Setting Up WordPress on AWS
First blog post has to be documenting how I’m setting up this blog! Going to keep in very technical. Need an EC2 instance, running Ubuntu, with WordPress using Nginx with the AddThis plugin for sharing tools, email against Google Apps for Business server, and backing up to S3 with Backup Buddy plugin.
Using an Amazon EC2 instance type of t2.micro, costs $151 for 3 years, running the latest Long Term Service (LTS) edition of ubuntu. I have a Virtual Private Cloud (VPC) with a persistent connection (thank you NetGate) to my home network so my security groups will differ. Maybe I’ll do a post about that setup later. Also need an elastic IP for public Internet access to instance http(s) ports.
Adding creature comforts, love me some ZSH
sudo apt-get update sudo apt-get install -y -qq git zsh screen tmux wget curl jq git clone https://github.com/robbyrussell/oh-my-zsh.git ~/.oh-my-zsh if [ -e ~/.zshrc ]; then cp ~/.zshrc ~/.zshrc.orig fi cp ~/.oh-my-zsh/templates/zshrc.zsh-template ~/.zshrc sudo chsh -s /bin/zsh $USER
Nginx / MySQL / PHP
sudo apt-get install nginx sudo apt-get install mysql-server sudo mysql_install_db sudo mysql_secure_installation sudo apt-get install php5-fpm php5-mysql php5-curl sudo sed -i -e 's/.cgi\.fix_pathinfo=1/cgi\.fix_pathinfo=0/1' /etc/php5/fpm/php.ini
You will need to update your nginx config file /etc/nginx/sites-available/default to look like this:
server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; root /usr/share/nginx/html; index index.php index.html index.htm; server_name YOUR_DOMAIN_HERE; location / { try_files $uri $uri/ /index.php?q=$uri&$args; } error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
SSL
mkdir -p /etc/nginx/ssl && cd /etc/nginx/ssl openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr # You will now need to deal with your ssl provider...send them the .csr # Add the following to /usr/share/nginx/html/wp-config.php define('FORCE_SSL_ADMIN', true); # Add the following to /etc/nginx/sites-enabled/default within the server{} listen 443 ssl; ssl_certificate /etc/nginx/ssl/FILE_YOUR_SSL_PROVIDER_SENDS.crt; ssl_certificate_key /etc/nginx/ssl/server.key;
WordPress
wget https://wordpress.org/latest.tar.gz tar xvfz latest.tar.gz cd wordpress cp wp-config-sample.php wp-config.php # Edit the config accordingly at this time sudo rsync -avP . /usr/share/nginx/html/ sudo chown -R www-data:www-data /usr/share/nginx/html sudo mkdir -p /usr/share/nginx/html/wp-content/uploads sudo chown -R :www-data /usr/share/nginx/html/wp-content/uploads sudo rm /usr/share/nginx/html/index.html # Now, Visit http://YOUR_DOMAIN_HERE to complete installation
Sharing Tools
Adding AddThis tools: Just go to plugins and search for AddThis Sharing Tools and install
S3 Policy
Setting S3 storage. I create a new bucket and IAM role for each web app. Here is the IAM policy that will help you keep permissions setup correctly.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ListAllBuckets", "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:GetBucketLocation" ], "Resource": [ "arn:aws:s3:::*" ] }, { "Sid": "FullAccessToAppBucket", "Effect": "Allow", "Action": [ "s3:*" ], "Resource": [ "arn:aws:s3:::BUCKET_NAME_GOES_HERE", "arn:aws:s3:::BUCKET_NAME_GOES_HERE/*" ] } ] }
We will use postfix with Google Apps for Business mail servers for emails
sudo apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules # Add the following to /etc/postfix/main.cf relayhost = [smtp.gmail.com]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd smtp_sasl_security_options = noanonymous smtp_tls_CAfile = /etc/postfix/cacert.pem smtp_use_tls = yes cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | sudo tee -a /etc/postfix/cacert.pem # Update /etc/postfix/sasl/sasl_passwd probably will need a "Application password" instead of the one you regularly use as it is protected with two-factor auth [smtp.gmail.com]:587 USERNAME@gmail.com:PASSWORD sudo chmod 400 /etc/postfix/sasl/sasl_passwd sudo postmap /etc/postfix/sasl/sasl_passwd sudo /usr/sbin/postfix reload # Now test it echo "Test mail from postfix" | mail -s "Test Postfix" you@example.com
BackupBuddy
BackupBuddy does scheduled backups very well. I already had a license for the product and after installing and connecting to Amazon S3 I have no worries that everything is backed up.
References:
https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-nginx-on-ubuntu-14-04