illustrated steps to create greggroeten.net with aws · install mariadb don’t install mysql,...
TRANSCRIPT
Thu 11/1/2018
1
Illustrated Steps to create greggroeten.net with AWS
Screenshots of each step
Thu 11/1/2018
2
1. Create VPC 10.10.0/16.
AMI Linux 2, ************* Linux 2 Reqs mariadb and other differences between regular Linux
Thu 11/1/2018
3
2. Create 2 Public and 2 Private subnets, each in different AZ’s. 10.10.1.0/24 - 10.10.4.0/24
Thu 11/1/2018
4
3. Create IGW, assign EIP to IGW, Attach to VPC
VPC dashboard
Internet Gateway, Create Internet Gateway
Thu 11/1/2018
5
4. Create Private Route Table, rename default RT to Public
Thu 11/1/2018
6
5. Create NAT GW, attach to Public Subnet 1A, Create new EIP assign to NAT GW, then attach to private RT
Thu 11/1/2018
7
6. Attach NAT GW to Private RT, Select Private RT, Add routes – Destination 0.0.0.0/0 to NAT GW (not IGW)
Thu 11/1/2018
8
7. Associate Private Subnets to Private RT
Thu 11/1/2018
9
8. Add IGW to Public RT, if Destination is 0.0.0.0/0 RT will route to Target IGW
VPC setup completed
Thu 11/1/2018
10
9. Create EC2 instance, Roeten-VPC, Public Subnet 1a, Enable Public IP (restart will loose IP, assigned new IP) auto create eth0 Network Interface
subnet-06b733f7958e8008a = AZ us-east-1a
Add userdata Bootstrap script, #!/bin/bash yum install httpd -y service httpd start chkconfig httpd on yum install wget -y yum install php php-mysql mysql -y
Thu 11/1/2018
11
Add Tags
Name WebServer
Thu 11/1/2018
12
10. Security Group
SSH TCP 22 0.0.0.0/0 default
HTTP TCP 80 0.0.0.0/0 add, test OK, production delete later
Thu 11/1/2018
13
11. Launch, Create new key Pair, Download Key Pair VirginiaKey.pem
Thu 11/1/2018
14
View Instances, Pending, Initializing…
Thu 11/1/2018
15
Running, Initializing…
Thu 11/1/2018
16
12. IAM
Thu 11/1/2018
17
13. Create Role S3_Full-Access
Thu 11/1/2018
18
14. Create SNS Topic
Thu 11/1/2018
19
15. SNS Topic creation, Subscribe, Go to email and confirm subscription
Thu 11/1/2018
20
Thu 11/1/2018
21
16. Cloudwatch, Create alarm
Thu 11/1/2018
22
Thu 11/1/2018
23
17. Create Lambda function to monitor SNS, trigger is load_balancer_health
Thu 11/1/2018
24
Thu 11/1/2018
25
Test Lambda function
Thu 11/1/2018
26
Thu 11/1/2018
27
18. Attach IAM Role so RDS can communicate with EC2
RDS, Need SG besides 2 defaults SG’s,
Thu 11/1/2018
28
19. RDS - Create database, Mariadb engine, t2 micro 1CPU 1GB RAM, 20GB default, no DB subnet yet.
Wordpress requires DB thus Mariadb
Already allowed dns resolution, change DNS hostnames to YES
Created no problems
Username groetendb
Password is aws…
groetendb.crrhgplksbww.us-east-1.rds.amazonaws.com Old database host Endpoint
groetendb.crrhgplksbww.us-east-1.rds.amazonaws.com New Endpoint
Thu 11/1/2018
29
20. Create ELB, Classic, public subnets only, Create new SG, TCP 80 only, healthy threshold 6, add EC2
Thu 11/1/2018
30
21. Setup Route53 and Domain Name
Public IP: 34.200.246.139 or Elastic IP
RDS endpoint groetendb.crrhgplksbww.us-east-1.rds.amazonaws.com
Cannot access RDS instance groetendb.crrhgplksbww.us-east-1.rds.amazonaws.com on 3306 yet
Setup Route53 and Domain Name
Route53 greggroeten.net
Thu 11/1/2018
31
22. Create Simple Routing policy with type A = Alias Record Set greggroeten.net and EC2 public IP 34.200.246.139
Create Simple Routing policy with type A = Alias Record Set www.greggroeten.net and EC2 public IP 34.200.246.139
Thu 11/1/2018
32
23. Update NS records with godaddy account
Go to godaddy account DNS Management
Nameservers
Change
Custom
Copy Route53 DNS names to GoDaddy
ns-943.awsdns-53.net.
ns-328.awsdns-41.com.
ns-1112.awsdns-11.org.
ns-1830.awsdns-36.co.uk.
Now greggroeten.net domain from GoDaddy is mapped Route52 and Route52 is mapped to EC2 instance
Thu 11/1/2018
33
24. Install a LAMP Web Server on Amazon Linux 2
MobaXterm, SSH to EC2 server, 18.207.182.206, Advanced SSH settings use private key load VirginiaKey.pem, user = ec2-user,
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-lamp-amazon-linux-2.html not regular lamp on linux!!!!!!
Linux 2 requires configuration/command differences than Linux, mysql not working because need to use mariadb
configured your security group to allow SSH (port 22), HTTP (port 80), and HTTPS (port 443) connections
Apache web server with PHP and MariaDB (a community-developed fork of MySQL) support on your Amazon Linux 2 instance (sometimes called a LAMP web server or LAMP stack). You can use this server to host a static website or deploy a dynamic PHP application that reads and writes information to a database.
