Ultimate Setup Guide to WordPress on Amazon EC2

I’ve been playing with EC2 for a good while now and find it to be robust, scalable and very frightening to a newbie.

Actually once you’ve got your head around a few simple ideas it’s all pretty easy. The billing platform – well that’s another matter and another post!

Things you’ll need before we get started:

  • Domain name
  • Email Address
  • Credit Card
  • Putty & PuttyGen (yep we’re getting our hands dirty – you can download it here)
  • A bit of throwing caution to the wind and just following these instructions to the letter!

 

Step 1 – Get an Amazon account

1. Create your Instance (Virtual Server)

Open up your AWS Management Console and on the EC2 tab, we need to create an Instance. Select the region you’d like to host your website, and then select ‘Launch Instance’.

Go with the ‘Classic Wizard’, and then you can get straight on choosing your preferred OS. I chose Amazon Linux (64-bit) T2 for my server, which I assume is going to be more closely married to the EC2 service as a whole.

Once selected, your next option is to choose the Instance type you require. This is basically how much grunt you’re going to need. For a small blog site or if you are just testing stuff out, you should be OK with a Micro instance, but for anything else you’ll need to choose something more powerful.

All the remaining instance details can be left default, and you can add descriptive tags if you like. Next you need to create a key pair; this essentially works like a password to access your server. Just give it a name and click ‘Create and Download your Key Pair’, saving it in a safe place.

The final step is to create a security group, which is a set of firewall port rules. Name the group ‘WordPress’, add a description (I just repeated ‘WordPress’), and then add the following Inbound rules:

HTTP (0.0.0.0/0)
SSH (0.0.0.0/0)

Those rules deal with access for web traffic (HTTP) and terminal access (SSH).

Finish up the wizard and in just a few moments you will see your server up and running under ‘Instances’

2. Connect to your Instance

Use Putty. See here for info

or

In the AWS Console select the running instance and, under ‘Instance Actions’, click ‘Connect’. A Java based SSH client will open up and, once you’ve provided the path to the key file you saved earlier, you’ll have a linux shell ready and we can get on with configuring the server.

First, lets install all the available updates. Type:
sudo yum update

A lot of the commands in this article also require root access, so each time I connect to the instance I’ll just run one command to elevate my permissions. Otherwise I would need to prefix everything with ‘sudo’.

Type:
sudo su

3. Install Apache Web Server

To install apache, type:
yum install httpd

Start the service:
service httpd start

Set the service to start automatically:
chkconfig httpd on

4. Install PHP

To install PHP, Type:
yum install php php-mysql

To install PHP DOM, Type:
yum install php-xml

To install php-mbstring, Type:
yum install php-mbstring

Restart apache:
service httpd restart

5. Install MySQL

To install MySQL, type:
yum install mysql-server

Start MySQL:
service mysqld start

Set the service to start automatically:
chkconfig mysqld on

Create your wordpress database:
mysqladmin -uroot create wordpress

Secure your database:
mysql_secure_installation

Answer the wizard questions as follows:
Enter current password for root:  Press return for none
Change Root Password:  Y
New Password:  Set a strong password and make sure you document it!
Remove anonymous user:  Y
Disallow root login remotely:  Y
Remove test database and access to it:  Y
Reload privilege tables now:  Y

6. Install WordPress

Most of the articles I found covering this suggested installing WordPress in a directory called ‘blog’ or ‘site’ or something similar within /var/www/html, however in this case I am going to install it directly into the root folder as I do not like having those extra bits in my website URL.

