First blog post has to be documenting how I’m setting up this blog! Going to keep in very technical. Need an EC2 instance, running Ubuntu, with WordPress using Nginx with the AddThis plugin for sharing tools, email against Google Apps for Business server, and backing up to S3 with Backup Buddy plugin.

Using an Amazon EC2 instance type of t2.micro, costs $151 for 3 years, running the latest Long Term Service (LTS) edition of ubuntu. I have a Virtual Private Cloud (VPC) with a persistent connection (thank you NetGate) to my home network so my security groups will differ. Maybe I’ll do a post about that setup later. Also need an elastic IP for public Internet access to instance http(s) ports.
Adding creature comforts, love me some ZSH

sudo apt-get update
sudo apt-get install -y -qq git zsh screen tmux wget curl jq
git clone https://github.com/robbyrussell/oh-my-zsh.git ~/.oh-my-zsh
if [ -e ~/.zshrc ]; then
    cp ~/.zshrc ~/.zshrc.orig
fi
cp ~/.oh-my-zsh/templates/zshrc.zsh-template ~/.zshrc
sudo chsh -s /bin/zsh $USER

Nginx / MySQL / PHP

sudo apt-get install nginx
sudo apt-get install mysql-server
sudo mysql_install_db
sudo mysql_secure_installation
sudo apt-get install php5-fpm php5-mysql php5-curl
sudo sed -i -e 's/.cgi\.fix_pathinfo=1/cgi\.fix_pathinfo=0/1' /etc/php5/fpm/php.ini

You will need to update your nginx config file /etc/nginx/sites-available/default to look like this:

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    root /usr/share/nginx/html;

    index index.php index.html index.htm; 

    server_name YOUR_DOMAIN_HERE;

    location / {
        try_files $uri $uri/ /index.php?q=$uri&$args;
    }

    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

SSL

mkdir -p /etc/nginx/ssl && cd /etc/nginx/ssl
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
# You will now need to deal with your ssl provider...send them the .csr

# Add the following to /usr/share/nginx/html/wp-config.php
define('FORCE_SSL_ADMIN', true);

# Add the following to /etc/nginx/sites-enabled/default within the server{}
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/FILE_YOUR_SSL_PROVIDER_SENDS.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;

WordPress

wget https://wordpress.org/latest.tar.gz
tar xvfz latest.tar.gz
cd wordpress
cp wp-config-sample.php wp-config.php

# Edit the config accordingly at this time

sudo rsync -avP . /usr/share/nginx/html/
sudo chown -R www-data:www-data /usr/share/nginx/html
sudo mkdir -p /usr/share/nginx/html/wp-content/uploads
sudo chown -R :www-data /usr/share/nginx/html/wp-content/uploads
sudo rm /usr/share/nginx/html/index.html

# Now, Visit http://YOUR_DOMAIN_HERE to complete installation

Adding AddThis tools: Just go to plugins and search for AddThis Sharing Tools and install

S3 Policy

Setting S3 storage. I create a new bucket and IAM role for each web app. Here is the IAM policy that will help you keep permissions setup correctly.

{ 
  "Version": "2012-10-17", 
  "Statement": [ 
        { 
          "Sid": "ListAllBuckets", 
          "Effect": "Allow", 
          "Action": [ 
              "s3:ListAllMyBuckets", 
              "s3:GetBucketLocation" 
          ], 
          "Resource": [ 
              "arn:aws:s3:::*" 
          ] 
      }, 
      { 
          "Sid": "FullAccessToAppBucket", 
          "Effect": "Allow", 
          "Action": [ 
              "s3:*" 
          ], 
          "Resource": [ 
              "arn:aws:s3:::BUCKET_NAME_GOES_HERE", 
              "arn:aws:s3:::BUCKET_NAME_GOES_HERE/*" 
          ] 
      } 
  ]
}

Email

We will use postfix with Google Apps for Business mail servers for emails

sudo apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules

# Add the following to /etc/postfix/main.cf
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd 
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes

cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | sudo tee -a /etc/postfix/cacert.pem 

# Update /etc/postfix/sasl/sasl_passwd probably will need a "Application password" instead of the one you regularly use as it is protected with two-factor auth
[smtp.gmail.com]:587 USERNAME@gmail.com:PASSWORD

sudo chmod 400 /etc/postfix/sasl/sasl_passwd
sudo postmap /etc/postfix/sasl/sasl_passwd
sudo /usr/sbin/postfix reload

# Now test it
echo "Test mail from postfix" | mail -s "Test Postfix" you@example.com

BackupBuddy

BackupBuddy does scheduled backups very well. I already had a license for the product and after installing and connecting to Amazon S3 I have no worries that everything is backed up.