Setting Up a New Amazon EC2 Server

Create Certificate
1. Login to
2. Click “Security Credentials”
3. Click the X.509 Certificates tab
4. Click “Create a New Certificate”
5. Download the certificates

Setup Amazon EC2 API Tools
1. Download the Amazon EC2 API Tools from
2. Open command prompt and enter the following commands:

set EC2_HOME=H:\Amazon\ec2-api-tools-
set PATH=%PATH%;%EC2_HOME%\bin
set EC2_PRIVATE_KEY=H:\Amazon\certificate\pk-xxxxxxxxx.pem
set EC2_CERT=H:\Amazon\certificate\cert-xxxxxxxxx.pem

Create Amazon EC2 Instance
1. Login to AWS Management Console (
2. Select Amazon EC2
3. Click “Instances” from the left menu
4. Click “launch Instance”

Enable Termination Protection
1. Login to AWS Management Console
2. Right click an instance and click “Change Termination Protection”
3. Click “Yes, Enable”

Turn Off deleteOnTermination Flag

ec2-modify-instance-attribute --region ap-southeast-1 <instance-id> --block-device-mapping "/dev/sda1=::false"

Create Elastic IPs
1. Login to AWS Management Console
2. Click “Elastic IPs” from the left menu
3. Click “Allocate New Address”
4. Select “EC2” and click “Yes, Allocate”

Assign Elastic IP to an Instance
1. Right click an IP and select “Associate”
2. Select an instance and click “Yes, Associate”

First Time Connect
1. Download PuttyGen
2. Click “Load” and select the .pem file
3. Click “Save private key”
4. Open putty
5. From the left menu, select Connection > SSH > Auth
6. Click “Browse” and select the ppk file created in step 3
7. Connect to your instance with the username “ec2-user”

Change Password

passwd ec2-user
sudo passwd root

Allow putty to connect to server using password instead of using ppk file

vim /etc/ssh/sshd_config
PasswordAuthentication yes
/etc/init.d/sshd restart

Change timezone

ln -sf /usr/share/zoneinfo/Hongkong /etc/localtime

Resize the filesystem

resize2fs /dev/sda1

Install Apache, Nginx, MySQL, PHP, FTP

yum install httpd mod_ssl nginx mysql-server php php-mysql php-common php-gd php-mbstring php-mcrypt php-devel php-xml vsftpd postfix

chkconfig httpd on
chkconfig nginx on
chkconfig mysqld on
chkconfig vsftpd on
chkconfig postfix on

Basic Configuration

adduser myhelper

mkdir -p /var/www/vhosts/
mkdir -p /var/www/vhosts/
mkdir -p /var/www/vhosts/
chown -R myhelper.myhelper /var/www/vhosts/

Configure Apache

vim /etc/httpd/conf/httpd.conf
Listen 8080
NameVirtualHost *:8080
Include /etc/httpd/conf/extra/httpd-vhosts.conf
<IfModule prefork.c>
 StartServers      30
    MinSpareServers   30
    MaxSpareServers   45
    ServerLimit     4000
    MaxClients      4000
    MaxRequestsPerChild  4000

vim /etc/php.ini
upload_max_filesize = 5M
post_max_size = 8M
memory_limit = 256M

mkdir /etc/httpd/conf/extra
vim /etc/httpd/conf/extra/httpd-vhosts.conf
<VirtualHost *:8080>
 DocumentRoot "/var/www/vhosts/my-helper/htdocs"
   <Directory "/var/www/vhosts/my-helper/htdocs">
      Options Indexes FollowSymLinks
      AllowOverride All
       Order allow,deny
        Allow from all
  ErrorLog "/var/www/vhosts/my-helper/logs/error.log"
   #CustomLog "/var/www/vhosts/my-helper/logs/access.log" common

/etc/init.d/httpd restart

Configure Nginx

worker_processes  4;
worker_rlimit_nofile 10000;
events {
  worker_connections  10000;

vim /etc/nginx/conf.d/virtual.conf
server {
   listen 80;
    root    /var/www/vhosts/;

  # Static Contents
   location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
        access_log off;
     log_not_found off;
      server_tokens off;
      expires 30d;

   # Dydamic Content forward to Apache
 location / {
        proxy_set_header X-Real-IP  $remote_addr;
       proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

/etc/init.d/nginx restart

Configure Vsftpd

vim /etc/vsftpd/vsftpd.conf
pasv_address={your public ip address}
vim /etc/vsftpd/user_list

mkdir /etc/vsftpd/userconfig
vim /etc/vsftpd/userconfig/myhelper

/etc/init.d/vsftpd restart

Configure Postfix

/etc/init.d/sendmail stop
yum remove sendmail sendmail-cf

vim /etc/postfix/
myhostname =
myorigin = $myhostname

/etc/init.d/postfix start

Configure sshd

vim /etc/ssh/sshd_config
AllowUsers myhelper

/etc/init.d/sshd restart

Update sysctl.conf

vim /etc/sysctl.conf

sysctl -p

Update Security Group
1. Login to AWS Management Console
2. Click “Security Groups” from the left menu
3. Select your security group
4. Add TCP port 20-21, 80, 21024-21048

Leave a Reply

Your email address will not be published. Required fields are marked *