EC2 WordPress

Getting it up and running is straight forward

On a basic image (ami-ed46a784) do the following:

apt-get install -y mysql-server wordpress

hostname=$(curl -s http://169.254.169.254/latest/meta-data/public-hostname/)
ln -s /usr/share/wordpress /var/www/wordpress
bash /usr/share/doc/wordpress/examples/setup-mysql -n wordpress localhost
ln -s config-localhost.php /etc/wordpress/config-$hostname.php
/etc/init.d/apache2 restart
echo Complete installation here: http://$hostname/wordpress

Go to the URL in the past step.

Create the account and note the password. Once in, you can change it.

Done! You are now running wordpress on your server.

Next thing to investigate is how to move the MySQL dB and also the themes, etc.

Securing BlazeDS (https)

I wanted to set up a flex/BlazeDS app to ONLY use https and not http at all!

Key lies in setting up the channels in two places:

1) In services-config.xml, comment out the normal my-amf channel and leave the my-secure-amf only

<!–

<channel-definition id=”my-amf”>
<endpoint url=”http://{server.name}:{server.port}/{context.root}/messagebroker/amf”/>
</channel-definition>
–>
<channel-definition id=”my-secure-amf”>
<endpoint url=”https://{server.name}:{server.port}/{context.root}/messagebroker/amfsecure”/>
<properties>
<add-no-cache-headers>false</add-no-cache-headers>
</properties>
</channel-definition>

2) Secondly comment out the same details in the remoting-config.xml file

<default-channels>
<channel ref=”my-secure-amf”/>
<!–          <channel ref=”my-amf”/> –>
</default-channels>

That’s it. Deploy and check. the first screen on http may appear, but nothing thereafter will work unless you use https://

Eclipse 3.4 Tomcat 6 SSL

Needed to get Tomcat SSL going to do https. Could not figure out how to add this in Eclipse. I would uncomment the https

statements

<Connector SSLEnabled=”true” clientAuth=”false” maxThreads=”150″ port=”8443″ protocol=”HTTP/1.1″ scheme=”https” secure=”true” sslProtocol=”TLS”/>

but each time I start it, no HTTPS???

Finally found out that the file is read when “creating” the server! This means you need to do the following:

1) Go to the configuration on your drive /Users/des/tomcat6/conf/server.xml

2) Uncomment the Connector you want

3) Create a new server in Eclipse

Port 8443 now available

Apache2 Tomcat and mod_proxy_ajp

mod_jk is the old way of doing it, so now with Apache 2.2 mod_proxy_ajp and balancing is the way to go. Few things to configure

load the mod_proxy_ajp module and the balancer module

sudo a2enmod proxy_ajp

sudo a2enmod proxy_balancer

Because we are dealing with a Proxy, edit the /etc/apache2/mods-enabled/proxy.conf proxy file. By default it is restrictive and denies everything. Change it to allow any host to communicate

<IfModule mod_proxy.c>
#turning ProxyRequests on and allowing proxying from all may allow
#spammers to use your proxy to send email.

ProxyRequests Off

<Proxy *>
AddDefaultCharset off
Order deny,allow
#Deny from all
#Allow from .example.com
Allow from all
</Proxy>

# Enable/disable the handling of HTTP/1.1 “Via:” headers.
# (“Full” adds the server version; “Block” removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block

ProxyVia On
</IfModule>

NB. Note the warning about ProxyRequests! Leave it off. It is only used for forward proxies. (not for reverse)

Now configure /etc/apache2/httpd.conf. Here we want to set up a load balance, even if we only have one server. It allows us to set up more servers in the future. Specifically we want to set up the Tomcat server using the ajp protocol. The change is that instead of using mod_jk and communicating with http, we now directly talk ajp to Tomcat.

<Proxy balancer://backtcserver>
BalancerMember ajp://localhost:8009/some_app
</Proxy>
ProxyPass /some_app  balancer://backtcserver/

BalanceMembers are what make up the servers. If you have two servers, add the second one here and Apache will balance the requests between the two servers. There are lots of parameters controlling how this is done, so see the Apache site for details.

The code above sends all requests to “/some_app” to the balancer, that in turn sends all requests to localhost:8009/some_app

GOTCHA’s

Two errors I encountered while figuring this out

403 Forbidden – You have not changed the permissions in the proxy.conf file

404 Not found – the ajp:// URL is not set correctly to find the served file.

“some_app” needs to be on the URL and on the ProxyPass (Caused issues with Flex)

Simple as ;-)

PS.

