Difference between revisions of "AWS Lightsail"

From Indie IT Wiki
Line 477: Line 477:
  
 
... and then you can use [[Ansible]] to update the server, reboot and install any necessary software :-)
 
... and then you can use [[Ansible]] to update the server, reboot and install any necessary software :-)
 +
 +
=== CLI Query Examples ===
 +
 +
https://how.wtf/aws-cli-query-examples.html
  
 
== Ansible ==
 
== Ansible ==

Revision as of 10:52, 16 August 2021

https://aws.amazon.com/lightsail/

DNS

Creating DNS Entries in Lightsail

Using Route 53 Instead of Lightsail Zone

Create DNS entries in Lightsail using AWS CLI 

cat aws_add_dns_entry.sh

#!/bin/bash
/usr/local/bin/aws lightsail --region us-east-1 create-domain-entry --domain-name 'mydomain.co.uk' --domain-entry '{"name":"default._domainkey.mydomain.co.uk","target":"\"v=DKIM1; h=sha256; k=rsa; \" \"p=MIIBIjxxxxxxxxxxxiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurVgfLc8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx9cRHBTEOIR4lmIgatpit\" \"t+v7oQzngmfKpBNoTeyxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxQIDAQAB\"","isAlias":false,"type":"TXT"}'

Installation and Configuration

First Steps

touch .hushlogin
sudo -i
nano /home/ubuntu/{.bashrc,.bash_aliases,.screenrc} /root/{.bashrc,.bash_aliases,.screenrc}
sudo -i
mkdir -p /root/bin
mkdir -p /root/misc
touch --reference=/proc /root/misc/system_installed 
apt-get update
apt-get check
apt-get -y dist-upgrade 
update-grub
update-initramfs -k all -u
touch /root/misc/system_updated
sync
reboot

Initial Update and Release Upgrade and RAM Tweaks

Initial Update

This will make sure you are up-to-date before you do the major upgrade... 

sudo apt update
sudo apt dist-upgrade 
sudo reboot

Release Upgrade

Now we upgrade the Ubuntu system from the supplied 18.04 to the latest 20.04 release... 

sudo apt install update-manager-core
sudo do-release-upgrade -d
sudo reboot

RAM Tweaks

Now we squeeze every last drop of RAM out of the system because we only have 512Mb... 

sudo apt purge landscape-common unattended-upgrades
sudo reboot

Swap File

You can add a 512MB swap to your instance with these commands: 

sudo dd if=/dev/zero of=/swapfile bs=1M count=512
sudo chmod 0600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo echo "/swapfile swap swap defaults 0 0" >>/etc/fstab

Steps

  1. install vm
  2. static ip
  3. dns zone
  4. ssh keys
  5. ubuntu update
  6. ntp timezone update
  7. wordpress update
  8. ssl certificate
  9. remove bitnami icon
  10. postfix
  11. snapshot backup
  12. web admin

Firewall

  1. SSH / tcp / 22 - already set up, but you can edit it to restrict the source IP address to just you!
  2. HTTP / tcp / 80 - already set up.
  3. HTTPS / tcp / 443 - already set up.
  4. Ping / icmp - go to ADD RULE > Application > ICMP > Save

SSH Keys

Download the Default SSH key pair from the Account page of AWS Lightsail and copy it to your ~/.ssh/ directory, then change the permissions of the file... 

chmod 0600 ~/.ssh/lightsail.pem

Add your own public key to the Lightsail server, by using the downloaded key pair... 

cat ~/.ssh/my_id_rsa.pub | ssh -i ~/.ssh/lightsail.pem bitnami@1.2.3.4 "cat >> ~/.ssh/authorized_keys"

Login using your SSH public key... 

ssh bitnami@1.2.3.4

Ubuntu Update

sudo -i
apt-get update
apt-get check
apt-get upgrade
apt-get dist-upgrade
reboot

NTP Timezone Update

sudo dpkg-reconfigure tzdata
sudo date
sudo reboot
sudo timedatectl status
sudo systemctl status systemd-timesyncd

Hostname

sudo hostnamectl set-hostname myserver.domain.com

WordPress Install

PHP

sudo apt-get -y install php7.4-imagick php7.4-cgi php7.4-cli php7.4-common php7.4-curl php7.4-fpm php7.4-gd php7.4-json php7.4-mysql php7.4-readline php7.4-xml php7.4-mbstring php7.4-zip

