Amazon AWS Hosted Web Site, start to finish

From Colettapedia
Jump to: navigation, search

Concepts

  • EC2 compute units - a benchmark for compute power: a 2007-era 1 Ghz Opteron processor
  • t1.micro instance - used for applications that require infrequent performance spikes, like low traffic blogs.

Buy the Domain

Initial EC2 Setup

Create Key Pair for SSHing

  • Not possible to specify password when logging into instance, need public key (btw which only works for the region it was created):
  1. Open up Amazon Web Services Console
  2. Open up EC2 Console
  3. Choose your correct region via navigation bar at the top right
  4. On the left navigation pane under "NETWORK & SECURITY," choose Key Pairs
  5. Click Create Key Pair, choose a name for the key pair, probably including the region for which the key pair was created. A .pem file will automatically be downloaded locally. chmod 400 the file. Need to specify the .pem file when SSHing.

Create Security Group

  • Looks like EC2 is pedantic about who can connect. Need to create a white list of which IPs the instance can communicate, both inbound and outbound (ingress and egress filtering). Need to put your IP on the list.
  • checkip.amazonaws.com is pretty simple
  • Command line utility traceroute is helpful in figuring out ISP, also has built in IP utility
  1. Open up EC2 Console
  2. If necessary, choose your correct region via navigation bar at the top right
  3. On the left navigation pane under "NETWORK & SECURITY," choose Security Groups
  4. Click Create Security Group, and fill in the details
  5. Click on the Inbound tab and add Rules for HTTP (source=0.0.0.0), HTTPS (source=0.0.0.0), and SSH (your ip address with your.ip.address.boom/32) (always /32 if its your local machine, apparently)

Launch an instance

  1. Console, launch instance
  2. Top choice should be Amazon Linux AMI, default is 64bit instance (Figure out the difference between EBS and HVM)
  3. Micro instance is free tier eligible, selected by default
  4. Click Review and Launch
  5. Edit security group and select the one your just created, then click Review and Launch
  6. Click Launch, bringing up the Key Pair dialog, and select the one you just created, or create a new pair, or select the option not to specify pair
  7. The instance will show up on the dashboard.

Enable billing alert

  • Will let you know when your 12 months are over and your bill will exceed $0.00
  • New style is in the console navigation under Services->Billing
  • Services->CloudWatch, create alarm when billing rises above $0 (Don't forget to change the >= operator to a >)
  • Use 6 hour period, or it might trip the alarm for insufficient data

Connect To Your Instance

  1. Get the public DNS via console, something like ec2-184-73-8-87.compute-1.amazonaws.com
  2. ssh -i /path/key_pair.pem ec2-user@public_dns_name
  3. Edit your ~/.ssh/config file so that you don't have to type in a fuck load of shit

Installing LAMP Web Server

  1. sudo yum update -y
  2. yum grouplist, to see what groups are available
* ec2-user@ip-10-166-48-198 ~
$ yum grouplist
Loaded plugins: priorities, update-motd, upgrade-helper
There is no installed groups file.
Maybe run: yum groups mark convert
Available Groups:
   Console internet tools
   DNS Name Server
   Development Libraries
   Development tools
   Editors
   FTP Server
   Java Development
   Legacy UNIX compatibility
   Mail Server
   MySQL Database
   MySQL Database client
   NFS file server
   Network Servers
   Networking Tools
   PHP Support
   Performance Tools
   Perl Support
   PostgreSQL Database client (version 8)
   PostgreSQL Database server (version 8)
   Scientific support
   System Tools
   TeX support
   Technical Writing
   Web Server
   Web Servlet Engine
Done
  1. sudo yum groupinstall -y "Web Server" "MySQL Database" "PHP Support"
  2. sudo yum install -y php-mysql
  3. sudo service httpd start
  4. sudo chkconfig httpd on to configure Apache to start on boot
  5. chkconfig --list httpd to check runlevels (2, 3, 4, and 5 is desired)
  6. Connect to instance's public DNS to check that it's working

Allow ec2-user to manip web files

  1. sudo groupadd www
  2. sudo usermod -a -G www ec2-user
  3. Logout and log back in to pick up the new group. Type groups to check.
  4. sudo chown -R root:www /var/www changes group ownership of the web dir to www group
  5. sudo chmod 2775 /var/www; find /var/www -type d -exec sudo chmod 2775 {} +
  6. find /var/www -type f -exec sudo chmod 0664 {} +
  7. echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php, check it, and then delete it.

