Building Your WordPress Dream Home on AWS EC2: A Step-by-Step Guide with Security in Mind π
Have you ever dreamt of launching your WordPress site for free, without breaking the bank? Look no further than Amazon Web Services (AWS) EC2! It's like getting a free plot of prime digital land to build your online presence. Here's a 7-step walkthrough to be your friendly construction guide, complete with security measures:
Step 1: Laying the Foundation (Dependencies)
First things first, we need to build the solid foundation for your website. Imagine these as the essential tools and materials you'll need:
-
Installing Essential Components:
sudo apt update -y # Updates package lists sudo apt install -y \ php-dom php-simplexml php-ssh2 php-xml php-xmlreader \ php-curl php-exif php-ftp php-gd php-iconv php-imagick \ php-json php-mbstring php-posix php-sockets php-tokenizer \ php-fpm php-mysql php-gmp php-intl php-cli nginx mysql-server
This command installs all the necessary software components, including:
- PHP: The architect, responsible for the website's functionality.
- MySQL: The secure storage room for all your content (posts, pages, media).
- Nginx: The friendly guard who welcomes visitors and efficiently delivers your content.
Bonus Security Tip: We'll optimize MySQL for memory efficiency during a later step to ensure smooth performance.
Step 2: Creating Your Content Haven (MySQL Setup)
Now, let's design a secure storage space for all your amazing content. This is like a dedicated room in your website house:
-
Installing and Configuring MySQL Server:
sudo systemctl stop mysql.service # Stops the MySQL service (optional)
-
Memory Optimization (Optional):
To reduce memory usage for MySQL, you can edit the configuration file:
sudo nano /etc/mysql/mysql.cnf # Opens the configuration file in Nano editor
Add the following line at the top of the
[mysqld]
section:
performance_schema = 0 # Disables performance schema for memory savings
Save the changes (Ctrl+O) and exit (Ctrl+X).
-
Starting the MySQL Service:
sudo systemctl start mysql.service # Starts the MySQL service
-
Step 3: Adding Tenants (MySQL User and Database)
With the secure storage room ready, let's create a dedicated user to manage it:
-
Setting Up User and Database for WordPress:
sudo mysql # Enters the MySQL terminal CREATE DATABASE wp_apex; # Creates a database named "wp_apex" CREATE USER 'wp_admin'@'localhost' IDENTIFIED WITH mysql_native_password BY 'YourStrongPassword@123'; # Creates a user named "wp_admin" with a strong password GRANT ALL PRIVILEGES ON wp_apex.* TO 'wp_admin'@'localhost' WITH GRANT OPTION; # Grants the user full privileges on the database FLUSH PRIVILEGES; # Applies the changes exit; # Exits the MySQL terminal
Security Reminder: Replace
'YourStrongPassword@123'
with a strong, unique password for enhanced security.
You're absolutely right, my apologies! Here's the completed part 4 on configuring PHP, incorporating the missing explanations and security considerations:
Step 4: Fine-Tuning Your Architect (PHP Configuration)
Now, let's make sure PHP, the architect of your website, has the resources it needs to build and maintain your site efficiently. We'll adjust some settings and keep security in mind:
-
Configuring and Restarting PHP:
sudo nano /etc/php/8.1/fpm/php.ini # Opens PHP configuration file (adjust path if version differs)
Change the following parameters (adjust values as needed based on your website's expected traffic and content size):
-
upload_max_filesize = 200M
(maximum file upload size): This allows users to upload files up to 200MB in size. Adjust this based on your needs, but be mindful of potential security risks associated with very large uploads. -
post_max_size = 500M
(maximum size of POST data): This sets the limit for form submissions. Again, adjust as needed while considering security implications. -
memory_limit = 512M
(memory limit for PHP processes): This specifies the maximum amount of memory a single PHP script can use. Increase this if you anticipate resource-intensive plugins or themes. -
cgi.fix_pathinfo = 0
(disables path information processing): This setting improves performance by disabling unnecessary processing. -
max_execution_time = 360
(maximum execution time for scripts): This defines the longest a PHP script can run before being terminated. Adjust this cautiously, as overly long execution times can affect website responsiveness.
Tip: Use Ctrl+W in Nano to quickly find specific parameters within the file.
