Free clouds: Setting up WordPress on a free Amazon EC2 instance


This blog is built on WordPress, installed on a Micro instance of the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). This post describes how to set one up yourself. It’s a nice way to get started experimenting with EC2.

AWS offers a free usage tier, providing a free Amazon EC2 Micro Instance for a year, along with free usage of S3, Elastic Block Store, Elastic Load Balancing, and AWS data transfer. (If that sounded like a jumble of nonsense, you can learn more about the AWS services here.) After the first year is up you could expect to spend around $15-$20 a month to maintain the Micro instance, depending on usage.

The whole process should take less than 30 minutes. Let’s get started.

[—ATOC—] [—TAG:h2—]

Create an EC2 instance

In EC2, a single virtual server is called an “instance”. Before you can create your first instance, you have to create an AWS account.

Create an AWS account

Go to http://aws.amazon.com/ and click “Create an AWS Account” in the upper right.

Log in to your existing Amazon account, or create a new one.

Launch a new EC2 instance

To create an “instance”, you must select an Amazon Machine Image (AMI) with the operating system you want to use. I installed an Ubuntu image, from alestic. Alestic mirrors the official Ubuntu images, and often maintains additional Ubuntu images when newer official images aren’t  yet available.

Start by pointing your browser to alestic.com. Then select the AWS region where you want your instance to be physically located. I selected us-east-1, because it’s close to me.

Select the image for the latest version of Ubuntu with an EBS root. (This means it’s configured to boot from Amazon’s Elastic Block Storage service.) You can select either 32- or 64-bit architecture. I selected the 64-bit version of Ubuntu 11.04.

Click the arrow next to the image to launch the AWS wizard for creating a new instance.

Continue to the next screen.

Make sure to set “Instance Type” to “Micro”.

I accepted the defaults for the advanced instance options.

Tags aren’t necessary, and you can add them later if you like.

Make sure to click “Create & Download your Key Pair”. Save it somewhere appropriate on your computer, like your home directory.

Create a new security group. This is where you’ll define the firewall rules for this type of system. No matter what you’re using the instance for you’ll almost certainly want to allow SSH access. For a web server, we’ll want to enable HTTP and maybe HTTPS too.

You can adjust these firewall rules later, but you can’t change the security group to which the instance is assigned. So make sure to create a new one, and give it a sensible name.

Review your settings, and click “Launch” to create the new instance. It may take a few minutes for the instance to spin up. You’ll receive an email when it’s ready.

Allocate an elastic IP and add to DNS

Each time your instance restarts, its IP addresses will change. To work around this, Amazon allows you to reserve “Elastic IP addresses” that do not change. You can associate an elastic IP with any instance you choose. Amazon allows up to 5 elastic IP addresses per account, unless you can make a convincing case that you need more. Elastic IP addresses are free while in use, but cost 1 cent per hour when they are not attached to any instance.

Allocate a new elastic IP

To allocate a new elastic IP, open the AWS management console. Return to http://aws.amazon.com/ and click “Sign in to the AWS Management Console” at the top of the page.

In the AWS management console, select the “EC2” tab.

Go to “Elastic IPs”. Click “Allocate New Address”.

To associate the new elastic IP with your instance, tick the checkbox next to it and click “Associate Address”.

Make note of this IP address and its “Public DNS”. This is how you will access your instance from outside the cloud.

Configure your DNS

Amazon provides a DNS service called Route 53 for a relatively small fee. However, most domain registrars provide basic DNS service for free. Check with your domain registrar for a web interface to manage your DNS zones.

When adding a DNS record for a hostname that points to an EC2 instance, it’s a good idea to add a CNAME record pointing to the “Public DNS” hostname when possible. Since that hostname is mapped to the internal IP address when resolved inside the EC2 network, internal communication using that hostname won’t incur the additional bandwidth costs charged for use of the public IP. If you want your second-level domain to point to your instance, though (ex. “example.com”, as opposed to “mybox.example.com”), you’ll have to create an A record pointing to the elastic IP, since you generally can’t use a CNAME for that.

