Miles Greatwood

Project notes for a forgetful mind

Project maintained by milesgwood Hosted on GitHub Pages — Theme by mattgraham

Amazon Web Services Projects

Goal: Get PhpMyAdmin on a new AWS account

Create an EC2 instance with a LAMP stack and then install phpMyAdmin. Seems easy enough right?

Instance Launch tutorial

Connect to instance

You have to make sure your key file is not publicly readable. So fix the permissions.

chmod 400 AWSKey1-15-2018phpMyAdmin.pem
ssh -i "AWSKey1-15-2018phpMyAdmin.pem"

Installing stack

Tutorial with command

This command installs apache php7 mysql server and a php mysql connector.

sudo yum install -y httpd24 php70 mysql56-server php70-mysqlnd
sudo service httpd start
sudo chkconfig httpd on
chkconfig --list httpd

Starting the mysql server

sudo service mysqld start

Restarting apache

sudo service httpd restart

Test Configure

apachectl configtest

The last command checks that the server is running. Keep going with the tutorial linked.

  1. Change Security settings to allow web traffic
  2. Configure Apache stuff and php
  3. Secure MYSQL database with a password
  4. Install PhpMyAdmin
  5. Secure site with SSL and a domain

Install with the latest available version. 4.7.7

cd /var/www/html
tar -xvzf phpMyAdmin-4.7.7-all-languages.tar.gz
mv phpMyAdmin-4.7.7-all-languages.tar.gz phpMyAdmin
sudo service mysqld start

Then connect to the database through the url. Note the capitalization. Link

Securing site with SSL and Cloud Flare


Three important files that have been installed:


An automatically generated, 2048-bit RSA private key for your Amazon EC2 host. During installation, OpenSSL used this key to generate a self-signed host certificate, and you can also use this key to generate a certificate signing request (CSR) to submit to a certificate authority (CA).


An automatically generated, self-signed X.509 certificate for your server host. This certificate is useful for testing that Apache is properly set up to use SSL/TLS.


The configuration file for mod_ssl. It contains “directives” telling Apache where to find encryption keys and certificates, the SSL/TLS protocol versions to allow, and the encryption ciphers to accept. If you change the names of the keys you have to edit this virtual host entry.

DocumentRoot   /var/www/html
SSLEngine      on
SSLCertificateFile       /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile    /etc/pki/tls/private/localhost.key

Use these files and the tutorial to make a CSR and send it to Cloudflare to get a SSL Certificate. You have a key, they have a certificate.

Finally to make sure it is secure you must force HTTPS. Add this to the APache config file /etc/httpd/conf/httpd.conf

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule . https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

Connecting phpMyAdmin to a RDS Instance

You need to set the correct credentials for the RDS instance.

sudo vi /var/www/html/phpMyAdmin/

Edit the phpMyAdmin config file witht the correct rds info.

 * Generated configuration file
 * Generated by: phpMyAdmin 4.7.7 setup script
 * Date: Tue, 16 Jan 2018 01:21:41 +0000

/* Servers configuration */
$i = 0;

/* Server: localhost [1] */
$cfg['Servers'][$i]['only_db'] = '';
$cfg['Servers'][$i]['hide_db'] = '';

$cfg['Servers'][$i]['host'] = '';
$cfg['Servers'][$i]['port'] = '3306';
$cfg['Servers'][$i]['verbose'] = 'moe1';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['extension'] = 'mysql';
$cfg['Servers'][$i]['compress'] = TRUE;

$cfg['Servers'][$i]['host'] = '';
$cfg['Servers'][$i]['port'] = '3306';
$cfg['Servers'][$i]['verbose'] = 'moe2';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['extension'] = 'mysql';
$cfg['Servers'][$i]['compress'] = TRUE;

/* End of servers configuration */

$cfg['blowfish_secret'] = '\')CcV3raVH6[>M2\\nq(QQ%lWL"?@3N~9';
$cfg['DefaultLang'] = 'en';
$cfg['ServerDefault'] = 1;
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';

RDS setup and transfer of old database

In phpmyadmin I logged into my old RDS and made a sql dump. Now I need to transfer it over to my new account. I went ahead with a MySQL database running 5.6.37 of the db.t2.micro type with the username milesgwood_db.

Increase the max upload size for the SQL dump to 20MB.

sudo vim /etc/php-7.0.ini
/File Upload - that is how you search in vim
I -for insert

Getting Wordpress SSL to work

Put this line near the top of wp-config to fix the mixed content error.

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS']='on';

I want to host multiple sites on the same website so I will need to redirect from the root directory. Add this to .htaccess

sudo find / -name ".htaccess"

RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www.)?$
RewriteRule ^(/)?$ shop [L]

This directs the traffic to the shop folder. /var/www/html/shop/

I initialized a git repo to keep track of all of the file changes that will be made.

sudo apt-get install git-all

Can’t isntall plugins because of premission issues

In wp-config I added this

define('FS_METHOD', 'direct');

Then I got a failure on the dashboard and changed the wp-content directory owner to apache. Some online tutorials say to use www-data but I didn’t create that user. I created apache as the AWS docs recommended.

sudo chown -R apache:apache /var/www/html/shop/wp-content

Cache the Ledger Site for faster serve times

# enable the directives - assuming they're not enabled globally
ExpiresActive on

# send an Expires: header for each of these mimetypes (as defined by server)
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"

# css may change a bit sometimes, so define shorter expiration
ExpiresByType text/css "access plus 1 days"

Setting up Anousheh’s site to have SSL

I made a cloudflare account and entered in the correct DNS records for her google domain. For some reason I am not getting a valid certificate. So what I think I will do is take the origin certificates from Cloudflare that they provide for free and install them on the server so that the connection between origin and cloudflare is encrypted with SSL. Tutorial

I need to copy the key and certificate files to the EC2 server.

scp -i MilesLynchLabKey.pem /mnt/c/Users/miles/Documents/lynchlab/*

Modified /opt/bitnami/apache2/conf/bitnami/bitnami.conf so now it has the cloudflare keys instead of server.crt and server.key.

Restart Apache and MYSQL and then check to see that they are running.

Putting the certificates in the correct place.

sudo /opt/bitnami/ restart
sudo /opt/bitnami/ status

WP Database reset

DROP DATABASE `wordpress-db`;
CREATE DATABASE `wordpress-db`;
GRANT ALL PRIVILEGES ON `wordpress-db`.* TO "wp-user"@"localhost";