These are historical notes and are likely out of date.
-Select an Amazon AMI Basic 64-bit.
-Select 1 t1.micro instance, as those are free.
-Turn on Termination Protection
-Leave Shutdown Behavior on Stop
-To right of Name, set friendly name, like "MicroPenguin".
-Create a new KeyPair. Download the .pem file locally.
-Select your default Security Group
-Verify and Launch
You now have a Virtual Server instance. It is as "bare bones" as possible, except for a few tools on it to make it easier to connect other Amazon services. We are creating a LAMP setup for Wordpress, and we now have the "L" in LAMP underway.
SSH (22) HTTP (80) 3306 (MySQL) Custom (20-21) Custom (10000)
These may not be the only holes you want to punch in the firewall, but for Wordpress and later installs, this will be enough. If you add any additional services that require more port openings, you must do that through this area. Go back to Instances and insure that "default" or whatever the group is called is attached to your running instance of Linux.
A quick drop of the IP address in a browser will prove that there is no web server running. This completes everything you need to do in the Amazon control panel. Just ensure you have your .pem KeyPair, and your IP address. Linux is up and running.
This linux Amazon AMI is "headless", meaning there is no user interface. This isn't like windows or mac, or even desktop linux. Everything is done from the command line. While this scares everyone at first that hasn't worked with a command line system, it's not that bad. It took me a while and several inquiries to understand that it runs without a UI, since I was so comfortable with Windows Server. It's not like that at all, and in its own way, that's a good thing. We will be putting in a UI of sorts, but for the start, everything is done by typing.
Now that the server exists, you'll want to start adding the necessities. This is done on the terminal level. I'm a Mac Coda user, so I'm going to explain how to do that. Other terminal entry is very similar, so this should still explain most of what you need.
*Geek note - Amazon does not allow you to ever log in as "root". It's a security issue, and as such, you'll log in using a key pairing to start. Essentially, it's a user name and *file* that works *as* your password.
This opens what is normally a hidden folder on a Mac. The .pem file should be placed in this folder. Set this to 400 permissions.
Open TextEdit, or any text editor. Create a file called “config”. This should not have a file extension, so config.txt, config.rtf, etc., is incorrect. Just “config”. In that file, create four lines:
Host FriendlyLinuxNameYouMade User ec2-user IdentityFile ~/.ssh/YourKeyPair.pem HostName your.ip.address.here
So an old version of mine looked like:
Host Penguin User ec2-user IdentityFile ~/.ssh/ChavezKeyPair.pem HostName 184.108.40.206
Save this doc. Also, the returns between the lines are necessary. Copy-Paste this for good luck. :)
From here out, I’m going to use Coda as my terminal client. You don’t need to do this; any terminal will work, but for me, this is more convenient. I can also work from more than just terminal, so it’s my one-stop app for web.
In Coda, Add Site.
Give the Site a nickname, and maybe you’ll want to match your Micro instance nickname for now. I do “Name AMI” so I can easily see what kind of site I’m working with.
Go to the Terminal area, and look for SSH Server. In this box, you’ll add the exact friendly name you had in your config file. Even though it says “domain.com” in the example text, ignore it and put the precise text name from config. The port is 22 (remember that firewall hole?). Do not add a user name or password. In short, Coda’s terminal will be looking at that config file. Click Save.
If you’re using a direct terminal, just go to AWS, select the instance, and click Instance Actions > Connect. It will generate the correct code automatically, but it goes like this:
ssh -i YOURKeyPair.pem firstname.lastname@example.org
You just substitute your key and ip. (Ec2-user is a constant.)
Under Coda, click connect, and you’re in. On Terminal, you’ll have to answer yes to a question about security, then you’ll be in.
If you see ASCII Art like this:
__| __|_ ) _| ( / Amazon Linux AMI ___|\___|___|
You have successfully connected.
We’re now L but not AMP. We’re missing a web server, and the web server of choice for Linux is Apache. Many builds of linux, and even Mac OS X comes with Apache baked in. But not Amazon - this is really, really bare bones. So let’s install Apache. This is easy; just copy this code in exactly:
sudo su yum install httpd
Say yes when asked.
What did you just do? It took me a while to figure this out. The sudo su is basically upgrading you from basic permissions to “superuser” permissions while you’re logged in. This is acceptable because you have the super-secret key pair. After you give yourself the proper permissions, yum is a linux installer. You asked it to go grab “httpd”, which is a kind of nickname for apache. It’s an “HTTP Daemon”, or it serves web content. Clever. You’ll see that httpd is the folder it is installed in. Most self-references for Apache go to httpd.
Fancy! Now what?
Check to see that the web server is in fact running.
service httpd status
Not running yet? Ya, you need to explicitly start it.
service httpd start
If it’s running, you’re good. It’ll say httpd (pid ###) is running. It’s saying Apache, assigned process id number x, is running.
OK, want to be sure it’s running? Drop your IP address into a browser, and you will now see the Apache test page. Sweet! You have a Linux Apache box. Two more…
You have a static server at this point. Time for “M”, or MySQL. This of course is a database, and as such, a place to store things like articles, content, pages, and other such goodies that Wordpress and other things like to store data in.
In terminal, add the following lines:
yum install mysql mysql-server service mysqld start mysql_secure_installation
If you want to use Navicat:
mysql -u root -p mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'bkpit97' WITH GRANT OPTION; mysql> FLUSH PRIVILEGES; mysql> exit
Don’t forget the d on mysqld - that is not a typo. It’s “MySQL Daemon”, same as httpd. This is the server daemon, dishing out data.
Service mysqld status should confirm a running instance of MySQL.
[root@ip-10-228-23-35 var]# service mysqld start
Initializing MySQL database: Installing MySQL system tables...
Filling help tables...