For example, for this site, my elastic IP is 50.19.217.12, and my “public DNS” is ec2-50-19-217-12.compute-1.amazonaws.com.

I decided to call this instance “ec2.jasongrimes.org”, so I created a CNAME record pointing to my public DNS hostname:

ec2.jasongrimes.org IN CNAME ec2-50-19-217-12.compute-1.amazonaws.com.

Since I also wanted jasongrimes.org to resolve to this instance, I had to create an A record for it. Then I made www.jasongrimes.org an alias for jasongrimes.org.

jasongrimes.org IN A 50.19.217.12

www IN CNAME jasongrimes.org.

Configure SSH access

By default, your new instance allows SSH access via private key, rather than by password. This section explains how to configure a Windows or Linux SSH client to use your private key. It also shows how to optionally add users and allow SSH access by password, if you wish.

Configure a Windows SSH client (Putty) to use the private key

To SSH to your new instance from Windows, use the Putty SSH client. First, you need to convert the private key you generated into a format that putty can understand, using PuttyGen. Download both Putty and PuttyGen from the Putty download page.

For details about setting up Putty to use your private key, see Amazon’s documentation on configuring Putty. Here’s a brief summary:

Run Puttygen, click the “Load” button to load your private key file (browse to wherever you saved it when creating your instance, ex. C:UsersJoeawsawskey.pem). Then click “Save private key”, and click “Yes” when prompted whether to save without a passphrase. (In this example, I name the Putty key file “awskey.ppk”.) Then close Puttygen.

Run Putty. In the left pane, under SSH->Auth, set your “private key file for authentication” to the full path to your Putty key file (ex. C:UsersJoeawsawskey.ppk). Under “Session”, enter the public hostname of your instance. Give your session a name (ex. “aws-webserver”) and save it. Then click “open” to SSH into your new instance.

Log in with username “ubuntu”. No password should be required, since you are authenticating by private key.

Configure a Linux SSH client to use the private key

If you’re using a Linux client instead, SSH via private key is a lot easier. Just set the proper permissions on the key and then use the -i argument to SSH.

chmod 400 ~/aws/awskey.pem # Make the private key readable only by you
ssh -i ~/aws/awskey.pem ubuntu@your.ec2.hostname

Optional: Allow password authentication and create user accounts

By default, you can only log in to your instance via SSH using the private key. This has some security benefit–it prevents brute-force password attacks. If you want to make the security trade-off, you can enable password authentication by following these steps.

Edit /etc/ssh/sshd_config:

sudo vi /etc/ssh/sshd_config

Change the following line to:

PasswordAuthentication yes

Restart the ssh daemon:

sudo service ssh restart

To allow installing plugins and themes from the WordPress admin interface as the ubuntu user via SSH, create a password for the ubuntu user.

sudo passwd ubuntu

To add a new user account, with access to run commands as root using sudo, follow these steps:

Allow users in the “sudo” system group to run commands as root via sudo without a password:

sudo visudo

Uncomment the following line:

%sudo ALL=NOPASSWD: ALL

Add a new user (ex. “bonzo”):

sudo adduser bonzo
# Add bonzo to the “sudo” group, so he can sudo without a password
sudo  usermod -G sudo bonzo

Install the LAMP stack

Install packages

First update any existing packages:

sudo apt-get update && sudo apt-get upgrade -y

Install Apache2, MySQL, and PHP (aka the LAMP stack).

 sudo tasksel install lamp-server

You’ll be prompted to set a root password for MySQL. Make sure to write it down for later.

Install additional packages. libssh2-php allows installing plugins via SSH instead of FTP. php5-gd allows image manipulation. mailutils allows WordPress to send mail.

sudo apt-get install libssh2-php php5-gd mailutils

When prompted by the mailutils install, select “Internet site”, and set the hostname to the hostname you created for the instance in your own DNS configuration.

Edit the Apache config

sudo vi /etc/apache2/sites-available/default

Change “DocumentRoot /var/www” to:

DocumentRoot /var/www/wordpress

Change the  “<Directory /var/www>” block to:

<Directory /var/www/wordpress>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
</Directory>

Note that in addition to changing the document root, we’ve changed “AllowOverride” from “none” to “All”. This allows WordPress to rewrite URLs in the .htaccess file.

