Quick Commands for Setting Up AWS EC2 Website Server

This is an abbreviated guide based on Amazon's tutorials and piecemealed advice from around the web to set-up a standard website server instance with EC2. For complete explanations regarding Amazon LAMP, visit this link: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/install-LAMP.html

Security Inbound Rules:

HTTP 80 0.0.0.0/0
HTTPS 443 0.0.0.0/0
Custom TCP Rule 1024 - 1048 0.0.0.0/0
Custom TCP Rule 20 - 21 0.0.0.0/0

1. Connect to instance with key and SSH

2. Install LAMP

sudo yum update -y
sudo yum install -y httpd24 php70 mysql56-server php70-mysqlnd mod24_ssl
sudo service httpd start

3. Setup LAMP

sudo usermod -a -G apache ec2-user
exit
reconnect to instance through ssh
sudo chown -R ec2-user:apache /var/www/
sudo chown -R apache:apache /var/www/
sudo chmod 2775 /var/www
find /var/www -type d -exec sudo chmod 2775 {} \;
find /var/www -type f -exec sudo chmod 0664 {} \;
sudo chown -R apache:apache /var/www/html
sudo service httpd restart
sudo service mysqld start
sudo mysql_secure_installation
sudo chkconfig mysqld on

4. Install FTP

sudo yum install vsftpd
sudo nano /etc/vsftpd/vsftpd.conf
- change: anonymous_enable=NO
- uncomment: chroot_local_user=YES
- add:
  - pasv_enable=YES
  - pasv_min_port=1024
  - pasv_max_port=1048
  - pasv_address=aws.public.ip.address
  - local_root=/var/www/
sudo chkconfig --level 345 vsftpd on
sudo /etc/init.d/vsftpd restart

5. Create symlink to webroot in ec2-user FTP home folder

ln -s /var/www/html ~/webroot

6. Allow htaccess to override Apache

sudo nano /etc/httpd/conf/httpd.conf
- for <Directory "/var/www/html"> change: AllowOverride All
sudo service httpd restart

Appedix A: Adding FTP users with /var/www/ permissions

1. Allow password authentication

sudo nano /etc/ssh/sshd_config
- change: PasswordAuthentication yes
sudo service sshd restart

2. Add new user to webroot folder

sudo adduser username
sudo passwd username
- type in user's password
sudo usermod -d /var/www/ username
- skip this step if you plan on having this user ssh into the insatnce in the future
sudo usermod -a -G apache username

3. Give user write permissions to existing files and directories.

find /var/www -type d -exec sudo chmod 2775 {} \;
find /var/www -type f -exec sudo chmod 0664 {} \;
sudo service httpd restart

Appedix B: Change PHP version

1. Link the version you need to alternatives if not already done

sudo ln -sf /etc/httpd/conf.d/php-conf.x.x /etc/alternatives/php.conf
sudo ln -sf /etc/httpd/conf.modules.d/15-php-conf.x.x/etc/alternatives/10-php.conf

2. Select PHP version

sudo alternatives --config php

Appedix C: Add new SSH user to Linux

It is preferable to add the user via cloud-init if possible, however that requires stopping the instance.

1. Add new user to Linux

sudo adduser username
sudo usermod -a -G apache username

2. Give user write permissions to existing files and directories.

find /var/www -type d -exec sudo chmod 2775 {} \;
find /var/www -type f -exec sudo chmod 0664 {} \;
sudo service httpd restart

3. Add SSH directory for user

sudo su username
cd
mkdir .ssh
chmod 700 .ssh

4. Create authorized keys file in SSH directory

touch .ssh/authorized_keys
chmod 600 .ssh/authorized_keys

5. Add and verify public key to SSH

nano .ssh/authorized_keys
- paste public key and write-out

6. Create symlink to webroot in FTP home folder

ln -s /var/www/html ~/webroot

7. (Optional) Add to sudoers

exit
sudo nano /etc/sudoers.d/cloud-init
copy the following into the file replacing the user name and write-out
- username ALL=(ALL) NOPASSWD:ALL

8. Test key connection

exit
login into instance using key
- ssh -i "path/to/key" username@instance-address

evansekeful/amazon-ec2-fullsetup-linux1.md