Setting Up An Amazon EC2 Instance

Setting Up An Amazon EC2 Instance With SSL Support

Hi Everyone,

In this tutorial we will go through setting up an EC2 instance on Amazon Web Service and also applying an SSL cert we will have everything setup with Bitbucket Version control.

Ok lets get your awesome EC2 server setup.

First login to your Amazon account if you dont have an Amazon account yet why not sign up for a free one.

https://console.aws.amazon.com/console/home?region=us-east-1

He over to services and go to EC2.
ec2

Ok great now let launch a new instance and select Amazon Linux AMI 2015.03 (HVM), SSD Volume Type.
ec2select

For this setup we are just going to select a T2.micro but feel free to select something that you will need.

Instance Details - Default
Storage - Default
Tag Instance - S3Bubble or app name

Security Groups this part is important we need the correct security groups setup for our instance, create a new security group with the settings below we are allow ssh access so we can login and setup our ec2 over the command line we are also allowing port 80 for http and also port 443 for https where we will be adding our cert.
Unnamed image

Awesome click review and then launch !important you will be asked to create a key pair this is important because this will give us a secure .pem file to download that we will be using to login to our instance create a new key pair and click download.
Unnamed image (1)

Ok thats awesome give Amazon a few seconds to set everything up for you until you see a green icon now lets connect select your instance and you will see a handy connect button click this and it will open the following window.
Unnamed image (2)

This window now give you all the information to connect find you pem file and then run the following.
chmod 400 s3bubble-tutorial.pem
ssh -i "s3bubble-tutorial.pem" ec2-user@54.84.169.39

Setting up the server

First lets run yum update to get everything up to date.
sudo yum update

Now please follow this tutorial that takes you through fully setting up your server.
Installing a LAMP Web Server on Amazon Linux

But essentially these are all the commands.
sudo yum install -y httpd24 php56 mysql55-server php56-mysqlnd
sudo service httpd start
sudo chkconfig httpd on
chkconfig --list httpd

Now open up you public dns and you will see the Amazon start page.
ds

Now setup groups for your server essentially all commands are.
ls -l /var/www
sudo groupadd www
sudo usermod -a -G www ec2-user
exit

Now log back in with your .pem file ssh.
groups
sudo chown -R root:www /var/www
sudo chmod 2775 /var/www
find /var/www -type d -exec sudo chmod 2775 {} +
find /var/www -type f -exec sudo chmod 0664 {} +

Awesome we now have EC2 setup with apache now lets setup version control install git.
sudo yum install git

Great now head over to Bitbucket which is free and allows you to create free private repos create a new repo.
Now we want to install git locally as well and connect our repo this is all quite out of scope of this tutorial but essential create a new repo and run the following commands.

Unnamed image (3)

So once your repo is setup locally run the following commands.
git add --all
git commit -m 'first commit'
git push --set-upstream master

Push all your local files go back to your EC2 via ssh and go to your /var/www folder lets clone our project from bitbucket into html folder.

git clone git@bitbucket.org:SoBytes/s3bubble-tutorial.git html/

Ok now you should be presented with a error.

Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

This mean that we do not have a key added to Bitbucket to authenticate our EC2 lets add one go to Bitbucket and click manage account top right and select ssh keys under security.

Click add new key and back in our EC2 lets generate our key with the following commands.
ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ec2-user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ec2-user/.ssh/id_rsa.
Your public key has been saved in /home/ec2-user/.ssh/id_rsa.pub.
The key fingerprint is:
db:d2:ac:d1:cf:a5:01:71:53:6d:40:85:33:19:7d:75 ec2-user@ip-172-31-46-228
The key's randomart image is:
+--[ RSA 2048]----+
| .=OE|
| .= *|
| . o +.|
| o . |
| S . |
| * . |
| + = . . |
| + o + |
| . + |
+-----------------+

I just clicked enter on the passphrase steps let know copy this key to paste back into Bitbucket add ssh key to make the connection run.

cat ~/.ssh/id_rsa.pub

Now just copy and paste select with your mouse and paste into Bitbucket click add key.
Unnamed image (4)

Now in your EC2 cd back into your /var/www/ folder and run.

git clone git@bitbucket.org:SoBytes/s3bubble-tutorial.git html/

Awesome you have just cloned your repo into this folder.

Now lets setup the ssl on our EC2 first head over to Globessl and lets buy a SSL certificate for $7. https://customer.globessl.com/

Lets create a private folder.
cd /tmp
mkdir private
cd private/
openssl req -nodes -newkey rsa:2048 -keyout your_domain_name.key -out your_domain_name.csr

Now fill out all your details these will be needed to paste back into Globessl to setup your certificate.
Country Name (2 letter code) [XX]:GB
State or Province Name (full name) []:Cardiff
Locality Name (eg, city) [Default City]:Cardiff
Organization Name (eg, company) [Default Company Ltd]:S3Bubble Ltd
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:your_domain_name.com
Email Address []:support@s3bubble.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:S3Bubble

Now
nano your_domain_name.csr

Copy and paste all this back into Globlessl they will generate some keys and send them to you in a zip upload them to your server.

cd /etc/httpd/conf.d/
sudo nano ssl.conf

In this file change the two line called the crt being the file Globalssl sent you via email and the key being the key you created in /tmp/private i would move your keys into /etc/ssl/ folder
SSLCertificateFile /etc/ssl/your_domain_name_com.crt
SSLCertificateKeyFile /etc/ssl/your_domain_name_com.key

Now important not to forget because i forgot this part you need to also add a ca-bundle file so your cert works across all browsers, within all your downloaded file run the following

 cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt your_domain_name_com.crt > your_domain_name_com.ca-bundle

No we used s3bubble to get the ca-bundle on our server uploaded it to a bucket and made it public download it and deleted it.

cd /etc/ssl/
 sudo wget https://s3.amazonaws.com/bucket/your_domain_name_com.ca-bundle

Now add this to you ssl.conf file.
cd /etc/httpd/conf.d/
sudo nano ssl.conf

SSLCACertificateFile /etc/ssl/your_domain_name_com.ca-bundle

Job done you should be good to go. https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/643/17/

Test your cert https://sslanalyzer.comodoca.com/

Awesome refresh your browser and you should be good to go with everything setup and your ssl running to update your live website with your local changes just login to your EC2 and cd into your /var/www/html folder and run.
git pull

This will grab all your changes.

Did you know we can set all this up for you for a one off fee off $100 for more information please contact support@s3bubble.com