Setup AWS EC2 Instance
- sign up for amazon ec2 – http://aws.amazon.com/ec2/
- go to AWS management console https://console.aws.amazon.com/console/home
- Choose EC2 from AWS management console
- Click on Launch Instance
- Choose Classic Wizard and hit Continue
- Select Amazon Linux AMI (there are several other options)
- Choose Micro (t1 micro, 163 MiB) which is the free tier EC2
- Make sure you enter a short description for “User Data”
- Review the details on the next page and hit Continue
- Make sure you enter something for the Tag
- Create a new key pair for authentication
- create a new security group and make sure general ports such as 22(SSH), 80(HTTP), 443(HTTPS) and 8080(TOMCAT) are open
- hit “Launch” and you’re done with setting up an EC2 instance
- Create an Elastic IP (EIP) – select EIP used in “EC2”
- Associate the EIP to the EC2 instance that you just launched
- connect to the instance as “ec2-user” There are couple ways to do so from management console, simply right click on the instance and choose “connect”
- or you can simply use SSH client like putty. Make sure you convert PEM file to PPK which is supported by putty
Apache, MySQL and PHP
- install packages you need with yum
- yum install mlocate
- yum install httpd24
- yum install php54
- yum install php54-mysql
- yum install php54-gd (php GD graphic library)
- yum install mysql-server
- Start services and ensure apache and mysql run when ec2 is booted
- service httpd start
- service mysqld start
- chkconfig httpd on
- chkconfig mysqld on
- Now you have a LAMP stack
Linux Configuration
- create new user and disable ec2-user access
- as root
- adduser newuser
- su – newuser
- as newuser
- mkdir .ssh
- chmod 700 .ssh
- touch .ssh/authorized_keys
- chmod 600 .ssh/authorized_keys
- vim .ssh/authorized_keys (add public key here)
- as root
- visudo
- newuser ALL=(ALL) NOPASSWD:ALL
- disable ec2-user as sudoers /etc/sudoer.d/cloud-init
- disable ec2-user login /etc/passwd
- ec2-user:x:500:500:EC2 Default User:/home/ec2-user:/bin/bash
- ec2-user:x:500:500:EC2 Default User:/home/ec2-user:/sbin/nologin
- setup ssh-agent forwarding if you plan to connect from your ec2 instance to another
WordPress setup
- Download and extract wordpress
- # cd /var/www/
- # wget http://wordpress.org/latest.tar.gz
- # tar -xvzf latest.tar.gz
- # rm -rf html
- # mv wordpress html
- # chown -R apache:root html
- Create mysql database
- # mysqladmin -uroot create blog
- # mysql_secure_installation
- Set root password? [Y/n] y
- Remove anonymous users? [Y/n] y
- Disallow root login remotely? [Y/n] n
- Remove test database and access to it? [Y/n] y
- Reload privilege tables now? [Y/n] y
- Configure wordpress
- # cd /var/www/html
- # mv wp-config-sample.php wp-config.php
- # vi wp-config.php
-
define(‘DB_NAME’, ‘blog’);define(‘DB_USER’, ‘root’);define(‘DB_PASSWORD’, ‘YOUPASSWORD‘);define(‘DB_HOST’, ‘localhost’);
-
- Install wordpress from browser http://YOUR_ELASTIC_IP (which will be redirected to http://YOUR_ELASTIC_IP/wp-admin/install.php
- To enable permlinks, be sure to modify /etc/httpd/conf/httpd.conf and enable override option:
- AllowOverride All
- sample .htaccess for wordpress:
- Optional step: Point your domain name to the EC2. For example I am a godaddy subscriber. what I need to do is simply pointing “A” record to the elastic IP
- ALL SET!!
WordPress 中文化
- 通過 FTP、SSH 等方式打开并编辑站点根目录下的
wp-config.php
- 查找
define('WPLANG', '');
一行,在第二个参数处填入zh_TW
,变成define('WPLANG', 'zh_TW');
并保存文件 - 进入站点控制板(dashboard),看到更新提示后进行升级即可。WordPress 会自动从官方网站下载中文语言包并安装
- 多語言版下載 http://codex.wordpress.org/WordPress_in_Your_Language
MySQL worklog
- get default root password at /root/.mysql_secret
mysql -u root -p
- mysql>
CREATE USER '
wordpress-user
'@'localhost' IDENTIFIED BY 'your_strong_password
'; - enable root remote access
-
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION
-
- install mysql
- install phpMyAdmin
- execute examples/create_tables.sql – it will create a database called phpmyadmin
- create a pm user and give access to phpmyadmin db.
- enable advanced features in config.inc.php
- make sure PHP MySQL library coincides with mysql server version.
- make sure following extensions are enabled:
- mbstring (yum install php53-mbstring –nogpgcheck)
- mcrypt (yum install php53-mcrypt –nogpgcheck)
- restart apache
WordPress on Https
- use following in wp-config.php
define(‘FORCE_SSL_ADMIN’, true);
- setup site monitor https://uptimerobot.com/
- run SSL test at https://www.ssllabs.com/ssltest/analyze.html?d=www.steamedbun.xyz
Enable SSL on Apache
- create CSR. use https://csrgenerator.com/ or http://www.thegeekstuff.com/2009/07/linux-apache-mod-ssl-generate-key-csr-crt-file/
- setup apache – http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html#ssl_enable
- https://guillaumemaka.com/2015/05/06/install-your-comodo-certificates-to-amazon-aws.html
ssl.conf
SSLCertificateFile /etc/pki/tls/certs/www_steamedbun_xyz.crt
SSLCertificateKeyFile /etc/pki/tls/private/www_steamedbun_xyz.key
cp /home/ec2-user/www_steamedbun_xyz.key /etc/pki/tls/private/
cp /home/ec2-user/www_steamedbun_xyz.crt /etc/pki/tls/certs/
chown root:root /etc/pki/tls/private/www_steamedbun_xyz.key /etc/pki/tls/certs/www_steamedbun_xyz.crt
chmod 600 /etc/pki/tls/private/www_steamedbun_xyz.key /etc/pki/tls/certs/www_steamedbun_xyz.crt
If prompted for ftp login when trying to update wordpress:
- put following in wp-config.php
define(‘FS_METHOD’, ‘direct’);
Upload file size limit
/etc/php.ini
upload_max_filesize = 10M
post_max_size = 10M
Enable dashboard theme-editor
in wp-config.php
define(‘DISALLOW_FILE_EDIT’, true);
Linux Related
set timezone
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html#change_time_zone
PHP 7 Installation on CentOS6.9
https://webtatic.com/packages/php70/
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm
yum install php70w php70w-opcache
References
- https://premium.wpmudev.org/blog/set-up-wordpress-like-a-pro
- http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-users.html
- https://serverfault.com/questions/599357/how-does-amazon-ec2-user-get-its-sudo-rights
- http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#retrieving-the-public-key
- https://hashnode.com/post/users-and-ssh-setup-on-aws-ec2-best-practices-cj4bd8wpi0063zmk9mkivpoyu
- SSH forwarding http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#fwd
Leave a Reply