Security Considerations: While increasing resource limits can be beneficial for functionality, keep in mind that excessively high values can introduce security vulnerabilities. Carefully assess your website's requirements and strike a balance between performance and security.
Save the changes (Ctrl+O) and exit (Ctrl+X).
-
Restart PHP to apply the new configuration:
sudo systemctl restart php8.1-fpm.service # Replace with the appropriate service name for your PHP version
-
Verify the restart:
sudo systemctl status php8.1-fpm.service # Replace with the appropriate service name for your PHP version
-
This step ensures PHP has the appropriate resources to handle your website's needs while keeping security in mind. Remember to adjust the provided values based on your specific website requirements.
Here's the next part of the guide, incorporating the command breakdowns and security considerations:
Step 5: Moving In the Furniture (Downloading and Extracting WordPress)
Now that the foundation and storage are ready, it's time to bring in the essential elements for your website:
-
Downloading and Extracting WordPress:
cd /var/www/ # Change directory to the web root sudo wget https://wordpress.org/latest.tar.gz # Downloads the latest WordPress archive sudo tar -xvzf latest.tar.gz # Extracts the archive sudo chown -R www-data:www-data /var/www/wordpress # Sets ownership to the web server user sudo chmod -R 755 /var/www/wordpress # Sets appropriate permissions for directories and files
Security Reminder: Downloading from the official WordPress source ensures authenticity and security.
Step 6: Welcoming Visitors (Configuring Nginx)
We need a friendly doorman (Nginx) to greet visitors and direct them to your WordPress site:
-
Configure Nginx:
sudo nano /etc/nginx/sites-enabled/wordpress # Opens the Nginx configuration file for your WordPress site (adjust path if needed)
Paste the following configuration, replacing
apexcreators.world
with your actual domain name(s):
server { listen 80; listen [::]:80; server_name apexcreators.world www.apexcreators.world; # Adjust domain names root /var/www/wordpress; index index.php index.html index.htm; access_log /var/log/nginx/wpress_access.log; error_log /var/log/nginx/wpress_error.log; client_max_body_size 100M; # Maximum allowed body size for uploads autoindex off; location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; # Adjust path if PHP version differs fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
Save the changes (Ctrl+O) and exit (Ctrl+X).
-
Testing and Restarting Nginx:
sudo chmod 777 /etc/nginx/sites-enabled/wordpress # Sets permissions temporarily (adjust later) sudo nginx -t # Tests the Nginx configuration for syntax errors sudo service nginx restart # Restarts Nginx to apply the changes
Security Note: Change the permission of
/etc/nginx/sites-enabled/wordpress
back to a more secure value (e.g., 644) after the test.
-
Step 7: Adding an Extra Layer of Security (Installing and Configuring SSL)
Let's add an extra layer of security for your website and your visitors' data:
-
Installing Certbot:
sudo snap install core # Installs the core snap sudo snap refresh core # Updates the core snap sudo snap install --classic certbot # Installs Certbot sudo ln -s /snap/bin/certbot /usr/bin/certbot # Creates a symbolic link for easier access
-
Obtaining a Free SSL Certificate:
sudo certbot --nginx -d apexcreators.world -d www.apexcreators.world # Replace with your domain names
Follow the on-screen prompts to obtain a free SSL certificate from Let's Encrypt.
-
Verifying Automatic Renewal:
sudo systemctl status snap.certbot.renew.service # Check if automatic renewal is enabled sudo certbot renew --dry-run # Test the certificate renewal process (optional)
Congratulations! ππ You've successfully set up your WordPress site on AWS EC2 with a strong foundation and security measures in place. Now you can visit your website domain name in a web browser to complete the WordPress installation and start creating content!
Top comments (6)
I have always wanted to try AWS for a WP install, but after hearing some stories about getting a huge bill later on, have avoided.
How to keep the EC2 free forever? When you say free, I assume it is free forever...
Great article / tut, thanks for sharing.
You can use other cloud like oracle or google cloud they provide 1 compute engine free forever
and follow the above steps
C'est important merci
π₯
It is way far from a "dream home", I think. Seems more like a tent.
PHP and MySQL in the same machine?
What about high-availability?
Having PHP and MySQL on the same machine isn't ideal for high-traffic sites, but it works quite well for mid to low traffic sites.