MySQL

NEW

http://wiki.indie-it.com/wiki/MariaDB

OLD 

sudo -i
wget https://dev.mysql.com/get/mysql-apt-config_0.8.13-1_all.deb
dpkg -i mysql-apt-config_0.8.13-1_all.deb
apt install mysql-server
mysql --version
mysql_secure_installation
mysql -u root -p -e "STATUS;"
mysql -u root -p -e "CREATE DATABASE websitename; CREATE USER 'websitename' IDENTIFIED BY 'goodpassword'; GRANT ALL PRIVILEGES ON websitename.* TO 'websitename'; FLUSH PRIVILEGES;"

NginX

http://wiki.indie-it.com/wiki/NginX#Installation

WP CLI

sudo add-apt-repository ppa:tiagohillebrandt/wp-cli
sudo apt install wp-cli
sudo -u www-data wp --info

WordPress

This is now installed completely via the command line software below. 

# create directories and log files
sudo mkdir -p /var/www/www.domain.co.uk/{html,logs,.wp-cli/cache}
sudo touch /var/www/www.domain.co.uk/logs/{access,error}.log
sudo chmod g+w /var/www/www.domain.co.uk/logs/{access,error}.log
sudo chown -R www-data:www-data /var/www/www.domain.co.uk/

# change to working directory
cd /var/www/www.domain.co.uk/html/

# create environment variables
export WP_CLI_CACHE_DIR=/var/www/www.domain.co.uk/.wp-cli/cache

# check wp cli working
sudo -u www-data -E wp --info

# download the core wordpress files
sudo -u www-data -E wp core download --locale=en_GB

# create a wordpress mysql database
sudo mysql -u root -p -e "CREATE DATABASE domainname; CREATE USER 'domainname' IDENTIFIED BY 'password'; GRANT SELECT, INSERT, UPDATE ON domainname.* TO 'domainname'; FLUSH PRIVILEGES;"

# create a wordpress configuration file
sudo -u www-data -E wp core config --dbname='domainname' --dbuser='domainname' --dbpass='password' --dbhost='localhost' --dbprefix='wp_'

# complete the installation process
sudo -u www-data -E wp core install --url='http://www.domain.co.uk' --title='Ball and Bone' --admin_user='joe.bloggs' --admin_password='password' --admin_email='joe.bloggs@domain.co.uk'

# log in to the web browser to check web site working and admin dashboard works
wget http://www.domain.co.uk

# check for updates
sudo -u www-data -E wp core version
sudo -u www-data -E wp core update
sudo -u www-data -E wp core update-db
sudo -u www-data -E wp plugin list
sudo -u www-data -E wp plugin update --all
sudo -u www-data -E wp theme list
sudo -u www-data -E wp theme update --all
sudo -u www-data -E wp language core list --status=active
sudo -u www-data -E wp language core update --all
sudo -u www-data -E wp language plugin list --all --status=active
sudo -u www-data -E wp language plugin update --all
sudo -u www-data -E wp language theme list --all --status=active
sudo -u www-data -E wp language theme update --all

# add new user
sudo -u www-data -E wp user create john.doe john.doe@domain.co.uk --role=administrator --first_name=John --last_name=Doe --nickname=John --display_name=John

# list users
sudo -u www-data -E wp user list

Bitnami WordPress Update

sudo -i
gpasswd -a bitnami daemon
su - bitnami
wp cli info
wp cli version
wp cli check-update
wp cli update
wp core version
wp core check-update
wp core update --locale=en_GB
wp core update-db
wp core verify-checksums
wp theme update --all
wp theme install intentionally-blank
wp theme activate intentionally-blank
exit
sudo chown -R bitnami:daemon /opt/bitnami/apps/wordpress/htdocs/
exit

SSL Certificate

Generation and Auto Renew

sudo -i
cd /opt/bitnami/letsencrypt/scripts/
./generate-certificate.sh -m info@domain.uk -d domain.uk -d www.domain.uk -d mail.domain.uk
(yes to cronjob each month)

https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

Force Redirection To HTTPS

sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf

...
DocumentRoot "/opt/bitnami/apache2/htdocs"
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

/opt/bitnami/ctlscript.sh restart apache

https://docs.bitnami.com/general/apps/wordpress/administration/force-https-apache/

YouTube Video

Email Server Install

Dovecot

Postfix

sudo -i
DEBIAN_PRIORITY=low apt-get install postfix


Virtual Users


Backup to AWS S3

SPF and DKIM

Setup DKIM and SPF

Ubuntu Email with SPF and DKIM

Web Administration

Postfix Dovecot and ViMbAdmin - OLD but good

Mail System Install on Ubuntu

CLI

Access Policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1482790463251",
      "Action": "lightsail:*",
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

