Starting a LAMP Server in Ubuntu 13.04 (AWS) Part 1: Amazon AWS
So part of the way through creating this newest LAMP stack server in Amazon’s AWS I figured I might need to document it. Since it generally takes people (at lease myself) a lot of googling and cross-checking values in between linux distros and versions, etc. So hopefully, this should be a complete tutorial on the process I did to get a functioning LAMP server working.
Now some perquisite understandings. I’m using a Mac (irrelevant really) and Amazons’s AWS Web Services for my VP Servers. I do (mostly) everything through Terminal and SSH. The target requirements for our server are…
- Ubuntu 13.04 (But really, 12.X will work too)
- Apache2 Web Server
- MySQL Client/Server
- Secondary EBS (Drive) Volume
- Secure SSH Access
- Protection from scanners, brute-forcers, and other na’er-do-wells.
So. These are our requirements, where to start? Well in your Amazon AWS EC2 dashboard, we need to create a new instance. So get to EC2->Instances->Launch Instance. It should bring up the Create New Instance window and give you 3 options. Choose the Classic Wizard and click continue. Under the Quick Start tab select Ubuntu Server 13.04. I left the platform radios defaulted to 64 bit, because duh, we want 64 bit. Then choose select.
So in the next window you really don’t need to do anything. Unless you want a specific instance type (more power = higher cost). Or an availability zone. But unless you have specific needs for these. Click “continue”. Next up is the Advanced Instance Options portion. Theres rally only three things to consider here. 1) Do we want (to pay for) CloudWatch monitoring. It allows you to view fun graphs such as CPU usage and Volume Read/Write bandwidths. 2) Termination Protection. This basically makes it so you have to take a couple extra steps to fully delete this instance from AWS. 3) Shutdown Behavior. When we tell AWS to shut this down, do we want it deleted as well? This is risky if you or anyone of this AWS account has an itchy trigger finger.
After those have been considered, the defaults are fine. Most of the other options relate to more advanced instances then the Free Tier T1.micro. Next up is Storage Devices. You’ll see the Root volume that should be 8 GiB. This is generally fine for a Root volume. Unless your going to have TONS of data on the root drive. I wouldn’t change it. But click Edit anyways. In the new section that drops down. Select EBS Volumes. Then fill out the volume size. The bigger the drive the more it costs. So even though you could create a terabyte drive here, ask yourself if you need it. I went with another 8 GiB. Because this is a tutorial and I’m gonna delete it anyways. Now under the Device portion it should say /dev/ then a drop-down box. Set that box to sdb. What this does is sets which mount point in ubuntu will this drive be attached to. Remember this option as its very important later. Which one you choose isn’t really, but I like sdb since it’s next in line. Then either leave checked or uncheck the Delete on Termination option. I leave them unchecked. This way if I destroy this instance, the volume can be re-attached on another instance. When done with that, click Add. Then continue.
Next page isn’t useful. Its basically where you add your own labels to the instance so you can understand what it is in the AWS dashboard. Fill out a name though at least if you have multiple instances.
Next up is the Create Key Pair page. This is IMPORTANT. If you all ready have made key pairs and know what they are, go ahead and select “Choose from your existing Key Pairs” and pick yours. If this is your first instance. Select “Create a new Key Pair”. Enter the name for it such as UbuntuServer and click “Create & Download you Key Pair”. And just as the message below that link says. Save it somewhere easy for you to remember. I saved it directly into documents on my mac. On my Win PC I might create a SSH folder directly on my drive and save it there. Do not loose this. And do not try and change it. When you got that figured out, continue to the Configure Firewall section.
