This project showcases a Java-based Student Registration Web Application deployed using a Three-Tier Architecture on Amazon Web Services (AWS). The setup includes an NGINX Proxy Server in the public subnet, a Tomcat Application Server in the private subnet, and a MariaDB Database hosted on Amazon RDS. The Proxy Server not only handles HTTP requests but also acts as a Jump Server (Bastion Host) for secure SSH access to private-tier instances. The entire infrastructure is built inside a custom VPC using subnets, route tables, a NAT gateway, and security groups for secure communication between tiers. It demonstrates how traffic flows from users through a proxy to the application and database layers, following a real-world, scalable cloud deployment model.
Architecture Layers
● Proxy Tier (Presentation Layer): Handles client requests, routes traffic, and ensures secure external access via NGINX.
● Application Tier (Business Logic): Hosts the Java-based web application (Student Registration System) running on Apache Tomcat.
● Database Tier (Data Layer): Stores user information in a relational database managed by Amazon RDS for reliability and automated backups.
Subnets:
● Public Subnet (Proxy): 10.0.0.0/
● Private Subnet 1 (App): 10.0.16.0/
● Private Subnet 2 (DB): 10.0.32.0/
NAT Gateway: In Public Subnet with Elastic IP
Security Group Ports:
● 22 (SSH)
● 80 (HTTP)
● 8080 (Application)
● 3306 (MySQL)
Create a VPC with range 10.0.0.0/16. This creates an isolated network to host all components securely.
Create three subnets:
● Public Subnet → 10.0.0.0/20 (for Proxy Server)
● Private Subnet 1 → 10.0.16.0/20 (for App Server)
● Private Subnet 2 → 10.0.32.0/20 (for DB Server)
Create an Internet Gateway and attach it to the VPC. This allows resources in the public subnet to connect to the internet.
Update Public Route Table to add an IGW route.
Create a NAT Gateway in the Public Subnet (auto-allocate Elastic IP). It allows private instances (App, DB) to access the internet
Create Private Route table inside your VPC and add route of NAT gateway in it: Now private subnets can reach the internet through NAT.
Associate Private Subnets to the private route table. This separates internal traffic from public access.
Create a Security Group with inbound rules:
22 (SSH)
80 (HTTP)
8080 (Tomcat)
3306 (MySQL/RDS)
| Tier | Subnet | Description | Security Group |
|---|---|---|---|
| Proxy Tier | Public Subnet | NGINX Reverse Proxy | 3-Tier-SG |
| App Tier | Private Subnet 1 | Apache Tomcat Application Tier | 3-Tier-SG |
| Database Tier | Private Subnet 2 | MariaDB / RDS Database Server | 3-Tier-SG |
Also, create an RDS instance (MariaDB) in the same VPC with the same security group.
sudo yum update -y
sudo yum install nginx -y
sudo systemctl start nginx
sudo systemctl enable nginx
sudo systemctl status nginx
cd /etc/nginx
sudo vim nginx.conf
Inside the server block, add: location / { proxy_pass http://:8080/student/; }
sudo systemctl restart nginx
NGINX will now forward external traffic to your Tomcat server.
update system
install java
install tomcat
sudo yum update -y
sudo yum install java -y
wget https://dlcdn.apache.org/tomcat/tomcat-9/v9.0.98/bin/apache-tomcat-
9.0.98.tar.gz
sudo tar -xvzf apache-tomcat-9.0.98.tar.gz -C /opt
Check that tomcat is installed correctly:
Deploy your web application inside webapps:
cd /opt/apache-tomcat/webapps
wget <S3-Bucket-URL-to-App-Code>
cd /opt/apache-tomcat/bin
./catalina.sh stop
./catalina.sh start
Now open your browser to check java page:
http://Proxy-Public-IP
SSH into DB instance and take access of RDS:
sudo yum install mariadb105-server -y
mysql -h <RDS-ENDPOINT> -u admin -p
Create database and table:
CREATE DATABASE studentapp;
USE studentapp;
CREATE TABLE students (
student_id INT NOT NULL AUTO_INCREMENT,
student_name VARCHAR(100) NOT NULL,
student_addr VARCHAR(100) NOT NULL,
student_age VARCHAR(3) NOT NULL,
student_qual VARCHAR(20) NOT NULL,
student_percent VARCHAR(10) NOT NULL,
student_year_passed VARCHAR(10) NOT NULL,
PRIMARY KEY (student_id)
);
Exit MySQL:
exit;
Install JDBC connector in App server:
sudo -i
cd /opt/apache-tomcat/lib
wget <S3-Bucket-URL-to-JDBC-Connector>
Edit the context file:
cd /opt/apache-tomcat/conf
sudo vim context.xml
Add this configuration inside context block:
<Resource name="jdbc/TestDB"
auth="Container"
type="javax.sql.DataSource"
maxTotal="500"
maxIdle="30"
maxWaitMillis="1000"
username="admin"
password="redhat123!"
driverClassName="com.mysql.jdbc.Driver"
url="jdbc:mysql://<RDS-ENDPOINT>:3306/studentapp?
useUnicode=yes&characterEncoding=utf8"/>
Restart Tomcat:
cd /opt/apache-tomcat/bin
./catalina.sh stop
./catalina.sh start
Once all services are running visit: http://Proxy-Public-IP
Register new student details and submit.
| Issue | Possible Fix |
|---|---|
| Application not loading | Check NGINX logs: /var/log/nginx/error.log |
| Tomcat not starting | Verify Tomcat status with sudo systemctl status tomcat |
| Database connection failed | Ensure correct RDS endpoint, username, and password in context.xml |
| Access denied | Verify Security Group rules for ports 22, 80, 8080, and 3306 |
| Proxy not forwarding traffic | Recheck proxy_pass URL in /etc/nginx/nginx.conf |
Successfully deployed a 3-Tier Web Application on AWS with:
● Isolated VPC architecture
● Secure public and private subnets
● NAT Gateway for private internet access
● Reverse proxy with NGINX
● RDS integration for database storage
● End-to-end functional Student Registration System