Amazon EC2 – Installing Apache and PHP boilerplate
In this extremly simply tutorial I’m going to show, how you can deploy basic LAMP stack on EC2 instance. Instruction are pretty basic, without extra comments. You can just copy and paste command to get working stack in lest then 15 minutes.
What you can learn from it? How to install Apache and PHP, how to enable and run XCache accelerator, and how to run HTTPS on your server, with purchasing SSL certificate.
Amazon Web Server
- Log in to server as ec2-user,
ssh -i your_pem_key.pem ec2-user@instance_name_or_ip
- To save some time, switch to sudo user:
- Upgrade everything to latest versions:
- Install basic software:
sudo yum install httpd php php-gd php-mysql php-mcrypt php-mb-string php-pecl-apc
- Start web server:
sudo service httpd start
sudo chkconfig --levels 235 httpd on
Done – Apache and PHP is working, you can upload your files to
/var/www/html directory to see them.
Additional changes in config files – Time Zone
/etc/php.ini timezone should be setup like that:
date.timezone = "Australia/Sydney"
expose_php = Off
Don’t forget to restart httpd to see changes
service httpd restart
Now we have to update server to proper TimeZone
cd /etc/ rm -rf localtime && ln -s /usr/share/zoneinfo/Australia/Sydney localtime
Of course replace Australia/Sydney with proper Time Zone – pretty nice list is available on PHP documentation website
Optional Apache configuration
We would like to use .htaccess files, so let’s enable them on Apache.
nano /etc/httpd/conf/httpd.conf Options -Indexes FollowSymLinks AllowOverride All
Some security settings (don’t expose Apache)
WebFonts for Firefox
AddType application/vnd.ms-fontobject .eot
AddType application/x-font-ttf .ttf
AddType application/x-font-woff .woff
Get some speed on apache
<IfModule mod_headers.c> <FilesMatch "\.(js|css|xml|gz)$"> Header append Vary: Accept-Encoding </FilesMatch> </IfModule>
Optional XCache installation
Let’s speed up out slow PHP installation a little bit. Skip this step if you previously installed PHP-PECL-APC module.
XCache is a fast, stable PHP opcode cacher that has been tested and is now running on production servers under high load..
sudo yum install php-devel gcc make wget http://xcache.lighttpd.net/pub/Releases/3.1.0/xcache-3.1.0.tar.gz tar zxvf xcache-3.1.0.tar.gz cd xcache-3.1.0 phpize --clean && phpize ./configure --enable-xcache && make
sudo make install sudo cp xcache.ini /etc/php.d/ sudo service httpd restart
Now we have really fast installation of Apache with XCache accelerator. What else we could ask for? HTTPS !
SSL Certificate installation
To enable HTTPS connections we have to install mod_ssl for apache
sudo yum install mod_ssl
If you would like to have real SSL certificate you have to generate CSR
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
As a result you will se something like that:
Generating a 2048 bit RSA private key ..............................+++ .................................................................................+++ writing new private key to 'myserver.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:AU State or Province Name (full name) :NSW Locality Name (eg, city) [Default City]:Sydney Organization Name (eg, company) [Default Company Ltd]:SpiderSoft Organizational Unit Name (eg, section) :Digital Common Name (eg, your name or your server's hostname) :www.spidersoft.com.au Email Address :firstname.lastname@example.org Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name :
As an result of this operation you will get two really important files. One of them is
server.csr – it’s a Certificate signing request it’s a file which contains request to sign certificate, it’s a file which you have to provide to your SSL certificate issuer. I’m buying most of the SSL Certs from Namecheap because it’s cheap and whole process is really simple. Second file is
myserver.key which is your private key for SSL certificate. We will go back to this file later.
Anyway – as soon as you purchase certificate you will get 3 files which you need to install on your server to make it work. So
cp myserver.key /etc/pki/tls/private/ nano /etc/httpd/conf.d/ssl.conf SSLCertificateFile /etc/pki/tls/certs/www_spidersoft_com_au.crt SSLCertificateKeyFile /etc/pki/tls/private/myserver.key SSLCertificateChainFile /etc/pki/tls/certs/www_spidersoft_com_au.ca-bundle
Small update: apparently some SSL providers are not giving you ca-bundle file, but 3 separate files. You have to combine them to one file, you cane use following line:
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > www_spidersoft_com_au.ca-bundle
Don’t forget to check if your certificate was installed properly. I’m using this website www.sslshopper.com/ssl-checker.html
Because we love speed, and we already have SSL certificate up and running we can finish our deployment with mod-spdy installation.
wget https://dl-ssl.google.com/dl/linux/direct/mod-spdy-beta_current_x86_64.rpm rpm -U mod-spdy-beta_current_x86_64.rpm service httpd restart
ok – finally – we have to test it. Open Chrome and open paste this url into to the browser