On this page I generally recommend to always “Create a new Security Group”. Because some of your instances may have different firewall needs then others. For instance, a Web Server needs the general HTTP and HTTPS ports and thats about it, where as a full Mail Server will need HTTP, HTTPS, SMTP, SMTPS, POP3, IMAP, etc. The less you allow here the better. Only use what you absolutely need. So give this a Name and Description and start adding rules. If your going to enter port ranges (bad practice in my book) leave the “create a new rule” box on Custom TCP rule. If its a standard or common port, its probably listed in that drop down box. First one you must have is SSH. So click the box and select SSH. You’ll notice now you need an address. Leaving this at 0.0.0.0/0 will mean any IP address can access this port. And when it comes to SSH, thats a NO NO. So enter an address. If your on a trusted network you can enter your networks CIDR mask. If you don’t know what a CIDR mask is, you’ll have to google it. But what I can tell you is use nothing bigger then 24 unless you know what your doing. For a single absolute address use 32. Ie. 127.127.127.127/32. What that last bit (the /32) means is basically how big a range. 32 will match 1 address. /24 would match 127.127.127.*. So I recommend entering your absolute address with the CIDR mask as /32. When you’ve done that, click Add Rule. Now add the following rules: HTTP, HTTPS, SMTP, and MYSQL (if you want remote db access, I didn’t since I just use the terminal). Once your happy with these options go ahead and click next. You can always alter these options later. In fact, you will. After that review that everything is right and click Launch.
At this point the wheels should be spinning and AWS is launching your brand new bare-bones ubuntu server. Once your back at the dashboard looking at your new instance being started. Nows a good time to click the Elastic IP’s option under “Network & Security” on the left toolbar. Once there. Click the “Allocate New Address” button at the top. EC2 should be selected. Click “Yes, Allocate”. Now a new address should pop up on the dashboard. Select it, and click Associate Address from the top bar. Your new instance should all ready selected in the drop down. If its not, find it and select it. AWS uses Instance ID’s instead of your Key/Values so you’ll have to go back to the Instances portion, find the new instance, and write down the Instance ID. Once you got that down, go ahead and associate it. What this does is gives your instance a static IP address that you can use to access it.
Ok. That should be it for Amazon AWS’s portion for now. Next up we need to actually log in to it and start configuring our new server. Once again, I’m on a Mac so I will write down the instructions for Mac/Linux boxes. If your a Windows user, sorry, I will write down those instructions later.
Open up the terminal app. You can do this easily but pressing Command+Space and typing “terminal” into the spotlight box. Once thats open we need to adjust and move some stuff around. Type in this command to make sure theres an SSH folder for this user.
You should get a read out of some file contents. If not, use this command to create it.
Now lets copy in our Key file. Remember, its the one you saved earlier in the Create Key Pair option. Use this command.
cp ~/Documents/KeyFile.pem ~/.ssh
Good. Now to make sure this has worked and that we can log in. We need to use ssh and the keyfile. Heres the general command syntax (all one line).
ssh -i ~/.ssh/KeyFile.pem ubuntu@YOUR.INSTANCE.IP.ADDRESS
If all works, it should ask you if you want to add the footprint to the known_hosts file. Type in yes and press enter. At this point it SHOULD log you in and you’ll be greeted with a bunch of text about how is ubuntu 13.04 and some system specs, and finally a command prompt line that should look similar to “ubuntu@ip-X-X-X-X:~$”. If you see this we are all good and can start configuring. If not and you receive a message about the Key File being rejected then its time to hit the google. In my travels have found that 9/10 times its because the file permissions got changed. And generally can be solved by settings the key files permissions like this.
chmod 600 ~/.ssh/KeyFile.pem
Now if you want an easy way to login without having to type that heavy command use this command (exactly)
Then copy these lines with your relative data changed.
Host [GIVE IT A NAME]
HostName [ENTER THE IP ADDRESS]
IdentityFile ~/.ssh/[YOUR KEY FILE]
Then save it with CONTROL+X then press Y and ENTER. Now all you have to enter is…
ssh [THE NAME YOU GAVE IT]
And press enter. So now you have a server (well sort of) and a way to log into it. Check in later for the next part in the series. As a final touch, so far we have accomplished:
- Started a new Ubuntu Instance
- Created our secure KeyPair file
- Adjusted our Firewall to be nice and secure
- Gave it a static IP address
- Setup our computer to login using SSH.