A very prevelant myth that persists among the beginner programmers is that server configuration is totally a pro job and can’t be done easily. Well it totally isn’t the case. We are going to look at the steps involved in launching and setting up a AWS Elastic Compute Cloud (EC2) instance from scratch.

What’s an instance?

An instance is a virtual server inside the AWS cloud architecture. It allows us to setup and configure it’s operating system and other applications according to our needs. You can connect to it through various protocols which you configure it with.

Prerequisites

Nothing much at this point, just an activated AWS account should do nicely.

Step 1: Launching an EC2 instance

So, logon to your AWS account and go for EC2 service.

It should look something like this

ec2-dashboard
Start: As we can see, there are no running instances, so lets launch one. Click on “Running instances” and then “Launch Instance” button.

launch-ec2

Operating System: Now AWS will ask you to choose the operating system that you want to choose, select wisely, this will depend on your usage type and application to be deployed. For now, i am going to go ahead and select Ubuntu18.04

os

Instance Type: Next up, we have to choose our instance type, They are of abundant type with different hardware configurations, go ahead and select what’s best for you!

instance-type

Intance Details: This step is for instance details but for the most part, you can leave it for default as it is.

intance-details

Security Groups: Next up, you’ll be asked the storage that you want to add to your instance, by default its 8GB SSD, but you can go ahead and increase the size of the volume. With volume added, in the next screen it will ask for some custom tags, not needed for now so can be left at default.

The next step that is step 6 in this process is probably the most important step. This is the screen for the same.

security-groups

This screen defines all the protocols that you need to configure in the server that you are launching.

  • SSH – Obviously to connect to the server
  • TCP – If you want to use an extra port for node or any other application like 3000, 4000, etc.
  • HTTP – To allow requests at port 80
  • HTTPS – To allow requests at 443 (SSL)

security-groups2

Tip: Remember to select all sources to anywhere, or you won’t be able to use these ports. If you want to restrict to a certain IP, select custom and then enter your IP in the box next to it.

Finalize: Next screen in the process is “Review and Launch”, it will show all the basic details that you selected in the process. Review and click “Launch”. AWS will provide you with a key pair, Its a pem file, keep it safe as you cannot download it ever again. After downloading the key pair, your instance is good to be launched.

running-instance

Your instance is now LIVE!

This instance has been provided with a public IP through which you can see what runs on it BUT if your restart or stop-start the instance, this IP will change. To avoid that, Scroll down to the elastic IP section in the sidebar and create an elastic IP from Amazon’s pool of IP addresses. Then associate this elastic IP with your instance in the same screen. This will be your permanent IP for the server but can be later shifted to some other instance.

Step 2: Connecting to the instance

Lets go ahead and connect to our newly launched instance. We have our IP, we have the key, that all we need. But first of all, we need to make a private key out of the pem file we have. For that, just download a software puTTY. It comes with an addon called puTTYgen. This tool can be used to convert the pem key file to private key file.

Connect to the instance using the username ‘ubuntu’ which is by default for ubuntu OS instance.

Step 3: Configure firewall

As you get in, after a successfull login, run the following command to update the package repository.

$ sudo apt update

We now need to update the firewall rules and enable it for our server security. For now we want to allow SSH in the firewall because if you don’t, you won’t be able to login with firewall up and running. So,

$ sudo ufw allow OpenSSH
$ sudo ufw enable

Now just to check if the rule we wanted is correctly added.

$ sudo ufw status

Step 4: Web server

We need a web server, you can go for any of the most common ones like apache or nginx or any other

For Apache:
$ sudo apt update
$ sudo apt install apache2
$ sudo service apache2 status

For Nginx:
$ sudo apt update
$ sudo apt-get install nginx
$ sudo service nginx status

With this being installed, we need to allow them in the firewall as well, so

$ sudo ufw allow in "Apache Full"
or
$ sudo ufw allow 'Nginx Full'

Step 5: Database

With web server up and running, we need a database for our complete application deployment. We will go for mysql local installation here. Essentially if you noticed, we are actually going for LAMP (Linux apache MySQL Php) stack.

$ sudo apt update && sudo apt install mysql-server

And just to verify

$ sudo service mysql status

MySQL server is running but we need to secure it now. So, for security

$ sudo mysql_secure_installation

The installation will begin and ask for basic questions, just press enter on the first step and then ‘Y’ and all others.
ENTER | Y | Y | Y | Y

Your MySql server is now secure with credentials. To verify it, execute the following command

$ sudo mysqladmin -p -u root version

We also need a mysql user, we don’t want to use root user credentials in our applications. Execute the following series of commands to create new mysql user.

