Miles Greatwood

Project notes for a forgetful mind

Project maintained by milesgwood Hosted on GitHub Pages — Theme by mattgraham

Amazon Web Services Projects

Goal: Get PhpMyAdmin on a new AWS account

Create an EC2 instance with a LAMP stack and then install phpMyAdmin. Seems easy enough right?

Connect to instance

You have to make sure your key file is not publicly readable. So fix the permissions.

chmod 400 AWSKey1-15-2018phpMyAdmin.pem
ssh -i "AWSKey1-15-2018phpMyAdmin.pem" ec2-user@ec2-52-15-207-39.us-east-2.compute.amazonaws.com

Installing stack

Tutorial with command

This command installs apache php7 mysql server and a php mysql connector.

sudo yum install -y httpd24 php70 mysql56-server php70-mysqlnd
sudo service httpd start
sudo chkconfig httpd on
chkconfig --list httpd

Starting the mysql server

sudo service mysqld start

Restarting apache

sudo service httpd restart

Test Configure

apachectl configtest

The last command checks that the server is running. Keep going with the tutorial linked.

Change Security settings to allow web traffic
Configure Apache stuff and php
Secure MYSQL database with a password
Install PhpMyAdmin
Secure site with SSL and a domain

PhpMyAdmin

Install with the latest available version. 4.7.7

cd /var/www/html
wget https://files.phpmyadmin.net/phpMyAdmin/4.7.7/phpMyAdmin-4.7.7-all-languages.tar.gz
tar -xvzf phpMyAdmin-4.7.7-all-languages.tar.gz
mv phpMyAdmin-4.7.7-all-languages.tar.gz phpMyAdmin
sudo service mysqld start

Then connect to the database through the url. https://milesgreatwood.com/phpMyAdmin/ Note the capitalization. Link

Securing site with SSL and Cloud Flare

Tutorial

Three important files that have been installed:

/etc/pki/tls/private/localhost.key

An automatically generated, 2048-bit RSA private key for your Amazon EC2 host. During installation, OpenSSL used this key to generate a self-signed host certificate, and you can also use this key to generate a certificate signing request (CSR) to submit to a certificate authority (CA).

/etc/pki/tls/certs/localhost.crt

An automatically generated, self-signed X.509 certificate for your server host. This certificate is useful for testing that Apache is properly set up to use SSL/TLS.

/etc/httpd/conf.d/ssl.conf

The configuration file for mod_ssl. It contains “directives” telling Apache where to find encryption keys and certificates, the SSL/TLS protocol versions to allow, and the encryption ciphers to accept. If you change the names of the keys you have to edit this virtual host entry.

<VirtualHost 192.168.0.1:443>
DocumentRoot   /var/www/html
ServerName     milesgreatwood.com
SSLEngine      on
SSLCertificateFile       /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile    /etc/pki/tls/private/localhost.key
</VirtualHost>

Use these files and the tutorial to make a CSR and send it to Cloudflare to get a SSL Certificate. You have a key, they have a certificate.

Finally to make sure it is secure you must force HTTPS. Add this to the APache config file /etc/httpd/conf/httpd.conf

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule . https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
</VirtualHost>

Connecting phpMyAdmin to a RDS Instance

You need to set the correct credentials for the RDS instance.

sudo vi /var/www/html/phpMyAdmin/config.inc.php

Edit the phpMyAdmin config file witht the correct rds info.

<?php
/*
 * Generated configuration file
 * Generated by: phpMyAdmin 4.7.7 setup script
 * Date: Tue, 16 Jan 2018 01:21:41 +0000
 */

/* Servers configuration */
$i = 0;

/* Server: localhost [1] */
$i++;
$cfg['Servers'][$i]['only_db'] = '';
$cfg['Servers'][$i]['hide_db'] = '';


$i++;
$cfg['Servers'][$i]['host'] = 'moe-audio.cr8bdnqgcx5a.us-east-1.rds.amazonaws.com';
$cfg['Servers'][$i]['port'] = '3306';
$cfg['Servers'][$i]['verbose'] = 'moe1';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['extension'] = 'mysql';
$cfg['Servers'][$i]['compress'] = TRUE;

$i++;
$cfg['Servers'][$i]['host'] = 'moe2.cmlmq39bgdmt.us-east-2.rds.amazonaws.com';
$cfg['Servers'][$i]['port'] = '3306';
$cfg['Servers'][$i]['verbose'] = 'moe2';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['extension'] = 'mysql';
$cfg['Servers'][$i]['compress'] = TRUE;

/* End of servers configuration */

$cfg['blowfish_secret'] = '\')CcV3raVH6[>M2\\nq(QQ%lWL"?@3N~9';
$cfg['DefaultLang'] = 'en';
$cfg['ServerDefault'] = 1;
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
?>

RDS setup and transfer of old database

In phpmyadmin I logged into my old RDS and made a sql dump. Now I need to transfer it over to my new account. I went ahead with a MySQL database running 5.6.37 of the db.t2.micro type with the username milesgwood_db.

Increase the max upload size for the SQL dump to 20MB.

sudo vim /etc/php-7.0.ini
/File Upload - that is how you search in vim
I -for insert
:wq

Getting Wordpress SSL to work

Put this line near the top of wp-config to fix the mixed content error.

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS']='on';

I want to host multiple sites on the same website so I will need to redirect from the root directory. Add this to .htaccess

sudo find / -name ".htaccess"

http://www.zymphonies.com/blog/how-redirect-domain-subdirectory-without-changing-url

RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www.)?buyledgerusa.com$
RewriteRule ^(/)?$ shop [L]

This directs the buyledgerusa.com traffic to the shop folder. /var/www/html/shop/

I initialized a git repo to keep track of all of the file changes that will be made.

sudo apt-get install git-all

Can’t isntall plugins because of premission issues

In wp-config I added this

define('FS_METHOD', 'direct');

Then I got a failure on the dashboard and changed the wp-content directory owner to apache. Some online tutorials say to use www-data but I didn’t create that user. I created apache as the AWS docs recommended.

sudo chown -R apache:apache /var/www/html/shop/wp-content

Cache the Ledger Site for faster serve times

https://stackoverflow.com/questions/447014/website-image-caching-with-apache

# enable the directives - assuming they're not enabled globally
ExpiresActive on

# send an Expires: header for each of these mimetypes (as defined by server)
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"

# css may change a bit sometimes, so define shorter expiration
ExpiresByType text/css "access plus 1 days"

Setting up Anousheh’s site to have SSL

I made a cloudflare account and entered in the correct DNS records for her google domain. For some reason I am not getting a valid certificate. So what I think I will do is take the origin certificates from Cloudflare that they provide for free and install them on the server so that the connection between origin and cloudflare is encrypted with SSL. Tutorial

I need to copy the key and certificate files to the EC2 server.

scp -i MilesLynchLabKey.pem /mnt/c/Users/miles/Documents/lynchlab/* bitnami@ec2-18-188-228-55.us-east-2.compute.amazonaws.com:/opt/bitnami/apache2/conf/

Modified /opt/bitnami/apache2/conf/bitnami/bitnami.conf so now it has the cloudflare keys instead of server.crt and server.key.

Restart Apache and MYSQL and then check to see that they are running.

Putting the certificates in the correct place.

sudo /opt/bitnami/ctlscript.sh restart
sudo /opt/bitnami/ctlscript.sh status

WP Database reset

DROP DATABASE `wordpress-db`;
CREATE DATABASE `wordpress-db`;
GRANT ALL PRIVILEGES ON `wordpress-db`.* TO "wp-user"@"localhost";
FLUSH PRIVILEGES;