Ubuntu Optimized LAMP on AWS
Set up EC2 Server
| Step | Detail | Note |
|---|---|---|
| 1 | Start instance AMI | |
| 2 | Set necessary firewall rule | per use-case |
Set up Linux Ubuntu, require FTP, SSH connection
| Step | Detail | Note |
|---|---|---|
| 1 | Go to SSH | |
| 2 | Secure MySQL: mysql_secure_installation | Link |
| 3 | Create and grant user’s privileges: - mysql -u root -p [password] - CREATE USER ‘remote‘@’localhost’ IDENTIFIED BY ‘[password]’; - GRANT ALL PRIVILEGES ON . TO ‘remote‘@’localhost’; | |
| 4 | Edit vhost at: /jet/etc/apache/extra/ | |
| 5 | Remove file .gitkeep in default folder /jet/app/www/default/: - cd /jet/app/www/default/ - rm .gitkeep | |
| 6a | Install SSL certbot: - sudo wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto - sudo chmod a+x /usr/sbin/certbot-auto - sudo certbot-auto -d [domain_name] -d [domain_name_alias] –manual –preferred-challenges dns certonly (need to add DNS TXT record and wait for 5~10min each time adding new record) | |
| 6b | Install SSL certbot: - sudo apt install certbot - sudo certbot –apache Change /etc/letsencrypt/live & archive has correct permission 755: - sudo chmod 2755 /etc/letsencrypt/live/ - find /etc/letsencrypt/live -type d -exec sudo chmod 2755 {} ; - sudo chmod 2755 /etc/letsencrypt/archive/ - find /etc/letsencrypt/archive -type d -exec sudo chmod 2755 {} ; | Link |
| 7 | Check SSL: sudo cat /etc/letsencrypt/live/[domain_name]/fullchain.pem | |
| 8a | Test renew: - sudo certbot renew –dry-run Set auto renew certbot: - 0 0 1 * * root /usr/sbin/certbot-auto renew –quiet | |
| 8b | Test renew: - sudo /usr/sbin/certbot-auto renew –dry-run Set auto renew certbot: - 0 0 1 * * /usr/sbin/certbot-auto renew | |
| 8c | User certbot renew with hooks: - certbot renew –pre-hook “service nginx stop” –post-hook “service nginx start” | |
| 9 | Reboot to test | |
| 10 | Check Apache Log: - sudo tail -n 20 /jet/log/apache/error_log |
Set up Cloudflare & Domain
| Step | Detail | Note |
|---|---|---|
| 12 | Cloudflare CDN / HTTPS redirect |
Set up Varnish Cache (Optional)
| Step | Detail | Note |
|---|---|---|
| 1 | Install varnish | |
| 2 | Config files: - sudo vi /etc/varnish/default.vcl - sudo vi /etc/sysconfig/varnish | |
| 3 | Test: curl -I http://localhost |
Benchmark Apache (Testing)
| Step | Detail | Note |
|---|---|---|
| 1 | Install apache benchmark | |
| 2 | Usage: ab [options] [http[s]://]hostname[:port]/path Options are: -n requests Number of requests to perform -c concurrency Number of multiple requests to make -t timelimit Seconds to max. wait for responses -v verbosity How much troubleshooting info to print -f protocol Specify SSL/TLS protocol (SSL2, SSL3, TLS1, or ALL) | Link |
Benchmark Siege (Testing)
| Step | Detail | Note |
|---|---|---|
| 1 | Usage: siege -i -c 50 -b -t 20S –no-parser -f [text_url_list.txt] |