Welcome to the Hindi Tutor QA. Create an account or login for asking a question and writing an answer.
Sonam Pandey in Web Hosting
edited
How To Launch An AWS EC2 Server And Set Up Ubuntu 20.04 On It. Create a new Ubuntu EC2 Instance on AWS. EC2 (Elastic Compute Cloud ) is part of the Compute service in AWS.

1 Answer

0 votes
Pooja
edited

Create an Ubuntu 20.04 EC2 Server on AWS

Step 1: Create an EC2 Server

Step 2: Create an elastic IP

Step 3: Connect EC2 Instance to an elastic IP

Step 4: Create a Hosted Zone on Route 53

Step 5: Connect your EC Instance to your domain

Login into EC2 Instance on terminal using SSH

cd /working/directory/

ssh -i "keyfile_name.pem" ubuntu@ip_address

You can also login to your server via putty. Download PuTTY

Install LAMP Stack on Ubuntu Instance on AWS

Install Apache2

Step 1: Update Software Packages

sudo apt update
sudo apt upgrade

Step 2: Install Apache Web Server

sudo apt install -y apache2 apache2-utils

After it’s installed, Apache should be automatically started. Check its status with systemctl.

sudo systemctl status apache2

If it’s not running, use systemctl to start it.

sudo systemctl start apache2

It’s also a good idea to enable Apache to automatically start at system boot time. 

sudo systemctl enable apache2

Check Apache version:

apache2 -v

Now we need to set www-data (Apache user) as the owner of document root (otherwise known as web root). By default it’s owned by the root user.

sudo chown www-data:www-data /var/www/ -R

Check if DNS is resolved

sudo apache2ctl -t

To solve this problem, we can set a global ServerName in Apache. Use the Nano command-line text editor to create a new configuration file.

sudo nano /etc/apache2/conf-available/servername.conf

Add the following line in this file.

ServerName localhost

Then enable this config file.

sudo a2enconf servername.conf

Reload Apache for the change to take effect.

sudo systemctl reload apache2

Check if DNS again

sudo apache2ctl -t

Step 3: Install MariaDB Database Server

Enter the following command to install MariaDB on Ubuntu 20.04.

sudo apt install mariadb-server mariadb-client

 After it’s installed, MariaDB server should be automatically started. Use systemctl to check its status.

systemctl status mariadb

If it’s not running, start it with this command:

sudo systemctl start mariadb

To enable MariaDB to automatically start at boot time, run

sudo systemctl enable mariadb

Now run the post-installation security script.

sudo mysql_secure_installation

When it asks you to enter MariaDB root password, press Enter key as the root password isn’t set yet. Then enter y to set the root password for MariaDB server.

Press enter (yes) in the next 4 questions

Run the following command to login without providing MariaDB root password.

 sudo mariadb -u root

To exit, run

exit;

Check MariaDB server version information.

mariadb --version

Step 4: Install PHP7.4

Enter the following command to install PHP7.4 and some common PHP modules.

sudo apt install php7.4 php-common php7.4-readline php7.4-opcache php7.4-mbstring php7.4-bcmath php7.4-xml php7.4-mysql php7.4-common php7.4-gd php7.4-json php7.4-cli php7.4-curl php7.4-zip libapache2-mod-php7.4 php-imagick

Enable the Apache php7.4 module then restart Apache Web server.

sudo a2enmod php7.4
sudo systemctl restart apache2

Check PHP version information.

php --version

To test PHP scripts with Apache server, we need to create a info.php file in the document root directory.

sudo nano /var/www/html/phpinfo.php

Paste the following PHP code into the file.