Change directory:
cd /var/www

Download WordPress:
wget http://wordpress.org/latest.tar.gz

Extract WordPress:
tar -xzvf latest.tar.gz

Move WordPress into the html folder:
rmdir html
mv wordpress html

Clean up:
rm latest.tar.gz

Create and edit the config file:
cd html
mv wp-config-sample.php wp-config.php
nano wp-config.php

That last command will open the config file for view. You can scroll up and down with the cursor keys. You need to edit the following lines:

define(‘DB_NAME’, ‘wordpress’);
define(‘DB_USER’, ‘root’);
define(‘DB_PASSWORD’, ‘YOUR_PASSWORD’);
define(‘DB_HOST’, ‘localhost’);

Add salt keys by visiting:

https://api.wordpress.org/secret-key/1.1/salt/

and replacing these lines in the wp-config.pho file just underneath the previous section:

define(‘AUTH_KEY’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);
define(‘NONCE_KEY’, ‘put your unique phrase here’);
define(‘AUTH_SALT’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_SALT’, ‘put your unique phrase here’);
define(‘LOGGED_IN_SALT’, ‘put your unique phrase here’);
define(‘NONCE_SALT’, ‘put your unique phrase here’);

Add direct update method – this allows you to update plugins and WordPress without using FTP to download the packages – copy and paste the following after the SALT lines you just replaced:

/** Sets up direct update method instead of FTP */
define(‘FS_METHOD’,’direct’);

Disable the file editor in the WordPress back-end – because its dangerous! Copy and paste the following:

/** Disables the file editor making it less likely target for hacks*/

define(‘DISALLOW_FILE_EDIT’, TRUE);

When you are finished editing, you press Ctrl-X on your keyboard, and then type y and press enter to save the file and quit nano.

7. Assign an Elastic IP Address

One mistake I made in my early attempts was to rush on with configuring WordPress before I had assigned an Elastic IP address to the server in the AWS console. If you don’t assign an Elastic IP, when you restart the server, its public DNS will change and your WordPress configuration will be broken. It’s easy to fix, but can be avoided, so lets assign an Elastic IP so that we have a permanent address to work with:

In the AWS console, choose Elastic IPs and then ‘Allocate New Address’. Once allocated, associate it with the server instance.

8. Configure WordPress

We are now ready to configure WordPress, so just put http://xxx.xxx.xxx.xxx (replacing with your Elastic IP address of course) into your web browser and that will trigger the WordPress configuration process:

9. Set permissions – make the WordPress install safe

chown -R apache:apache /var/www/html

find /var/www/html/ -type d -exec chmod 755 {} \;

find /var/www/html/ -type f -exec chmod 644 {} \;

usermod -G apache ec2-user

chmod -R 775 /var/www/html/wp-content

10. Tune Apache and MySQL to not take up too much memory

For T1 & T2 instances its a good idea to put Apache in a low memory mode set the following:

nano /etc/httpd/conf/httpd.conf

and find the PreFork MPM section and update the following settings:

<IfModule prefork.c>
StartServers 1

MinSpareServers 1
MaxSpareServers 5
ServerLimit 10

MaxClients 5
MaxRequestsPerChild 300
</IfModule>

I’ve experienced T1 & T2 Micro EC2 instances stopping due to lack of available memory – the web server stays up but you get the WordPress error “Error establishing a database connection”. This is often due to the INNODB buffer size being too high on these machines with little RAM.

 You can decrease the innodb_buffer_pool_size very low to see if it helps:

Edit my.cnf:
nano /etc/my.cnf

Set the innodb bugger to 50% of available RAM:
innodb_buffer_pool_size = 256M

A rule of thumb is to set innodb_buffer_pool_size to 50% of available RAM for your low memory testing. This means you start the server and everything except MySQL InnoDB. See how much RAM you have. Then use 50% of that for InnoDB.

To try many low-memory settings at once:
http://paragasu.wordpress.com/2008/12/02/very-low-memory-mysql-5-mycnf-configuration/

Restart Apache and MySQL

service httpd restart

service mysqld restart

 

11. Set up locate because I love it

yum install mlocate

updatedb

12. Enable the Apache mod_rewrite module and Virtual hosts and change upload size

nano /etc/httpd/conf/httpd.conf

Make sure following line is not commented in httpd.conf

LoadModule rewrite_module modules/mod_rewrite.so

Change AllowOveride None to AllowOveride All inside the DocumentRoot Directory Directive, normally <Directory “/var/www/html”>. There might be more than one instance of AllowOverride. Make sure to change all of them

#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the “default” to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>

 

#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be “All”, “None”, or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#

AllowOverride All

Restart Apache

service httpd restart

 

13. Set up robots.txt

cd /var/www/html

touch robots.txt

chown apache:apache robots.txt

nano robots.txt

Add these lines:

User-Agent: *

14. Optional – Set up swap space

Amazon T1 EC2 Micro Instance comes only with 613MB of memory. Now, this is just not enough for running serious workloads. Other thing to note is that the Linux Micro Instance doesn’t have swap space. Follow these steps to add swap space and increase the performance of your Linux based Amazon EC2 Micro Instance.