Regions

aws lightsail get-regions

"displayName": "London",
"name": "eu-west-2",

Availability Zones

aws lightsail get-regions --include-availability-zones

{
    "continentCode": "EU",
    "description": "This region is recommended to serve users in Ireland, the United Kingdom, and Iceland",
    "displayName": "London",
    "name": "eu-west-2",
    "availabilityZones": [
        {
            "zoneName": "eu-west-2a",
            "state": "available"
        },
        {
            "zoneName": "eu-west-2b",
            "state": "available"
        },
        {
            "zoneName": "eu-west-2c",
            "state": "available"
        }
    ],
    "relationalDatabaseAvailabilityZones": []
},

Bundles

aws --region eu-west-2 lightsail get-bundles

    "bundles": [
       {
           "price": 3.5,
           "cpuCount": 1,
           "diskSizeInGb": 20,
           "bundleId": "nano_2_0",
           "instanceType": "nano",
           "isActive": true,
           "name": "Nano",
           "power": 300,
           "ramSizeInGb": 0.5,
           "transferPerMonthInGb": 1024,
           "supportedPlatforms": [
               "LINUX_UNIX"
           ]
       },
       {
           "price": 5.0,
           "cpuCount": 1,
           "diskSizeInGb": 40,
           "bundleId": "micro_2_0",
           "instanceType": "micro",
           "isActive": true,
           "name": "Micro",
           "power": 500,
           "ramSizeInGb": 1.0,
           "transferPerMonthInGb": 2048,
           "supportedPlatforms": [
               "LINUX_UNIX"
           ]
       },

So, the cheapest is... 

"nano_2_0"

Types

aws --region eu-west-2 lightsail get-blueprints

"blueprintId": "ubuntu_20_04",

Then, you would use this blueprint-id in the command below to create your server with this type and operating system.

Create

Create an Ubuntu 20.04 Server in London using the cheapest tariff of $3.50... 

aws --region eu-west-2 lightsail create-instances --instance-names "lightsail-ubuntu-1" --availability-zone "eu-west-2a" --blueprint-id "ubuntu_20_04" --bundle-id "nano_2_0" --key-pair-name <value> --ip-address-type ipv4

When launching your instance, you can pass the user-data containing your initial configuration (eg. hostname) as follows: 

aws lightsail --region eu-west-2 create-instances --instance-names <value> --availability-zone <value> --blueprint-id <value> --bundle-id <value> --key-pair-name <value> --ip-address-type ipv4 --user-data file:///full/path/to/myconfig

The content of myconfig file should be: 

#cloud-config
hostname: test-vm

https://awscli.amazonaws.com/v2/documentation/api/latest/reference/lightsail/create-instances.html

User Data and Commands On Launch

Create a Static IP Address

aws lightsail allocate-static-ip --static-ip-name StaticIp-1

Assign Static IP Address to Instance

aws lightsail attach-static-ip --static-ip-name StaticIp-1 --instance-name Lightsail-1

Create From Snapshot

https://lightsail.aws.amazon.com/ls/docs/en_us/articles/lightsail-how-to-create-larger-instance-from-snapshot-using-aws-cli

List

aws --profile <value> --region eu-west-2 lightsail get-instances

aws --profile <value> --region eu-west-2 lightsail get-instances --query 'instances[*].name' --output text

aws --profile <value> --region eu-west-2 lightsail get-instances --query 'instances[*].{Name:name,PublicIPAddress:publicIpAddress}'

aws --profile <value> --region eu-west-2 lightsail get-instances --query 'instances[*].{Name:name,PublicIPAddress:publicIpAddress}' | jq

aws --profile <value> --region eu-west-2 lightsail get-instances | jq '.instances[] | {Name: .name, PublicIPAddress: .publicIpAddress}'

Reboot

aws lightsail --region eu-west-2 reboot-instance --instance-name Ubuntu-1

@hourly cron script to check a web site and Lightsail instance is running correctly, then reboot the Lightsail if not... 

#!/bin/bash
wget_output=$(wget -q "https://www.domain.co.uk")
if [ $? -ne 0 ]
  then echo "Not there" && /usr/local/bin/aws lightsail --region eu-west-2 reboot-instance --instance-name Ubuntu-1
  else echo "OK"
fi
exit;

Stop

aws lightsail --region eu-west-2 stop-instance --instance-name Ubuntu-1

Start

aws lightsail --region eu-west-2 start-instance --instance-name Ubuntu-1

Information

aws lightsail --region eu-west-2 get-instance --instance-name Ubuntu-1

Snapshot

aws lightsail --region eu-west-2 create-instance-snapshot --instance-snapshot-name Ubuntu-1-2020111001 --instance-name Ubuntu-1

COMPLETE Process

Create the cheapest Linux Ubuntu 20.04 Server Lightsail in London ... 

# create instance
aws --profile <value> --region eu-west-2 lightsail create-instances --instance-names "myname-lightsail-1" --availability-zone "eu-west-2a" --blueprint-id "ubuntu_20_04" --bundle-id "nano_2_0" --ip-address-type ipv4

# create static ip address
aws --profile <value> --region eu-west-2 lightsail allocate-static-ip --static-ip-name "myname-staticip-1"

# assign static ip address
aws --profile <value> --region eu-west-2 lightsail attach-static-ip --static-ip-name "myname-staticip-1" --instance-name "myname-lightsail-1"

# list instances
aws --profile <value> --region eu-west-2 lightsail get-instances --query 'instances[*].{Name:name,PublicIPAddress:publicIpAddress}'

... and then you can use Ansible to update the server, reboot and install any necessary software :-)

CLI Query Examples

https://how.wtf/aws-cli-query-examples.html

Ansible

https://docs.ansible.com/ansible/latest/collections/community/aws/lightsail_module.html

Additional Disk Storage

Create and attach additional block storage disks to your Linux-based Lightsail instances

Prices per month... 

 8GB = £0.80
16GB = £1.60
32GB = £3.20
64GB = £6.40

Videos

Deploying a WordPress VM with AWS Lightsail

Documentation

Overview

Features

Pricing

Amazon Web Services Lightsail How To Articles

Let's Encrypt SSL with WordPress in Amazon Lightsail

Bitnami WordPress

Create Static IP

Create DNS Entry

Bitnami

Bitnami WordPress Documentation

On every LightSail WordPress install, there is a bitnami section, which is normally shown by the icon in the bottom right-hand corner of the page.

HOWTO: Hide The Icon and Bitnami Info Page

By default, all Bitnami WordPress installs have an icon in the bottom right-hand corner or every web page that links to the completely insecure Bitnami info page... why oh why is beyond me.

To remove it, and help secure your web site, edit the Apache configuration page and comment out the 'banner' line, then restart Apache... 

sudo nano /opt/bitnami/apache2/conf/httpd.conf

#Include "/opt/bitnami/apps/bitnami/banner/conf/banner.conf"

sudo /opt/bitnami/ctlscript.sh restart apache

https://docs.bitnami.com/aws/components/bninfo/ 

sudo /opt/bitnami/apps/wordpress/bnconfig --disable_banner 1
sudo /opt/bitnami/ctlscript.sh restart apache

or 

sudo touch /opt/bitnami/apps/bitnami/banner/disable-banner

You will want to hide this icon, but then it's lost, so you add this to the end of the URL.

http://123.456.789.100/bitnami/index.html

HOWTO: Multiple Sites

Enable the loading of the extra Virtual Hosts configuration file... 

sudo nano /opt/bitnami/apache2/conf/httpd.conf

  # Virtual hosts
  Include conf/extra/httpd-vhosts.conf

Edit the Virtual Hosts configuration file... 

sudo nano /opt/bitnami/apache2/conf/extra/httpd-vhosts.conf

 <VirtualHost *:80>
   ServerAdmin webmaster@dummy-host.example.com
   DocumentRoot "/opt/bitnami/apache2/docs/dummy-host.example.com"
   ServerName dummy-host.example.com
   ServerAlias www.dummy-host.example.com
   ErrorLog "logs/dummy-host.example.com-error_log"
   CustomLog "logs/dummy-host.example.com-access_log" common
 </VirtualHost>
 
 <VirtualHost *:80>
   ServerAdmin webmaster@dummy-host2.example.com
   DocumentRoot "/opt/bitnami/apache2/docs/dummy-host2.example.com"
   ServerName dummy-host2.example.com
   ServerAlias www.dummy-host2.example.com
   ErrorLog "logs/dummy-host2.example.com-error_log"
   CustomLog "logs/dummy-host2.example.com-access_log" common
 </VirtualHost>

Set up AWS Lightsail for Multiple WordPress Sites

Host Second Web Site

Retrieved from ‘https://wiki.indie-it.com/index.php?title=AWS_Lightsail&oldid=1292