Home > Amazon EC2 > Setting Up a New Amazon EC2 Server

Create Certificate
1. Login to http://aws.amazon.com/
2. Click "Security Credentials"
3. Click the X.509 Certificates tab
4. Click "Create a New Certificate"
5. Download the certificates

Setup Amazon EC2 API Tools
1. Download the Amazon EC2 API Tools from http://aws.amazon.com/developertools/351/
2. Open command prompt and enter the following commands:

set EC2_HOME=H:\Amazon\ec2-api-tools-1.5.6.0
set PATH=%PATH%;%EC2_HOME%\bin
set EC2_PRIVATE_KEY=H:\Amazon\certificate\pk-xxxxxxxxx.pem
set EC2_CERT=H:\Amazon\certificate\cert-xxxxxxxxx.pem

Create Amazon EC2 Instance
1. Login to AWS Management Console (https://console.aws.amazon.com)
2. Select Amazon EC2
3. Click "Instances" from the left menu
4. Click "launch Instance"

Enable Termination Protection
1. Login to AWS Management Console
2. Right click an instance and click "Change Termination Protection"
3. Click "Yes, Enable"

Turn Off deleteOnTermination Flag

ec2-modify-instance-attribute --region ap-southeast-1 <instance-id> --block-device-mapping "/dev/sda1=::false"

Create Elastic IPs
1. Login to AWS Management Console
2. Click "Elastic IPs" from the left menu
3. Click "Allocate New Address"
4. Select "EC2" and click "Yes, Allocate"

Assign Elastic IP to an Instance
1. Right click an IP and select "Associate"
2. Select an instance and click "Yes, Associate"

First Time Connect
1. Download PuttyGen
2. Click "Load" and select the .pem file
3. Click "Save private key"
4. Open putty
5. From the left menu, select Connection > SSH > Auth
6. Click "Browse" and select the ppk file created in step 3
7. Connect to your instance with the username "ec2-user"

Change Password

passwd ec2-user
sudo passwd root

Allow putty to connect to server using password instead of using ppk file

vim /etc/ssh/sshd_config
PasswordAuthentication yes
/etc/init.d/sshd restart

Change timezone

ln -sf /usr/share/zoneinfo/Hongkong /etc/localtime

Resize the filesystem

resize2fs /dev/sda1

Install Apache, Nginx, MySQL, PHP, FTP

yum install httpd mod_ssl nginx mysql-server php php-mysql php-common php-gd php-mbstring php-mcrypt php-devel php-xml vsftpd postfix

chkconfig httpd on
chkconfig nginx on
chkconfig mysqld on
chkconfig vsftpd on
chkconfig postfix on

Basic Configuration

adduser myhelper

mkdir -p /var/www/vhosts/myhelper.com/subdomains
mkdir -p /var/www/vhosts/myhelper.com/htdocs
mkdir -p /var/www/vhosts/myhelper.com/logs
chown -R myhelper.myhelper /var/www/vhosts/myhelper.com

Configure Apache

vim /etc/httpd/conf/httpd.conf
Listen 8080
NameVirtualHost *:8080
Include /etc/httpd/conf/extra/httpd-vhosts.conf
<IfModule prefork.c>
	StartServers      30
	MinSpareServers   30
	MaxSpareServers   45
	ServerLimit     4000
	MaxClients      4000
	MaxRequestsPerChild  4000
</IfModule>

vim /etc/php.ini
upload_max_filesize = 5M
post_max_size = 8M
memory_limit = 256M

mkdir /etc/httpd/conf/extra
vim /etc/httpd/conf/extra/httpd-vhosts.conf
<VirtualHost *:8080>
	DocumentRoot "/var/www/vhosts/my-helper/htdocs"
	ServerName my-helper.com
	ServerAlias www.my-helper.com
	<Directory "/var/www/vhosts/my-helper/htdocs">
		Options Indexes FollowSymLinks
		AllowOverride All
		Order allow,deny
		Allow from all
	</Directory>
	ErrorLog "/var/www/vhosts/my-helper/logs/error.log"
	#CustomLog "/var/www/vhosts/my-helper/logs/access.log" common
</VirtualHost>

/etc/init.d/httpd restart

Configure Nginx

vim/etc/nginx/nginx.conf
worker_processes  4;
worker_rlimit_nofile 10000;
events {
	worker_connections  10000;
}

vim /etc/nginx/conf.d/virtual.conf
server {
	listen 80;
	server_name www.my-helper.com my-helper.com;
	root	/var/www/vhosts/my-helper.com/htdocs/;

	# Static Contents
	location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
		access_log off;
		log_not_found off;
		server_tokens off;
		expires 30d;
	}

	# Dydamic Content forward to Apache
	location / {
		proxy_set_header X-Real-IP  $remote_addr;
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_pass http://127.0.0.1:8080;
	}
}

/etc/init.d/nginx restart

Configure Vsftpd

vim /etc/vsftpd/vsftpd.conf
userlist_deny=NO
user_config_dir=/etc/vsftpd/userconfig
port_enable=YES
pasv_enable=YES
pasv_min_port=21024
pasv_max_port=21048
pasv_address={your public ip address}
vim /etc/vsftpd/user_list
myhelper

mkdir /etc/vsftpd/userconfig
vim /etc/vsftpd/userconfig/myhelper
local_root=/var/www/vhosts/my-helper

/etc/init.d/vsftpd restart

Configure Postfix

/etc/init.d/sendmail stop
yum remove sendmail sendmail-cf

vim /etc/postfix/main.cf
myhostname = my-helper.com
myorigin = $myhostname

/etc/init.d/postfix start

Configure sshd

vim /etc/ssh/sshd_config
AllowUsers myhelper

/etc/init.d/sshd restart

Update sysctl.conf

vim /etc/sysctl.conf
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_max_syn_backlog=8192

sysctl -p

Update Security Group
1. Login to AWS Management Console
2. Click "Security Groups" from the left menu
3. Select your security group
4. Add TCP port 20-21, 80, 21024-21048



Flag Counter