1. Lauch Instance
Step 1: Choose an Amazon Machine Image is Amazon Linux 2 AMI (HVM), SSD Volume Type
Step 2: Choose an Instance Type is t2.small (Variable ECUs, 1 vCPUs, 2.5 GHz, Intel Xeon Family, 2 GiB memory, EBS only)
Step 3: Configure Instance Details is set as default
Step 4: Add Storage is 8 GiB, General Purpose SSD
Step 5: Add Tags
Name: Resales Online Website on Linux
Step 6: Configure Security Group
Choose an existing security group is Website on Linux Group
Launch: Choose an existing key pair is WebsiteForLinux.
2. LOGIN INTO INSTANCE
Open console to connect this instance by command line:
ssh -i "WebsiteForLinux.pem" ec2-user@ec2-*-*-*-*.eu-central-1.compute.amazonaws.com
3. INSTALL PYTHON PACKAGES
sudo yum install python-pip
sudo yum install python-virtualenv
4. INSTALL GIT
sudo yum install git
Check version:
git —version
5. INSTALL PHP
sudo amazon-linux-extras install php7.1
sudo yum install php-mbstring php-xml
Check version:
php —version
6. INSTALL COMPOSER
cd ~
sudo curl -sS https://getcomposer.org/installer | sudo php
sudo mv composer.phar /usr/local/bin/composer
sudo ln -s /usr/local/bin/composer /usr/bin/composer
Check version:
composer —version
7. INSTALL NGINX
sudo amazon-linux-extras install nginx1.12
sudo chmod 664 /etc/nginx/nginx.conf
sudo usermod -a -G nginx ec2-user
sudo chown -R ec2-user:nginx /usr/share/nginx/
sudo chmod 2775 /usr/share/nginx/ && find /usr/share/nginx/ -type d -exec sudo chmod 2775 {} \;
find /usr/share/nginx/ -type f -exec sudo chmod 0664 {} \;
echo "<?php phpinfo(); ?>" > /usr/share/nginx/html/phpinfo.php
sudo systemctl start nginx
8. GENERATE SSH KEY
ssh-keygen
Enter file in which to save the key (/home/ec2-user/.ssh/id_rsa): /home/ec2-user/.ssh/example-com
The key fingerprint is: example-com
Add SSH KEY to Authentication Agent
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/example-com
You have to run these commands every you login to the Instance
9. CLONE SOURCES CODE
Create folder in server:
mkdir /usr/share/nginx/sites
mkdir /usr/share/nginx/sites/example.com
Clone source code the http://example.com
cd /usr/share/nginx/sites/example.com
git clone [email protected]:***/example_com.git .
composer install
10. SETUP DOMAINS
Open and modify file nginx.conf (/etc/nginx/nginx.conf)
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
listen 443 ssl;
server_name example.com;
root /usr/share/nginx/sites/example.com/;
location / {
index index.php;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
11. INSTALL SSL
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto --no-bootstrap
Requesting to rerun ./certbot-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator
Which names would you like to activate HTTPS for?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: example.com
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): Enter
Obtaining a new certificate
Performing the following challenges:
Waiting for verification…
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: No redirect – Make no further changes to the webserver configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Traffic on port 80 already redirecting to
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Congratulations! You have successfully enabled https://example.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/
Your key file has been saved at:
/etc/
Your cert will expire on 2019-06-16. To obtain a new or tweaked
version of this certificate in the future, simply run
again with the “
of your certificates, run “
– If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
12. RENEW SSL CERTIFICATE
Create a
0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && /home/ec2-user/certbot-auto renew