Secure MySQL server

  1. sudo service mysqld start
  2. sudo mysql_secure_installation
    1. Current rot pw by default is nothing so just press enter
    2. Y to set a new pw
    3. Enter new pw twice
    4. Y to the rest of the questions

Create Volume for Website to sit on

  • Directions
  • Create the volume in the EC2 dashboard, then "Attach" the volume
  • lsblk
  • sudo mkfs -t ext4 /dev/xvdg
  • sudo vim /etc/fstab
  • sudo mount -a

Make the Volume bigger later

  • sudo file -s /dev/xvd*
  • lsblk
  • sudo growpart /dev/xvda 1
  • sudo /sbin/growpart /dev/xvda 1
  • sudo /bin/growpart /dev/xvda 1
  • sudo /usr/bin/growpart /dev/xvda 1
  • yum search growpart
  • sudo yum install cloud-disk-utils
  • which growpart
  • sudo growpart /dev/xvda 1
  • df -h
  • lsblk
  • sudo resize2fs /dev/xvda1
  • df -h

Setup WordPress

  1. wget https://wordpress.org/latest.tar.gz; tar zxvf latest.tar.gz

Setup MySQL user

  1. mysql -u root -p
    1. CREATE USER 'wordpress-user'@'localhost' IDENTIFIED BY 'some_other_pw';
    2. CREATE DATABASE `wordpress-db`;
    3. GRANT ALL PRIVILEGES ON `wordpress-db`.* TO "wordpress-user"@"localhost";
    4. FLUSH PRIVILEGES;
    5. exit

Create and Edit the wp-config.php file

  1. cd wordpress; cp wp-config-sample.php wp-config.php
  2. vim wp-config.php
    1. define('DB_NAME', 'wordpress-db');
    2. define('DB_USER', 'wordpress-user');
    3. define('DB_PASSWORD', 'your_strong_password');
    4. Go to https://api.wordpress.org/secret-key/1.1/salt to generate unique keys and paste in

Move all files to web server root

  1. mv * /var/www/html/

Visit the site in your browser and fill in all the details

Change server settings to allow for file uploads

Wordpress image upload

  1. cd /etc/httpd/conf
  2. sudo cp httpd.conf httpd.conf.old
  3. sudo vim httpd.conf
  4. Change the group Apache is running under to www. Save and exit vim.
  5. sudo service httpd restart
  6. cd /var/www/html
  7. chgrp -R www wp-content
  8. Navigate to your website and try making a post where you upload a picture

Mediawiki image upload

  • sudo chown -R ec2-user:www images; chmod -R g+w images

DNS Configuration with AWS Route 53

General Steps

  1. Allocate and elastic IP and associate it with an instance and it's the elastic IP that gets associated in the DNS A record. Note the public DNS name of the instance changes to match that of the elastic IP.
  2. Register your domain name with a domain name registrar. For a list of the registrars that you can use to register your domain name, go to ICANN.org.
  3. In the Route 53 console, create a hosted zone.
  4. Using the tools provided by your domain name registrar, update the registrar's name server (NS) records with the four name servers that we assigned to your Route 53 hosted zone. Name servers are listed in the Route 53 console.
  5. In the Route 53 console, add record sets to your hosted zone.

