Archive for 04

Starting a LAMP Server in Ubuntu 13.04 (AWS) Part 2: Mounting & Apache

Posted in Tutorials with tags , , , , , , , , , , , , , , , on July 11, 2013 by chrispikul510

Continuing from Part 1. We now have a working Ubuntu EC2 Instance from Amazon’s AWS Web Services. We made a secondary volume and attached it. We gave it an IP address to reference it from. And we got our SSH up and running so we can easily log into it from home. So whats our next steps? Well lets make this thing functional!

To start the process, even though we attached a volume from AWS’s console it doesn’t actually format or properly mount the volume in Ubuntu. In other words, the wires are connected, but Ubuntu doesn’t know what to do with it. So to fix this is easy. Log into your instance through SSH. If your on a Mac, type in “terminal” in spotlight. Launch the terminal app and type the ssh command you learned from Part 1. If you’re on Windows, you’ll need to start up Putty (A windows SSH shell) and log in with the settings you created for your server. Once your in, we can begin. A quick note on using Ubuntu with EC2 instances. Amazon always sets up the default SSH to require a Private/Public Key Pair. It will not use passwords, and SHOULDN’T. So even if you feel like changing it, don’t. Also, they disable you from logging directly into Root. This is also for your benefit. Although, the default user of “ubuntu” is still a sudoer and can do everything root can, including becoming root. It’s best that you stay as ubuntu and get used to just prefixing certain commands with “sudo”. This is to prevent you from accidentally mucking things up. For those that are unfamiliar with linux commands, sudo basically means, do this as if I was root. Not every user has this power, so if you create new users they will not be able to run sudo commands unless you add them to the sudoer list. But thats getting a bit complicated for us.

Formatting & Mounting an EBS Volume

So we have a EBS all hooked up, but we need to tell Ubuntu how to use it. Easy peasy. First step. Even though AWS says it mounted to /dev/sdb it didn’t. Because newer Ubuntu installations don’t call it sdb anymore. They call it “xvdb”. The last letter is still the general mount point if you think about it. So if you mounted to “/dev/sdf” for some reason, you’ll actually be looking for “/dev/xvdf”. Not too complicated. If you’re unsure where it is, check the AWS dashboard under Volumes. Select the extra volume and in the details it will tell you the mount point. Or, in the terminal you can just use this command to show the mounted volumes. XVDA1 is the root drive. Don’t mess with it.

ls /dev | grep xvd

So now that we know the mount name (/dev/xvdb) we need to format it to a filesystem that ubuntu uses. In this case we will be using EXT4. The command for that is as follows….

sudo mkfs.ext4 /dev/xvdb

After pressing enter, your terminal should start populating with commentary on how its writing blocks and journals and such. When its finished and back to the prompt, we can now make the mount point in which it will be attached. Simple enough. You can name it whatever you want but I like “vol” since its easy to recognize and short enough to be easy to type.

sudo mkdir -m 000 /vol

Now to attach the drive to that new folder. This is a pretty simple process.

sudo mount /dev/xvdb /vol

Who knew it was that easy? Well theres one issue. While this is in fact mounted, if you restart or reboot the system it will not be attached. Now some people will tell you to add a “fstab” entry that will attach it. Fstab is basically the script that executes when the system is booting up before the users and other services are started. While this perfectly correct in most circumstances it is NOT in Amazon AWS. In fact, if you do the fstab entry solution you will brick your instance as soon as it reboots. This is because AWS instances are VPS’, they are only virtual software emulating a box. So in the process that they allocate and attach EBS volumes is past the fstab execution point. So the fstab entry will be looking for something that does not exist yet and will stop the boot from continuing, meaning your system will hang and none of the SSH services are available for you to fix it. So what I do is add it to the “rc.local” script. This script is executed when the users are loaded up. Which is sufficient time for AWS to attach the volume. To edit it type in the command “sudo nano /etc/rc.local”. You should be greated with some commented text (lines that start with #) telling you about its purpose. Directly after the comments and before the “exit 0” line enter the sudo mount command from above. Then press CONTROL+X, then Y, then ENTER. Now the system will automatically mount the drive when rebooted.

