In a text file (i.e., NOT MS Word or other word processor) document the steps
you take to complete these steps. Be sure to include headers and exact
commands that you typed on the command-line. The goal is to produce a document
someone else could follow to complete these same steps. Upload the text file
to this assignment in Canvas.
To grade your work I will look at the document you created, visit the sites you set up, and access your
server from the command-line.
Perform these tasks to install Apache:
- sudo apt install apache2
- Verify it is running: sudo systemctl status apache2
- Verify set to start on boot: sudo systemctl is-enabled apache2
- Adjust firewall (ufw) to allow http (80) and https (443) traffic
by enabling “Apache Full” settings.
- In AWS modify the security group associated with your EC2 instance
to allow http and https traffic from anywhere.
- Look up your external IP number (available in AWS console or do this:
curl http://icanhazip.com). You'll want to put this in a convenient
place because you'll use it a lot moving forward.
- In a browser visit: http://youripnumber to verify apache is
working and reachable.
Some useful file locations to keep in mind moving forward:
File Locations
Apache Config Files: /etc/apache2
apache2.conf
sites-available/
sites-enabled/
Log Files: /var/log/apache2
Web Space: /var/www/html
Perform these tasks to install MySQL:
- sudo apt install mysql-server
sudo mysql_secure_installation
(NOTE: not necessary to configure
VALIDATE PASSWORD PLUGIN but it is okay to do so)
- Connect to MySQL server as root: mysql -u root
- Assign password to MySQL root/admin:
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
FLUSH PRIVILEGES;
- Exit MySQL and then verify the new password work by connecting using:
mysql -u root -p
Perform these tasks to install PHP:
- sudo apt install php libapache2-mod-php php-mysql php-cli
- sudo systemctl restart apache2
- delete /var/www/html/index.html
- create /var/www/html/index.php with this:
<?php
echo "Today is: ".date('l jS \of F Y h:i:s A');
?>
- Visit: http://yourip to verify PHP is working
- Observe that the date presented in UTC rather than CDT timezone.
Here are some time zone commands.
timedatectl
timedatectl list-timezones | grep Chicago
timedatectl set-timezone America/Chicago
After setting the timezone, restart apache, and refresh the PHP script to verify
the time is correct.
Apache can host a variety of websites. We want those sites to each have their
own configuration and space. For example, we may host all of these sites on a
single server: www.example.com, blog.example.com, sales.example.com,
www.another.com.
Our plan is that for live/production sites we'll provide web space as follows:
/var/www/live/yourdomain
/var/www/live/blog.yourdomain
/var/www/live/app.yourdomain
Each of the directories will be organized as follows:
- /html
- is the actual web space
- /logs
- contains the apache and other application log files should be
owned by www-data group of your personal account and www-data
should be allowed to write
To tell apache how to handle each site we create .conf files in
/etc/apache2/sites-available:
yourdomain.conf
blog.yourdomain.conf
app.yourdomain.conf
If your domain is example.com your .conf file should look something like this:
<VirtualHost *:80>
ServerAdmin your_email_address
ServerName example.com
ServerAlias www.example.com # all domains listed here auto-forward to example.com
DocumentRoot /var/www/live/example.com/html
ErrorLog /var/www/live/example.com/logs/error.log
CustomLog /var/www/live/example.com/logs/access.log combined
</VirtualHost>
<Directory "/var/www/live/example.com/html">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
To tell apache to use these .conf file you need to create a symbolic links
in sites-enabled to each of them. Then restart apache.
NOTE: To test this on your local machine BEFORE DNS entries have been made, add
entries for the domains of interest to your hosts file:
- /etc/hosts on linux
- /private/etc/hosts on macsystems
C:\Windows\System32\Drivers\etc\hosts
on windows
Verify that both www.yourdomain and and yourdomain.com
display a web page.
IMPORTANT: In the html directory of each site create a simple index.php that
will simply say which site it is.
Add entries in Route 53 so that yourdomain, www.yourdomain, app.yourdomain,
and blog.yourdomain all resolve to your server.
If you haven't done so already, in Apache set up virtual hosts for app and blog.
Create very simple, distinguishing landing pages. Then test them. NOTE: It may
take a while for DNS changes to propagate.
Perform these tasks to install signed SSL certificates for your various domains.
- sudo apt install certbot python3-certbot-apache
- NOTE: My domain was abilenebites.com. Here is the command I
entered to actually install certificates:
sudo certbot --apache -d abilenebites.com -d www.abilenebites.com -d blog.abilenebites.com -d app.abilenebites.com
Go ahead and let certbot modify your configuration to redirect http traffic
to https.
- Look in /etc/apache2/sites-available/ to see new config files.
Also notice that your original .conf files have been modified.
- Restart apache
- Refresh your site in the browser. Your site should now redirect to
https for all domains. NOTE: The certificate expires in 90 days. The
install script set up a cron job (/etc/cron.d/certbot) to perform the
renewal automatically.