Create Route 53 Hosted Zone

  1. Go into Route 53 from Console
  2. Click "Create Hosted Zone", fill in the details
  3. Create "Resource Record Sets"
    1. In Route 53 Console, double-click on hosted zone; Two Record Sets are created: NS (name server) and SOA (Start of Authority)
    2. Put the Delegation Set into the Nameservers of your domain registrar (in my case, mydomain.com)
    3. Route the query to the Amazon EC2 instance by creating another record set, type A, and put the public IP for the instance in there
    4. Put a CNAME (Canonical name) record redirecting www.yourdomain.com to the canonical yourdomain.com

Install Google Analytics

  • Get plugin link from plugin page here
  • wget and unzip the file in the /var/www/html/wp-content/plugins directory
  • Login to the website, and activate the plugin
  • While logged into Google Analytics, create new account, then new property, then refresh the account in WordPress

Configure FTP to allow updates

  1. sudo yum install vsftpd
  2. In EC2 security groups add two custom TCP rules, allow ports 20-21 and 1024-1048 from anywhere
  3. sudo vim /etc/vsftpd/vsftpd.conf and add the things in the steps
  4. sudo /etc/init.d/vsftpd restart
  5. make sure the ftpuser has group writing rights: sudo useradd someftpuser; sudo passwd someftpuser; sudo usermod -G www -a someftpuser
  6. Put the following code in wp-config.php as needed:
define( 'FS_METHOD', 'ftpext' );
define( 'FTP_BASE', '/path/to/wordpress/' );
define( 'FTP_CONTENT_DIR', '/path/to/wordpress/wp-content/' );
define( 'FTP_PLUGIN_DIR ', '/path/to/wordpress/wp-content/plugins/' );
define( 'FTP_PUBKEY', '/home/username/.ssh/id_rsa.pub' );
define( 'FTP_PRIKEY', '/home/username/.ssh/id_rsa' );
define( 'FTP_USER', 'username' );
define( 'FTP_PASS', 'password' );
define( 'FTP_HOST', 'ftp.example.org' );
define( 'FTP_SSL', false );
  • after - configure vsftp service to start on boot/restart

wp-cli

  • Install WordPress CLI - good for doing db dumps, etc
    • download the php file, chmod +x it, put it in path

Commands

  • wp user list
  • wp plugin list
  • wp core update
  • wp core update-db
  • wp plugin status
  • wp plugin update --all
  • wp theme update --all
  • wp plugin install rsvp
  • wp db export ~/backups/database/20140413_mavisandchris_backup.sql
  • wp comment delete $(wp comment list --format=ids)

Take A Snapshot of AMI

  • do it.

Enable sending email

  1. Make sure you have an elastic IP address allocated to you instance
  2. fill out this form.

Other Stuff

  • Amazon S3
  • Git not available by default: sudo yum install git
  • Add swap space for when you need more than 613MB of memory
  • Change the timezone of your site via Settings->General-Timezone
  • Change the permalink settings to use the page name
    • requires editing your /etc/httpd/conf/httpd.conf, changing AllowOverride All
  • The checkbox to allow/disallow comments on a per page basis is hidden from the edit page/post by default. Find the Screen options button to show other options for publishing the page, including comments
  • W3 Total Cache -looks good, comes highly recommended.
  • WP Fastest Cache - also looks good
  • Reboot instance - EC2 management->Instances->Actions->reboot = best to do this instead of rebooting on the command line.
  • migrate

November 2017 Update

  • Install certbot from [1]
    • service nginx stop - the certbot has to be able to bind to ports 80 and 443, and can't do that while server is running
    • ./certbot-auto certonly --standalone --debug -d chriscoletta.com
  • yum install -y nginx
  • chkconfig nginx on
  • yum install php71 php71-mbstring php71-mysqlnd php71-fpm
  • NGINX conf is at /etc/nginx/nginx.conf
    • openssl dhparam -out /etc/pki/nginx/dhparams.pem 4096
  • sudo service nginx start; sudo service php-fpm start