Category Archives: EC2

Apache2 reading from sshfs share

Posted on by

Today, I have encountered problems trying to read data from sshfs share in apache2. I was getting 403 Forbidden error. It turned out you need to enable other_user in sshfs, so other users than the one mounting the share can access the data, as apache2 is using www-data user.

# uncomment last line of /etc/fuse.conf
# Allow non-root users to specify the allow_other or allow_root mount options.
user_allow_other
 
# enable other_user and read access by non-root
sudo chmod a+r /etc/fuse.conf
 
# remount
sudo umount DESTINATION
sshfs -o allow_other SHARE DESTINATION

Inspired by serverfault and unix.stackexchange.

Change temporary directory in Linux

Posted on by

Sometimes, the size of / (root) mount is limited and in result some processes requiring large /tmp may fail. This can be solved by setting environmental variable TMPDIR:

mkdir -p /home/$USER/tmp
TMPDIR=$(mktemp -d /home/$USER/tmp/XXXX)
TMP=$TMPDIR
TEMP=$TMPDIR
export TMPDIR TMP TEMP

More info on serverfault.

Transfer WordPress to Amazon EC2

Posted on by

After rather successful year of using WordPress, I have decided to move my blog to AWS. I was considering the move for long time, motivated by Free Tier and finally I found some time to do it.

At first, I have created WordPress Stack using CloudFormation, but personally I prefer Ubuntu over Amazon Linux and I will focus on configuration of Ubuntu EC2 instance here.

  1. Export your existing blog
    WP-Admin > Tools > Export

  2. Login to AWS console and Create Key Pair
  3. Launch EC2 instance
    I use Ubuntu HVM. I recommend t2.micro, as it’s free for the first year. You should specify created/uploaded key.

  4. Login to your EC2 instance using Public DNS or IP and your key 
    ssh -i .aws/your_key.pem ubuntu@ec2xxxxx.compute.amazonaws.com

    NOTE: you key should be readable only by you. To achieve that, you can do:

    chmod 600 .aws/your_key.pem
  5. Configure Ubuntu 
    sudo apt-get update && sudo apt-get upgrade
sudo apt-get install apache2 php5 php5-mysql libapache2-mod-php5 libapache2-mod-auth-mysql mysql-server
  6. Configure MySQL 
    sudo mysql_secure_installation
mysql -uroot -p

CREATE DATABASE wordpress;
CREATE USER 'wordpress' IDENTIFIED BY 'SOMEPASS';
GRANT ALL ON wordpress.* TO 'wordpress';
  7. Configure wordpress 
    sudo -i
cd /var/www/html/
wget https://wordpress.org/latest.tar.gz
tar xpfz latest.tar.gz
rm latest.tar.gz
cd wordpress/
mv wp-config-sample.php wp-config.php
sudo chown -R www-data:www-data /var/www/html

# edit wp-config.php
define('DB_NAME', 'wordpress');
define('DB_USER', 'wordpress');
define('DB_PASSWORD', 'SOMEPASS');
define('DB_HOST', 'localhost');
  8. Configure Apache 
    # edit /etc/apache2/sites-available/wordpress.conf

ServerName ec2xxxxx.compute.amazonaws.com
ServerAlias YOURDOMAIN.COM
DocumentRoot /var/www/html/wordpress
DirectoryIndex index.php

AllowOverride All
Order Deny,Allow
Allow from all

# enable wordpress in apache2
sudo a2ensite wordpress
sudo service apache2 restart
  9. Enable HTTP access to your EC2 instance
    Go to EC2 console > Instances > Select you instance > Description >
    Click on your `Security group` > Select Inbound > Edit > Add rule > HTTP > Save

  10. Point your webrowser to your EC2 instance: http://ec2xxxxx.compute.amazonaws.com/
  11. Setup your wordpress account
  12. Upload dumped wordpress data
    WP-Admin > Tools > Import > WordPress > > Upload file import
    NOTES:
    You will need to install WordPress Importer plugin.

  13. Assign post to correct user.
    Don’t forget to Import Attachments!

  14. Install your favourite plugins and themes
    As for plugins, I strongly recommend: JetPack, SyntaxHighlighter Evolved, Google Analytics Dashboard for WP and BackUpWordPress or ajax-load-more.

  15. Add favicon
    Copy selected favicon.ico to /var/www/html/wordpress

Voilà!
BTW: You may want to increase security of your instance and setup swap just in case memory usage exceeds your EC2 instance size.

EC2 instance safety instructions

Posted on by
  1. Add non-default user and add it to sudo group 
    sudo adduser USERNAME
sudo usermod -a -G sudo USERNAME
# switch user
su USERNAME
  2. Edit /etc/ssh/sshd_config 
    # change port to non-default port ie 3434 
# & add this port to your instance Security Groups > Inbound
Port 3434

# enable password authentication
PasswordAuthentication yes

# restart ssh
sudo service ssh restart 

###
# make sure you can login with 
# your new username before continuing
###

# disable root login without password by commenting: 
#PermitRootLogin without-password

# restart ssh
sudo service ssh restart
  3. Secure MySQL isntallation 
    sudo mysql_secure_installation
  4. Reboot 
    sudo reboot