$ sudo mysql
> CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password';
> GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost';
> FLUSH PRIVILEGES;
> exit;

Replace “newuser” with your desired username and “password” with your desired password.

Step 6: Install Php

this command is pretty straight forward as well, just go ahead and execute the following and it will install php on the server.

$ sudo apt update && sudo apt install php libapache2-mod-php php-mysql

Again, just need to verify its installation and version

$ php -v

PHP 7.2.24-0ubuntu0.18.04.3 (cli) (built: Feb 11 2020 15:55:52) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.24-0ubuntu0.18.04.3, Copyright (c) 1999-2018, by Zend Technologies

Step 7: PhpMyAdmin

We need a UI to see access our database, what better than the infamous phpmyadmin plugin. So, just run the following to get and install phpmyadmin

$ sudo apt update && sudo apt install phpmyadmin
$ sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-available/phpmyadmin.conf
$ sudo a2enconf phpmyadmin.conf
$ sudo service apache2 reload

We now take one last step to secure our phpmyadmin url. So by default, it will open up on http://(public_ip)/phpmyadmin, but we dont want that. We want it to open up on an alias url.

$ sudo nano /etc/apache2/conf-available/phpmyadmin.conf

Alias /your_url /usr/share/phpmyadmin

Put your desired url in place of ‘your_url’. Then press colon(:)x to exit file, it will ask do you want to save it, Type ‘y’ and press ENTER.

$ sudo service apache2 reload

And there you go, your phpmyadmin will now open up on http://(public_ip)/your_url

Step 8: Enable .htaccess

Enabling .htaccess is crucial for our web project to run on the server. We are assuming we installed apache server, so just go throught these series of command and enable .htaccess.

$ sudo apt-get update
$ sudo a2enmod rewrite
$ sudo nano /etc/apache2/sites-enabled/000-default.conf

In the file that opens up, Add the following lines within the block of virtual host.

<Directory "/var/www/html">
  AllowOverride All
</Directory>

Save the file & exit.

Step 9: Apache Configurations

Some apache web server configurations are also needed to provide proper access to all applications.

$ sudo nano /etc/apache2/apache2.conf

When the file opens up, scroll down to

<Directory /var/www/>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

And Change AllowOverride None to AllowOverride All. Also enter the following snippet there:

When the file opens up, scroll down to

<Directory /var/www/html>
    Options -Indexes
</Directory>

Towards the end of the file, enter these two configurations as well, these help in protecting server identity.

ServerSignature Off
ServerTokens Prod

Step 10: Install essential packages

Go ahead and install all the required packages that you may need for your project deployments.

cURL:

$ sudo apt-get update
$ sudo apt-get install curl
$ sudo apt-get install php7.2-curl
$ sudo service apache2 restart

Zip/Unzip:

$ sudo apt-get update
$ sudo apt-get install zip unzip

NodeJs:

$ sudo apt-get update
$ sudo apt install nodejs

NPM:

$ sudo apt-get update
$ sudo apt install npm

PM2:

$ sudo apt-get update
$ sudo apt install pm2 -g

Tips

Tip 1: If you need to update your node version to the latest or latest-stable version, you can use a npm package called ‘n’. It helps in getting the latest version of node using npm.

$ sudo npm cache clean -f
$ sudo npm install -g n
$ sudo n stable or
$ sudo n latest

For the changes to take effect, you need to reboot the instance from AWS account or through command.

Tip 2: If your node, angular or any other application which runs on a specific port say 4000, You need to first add a Custom TCP rule for it in your security group and then allow that port in your firewall by

$ ufw allow 4000

Tip 3: Also a good read on the topic Setting up with Amazon EC2

Tip 4: Make sure to use reverse proxy your applications using Nginx or any other sources. Find out all about it on How to set up Nginx to reverse proxy angular & node apps

Summary

Its a wonderful feeling seeing your server up and running by the end of this long process. So, now that we have demonstrated all the base steps to launch a server, why don’t you go ahead and launch one for yourself. Also, let us know what steps you took to tighten the security, it should be an interesting discussion.


0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay up to date

Join our mailing system to receive periodic updates from the
team at Quokka Labs