<?php phpinfo(); ?>

How to Run PHP-FPM with Apache

Disable the Apache PHP7.4 module.

sudo a2dismod php7.4

Install PHP-FPM.

sudo apt install php7.4-fpm

Enable proxy_fcgi and setenvif module.

sudo a2enmod proxy_fcgi setenvif

Enable the /etc/apache2/conf-available/php7.4-fpm.conf configuration file.

sudo a2enconf php7.4-fpm

Restart Apache for the changes to take effect.

sudo systemctl reload apache2
sudo systemctl restart apache2

Delete info.php file now to prevent prying eyes.

sudo rm /var/www/html/phpinfo.php

SSL Certificate (HTTPS on Apache)

Properly Enable HTTPS on Apache with Let’s Encrypt on Ubuntu:

1. Create CAA Record for Your Domain Name pointing to your domain name

0 issue "letsencrypt.org"

You can also use iodef to make CAA report malicious certificate issue request to your email address. ( pointing to your domain name)

0 iodef "mailto:your-email-address"

You can use the following dig command to check your CAA record.

dig example.com CAA

2. Installing Let’s Encrypt Client (Certbot) on Ubuntu

sudo apt install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt install certbot python3-certbot-apache

To check version number, run

certbot --version

3. Using Apache Plugin to Enable HTTPS

sudo certbot --apache --agree-tos --redirect --uir --hsts --staple-ocsp --must-staple -d www.example.com,example.com --email [email protected]

Certbot client creates /etc/apache2/sites-enabled/000-default-le-ssl.conf

4. Testing Your SSL Certificate

Go to https://www.ssllabs.com to test your SSL certificate and configuration.

5. Redirecting WWW to Non-WWW (Or Vice-Versa)

Edit your virtual host file. (Not the SSL virtual host)

sudo nano /etc/apache2/sites-enabled/000-default.conf

To redirect to www or non-www domain, you need to change the last line. Replace %{SERVER_NAME} with your preferred domain version like below. (www domain)

RewriteRule ^ https://www.example.com%{REQUEST_URI} [END,NE,R=permanent]

If you prefer non-www domain, change it to the following.

RewriteRule ^ https://example.com%{REQUEST_URI} [END,NE,R=permanent]

Then save and close the file.

We will also need to edit the SSL virtual host.

sudo nano /etc/apache2/sites-enabled/000-default-le-ssl.conf

Add the following lines above the closing </VirtualHost> tag to redirect non-www to www domain.

RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://www.example.com%{REQUEST_URI} [END,NE,R=permanent]

If you want to redirect www to non-www domain, add the following lines instead.

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com
RewriteRule ^ https://example.com%{REQUEST_URI} [END,NE,R=permanent]

Save and close the file.

Reload Apache service

sudo systemctl reload apache2

6. How to Disable TLSv1 and TLSv1.1

TLSv1 and TLSv1.1 are no longer considered secure. To disable them, edit the Let’s Encrypt SSL options configuration file.

sudo nano /etc/letsencrypt/options-ssl-apache.conf

Find the following line, which disables SSLv2 and SSLv3 by default.

SSLProtocol             all -SSLv2 -SSLv3

Change it to the following to also disable TLSv1.0 and TLSv1.1.

SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

Save and close the file. 

Restart Apache.

sudo systemctl restart apache2

7. Certificate Auto Renewal

To automatically renew Let’s Encrypt certificate, simply edit root user’s crontab file.

sudo crontab -e

Then add the following line at the bottom.

@daily certbot renew --quiet && systemctl reload apache2 

--quiet flag will suppress normal messages.

If you want to receive error messages, then add the following line at the beginning of crontab file.

MAILTO=your-email-address

Restart Apache.

sudo systemctl restart apache2

Redirect AWS Elastic IP to Domain

Step 1. First of all login to your apche server, And edit 000-default-le-ssl.conf file.

sudo nano /etc/apache2/sites-enabled/000-default.conf

add the following lines after RewriteEngine On (Change IP Address with Your Elastic IP)

RewriteCond %{HTTP_HOST} ^65\.1\.67\.211$ [OR]

Save and exit.

Restart Apache.

sudo systemctl restart apache2
...