Installing the LAMP Web Server

We are now ready to start installing some packages. The first one up is Apache2 web server. I will take this time to tell you that there are other web server options such as lighttp, and nginx. They are both better at synchronously handling requests as well as proxying, but I feel as if there PHP performance suffers. If your going to be making a proxy or maybe a simple content delivery network I would suggest looking into NGINX. But thats a different tutorial. Apache2 is tried and true. I doubt I would be a lier if I told you that the majority of websites on the internet are ran using Apache. Plus I find it a bit easier to configure. So how do we? Well we will be using the apt app.

sudo apt-get install apache2

Now the wheels should start spinning and it will ask you if you want to install the specified packages. To which I say, duh!. So let it go and install. The packages have gotten much smarter, so when its finished installing it should really just be working. You can test it by firing up your browser and typing in the Elastic IP address that you gave it earlier. If you get a page back that says “It works!” then, well, it works! Anything else and we got problems. Leave me some comments if you run into issues here because it could be a multitude of things. Oh, and if your getting all excited about using domain names and such, calm down. IP’s will be good enough for now. Next up, PHP5

sudo apt-get install php5 libapache2-mod-php5

Once again, it will confirm that you want to install the specified packages. Enter a nice “Y” and enter. It will automatically detect Apache and install the necessary modules as well as restart the Apache web server. So basically when its done loading its good to go. Next up is MySQL database. Heres the install command.

sudo apt-get install mysql-server libapache2-mod-auth-mysql php5-mysql

It will show a big pink screen asking for a password. Enter something strong, but that you can remember. In fact, write it down on paper. Seriously. This is the databases root administrative password. So slap yourself if you entered “1234”. Anyways, let it finish installing. And just like PHP it will automatically restart the web server.

Until Next Time

So at this point, we have the volume setup. We also installed the bare packages for Apache2, PHP, and MySQL. But now we have to configure them. So join me on the next installment and we will dive deep into configuring and customizing our server to be both secure and stable.

Starting a LAMP Server in Ubuntu 13.04 (AWS) Part 1: Amazon AWS

Posted in Tutorials with tags , , , , , , , , , , , , , , on July 11, 2013 by chrispikul510

So part of the way through creating this newest LAMP stack server in Amazon’s AWS I figured I might need to document it. Since it generally takes people (at lease myself) a lot of googling and cross-checking values in between linux distros and versions, etc. So hopefully, this should be a complete tutorial on the process I did to get a functioning LAMP server working.

Now some perquisite understandings. I’m using a Mac (irrelevant really) and Amazons’s AWS Web Services for my VP Servers. I do (mostly) everything through Terminal and SSH. The target requirements for our server are…

  • Ubuntu 13.04 (But really, 12.X will work too)
  • Apache2 Web Server
  • MySQL Client/Server
  • PHP5
  • Secondary EBS (Drive) Volume
  • Secure SSH Access
  • Protection from scanners, brute-forcers, and other na’er-do-wells.

So. These are our requirements, where to start? Well in your Amazon AWS EC2 dashboard, we need to create a new instance. So get to EC2->Instances->Launch Instance. It should bring up the Create New Instance window and give you 3 options. Choose the Classic Wizard and click continue. Under the Quick Start tab select Ubuntu Server 13.04. I left the platform radios defaulted to 64 bit, because duh, we want 64 bit. Then choose select.

So in the next window you really don’t need to do anything. Unless you want a specific instance type (more power = higher cost). Or an availability zone. But unless you have specific needs for these. Click “continue”. Next up is the Advanced Instance Options portion. Theres rally only three things to consider here. 1) Do we want (to pay for) CloudWatch monitoring. It allows you to view fun graphs such as CPU usage and Volume Read/Write bandwidths. 2) Termination Protection. This basically makes it so you have to take a couple extra steps to fully delete this instance from AWS. 3) Shutdown Behavior. When we tell AWS to shut this down, do we want it deleted as well? This is risky if you or anyone of this AWS account has an itchy trigger finger.

After those have been considered, the defaults are fine. Most of the other options relate to more advanced instances then the Free Tier T1.micro. Next up is Storage Devices. You’ll see the Root volume that should be 8 GiB. This is generally fine for a Root volume. Unless your going to have TONS of data on the root drive. I wouldn’t change it. But click Edit anyways. In the new section that drops down. Select EBS Volumes. Then fill out the volume size. The bigger the drive the more it costs. So even though you could create a terabyte drive here, ask yourself if you need it. I went with another 8 GiB. Because this is a tutorial and I’m gonna delete it anyways. Now under the Device portion it should say /dev/ then a drop-down box. Set that box to sdb. What this does is sets which mount point in ubuntu will this drive be attached to. Remember this option as its very important later. Which one you choose isn’t really, but I like sdb since it’s next in line. Then either leave checked or uncheck the Delete on Termination option. I leave them unchecked. This way if I destroy this instance, the volume can be re-attached on another instance. When done with that, click Add. Then continue.

Next page isn’t useful. Its basically where you add your own labels to the instance so you can understand what it is in the AWS dashboard. Fill out a name though at least if you have multiple instances.

