You should know that the internet is a mean and nasty place. So you should follow the best of the best practices which Amazon gladly share.
Go to the IAM dashboard and secure your account before you start trying out or really using Amazon AWS.
Step 1: Identity and Access Management (IAM) Dashboard
Login to the AWS console and through the Service (top left next to the AWS icon) -> Select IAM -> which should show the Welcome to Identity and Access Management Dashboard.
Here you see four warnings, but in the future, there could be more.
Step 2: Activate MFA
This is probably the most important one to once you use AWS to host something for your business. You may want to buy a hardware-based MFA device.
I recorded a short video showing how you set up.
Step 3: Create an individual IAM user.
There is little point showing any screenshots here, Amazon does a brilliant job with the wizard to take you step by step through creating user accounts.
You’ll create an admin group in the process and at the end have a new user account and a URL you’ll need to keep in a safe place you use to login to the AWS Management Console, e.g. https://1234567890.signin.aws.amazon.com/console
Step 4: Apply an IAM password policy
Here you define what the minimum length of password your users should use, etc.
This document lists the steps required to prepare a Linux server to setup your server on Amazon for running one or more WordPress sites. If you decide to have the database on the server, then the architecture is known as “LAMP” which is an acronym for “Linux, Apache, MySQL and PHP”.
If you’re setting up your first machine, then write down the commands and any connection information into a journal. It will help you remember the steps and internalise anything you learn along the way. You should add knowledge to it as you go along and will see that it will become more valuable than any book you can buy.
You have created an EC2 instance on Amazon and know how to connect to the machine using Putty or SSH.
You have chosen to run the database on the same server or use Amazons RDS service.
You have a domain name configured for your website on Route 53 or another DNS provider.
Step 1: Ensuring Machine Is Up To Date
When you log in to the machine, you will see information about how many packages and security updates are available. You should never ignore those messages.
sudo apt-get update
sudo apt-get upgrade
First update which refreshes the list of available packages and their versions, but does not install or upgrade any packages. The upgrade command installs newer packages and security updates. Neither of them runs automatically; I recommend a monthly calendar reminder, so you keep your server safe.
If you run the server over a couple of months, then dist-upgrade will bring the operating system up to date and is known to clean up better after itself.
sudo apt-get dist-upgrade
If you are asked a question with a “Y/n” answer, type in “y” and otherwise follow any instruction.
Step 2: Install Apache Web Server
sudo apt-get install apache2
It will start installing. You will be prompted to Press Y and hit Enter to continue, so do that for the installation to advance.
Step 3: Checking the web server is running
Type the IP into your browser and check the web server is running. If you haven’t created an A record to point to the IP of the server, then do it now. You should get the default page, if so, then congratulate yourself.
Step 4: Configuring Your Access Rights
We want maximum lockdown later on and for you to be able to work without using the “super user do” command sudo all the time. Ignore this step, and you’ll be using sloppy access commands later on like “chmod 777”, then you could end up in a situation where you have an unprotected directory, and that’s not good.
The Apache server on Ubuntu will be running under www-data here is how you can double check that:
Assuming the user is “www-data” we’re now going to add you to the apache user group.
sudo usermod -a -G www-data ubuntu
We need to logout and login again for the change to show. To check the changes are in place you can now run.
You should see the “www-data” group listed.
Step 5: Setup Database On Server (The low budget option)
If you have decided to use Amazon RDS, then you should follow their instructions and have the instance connection information ready.
BUT, if you follow a backup strategy, then I think there is nothing bad about running the database on the server while the site is small.
I suggest you use MariaDB over MySQL. It took me a lot of time to get used to the idea of MariaDB, as I had been using MySQL since I built my first web server 15 years ago. I now realise what MariaDB is and its development is more open and vibrant, don’t believe me, then check out the activity on GitHub. Also, it’s said to be between 3 and 5% more performant, which is very relevant for web server backends.
The command to install the database and client is.
The certificate needs to be replaced regularly. We can setup automatic renewal using the scheduler. You only need to do this once.
sudo crontab -e
Choose NANO as editor it’s the easiest to use, then add the following line and Ctrl+X to both save and exit. This will make the server check for a new SSL certificate every morning at 03:15am and is something you only need to setup once.
15 3 * * * /usr/bin/certbot renew --quiet
Check the settings are stored
sudo crontab -l
Finished! GO CHECK OUT YOUR WEBSITE.
Miscellaneous: Unable To Install Plugins In WordPress
This will be a permissions problem. Run the commands to set up the ownership.