This is an abbreviated guide based on Amazon's tutorials and piecemealed advice from around the web to set-up a standard website server instance with EC2. For complete explanations regarding Amazon LAMP, visit this link: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-lamp-amazon-linux-2.html
HTTP 80 0.0.0.0/0
HTTPS 443 0.0.0.0/0
Custom TCP Rule 1024 - 1048 0.0.0.0/0
Custom TCP Rule 20 - 21 0.0.0.0/0
- sudo yum update -y
- sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
- sudo yum install -y httpd mariadb-server mod_ssl php-mbstring php-zip
- sudo systemctl start httpd
- sudo systemctl enable httpd
- sudo usermod -a -G apache ec2-user
- exit
- reconnect to instance through ssh
- sudo chown -R ec2-user:apache /var/www
- sudo chmod 2775 /var/www && find /var/www -type d -exec sudo chmod 2775 {}
\
; - find /var/www -type f -exec sudo chmod 0664 {}
\
; - sudo systemctl start httpd
- sudo systemctl start mariadb
- sudo mysql_secure_installation
- sudo systemctl enable mariadb
- sudo yum install vsftpd
- sudo nano /etc/vsftpd/vsftpd.conf
- change: anonymous_enable=NO
- uncomment: chroot_local_user=YES
- add:
- pasv_enable=YES
- pasv_min_port=1024
- pasv_max_port=1048
- pasv_address=aws.public.ip.address
- local_root=/var/www/
- pasv_enable=YES
- change: anonymous_enable=NO
- sudo chkconfig --level 345 vsftpd on
- sudo systemctl restart vsftpd
- ln -s /var/www/html ~/webroot
- sudo nano /etc/httpd/conf/httpd.conf
- for <Directory "/var/www/html"> change: AllowOverride All
- for <Directory "/var/www/html"> change: AllowOverride All
- sudo service httpd restart
- sudo nano /etc/ssh/sshd_config
- change: PasswordAuthentication yes
- change: PasswordAuthentication yes
- sudo service sshd restart
- sudo adduser username
- sudo passwd username
- type in user's password
- type in user's password
- sudo usermod -d /var/www/ username
- skip this step if you plan on having this user ssh into the insatnce in the future
- sudo usermod -a -G apache username
- sudo chmod 2775 /var/www && find /var/www -type d -exec sudo chmod 2775 {} ;
- find /var/www -type f -exec sudo chmod 0664 {} ;
- sudo systemctl restart httpd
- sudo ln -sf /etc/httpd/conf.d/php-conf.x.x /etc/alternatives/php.conf
- sudo ln -sf /etc/httpd/conf.modules.d/15-php-conf.x.x/etc/alternatives/10-php.conf
- sudo alternatives --config php
It is preferable to add the user via cloud-init if possible, however that requires stopping the instance.
- sudo adduser username
- sudo usermod -a -G apache username
- sudo chmod 2775 /var/www && find /var/www -type d -exec sudo chmod 2775 {} ;
- find /var/www -type f -exec sudo chmod 0664 {} ;
- sudo systemctl restart httpd
- sudo su username
- cd
- mkdir .ssh
- chmod 700 .ssh
- touch .ssh/authorized_keys
- chmod 600 .ssh/authorized_keys
- nano .ssh/authorized_keys
- paste public key and write-out
- paste public key and write-out
- ln -s /var/www/html ~/webroot
- exit
- sudo nano /etc/sudoers.d/cloud-init
- copy the following into the file replacing the user name and write-out
- username ALL=(ALL) NOPASSWD:ALL
- username ALL=(ALL) NOPASSWD:ALL
- exit
- login into instance using key
- ssh -i "path/to/key" username@instance-address
- ssh -i "path/to/key" username@instance-address
As of 2017-11-21 #1-allow-password-authentication does not include changes to cloud init, but an additional file may be needed in the /etc/cloud/cloud.cfg.d directory to override ssh_pwauth settings to make the referenced change permanent.