Next up is the Create Key Pair page. This is IMPORTANT. If you all ready have made key pairs and know what they are, go ahead and select “Choose from your existing Key Pairs” and pick yours. If this is your first instance. Select “Create a new Key Pair”. Enter the name for it such as UbuntuServer and click “Create & Download you Key Pair”. And just as the message below that link says. Save it somewhere easy for you to remember. I saved it directly into documents on my mac. On my Win PC I might create a SSH folder directly on my drive and save it there. Do not loose this. And do not try and change it. When you got that figured out, continue to the Configure Firewall section.

On this page I generally recommend to always “Create a new Security Group”. Because some of your instances may have different firewall needs then others. For instance, a Web Server needs the general HTTP and HTTPS ports and thats about it, where as a full Mail Server will need HTTP, HTTPS, SMTP, SMTPS, POP3, IMAP, etc. The less you allow here the better. Only use what you absolutely need. So give this a Name and Description and start adding rules. If your going to enter port ranges (bad practice in my book) leave the “create a new rule” box on Custom TCP rule. If its a standard or common port, its probably listed in that drop down box. First one you must have is SSH. So click the box and select SSH. You’ll notice now you need an address. Leaving this at will mean any IP address can access this port. And when it comes to SSH, thats a NO NO. So enter an address. If your on a trusted network you can enter your networks CIDR mask. If you don’t know what a CIDR mask is, you’ll have to google it. But what I can tell you is use nothing bigger then 24 unless you know what your doing. For a single absolute address use 32. Ie. What that last bit (the /32) means is basically how big a range. 32 will match 1 address. /24 would match 127.127.127.*. So I recommend entering your absolute address with the CIDR mask as /32. When you’ve done that, click Add Rule. Now add the following rules: HTTP, HTTPS, SMTP, and MYSQL (if you want remote db access, I didn’t since I just use the terminal). Once your happy with these options go ahead and click next. You can always alter these options later. In fact, you will. After that review that everything is right and click Launch.

At this point the wheels should be spinning and AWS is launching your brand new bare-bones ubuntu server. Once your back at the dashboard looking at your new instance being started. Nows a good time to click the Elastic IP’s option under “Network & Security” on the left toolbar. Once there. Click the “Allocate New Address” button at the top. EC2 should be selected. Click “Yes, Allocate”. Now a new address should pop up on the dashboard. Select it, and click Associate Address from the top bar. Your new instance should all ready selected in the drop down. If its not, find it and select it. AWS uses Instance ID’s instead of your Key/Values so you’ll have to go back to the Instances portion, find the new instance, and write down the Instance ID. Once you got that down, go ahead and associate it. What this does is gives your instance a static IP address that you can use to access it.

Ok. That should be it for Amazon AWS’s portion for now. Next up we need to actually log in to it and start configuring our new server. Once again, I’m on a Mac so I will write down the instructions for Mac/Linux boxes. If your a Windows user, sorry, I will write down those instructions later.

Mac Instructions:

Open up the terminal app. You can do this easily but pressing Command+Space and typing “terminal” into the spotlight box. Once thats open we need to adjust and move some stuff around. Type in this command to make sure theres an SSH folder for this user.

ls ~/.ssh

You should get a read out of some file contents. If not, use this command to create it.

mkdir ~/.ssh

Now lets copy in our Key file. Remember, its the one you saved earlier in the Create Key Pair option. Use this command.

cp ~/Documents/KeyFile.pem ~/.ssh

Good. Now to make sure this has worked and that we can log in. We need to use ssh and the keyfile. Heres the general command syntax (all one line).

ssh -i ~/.ssh/KeyFile.pem ubuntu@YOUR.INSTANCE.IP.ADDRESS

If all works, it should ask you if you want to add the footprint to the known_hosts file. Type in yes and press enter. At this point it SHOULD log you in and you’ll be greeted with a bunch of text about how is ubuntu 13.04 and some system specs, and finally a command prompt line that should look similar to “ubuntu@ip-X-X-X-X:~$”. If you see this we are all good and can start configuring. If not and you receive a message about the Key File being rejected then its time to hit the google. In my travels have found that 9/10 times its because the file permissions got changed. And generally can be solved by settings the key files permissions like this.

chmod 600 ~/.ssh/KeyFile.pem

Now if you want an easy way to login without having to type that heavy command use this command (exactly)

nano ~/.ssh/config

Then copy these lines with your relative data changed.

User ubuntu
Port 25
IdentityFile ~/.ssh/[YOUR KEY FILE]

Then save it with CONTROL+X then press Y and ENTER. Now all you have to enter is…


And press enter. So now you have a server (well sort of) and a way to log into it. Check in later for the next part in the series. As a final touch, so far we have accomplished:

  • Started a new Ubuntu Instance
  • Created our secure KeyPair file
  • Adjusted our Firewall to be nice and secure
  • Gave it a static IP address
  • Setup our computer to login using SSH.