This blog is built on WordPress, installed on a Micro instance of the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). This post describes how to set one up yourself. It’s a nice way to get started experimenting with EC2.
AWS offers a free usage tier, providing a free Amazon EC2 Micro Instance for a year, along with free usage of S3, Elastic Block Store, Elastic Load Balancing, and AWS data transfer. (If that sounded like a jumble of nonsense, you can learn more about the AWS services here.) After the first year is up you could expect to spend around $15-$20 a month to maintain the Micro instance, depending on usage.
The whole process should take less than 30 minutes. Let’s get started.
Create an EC2 instance
In EC2, a single virtual server is called an “instance”. Before you can create your first instance, you have to create an AWS account.
Create an AWS account
Go to http://aws.amazon.com/ and click “Create an AWS Account” in the upper right.
Log in to your existing Amazon account, or create a new one.
Launch a new EC2 instance
To create an “instance”, you must select an Amazon Machine Image (AMI) with the operating system you want to use. I installed an Ubuntu image, from alestic. Alestic mirrors the official Ubuntu images, and often maintains additional Ubuntu images when newer official images aren’t yet available.
Start by pointing your browser to alestic.com. Then select the AWS region where you want your instance to be physically located. I selected us-east-1, because it’s close to me.
Select the image for the latest version of Ubuntu with an EBS root. (This means it’s configured to boot from Amazon’s Elastic Block Storage service.) You can select either 32- or 64-bit architecture. I selected the 64-bit version of Ubuntu 11.04.
Click the arrow next to the image to launch the AWS wizard for creating a new instance.
Continue to the next screen.
Create a new security group. This is where you’ll define the firewall rules for this type of system. No matter what you’re using the instance for you’ll almost certainly want to allow SSH access. For a web server, we’ll want to enable HTTP and maybe HTTPS too.
You can adjust these firewall rules later, but you can’t change the security group to which the instance is assigned. So make sure to create a new one, and give it a sensible name.
Allocate an elastic IP and add to DNS
Each time your instance restarts, its IP addresses will change. To work around this, Amazon allows you to reserve “Elastic IP addresses” that do not change. You can associate an elastic IP with any instance you choose. Amazon allows up to 5 elastic IP addresses per account, unless you can make a convincing case that you need more. Elastic IP addresses are free while in use, but cost 1 cent per hour when they are not attached to any instance.
Allocate a new elastic IP
To allocate a new elastic IP, open the AWS management console. Return to http://aws.amazon.com/ and click “Sign in to the AWS Management Console” at the top of the page.
In the AWS management console, select the “EC2” tab.
Go to “Elastic IPs”. Click “Allocate New Address”.
To associate the new elastic IP with your instance, tick the checkbox next to it and click “Associate Address”.
Make note of this IP address and its “Public DNS”. This is how you will access your instance from outside the cloud.
Configure your DNS
Amazon provides a DNS service called Route 53 for a relatively small fee. However, most domain registrars provide basic DNS service for free. Check with your domain registrar for a web interface to manage your DNS zones.
When adding a DNS record for a hostname that points to an EC2 instance, it’s a good idea to add a CNAME record pointing to the “Public DNS” hostname when possible. Since that hostname is mapped to the internal IP address when resolved inside the EC2 network, internal communication using that hostname won’t incur the additional bandwidth costs charged for use of the public IP. If you want your second-level domain to point to your instance, though (ex. “example.com”, as opposed to “mybox.example.com”), you’ll have to create an A record pointing to the elastic IP, since you generally can’t use a CNAME for that.
For example, for this site, my elastic IP is 184.108.40.206, and my “public DNS” is ec2-50-19-217-12.compute-1.amazonaws.com.
I decided to call this instance “ec2.jasongrimes.org”, so I created a CNAME record pointing to my public DNS hostname:
ec2.jasongrimes.org IN CNAME ec2-50-19-217-12.compute-1.amazonaws.com.
Since I also wanted jasongrimes.org to resolve to this instance, I had to create an A record for it. Then I made www.jasongrimes.org an alias for jasongrimes.org.
jasongrimes.org IN A 220.127.116.11 www IN CNAME jasongrimes.org.
Configure SSH access
By default, your new instance allows SSH access via private key, rather than by password. This section explains how to configure a Windows or Linux SSH client to use your private key. It also shows how to optionally add users and allow SSH access by password, if you wish.
Configure a Windows SSH client (Putty) to use the private key
To SSH to your new instance from Windows, use the Putty SSH client. First, you need to convert the private key you generated into a format that putty can understand, using PuttyGen. Download both Putty and PuttyGen from the Putty download page.
For details about setting up Putty to use your private key, see Amazon’s documentation on configuring Putty. Here’s a brief summary:
Run Puttygen, click the “Load” button to load your private key file (browse to wherever you saved it when creating your instance, ex. C:UsersJoeawsawskey.pem). Then click “Save private key”, and click “Yes” when prompted whether to save without a passphrase. (In this example, I name the Putty key file “awskey.ppk”.) Then close Puttygen.