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password' /usr/bin/mysqladmin -u root -h ip-10-228-23-35 password 'new-password'
Alternatively you can run:
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the manual for more instructions.
You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl
cd /usr/mysql-test ; perl mysql-test-run.pl
Please report any problems with the /usr/bin/mysqlbug script!
yum install php php-mysql
Again, say y for yes
This directly installs PHP with support built in for working with MySQL. This completes the “LAMP Stack”. PHP is installed, but does not run as a server. It acts as an interpreter when data goes in and out of the web server, so there is no associated service to run.
A needed addition is some additional library files for image processing in PHP:
yum install php-gd yum install php-xml yum install php-mbstring
New information… in an attempt to resolve mbstring problems, I did:
yum install php55-gd
At this point, the web server still isn’t terribly useful, since it’s just serving a regular ol’ test page that you can’t get to. The remaining steps of configuring your LAMP server are intended to make things easier on you, the administrator. There are three remaining steps I’ll go through here.
*Webmin - a UI for machine administration
*vsftpd - an FTP application
*Wordpress - finally, the whole point, right?
echo -e "[Webmin]\nname=Webmin Distribution Neutral\nbaseurl=http://download.webmin.com/download/yum\nenabled=1" > /etc/yum.repos.d/webmin.repo rpm --import http://www.webmin.com/jcameron-key.asc yum install webmin
Copy and paste the preceding text into the terminal, and you’ll then download an application called Webmin. The purpose of Webmin is to give you a lot of options using a webpage, and allowing you to avoid the terminal on a day to day basis. For example, if you wanted to reboot, this is a couple of clicks instead of running down a command like shutdown -r now. I still don’t know how regular human beings are supposed to get used to command line structures, but Webmin goes a long way towards taking the confusion out.
Here’s the strange part. Unlike most linux installations, Webmin takes a little trick to get started on Amazon. Maybe you recall the Geek Note from earlier, but Amazon AMIs don’t allow you to log in with the ‘root’ user. Webmin is set up so that root is the way to go. So to fix this, you’ll do the following:
/usr/libexec/webmin/changepass.pl /etc/webmin root YOURpass_word
Go to your ip address, and recall we punched a hole in the firewall at port 10000 for Webmin. You may be greeted with a “missing certificate”, or a “do you want to continue”, etc., and yes, you do.
Once through, a Webmin login and password will be required. They are of course what you just set; root and your password.
Yum install vsftpd will install the ftp daemon. This is straight ahead, and remember, there’s a hole punched in 20 and 21.
Setup for ftp is critical, and the most important part is permissions. FTP is a service, and the service is already attached to the users you’ve created, or already existed in the user list of the virtual machine. Everyone can FTP in, except for those users on the “excluded list”. The exclusions are by default most of the users that are already present. Those accounts are not usually used by outsiders; usually humans are assigned non-included accounts.
In webmin, go to Users and Groups, and add a new user. Call this user wwwroot, and assign a password. This user is now in need of a “home”. Under home directory, select /var/www/html and then set a “normal” password. Save the user, and when you go back to logins, you’ll see this user with an id of 500 (or higher).
This user now can log into the machine using FTP. When the user logs in, it sends the file system to the default folder for the Apache web daemon.
cd ~/ <- back to root cd /var/www <- to the containing directory chown -R apache:apache html <- allow the web service control over the files in the html folder chown -R wwwroot:wwwroot html <- give your ftp login control over the same files in the html folder
Connect via ftp
(If in terminal, it’s ftp your.ip.address)
You should see several hidden files, though it may take a moment due to an FTP timeout. This is expected. Make sure you do not use “Passive FTP”. You can later configure passive FTP, but that’s out of this tutorial’s scope. The hidden files start with a period, and won’t appear using FTP on terminal. If you don’t see them, you may not be showing hidden folders. Within this folder, create an index.html, and add a “hello world” statement.
Test that you can see the file in a web browser. If you set your IP address, it should automatically pick up your new Hello World! page.
Remember, you installed it and added ftpftp, with pw ftpftpftpftp
OK, take a deep breath. The environment is built! Here’s the checklist of accomplishments so far:
Created a Linux box and logged in
Connected, and uploaded a test html page
Hey, that’s not bad! From here forward, it’s about Wordpress. If you want to install other things, other CMS packages, or you’re happy to doddle away with your current system, which is FREE and FAST, have fun! The last segment will talk about the CMS Wordpress, how to install, how to transfer, and how to import a blog from a prior location. A few parting cautions:
If you reboot your machine, services just installed will not restart unless you make them run on startup. This can be done in Webmin in System > Bootup and Shutdown. Select httpd, mysqld, and webmin, and set them to “Start on Boot”. If you’re troubleshooting, you may or may not want these on, but generally, it’s a good idea.
/usr/bin/mysqladmin -u root password ‘YOURpass_word’
Create the Wordpress database and dedicated mysql user
mysql> CREATE DATABASE wpdb;
mysql> GRANT ALL PRIVILEGES ON wpdb.* TO wpuser@localhost IDENTIFIED BY "another-new-password";
mysql> FLUSH PRIVILEGES;
Add Wordpress to the html folder:
cd /var/www/html wget http://wordpress.org/latest.zip unzip latest.zip cp -rpf ./wordpress/* . rm -rf latest.zip cp wp-config-sample.php wp-config.php
Edit wp-config, and set the information accordingly:
$tableprefix = 'wp';
You can use https://api.wordpress.org/secret-key/1.1/salt/ to generate unique digits
Cd ~/ Cd /var/www Chmod -R 644 html
Rebuild permalinks if you import database directly
# Added based on site - http://dumpk.com/2013/09/17/mysql-crash-problems-on-ec2-aws/
innodb_buffer_pool_size = 40M key_buffer_size=10M max_connections=5