Enable Apache’s rewrite functionality to support clean URLs:

 sudo a2enmod rewrite

Restart Apache to make the changes take effect:

sudo service apache2 restart

Install WordPress

Download and extract WordPress

wget http://wordpress.org/latest.tar.gz
tar -xzvf latest.tar.gz
sudo mv wordpress /var/www/
sudo chown -R ubuntu:www-data /var/www/wordpress
sudo chmod g+s /var/www/wordpress
# Temporarily allow the web server to write to the wordpress directory.
# We'll disable this later.
sudo chmod g+w /var/www/wordpress

Create a wordpress database and MySQL user

mysql -uroot -p
mysql> CREATE DATABASE wordpress;
mysql> GRANT ALL PRIVILEGES ON wordpress.* TO "wordpress"@"localhost"
    IDENTIFIED BY "somepassword";
mysql> FLUSH PRIVILEGES;
mysql> EXIT

Launch the web-based installer

Navigate to your site in your browser. The WordPress installer should be the default page.

Click the button to “create config file”, and then follow the instructions so set up WordPress using your wordpress MySQL username and password.

Set up permalinks

Log in as the admin and go to Settings->Permalinks. Choose your preferred URL format and click save.

(Do this before locking down the permissions in the next step, to allow WordPress to create the .htaccess file for you.)

Fix up the file permissions

# Remove write access from the web server to the wordpress root
sudo chmod g-w /var/www/wordpress
cd /var/www/wordpress
# Allow the web server to write to the uploads directory
sudo mkdir wp-content/uploads
sudo chown ubuntu:www-data wp-content/uploads
sudo chmod g+w wp-content/uploads
# Make sure all new content is owned by the www-data group
sudo chmod g+s wp-content/uploads wp-content/plugins wp-content/themes

To allow editing theme files via the web interface, make the theme directory web-writable too.

chmod g+w wp-content/themes

That’s it! You should be good to go. Open your WordPress blog and start doing your thing.

Related links

14 thoughts on “Free clouds: Setting up WordPress on a free Amazon EC2 instance”

  1. Thank-you for publishing this post. I find it informative and actionable. I will link up to your side for future posts.

  2. Thanks for this – awesome article!

    One gotcha: when using putty to connect to my instance, I had to specify the username ‘ubuntu’ in Connection -> Data, in the Login Details, the box labelled ‘Auto-login username’ – otherwise my instance wouldn’t let me in and putty terminated with “server refused our key”.

    Thanks,
    Luke

  3. I am running into some issues installing plugins on the site. I am completely new to WordPress, so please excuse my ignorance. When I try to install a plugin or theme, WordPress brings up a connection information page. I tried using SSH 2, using hostenamehere.compute-1.amazonaws.com as the hostname, my ssh username as the username and my ssh password as the password. I left the public and private key blank. I am getting errors connecting. I tried using the same ssh username/pass and I am able to successfully SSH into my ec2 server. Any ideas?

  4. I have point my website (example.com) to the Elastic IP of EC2 (11.22.33.44) in A record. The public DNS of my Amazon server is like ec2.compute.amazonaws.com. My application index page is ec2.compute.amazonaws.com/magento/index.php.

    Currently, It has no problem of the URL if I entered example.com/magento/index.php, however, when I click a link in the homepage, for example “My cart”, it would redirect to ec2.compute.amazonaws.com/magento/index.php/checkout/cart/ , So what should I if I wanna rewrite ec2.compute.amazonaws.com/magento/index.php to example.com?

  5. Please help me. I am trying to find the configuration page and the only thing I get when going to my site is the tomcat page which says tomcat is installed correctly. I am not sure what I’m supposed to navigate to from here or put in the address. I appreciate it a lot.

  6. I’m having a weird issue I cant seem to be able to subscribe your feed, I’m using google reader by the way.

  7. Hi to all, how is the whole thing, I think every one is getting more from this
    web site, and your views are fastidious in support
    of new viewers.

Comments are closed.