Run Putty. In the left pane, under SSH->Auth, set your “private key file for authentication” to the full path to your Putty key file (ex. C:UsersJoeawsawskey.ppk). Under “Session”, enter the public hostname of your instance. Give your session a name (ex. “aws-webserver”) and save it. Then click “open” to SSH into your new instance.
Log in with username “ubuntu”. No password should be required, since you are authenticating by private key.
Configure a Linux SSH client to use the private key
If you’re using a Linux client instead, SSH via private key is a lot easier. Just set the proper permissions on the key and then use the -i argument to SSH.
chmod 400 ~/aws/awskey.pem # Make the private key readable only by you ssh -i ~/aws/awskey.pem email@example.com
Optional: Allow password authentication and create user accounts
By default, you can only log in to your instance via SSH using the private key. This has some security benefit–it prevents brute-force password attacks. If you want to make the security trade-off, you can enable password authentication by following these steps.
sudo vi /etc/ssh/sshd_config
Change the following line to:
Restart the ssh daemon:
sudo service ssh restart
To allow installing plugins and themes from the WordPress admin interface as the ubuntu user via SSH, create a password for the ubuntu user.
sudo passwd ubuntu
To add a new user account, with access to run commands as root using sudo, follow these steps:
Allow users in the “sudo” system group to run commands as root via sudo without a password:
Uncomment the following line:
%sudo ALL=NOPASSWD: ALL
Add a new user (ex. “bonzo”):
sudo adduser bonzo # Add bonzo to the “sudo” group, so he can sudo without a password sudo usermod -G sudo bonzo
Install the LAMP stack
First update any existing packages:
sudo apt-get update && sudo apt-get upgrade -y
Install Apache2, MySQL, and PHP (aka the LAMP stack).
sudo tasksel install lamp-server
You’ll be prompted to set a root password for MySQL. Make sure to write it down for later.
Install additional packages. libssh2-php allows installing plugins via SSH instead of FTP. php5-gd allows image manipulation. mailutils allows WordPress to send mail.
sudo apt-get install libssh2-php php5-gd mailutils
When prompted by the mailutils install, select “Internet site”, and set the hostname to the hostname you created for the instance in your own DNS configuration.
Edit the Apache config
sudo vi /etc/apache2/sites-available/default
Change “DocumentRoot /var/www” to:
Change the “<Directory /var/www>” block to:
<Directory /var/www/wordpress> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory>
Note that in addition to changing the document root, we’ve changed “AllowOverride” from “none” to “All”. This allows WordPress to rewrite URLs in the .htaccess file.
Enable Apache’s rewrite functionality to support clean URLs:
sudo a2enmod rewrite
Restart Apache to make the changes take effect:
sudo service apache2 restart
Download and extract WordPress
wget http://wordpress.org/latest.tar.gz tar -xzvf latest.tar.gz sudo mv wordpress /var/www/ sudo chown -R ubuntu:www-data /var/www/wordpress sudo chmod g+s /var/www/wordpress # Temporarily allow the web server to write to the wordpress directory. # We'll disable this later. sudo chmod g+w /var/www/wordpress
Create a wordpress database and MySQL user
mysql -uroot -p mysql> CREATE DATABASE wordpress; mysql> GRANT ALL PRIVILEGES ON wordpress.* TO "wordpress"@"localhost" IDENTIFIED BY "somepassword"; mysql> FLUSH PRIVILEGES; mysql> EXIT
Launch the web-based installer
Navigate to your site in your browser. The WordPress installer should be the default page.
Click the button to “create config file”, and then follow the instructions so set up WordPress using your wordpress MySQL username and password.
Set up permalinks
Log in as the admin and go to Settings->Permalinks. Choose your preferred URL format and click save.
(Do this before locking down the permissions in the next step, to allow WordPress to create the .htaccess file for you.)
Fix up the file permissions
# Remove write access from the web server to the wordpress root sudo chmod g-w /var/www/wordpress cd /var/www/wordpress # Allow the web server to write to the uploads directory sudo mkdir wp-content/uploads sudo chown ubuntu:www-data wp-content/uploads sudo chmod g+w wp-content/uploads # Make sure all new content is owned by the www-data group sudo chmod g+s wp-content/uploads wp-content/plugins wp-content/themes
To allow editing theme files via the web interface, make the theme directory web-writable too.
chmod g+w wp-content/themes
That’s it! You should be good to go. Open your WordPress blog and start doing your thing.
- Making WordPress stable on EC2-Micro. A nice article on tuning an EC2 micro instance to address performance and reliability issues as load increases.
- Ubuntu community documentation on setting up an EC2 instance.
- Installing a Micro EC2 instance with Ubuntu. (Focuses on Drupal rather than WordPress.)
- Ubuntu community documentation on installing the LAMP stack.
- WordPress installation guide.