๐ AWS 3-Tier Architecture Deployment: NGINX + Tomcat + MySQL RDS

Table of contents
- ๐งฑ Architecture Overview
- ๐ฏ Objective
- ๐ ๏ธ Step-by-Step Implementation
- 1. Launch AWS EC2 Instances
- 2. Set Up Nginx as a Reverse Proxy
- 3. Set Up Tomcat with Java Application
- 4. Create an AWS RDS MySQL Database
- 5. Configure Tomcat to Use MySQL
- 6. Validate Your Deployment
- 7. Wrap-Up: What You've Achieved
- ๐ธ Screenshots
- โ Outcome
- ๐ง Key Learnings
- ๐ฎ Whatโs Next?

Welcome to Day 29 of my #90DaysOfCloud journey!
Today, we built a Three-Tier Web Application architecture on AWS using:
๐ NGINX as a reverse proxy
๐ง Java Web App deployed on Apache Tomcat
๐๏ธ MySQL on Amazon RDS as the database layer
This setup demonstrates a scalable and secure architecture that separates the presentation, application, and data layers.
๐งฑ Architecture Overview
Internet (Browser)
โ
โโโโโโโโโโโโโโ
โ NGINX โ โ Public Subnet (EC2)
โโโโโโโฌโโโโโโโ
โ
โโโโโโโผโโโโโโโ
โ Tomcat โ โ Private Subnet (EC2)
โโโโโโโฌโโโโโโโ
โ
โโโโโโโผโโโโโโโ
โ RDS MySQL โ โ Private Subnet (RDS)
โโโโโโโโโโโโโโ
๐ฏ Objective
Deploy a Java-based registration app in a 3-tier architecture using:
A reverse proxy (NGINX) in public subnet
A Tomcat server (EC2) in a private subnet
A MySQL database hosted on AWS RDS
๐ ๏ธ Step-by-Step Implementation
This tutorial will walk you through deploying a classic three-tier application (Nginx + Tomcat + MySQL RDS) on AWS. Each step lists all the required commands, configuration details, and helpful comments for publishing as an in-depth Hashnode blog.
1. Launch AWS EC2 Instances
Create two EC2 instances:
Nginx Server
Tomcat Application Server
Open the following ports in your EC2 security groups:
Nginx: 80 (HTTP), 22 (SSH)
Tomcat: 8080 (Tomcat), 22 (SSH)
Ensure both instances are in the same VPC/subnet for internal communication.
2. Set Up Nginx as a Reverse Proxy
On the Nginx EC2 instance:
# Update the system
sudo yum update -y
# Install Nginx
sudo yum install nginx -y
# Enable and start Nginx
sudo systemctl enable nginx
sudo systemctl start nginx
# Check Nginx status
sudo systemctl status nginx
Configure Nginx to Proxy to Tomcat:
Find your Tomcat server's private IP. Edit the Nginx config:
sudo vim /etc/nginx/nginx.conf
Add this server block above the closing }
for the http block:
server {
listen 80;
location / {
proxy_pass http://<Private-IP-of-Tomcat-Server>:8080/student/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
Replace <Private-IP-of-Tomcat-Server>
with your Tomcat instance's private IP.
Reload Nginx:
sudo nginx -t # Confirm no syntax errors
sudo systemctl reload nginx
3. Set Up Tomcat with Java Application
On the Tomcat EC2 instance:
# Install Java
sudo yum install java-1.8.0-openjdk -y
java -version # Should print Java version info
# Download and extract Tomcat 9 (latest version link: https://tomcat.apache.org/download-90.cgi)
cd /opt
sudo curl -O https://downloads.apache.org/tomcat/tomcat-9/v9.0.85/bin/apache-tomcat-9.0.85.tar.gz
sudo tar -xvzf apache-tomcat-9.0.85.tar.gz
sudo mv apache-tomcat-9.0.85 tomcat9
# Start Tomcat
cd /opt/tomcat9/bin
sudo ./startup.sh
# (Optional) Check Tomcat running
curl http://localhost:8080
Deploy the Application:
cd /opt/tomcat9/webapps
sudo curl -O https://s3-us-west-2.amazonaws.com/studentapi-cit/student.war
Restart Tomcat if needed:
cd /opt/tomcat9/bin
sudo ./shutdown.sh
sudo ./startup.sh
4. Create an AWS RDS MySQL Database
Go to AWS RDS console.
Launch a new MySQL instance.
Set DB name:
studentapp
Record your endpoint, username, and password
Make it accessible to EC2 (adjust VPC security group).
On Tomcat EC2:
# Install MySQL client to connect to RDS
sudo yum install mysql -y
# Connect to RDS (replace placeholders)
mysql -h <rds-endpoint> -u <username> -p
Run these SQL commands:
sql
CREATE DATABASE studentapp;
USE studentapp;
CREATE TABLE IF NOT EXISTS students(
student_id INT NOT NULL AUTO_INCREMENT,
student_name VARCHAR(100) NOT NULL,
student_addr VARCHAR(100) NOT NULL,
student_age VARCHAR(3) NOT NULL,
student_qual VARCHAR(20) NOT NULL,
student_percent VARCHAR(10) NOT NULL,
student_year_passed VARCHAR(10) NOT NULL,
PRIMARY KEY (student_id)
);
5. Configure Tomcat to Use MySQL
Download JDBC Driver:
cd /opt/tomcat9/lib
sudo curl -O https://s3-us-west-2.amazonaws.com/studentapi-cit/mysql-connector.jar
Edit Tomcatโs context configuration:
sudo vi /opt/tomcat9/conf/context.xml
Add (inside the <Context>
block):
xml
<Resource name="jdbc/TestDB" auth="Container" type="javax.sql.DataSource"
maxTotal="500" maxIdle="30" maxWaitMillis="1000"
username="admin" password="your_password" driverClassName="com.mysql.cj.jdbc.Driver"
url="jdbc:mysql://<rds-endpoint>:3306/studentapp?useUnicode=yes&characterEncoding=utf8"/>
Replace admin
, your_password
, and <rds-endpoint>
with your values.
Restart Tomcat:
cd /opt/tomcat9/bin
sudo ./shutdown.sh
sudo ./startup.sh
6. Validate Your Deployment
Open your browser and go to
http://<Nginx-EC2-public-IP>/
Fill the student registration form; check if the data is saved to the MySQL RDS DB.
7. Wrap-Up: What You've Achieved
Nginx proxy routes web traffic to Tomcat.
Java app on Tomcat stores data in MySQL RDS.
End-to-end AWS deployment using EC2, RDS, Nginx, Tomcatโwith all commands and config steps included.
๐ธ Screenshots
Screenshot of Registration Page
Nginx
Tomcat WAR Deployment
RDS Table Data
โ Outcome
By the end of this setup, you've:
Configured a secure 3-tier infrastructure on AWS
Connected your Java web app to a MySQL RDS backend
Set up NGINX to route frontend requests to backend logic
๐ง Key Learnings
Using NGINX for request forwarding and load isolation
Deploying and managing Tomcat-based Java apps
Using Amazon RDS for managed, scalable MySQL storage
Applying network security best practices (private subnets, SGs)
๐ฎ Whatโs Next?
๐ Day 30 Preview:
๐๏ธ S3 โ Store and manage data in highly scalable object storage
โก AWS Lambda โ Serverless compute to run code without provisioning servers
Subscribe to my newsletter
Read articles from Pratik Das directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