Switch to root and follow these steps to add the swap space –

Type the following command with count being equal to the desired block size:
dd if=/dev/zero of=/swapfile bs=1M count=1024

Setup the swap file with the command:
mkswap /swapfile

To enable the swap file immediately but not automatically at boot time:
swapon /swapfile

To enable it at the boot time, add the following entry into /etc/fstab:
nano /etc/fstab

Copy this line and add it to tbe bottom of the file:
/swapfile swap swap defaults 0 0

(Don’t worry if it doesn’t look aligned correctly –  it still works)

15. Change default upload size from 2MB to whatever you like

nano /etc/php.ini

; Maximum allowed size for uploaded files.
; http://www.php.net/manual/en/ini.core.php#ini.upload-max-filesize
upload_max_filesize = 2M

; Maximum size of POST data that PHP will accept.
; http://www.php.net/manual/en/ini.core.php#ini.post-max-size
post_max_size = 2M

Restart Apache

service httpd restart

16 – Optional (but recommended) Allow the yum service to apply update automatically – if you want to make sure you have all the latest patches like Windows update and you will be visiting the console infrequently you may want to turn on auto updates.

yum install yum-updatesd

nano /etc/yum/yum-updatesd.conf 

and update all these to yes

# automatically install updates
do_update = yes

# automatically download updates
do_download = yes

# automatically download deps of updates
do_download_deps = yes

Quit using Cntl-X and save the file

Start the updatesd service

service yum-updatesd start

chkconfig yum-updatesd on

OK – congratulations – you are all done – worth starting to think about hardening your WordPress installation against attacks using some great plugins and simple fixes in the admin.

Tips once in the admin

1. Once installed – make sure remove admin login if there – most attacks happen using the admin login – its not required – just create a new login for yourself – make your self an Administrator and delete the “admin” login asap!

2. Also change your username “Display name publicly as” setting to something other than the username – this stops people being able to see your username

3. Also Settings – Media – Uncheck Organize my uploads into month- and year-based folders – just makes life easier

4. Update Permalinks to  Post name – this gives nice URLs

5. Install some security plugins!

 

References (Thanks Guys!!!!!)

http://codex.wordpress.org/

http://stephen-white.blogspot.co.uk/2012/05/how-to-set-up-wordpress-on-amazon-ec2_31.html

http://smartwebdeveloper.com/centos/install-the-php-dom-extension-on-centos

http://blog.david-jensen.com/development/wordpress-amazon-ec2-apache-permissions-wordpress/

http://www.viper007bond.com/2009/05/07/wordpress-how-to-force-direct-filewrites-for-upgrades/

http://yoast.com/example-robots-txt-wordpress/

http://cloudstory.in/2012/02/getting-the-best-out-of-amazon-ec2-micro-instances/

http://cloudstory.in/2012/02/adding-swap-space-to-amazon-ec2-linux-micro-instance-to-increase-the-performance/

http://codex.wordpress.org/Hardening_WordPress

http://halfelf.org/2013/false-security/

http://www.orderofbusiness.net/blog/disable-wordpress-file-editor/

http://www.linuxquestions.org/questions/fedora-35/how-to-make-‘yum-update’-on-centos-recurring-and-automatic-849468/

http://stackoverflow.com/questions/12114746/mysqld-service-stops-once-a-day-on-ec2-server

http://www.frameloss.org/2011/11/04/making-wordpress-stable-on-ec2-micro

http://paragasu.wordpress.com/2008/12/02/very-low-memory-mysql-5-mycnf-configuration/

 

 

 

 

 

 

Comments are closed.