wordpress on AWS EC2 in 5 minutes

Setup AWS EC2 Instance

  1. sign up for amazon ec2 – http://aws.amazon.com/ec2/
  2. go to AWS management console https://console.aws.amazon.com/console/home
  1. Choose EC2 from AWS management console
  2. Click on Launch Instance
  3. Choose Classic Wizard and hit Continue
  4. Select Amazon Linux AMI (there are several other options)
  5. Choose Micro (t1 micro, 163 MiB) which is the free tier EC2
  6. Make sure you enter a short description for “User Data”
  7. Review the details on the next page and hit Continue
  8. Make sure you enter something for the Tag
  9. Create a new key pair for authentication
  10. create a new security group and make sure general ports such as 22(SSH), 80(HTTP), 443(HTTPS) and 8080(TOMCAT) are open
  11. hit “Launch” and you’re done with setting up an EC2 instance
  12. Create an Elastic IP (EIP) – select EIP used in “EC2”
  13. Associate the EIP to the EC2 instance that you just launched
  14. connect to the instance as “ec2-user” There are couple ways to do so from management console, simply right click on the instance and choose “connect”
    • or you can simply use SSH client like putty. Make sure you convert PEM file to PPK which is supported by putty

Apache, MySQL and PHP

  1. install packages you need with yum
    • yum install mlocate
    • yum install httpd24
    • yum install php54
    • yum install php54-mysql
    • yum install php54-gd (php GD graphic library)
    • yum install mysql-server
  2. Start services and ensure apache and mysql run when ec2 is booted
    • service httpd start
    • service mysqld start
    • chkconfig httpd on
    • chkconfig mysqld on
  3. Now you have a LAMP stack

Linux Configuration

  1. create new user and disable ec2-user access
  2. as root
    • adduser newuser
  3. su – newuser
  4. as newuser
    • mkdir .ssh
    • chmod 700 .ssh
    • touch .ssh/authorized_keys
    • chmod 600 .ssh/authorized_keys
    • vim .ssh/authorized_keys (add public key here)
  5. as root
    • visudo
    • newuser ALL=(ALL) NOPASSWD:ALL
    • disable ec2-user as sudoers /etc/sudoer.d/cloud-init
    • disable ec2-user login /etc/passwd
    • ec2-user:x:500:500:EC2 Default User:/home/ec2-user:/bin/bash
    • ec2-user:x:500:500:EC2 Default User:/home/ec2-user:/sbin/nologin
  6. setup ssh-agent forwarding if you plan to connect from your ec2 instance to another

WordPress setup

  1. Download and extract wordpress
  2. Create mysql database
    • # mysqladmin -uroot create blog
    • # mysql_secure_installation
      • Set root password? [Y/n] y
      • Remove anonymous users? [Y/n] y
      • Disallow root login remotely? [Y/n] n
      • Remove test database and access to it? [Y/n] y
      • Reload privilege tables now? [Y/n] y
  3. Configure wordpress
    • # cd /var/www/html
    • # mv wp-config-sample.php wp-config.php
    • # vi wp-config.php
      • define(‘DB_NAME’, ‘blog’);
        define(‘DB_USER’, ‘root’);
        define(‘DB_PASSWORD’, ‘YOUPASSWORD‘);
        define(‘DB_HOST’, ‘localhost’);
  4. Install wordpress from browser http://YOUR_ELASTIC_IP (which will be redirected to http://YOUR_ELASTIC_IP/wp-admin/install.php
  5. To enable permlinks, be sure to modify /etc/httpd/conf/httpd.conf and enable override option:
    •     AllowOverride All
    • sample .htaccess for wordpress:
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
  1. Optional step: Point your domain name to the EC2. For example I am a godaddy subscriber. what I need to do is simply pointing “A” record to the elastic IP
  1. ALL SET!!

WordPress 中文化

  • 通過 FTP、SSH 等方式打开并编辑站点根目录下的 wp-config.php
  • 查找 define('WPLANG', ''); 一行,在第二个参数处填入 zh_TW,变成 define('WPLANG', 'zh_TW'); 并保存文件
  • 进入站点控制板(dashboard),看到更新提示后进行升级即可。WordPress 会自动从官方网站下载中文语言包并安装
  • 多語言版下載 http://codex.wordpress.org/WordPress_in_Your_Language

MySQL worklog

  1. get default root password at /root/.mysql_secret
  2. mysql -u root -p
  3. mysql> CREATE USER 'wordpress-user'@'localhost' IDENTIFIED BY 'your_strong_password';
  4. enable root remote access 
    1. GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION
  5. install mysql
  6. install phpMyAdmin
  7. execute examples/create_tables.sql – it will create a database called phpmyadmin
  8. create a pm user and give access to phpmyadmin db.
  9. enable advanced features in config.inc.php
  10. make sure PHP MySQL library coincides with mysql server version.
  11. make sure following extensions are enabled:
  • mbstring (yum install php53-mbstring –nogpgcheck)
  • mcrypt (yum install php53-mcrypt –nogpgcheck)
  • restart apache

WordPress on Https

  • use following in wp-config.php

define(‘FORCE_SSL_ADMIN’, true);

  • setup site monitor https://uptimerobot.com/
  • run SSL test at https://www.ssllabs.com/ssltest/analyze.html?d=www.steamedbun.xyz

Enable SSL on Apache

  1. create CSR. use https://csrgenerator.com/ or http://www.thegeekstuff.com/2009/07/linux-apache-mod-ssl-generate-key-csr-crt-file/
  2. setup apache – http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html#ssl_enable
  3. https://guillaumemaka.com/2015/05/06/install-your-comodo-certificates-to-amazon-aws.html

ssl.conf

SSLCertificateFile /etc/pki/tls/certs/www_steamedbun_xyz.crt

SSLCertificateKeyFile /etc/pki/tls/private/www_steamedbun_xyz.key

cp /home/ec2-user/www_steamedbun_xyz.key /etc/pki/tls/private/

cp /home/ec2-user/www_steamedbun_xyz.crt /etc/pki/tls/certs/

chown root:root /etc/pki/tls/private/www_steamedbun_xyz.key /etc/pki/tls/certs/www_steamedbun_xyz.crt

chmod 600 /etc/pki/tls/private/www_steamedbun_xyz.key /etc/pki/tls/certs/www_steamedbun_xyz.crt

If prompted for ftp login when trying to update wordpress:

  • put following in wp-config.php

define(‘FS_METHOD’, ‘direct’);

Upload file size limit

/etc/php.ini

upload_max_filesize = 10M
post_max_size = 10M

https://www.drupal.org/docs/7/managing-site-performance-and-scalability/increase-upload-size-in-your-phpini

Enable dashboard theme-editor

in wp-config.php

define(‘DISALLOW_FILE_EDIT’, true);

Linux Related

set timezone

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html#change_time_zone

PHP 7 Installation on CentOS6.9

https://webtatic.com/packages/php70/

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm
yum install php70w php70w-opcache

References

  1. https://premium.wpmudev.org/blog/set-up-wordpress-like-a-pro 
  2. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-users.html
  3. https://serverfault.com/questions/599357/how-does-amazon-ec2-user-get-its-sudo-rights
  4. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#retrieving-the-public-key
  5. https://hashnode.com/post/users-and-ssh-setup-on-aws-ec2-best-practices-cj4bd8wpi0063zmk9mkivpoyu
  6. SSH forwarding http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#fwd
    1. https://www.digitalocean.com/community/tutorials/how-to-use-pageant-to-streamline-ssh-key-authentication-with-putty
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w
Cancel

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: