evansekeful/amazon-ec2-fullsetup.md

## amazon-ec2-fullsetup.md

      
    Raw
  

              amazon-ec2-fullsetup.md
            
          
    This is an abbreviated guide based on Amazon's tutorials and piecemealed advice from around the web to set-up a standard website server instance with EC2.
For complete explanations regarding Amazon LAMP, visit this link: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-lamp-amazon-linux-2.html
Security Inbound Rules:

HTTP 80 0.0.0.0/0 

HTTPS 443 0.0.0.0/0 

Custom TCP Rule 1024 - 1048 0.0.0.0/0 

Custom TCP Rule 20 - 21 0.0.0.0/0 

1. Connect to instance with key and SSH

2. Install LAMP


sudo yum update -y 

sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
sudo yum install -y httpd mariadb-server mod_ssl php-mbstring php-zip

sudo systemctl start httpd 

sudo systemctl enable httpd 


3. Setup LAMP


sudo usermod -a -G apache ec2-user 

exit 

reconnect to instance through ssh
sudo chown -R ec2-user:apache /var/www
sudo chmod 2775 /var/www && find /var/www -type d -exec sudo chmod 2775 {} \; 

find /var/www -type f -exec sudo chmod 0664 {} \;

sudo systemctl start httpd

sudo systemctl start mariadb

sudo mysql_secure_installation

sudo systemctl enable mariadb


4. Install FTP


sudo yum install vsftpd

sudo nano /etc/vsftpd/vsftpd.conf


change: anonymous_enable=NO

uncomment: chroot_local_user=YES
add:


pasv_enable=YES

pasv_min_port=1024

pasv_max_port=1048

pasv_address=aws.public.ip.address

local_root=/var/www/


sudo chkconfig --level 345 vsftpd on

sudo systemctl restart vsftpd


5. Create symlink to webroot in ec2-user FTP home folder


ln -s /var/www/html ~/webroot


6. Allow htaccess to override Apache


sudo nano /etc/httpd/conf/httpd.conf


for <Directory "/var/www/html"> change: AllowOverride All


sudo service httpd restart


Appedix A: Adding FTP users with /var/www/ permissions

1. Allow password authentication


sudo nano /etc/ssh/sshd_config


change: PasswordAuthentication yes


sudo service sshd restart


2. Add new user to webroot folder


sudo adduser username

sudo passwd username


type in user's password


sudo usermod -d /var/www/ username


skip this step if you plan on having this user ssh into the insatnce in the future


sudo usermod -a -G apache username


3. Give user write permissions to existing files and directories.


sudo chmod 2775 /var/www && find /var/www -type d -exec sudo chmod 2775 {} ; 

find /var/www -type f -exec sudo chmod 0664 {} ;

sudo systemctl restart httpd


Appedix B: Change PHP version

1. Link the version you need to alternatives if not already done


sudo ln -sf /etc/httpd/conf.d/php-conf.x.x /etc/alternatives/php.conf 

sudo ln -sf /etc/httpd/conf.modules.d/15-php-conf.x.x/etc/alternatives/10-php.conf 


2. Select PHP version


sudo alternatives --config php

Appedix C: Add new SSH user to Linux

It is preferable to add the user via cloud-init if possible, however that requires stopping the instance.
1. Add new user to Linux


sudo adduser username

sudo usermod -a -G apache username


2. Give user write permissions to existing files and directories.


sudo chmod 2775 /var/www && find /var/www -type d -exec sudo chmod 2775 {} ; 

find /var/www -type f -exec sudo chmod 0664 {} ;

sudo systemctl restart httpd


3. Add SSH directory for user


sudo su username

cd

mkdir .ssh

chmod 700 .ssh


4. Create authorized keys file in SSH directory


touch .ssh/authorized_keys

chmod 600 .ssh/authorized_keys


5. Add and verify public key to SSH


nano .ssh/authorized_keys


paste public key and write-out


6. Create symlink to webroot in FTP home folder


ln -s /var/www/html ~/webroot


7. (Optional) Add to sudoers


exit
sudo nano /etc/sudoers.d/cloud-init

copy the following into the file replacing the user name and write-out


username ALL=(ALL) NOPASSWD:ALL


8. Test key connection


exit

login into instance using key 


ssh -i "path/to/key" username@instance-address