Docs

Lab 5

Feb 19, 20245 min read

Lab 5

LAMP preparation

Perform the following preparation steps on a free tier Amazon Linux 2 EC2 instance. The use of AL2 allows for installation of extras repositories. A known key pair should be used, as well as a security group that allows for inbound traffic on port 80 and SSH access from a development machine.

Package installation

Update the system, install the requisite Amazon Linux extras repositories, and finally install requirements from the repositories, as shown below:

sudo yum update -y
sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
sudo yum install -y httpd mariadb-server
sudo systemctl enable httpd
sudo systemctl start httpd

Info

If the amazon-linux-extras command is not found, ensure the system is using an Amazon Linux 2 AMI. Verify this with cat /etc/system-release.

Web root file permissions

Add ec2-user to the apache group, then relog to use the new permissions:

sudo usermod -aG apache ec2-user
exit
ssh ...

Then, change the ownership of /var/www and all subdirectories/files:

sudo chown -R ec2-user:apache /var/www
sudo chmod 2775 /var/www && find /var/www -type d -exec sudo chmod 2775 {} \;
find /var/www -type f -exec sudo chmod 0664 {} \;

LAMP testing

Create a file in /var/www/html/phpinfo.php with the following content, to display a PHP info page (and thus verify that PHP is working correctly):

/var/www/html/phpinfo.php
<?php phpinfo(); ?>

Once this has been tested, be sure to remove phpinfo.php, as it can expose unwanted information.

Info

If the PHP info page is not working properly, verify that all required packages are present:

sudo yum list installed httpd mariadb-server php-mysqlnd

If any are missing, install them.

DB setup

Enable & start the MariaDB service, then proceed through the prompts to secure the installation:

$ sudo systemctl enable mariadb
$ sudo systemctl start mariadb
$ sudo mysql_secure_installation
 
Enter current password for root (enter for none): <Enter>
Set root password? [Y/n] Y
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

phpMyAdmin setup

First, install the required package, and restart the necessary services:

sudo yum install php-mbstring -y
sudo systemctl restart httpd
sudo systemctl restart php-fpm

From /var/www/html/, download and extract the phpMyAdmin package:

cd /var/www/html
wget https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.tar.gz
mkdir phpMyAdmin && tar -xvzf phpMyAdmin-latest-all-languages.tar.gz -C phpMyAdmin --strip-components 1
rm phpMyAdmin-latest-all-languages.tar.gz

The phpMyAdmin portal should now be available at the web root /phpMyAdmin. The login credentials are root with the root password specified during the MariaDB/MySQL securing process.

WordPress installation

Download and extract the WordPress package, in ~ is fine:

wget https://wordpress.org/latest.tar.gz
tar -xzf latest.tar.gz

DB setup

Ensure the DB service, mariadb, is started. Connect to it, using the root password configured previously, and configure a WP user & database:

$ mysql -u root -p
 
CREATE USER 'wordpress-user'@'localhost' IDENTIFIED BY '<password>';
CREATE DATABASE `wordpress-db`;
GRANT ALL PRIVILEGES ON `wordpress-db`.* TO "wordpress-user"@"localhost";
FLUSH PRIVILEGES;
exit

Replace <password> in the above SQL statements with a strong, unique password.

WP config

Copy the sample config, located in the wordpress directory extracted previously, to ./wp-config.php.

cd wordpress
cp wp-config-sample.php wp-config.php
vim wp-config.php

Edit the file, and modify the following lines:

wp-config.php
# Add DB name
# define('DB_NAME', 'database_name_here');
define('DB_NAME', 'wordpress-db');
 
# Add DB user
# define('DB_USER', 'username_here');
define('DB_USER', 'wordpress-user');
 
# Add DB password
# define('DB_PASSWORD', 'password_here');
define('DB_PASSWORD', '<password>');

In the section titled Authentication Unique Keys and Salts, replace the existing values with a new set generated by visiting this page.

curl https://api.wordpress.org/secret-key/1.1/salt/

Alternatively, the following one-liner can be used. It assumes that the sample WP config is unmodified.

Add salt to wp-config.php
curl -s https://api.wordpress.org/secret-key/1.1/salt/ | sed -e '/Authentication unique keys and salts./,+17 {/define/{r /dev/stdin' -e 'd}};s/\r//' -i wp-config.php

WP copy and post-config

Copy the wordpress folder, with the newly modified config, to the web root:

cp -r wordpress/* /var/www/html/

WordPress must be allowed to use permalinks. In the file /etc/httpd/conf/httpd.conf, find the section beginning with <Directory "/var/www/html">:

/etc/httpd/conf/httpd.conf
<Directory "/var/www/html">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks
 
    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride None
    
    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>

Replace AllowOverride (highlighted above) with All instead of None. Save the file.

File permissions

File permissions must be fixed after moving the wordpress folder:

sudo chown -R apache /var/www
sudo chgrp -R apache /var/www
sudo chmod 2775 /var/www
find /var/www -type d -exec sudo chmod 2775 {} \;
find /var/www -type f -exec sudo chmod 0664 {} \;
sudo systemctl restart httpd

WordPress installation

Use the following commands to install WordPress, and verify services are enabled properly:

sudo systemctl enable httpd && sudo systemctl enable mariadb
sudo systemctl start mariadb
sudo systemctl start httpd

Visit the public DNS of the EC2 instance, and proceed with the WordPress installation wizard.

Graph View

Backlinks