Prepare the LAMP Server
ensure that all of your software packages are up to date
sudo yum update -y
Install the lamp-mariadb10.2-php7.2 and php7.2 Amazon Linux Extras repositories
Thu 11/1/2018
34
sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
install the Apache web server, MariaDB, and PHP software packages
sudo yum install -y httpd mariadb-server
To install the Apache Web Server, type: yum install httpd
You can view the current versions of these packages with the following command:
yum info <package_name>
yum info mariadb
Start the Apache web server.
sudo systemctl start httpd
Use the systemctl command to configure the Apache web server to start at each system boot.
sudo systemctl enable httpd
You can verify that httpd is on by running the following command:
sudo systemctl is-enabled httpd
Verify VPC security group Type: HTTP Protocol: TCP Port Range: 80 Source: Custom
Test your web server. In a web browser, type the public DNS address (or the public IP address) of your instance
EC2 web address http://18.207.182.206/
Thu 11/1/2018
35
Apache httpd serves files that are kept in a directory called the Apache document root. The Amazon Linux Apache document root is /var/www/html
ec2-user account to manipulate files in this directory, you must modify the ownership and permissions of the directory. There are many ways to accomplish
this task. In this tutorial, you add ec2-user to the apache group, to give the apache group ownership of the /var/www directory and assign write
permissions to the group.
Change the group ownership of /var/www and its contents to the apache group.
$ sudo chown -R apache:apache /var/www
To add group write permissions and to set the group ID on future subdirectories, change the directory permissions of /var/www and its subdirectories.
$ sudo chmod 2775 /var/www && find /var/www -type d -exec sudo chmod 2775 {} \;
To add group write permissions, recursively change the file permissions of /var/www and its subdirectories:
find /var/www -type f -exec sudo chmod 0664 {} \;
Thu 11/1/2018
36
25. Install MariaDB
Don’t install MySQL, mariadb is for Linux 2
Secure the Database Server
Start the MariaDB server.
$ sudo systemctl start mariadb
Run mysql_secure_installation.
$ sudo mysql_secure_installation
When prompted, type a password for the root account.
Type the current root password. By default, the root account does not have a password set. Press Enter.
Type Y to set a password, and type a secure password twice. For more information about creating a secure password, see https://identitysafe.norton.com/password-generator/. Make sure to store this password in a safe place.
Note
Setting a root password for MariaDB is only the most basic measure for securing your database.
When you build or install a database-driven application, you typically create a database service user
for that application and avoid using the root account for anything but database administration.
Type Y to remove the anonymous user accounts.
Type Y to disable the remote root login.
Type Y to remove the test database.
Type Y to reload the privilege tables and save your changes.
(Optional) If you do not plan to use the MariaDB server right away, stop it. You can restart it when you need it again.
[ec2-user ~]$ sudo systemctl stop mariadb
Check is RDS backing-up, service running
Thu 11/1/2018
37
Thu 11/1/2018
38
26. Install wordpress
Goal is to access greggroeten.net using Route53 through EC2 to Wordpress application
sudo su – cd /var/www/html
wget https://wordpress.org/latest.tar.gz tar -xvzf latest.tar.gz cd wordpress/ required package mv * /var/www/html move to www/html so can pick up data cd /etc/httpd/conf vi httpd.conf Change Allow overide parm to All chown -R apache:apache /var/www
34.200.246.139 or greggroeten.net = http://www.greggroeten.net/wp-admin/setup-config.php
Thu 11/1/2018
39
Solution /var/www/html/wordpress/wp-config.php
// ** MySQL settings - You can get this info from your web host ** // /** The name of the database for WordPress */ define('DB_NAME', 'groetendb'); /** MySQL database username */ define('DB_USER', 'groetendb'); /** MySQL database password */ define('DB_PASSWORD', 'aws…'); /** MySQL hostname */ define('DB_HOST', 'localhost'); /** Database Charset to use in creating database tables. */ define('DB_CHARSET', 'utf8'); /** The Database Collate type. Don't change this if in doubt. */ define('DB_COLLATE', '');
MariaDB [(none)]> status
Thu 11/1/2018
40
-------------- mysql Ver 15.1 Distrib 10.2.10-MariaDB, for Linux (x86_64) using EditLine wrapper Connection id: 314 Current database: Current user: [email protected] SSL: Not in use Current pager: stdout Using outfile: '' Using delimiter: ; Server: MariaDB Server version: 10.2.12-MariaDB-log MariaDB Server Protocol version: 10 Connection: groetendb.crrhgplksbww.us-east-1.rds.amazonaws.com via TCP/IP Server characterset: latin1 Db characterset: latin1 Client characterset: utf8 Conn. characterset: utf8 TCP port: 3306 Uptime: 21 hours 42 min 55 sec Threads: 12 Questions: 140908 Slow queries: 0 Opens: 224 Flush tables: 3 Open tables: 25 Queries per second avg: 1.802 -------------- MariaDB [(none)]>
Thu 11/1/2018
41
Thu 11/1/2018
42
Thu 11/1/2018
43
Thu 11/1/2018
44
Access with greggroeten.net, Route53 through EC2 to Wordpress application
Thu 11/1/2018
45
27. Add ELB to connect to WordPress instead of public IP
Goal is to access greggroeten.net using Route53 through ELB to EC2 hosting Wordpress application
Thu 11/1/2018
46
Thu 11/1/2018
47
Can now access greggroeten.net using Route53 through ELB through EC2 to Wordpress application
Web browser use ELB DNS address groetenELB-814708316.us-east-1.elb.amazonaws.com
Thu 11/1/2018
48