to AWS EC2

4 minute read.

In Mul­ti­play­er Net Ad­ven­tures I de­ployed a POCO based Web­Sock­et serv­er to Dig­i­tal Ocean 3.

Now I need to de­ploy a POCO-based 4 REST­ful Web Ser­vice and I chose to learn about Ama­zon AWS in the process. Hence, I will be de­ploy­ing to EC2 and us­ing letsen­crypt for SSL en­cryp­tion.

Set­ting Up EC2

If you head over to the EC2 page, you can eas­i­ly spin up a small EC2 in­stance for free. Just sign in to the Dash­board and click “Launch In­stance”, it will take you through the nec­es­sary set­up.

In the process you will al­so gen­er­ate a key­pair to ac­cess your in­stance and a se­cu­ri­ty group to con­trol in­com­ing traf­fic to your in­stance for SSH and HTTPS.


With your key­pair, you can now SSH in­to your in­stance. I found the AWS doc­u­men­ta­tion to be very thor­ough and help­ful. You can find in­for­ma­tion on how to con­nect to your in­stance on this page. It will guide you through any com­bi­na­tion of host and in­stance OS and al­so tell you how to con­vert the key for PuT­TY on Win­dows for ex­am­ple.

Find the user­name you need to con­nect with in the above doc­u­ment aswell.

Get­ting Cer­tifi­cates

Let’s En­crypt of­fers free au­to­mat­ic cer­tifi­cates that can be ac­quired with scripts avail­able for ba­si­cal­ly ev­ery sys­tem through Cert­bot.

Make sure to add a tem­po­rary in­bound rule—to al­low HTTP for the cer­tifi­cate chal­lenge— to your se­cu­ri­ty group.

Run­ning a POCO Ap­pli­ca­tion

You will ob­vi­ous­ly need to com­pile POCO and your ap­pli­ca­tion for the sys­tem and dis­tri­bu­tion you chose for your in­stance. Choos­ing a more re­cent sys­tem ver­sion will save you some has­sle about com­pil­ing with an old­er ver­sion of GCC, so keep that in mind.

I want­ed to avoid clut­ter­ing my EC2 in­stance with com­pil­ers, cmake, and de­vel­op­ment li­braries, so I set up Git­lab CI to build on a dock­er im­age for my sys­tem.

De­ploy­ing from Git­lab CI on­to an AWS EC2 in­stance is a mat­ter of cre­at­ing an­oth­er key­pair, en­sur­ing the se­cu­ri­ty groups are con­fig­ured to al­low SSH traf­fic from your Git­lab CI run­ners (or the Git­ shared run­ners) and then us­ing the fol­low­ing con­fig:

image: <system>
stage: deploy
   - tags
   - eval $(ssh-agent -s)
   - echo "$SSH_PRIVATE_KEY" > key.pem
   - chmod 0400 key.pem
   - ssh-add key.pem
   - scp -i key.pem -oStrictHostKeyChecking=no -r install/* ${SERVER}:/destination/dir/
   - build:<system>
when: on_success

Where ${SERVER} is the same des­ti­na­tion you used to con­nect via SSH, in­clud­ing user­name, e.g. username@, and the ${SSH_PRIVATE_KEY} vari­able con­tains your pri­vate key.

Con­fig­ur­ing your POCO Ap­pli­ca­tion

To al­low your POCO ap­pli­ca­tion to use the fresh­ly ac­quired cer­ti­fi­cat, you need to have a .properties file.

This con­fig­u­ra­tion worked for me (make sure to re­place <domain> ap­pro­pri­ate­ly):

openSSL.server.privateKeyFile = /etc/letsencrypt/live/<domain>/privkey.pem
openSSL.server.certificateFile = /etc/letsencrypt/live/<domain>/fullchain.pem
openSSL.server.verificationMode = none
openSSL.server.loadDefaultCAFile = true
openSSL.server.cipherList = HIGH:MEDIUM:!aNULL:!EC4:!MD5:!SEED:!IDEA = KeyFileHandler
openSSL.server.privateKeyPassphraseHandler.options.password = <password> = AcceptCertificateHandler
openSSL.server.extendedVerification = false
openSSL.server.cacheSessions = true
openSSL.server.sessionIdContext = ${}
openSSL.server.sessionCacheSize = 100
openSSL.server.requireTLSv1 = false
openSSL.server.disableProtocols = sslv2

This re­quires you to have the ap­pli­ca­tion load prop­er­ty files and use HTTPS, which in turn re­quires ini­tial­iz­ing SSL. If you are in­ter­est­ed in a walk­through, give me a hint through so­cial me­dia or email.

Here’s a re­fer­al link. Use it to get 10$ to start off with.
POCO – C++ li­braries for build­ing net­work- and in­ter­net-based ap­pli­ca­tions