Apache uses this concept of “available” and “enabled” if you check the /etc/apache2″ directory you will see this for sites and for modules. It creates links in the enabled directory for what you use from the avalable directory. a2enmod creates a link and a2dismod disables it.

2010/08/18 Update: Don’t forget to open the 8009 port in tomcat server.xml file. It is commented out by default.

Apache 2.2

ok, few things to get through here, so will split this up into chunks.

Firstly need to get my head around all the pieces that need to be configured.

/etc/apache2 has a few files and directories, where all the config is kept.

/etc/apache2# ls -l
total 76
-rw-r–r– 1 root root 10105 2009-09-23 05:20 apache2.conf
drwxr-xr-x 2 root root  4096 2009-09-11 00:59 conf.d
-rw-r–r– 1 root root   378 2009-08-18 14:24 envvars
-rw-r–r– 1 root root   923 2009-09-23 05:20 httpd.conf
drwxr-xr-x 2 root root  4096 2009-09-11 06:44 mods-available
drwxr-xr-x 2 root root  4096 2009-09-11 06:44 mods-enabled
-rw-r–r– 1 root root   513 2009-08-18 14:24 ports.conf
drwxr-xr-x 2 root root  4096 2009-09-17 06:24 sites-available
drwxr-xr-x 2 root root  4096 2009-09-17 06:24 sites-enabled
drwxr-xr-x 2 root root  4096 2009-09-17 06:37 ssl
-rw-r–r– 1 root root   174 2009-09-11 07:48 workers.properties

First thing to do is to always put configs made in httpd.conf and not directly into apache2.conf. The later references httpd.conf anyway.

/etc/init.d/apache2 restart

is used to make the changes effective

Rest to follow………….

Setting up Apache

ok, so now to set up Apache with SSL

taken from https://help.ubuntu.com/community/forum/server/apache2/SSL

sudo apt-get install apache2

Create a Certificate

sudo apt-get install ssl-cert

sudo mkdir /etc/apache2/ssl

sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

(Answer questions)

Install Module

The mod_ssl module adds an important feature to the Apache2 server – the ability to encrypt communications. Thus, when your browser is communicating using SSL encryption, the https:// prefix is used at the beginning of the Uniform Resource Locator (URL) in the browser navigation bar.

sudo a2enmod ssl
sudo /etc/init.d/apache2 force-reload

Create virtualhost

Make a copy of the default virtualhost

sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl

Modify it so it looks something like this

sudo nano -w /etc/apache2/sites-available/ssl
NameVirtualHost *:443
<virtualhost *:443>
ServerAdmin webmaster@localhost

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem

DocumentRoot /var/www/
<directory />
Options FollowSymLinks
AllowOverride None
</directory>

<directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
# Commented out for Ubuntu
#RedirectMatch ^/$ /apache2-default/
</directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog /var/log/apache2/access.log combined
ServerSignature On

Alias /doc/ "/usr/share/doc/"
<directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</directory>

</virtualhost>

Enable SSL virtualhost

sudo a2ensite ssl
sudo /etc/init.d/apache2 reload

don’t forget to modify

sudo nano -w /etc/apache2/sites-available/default
NameVirtualHost *:80
<virtualhost *:80>

[2010-08-10] This is not required. The NamedVirtualHost is already set up in ports.conf. This kept giving an error when restarting server:

[warn] NameVirtualHost *:80 has no VirtualHosts

Restart Apache server

sudo /etc/init.d/apache2 restart

Tried it and it kicks out a cert exception, so just accept that and your done. Now to set up Tomcat to work with this

EC2 users (keypair)

Setting up EC2 the default login is root with a pub/priv key generated on the EC2 site as keypairs. I do not want to log in a root directly and disable this on the server. After a bit of searching I found this site that explained the process.

http://developer.amazonwebservices.com/connect/entry.jspa?externalID=1233

The problem with this method is there are a few errors and also once you do this you are screwed, because you cannot su to root!!!.

So new procedure is below

1) Change the root password!!!!

2) follow these steps

adduser des
(Need a password here)

ssh-keygen -b 1024 -f des -t dsa
(Need a passphrase here)

cd ~des
mkdir .ssh
chmod 700 .ssh
chown des:des .ssh

cp /root/des* .ssh/
chown  des:des .ssh/des
chown  des:des .ssh/des.pub
cat /root/des.pub > .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
chown des:des .ssh/authorized_keys

test if it works

ssh -i /home/des/.ssh/des -l des sfx.carrierfx.com

copy key to local machine. Easiest is to print it out and copy it to a text file on local machine as des.pem

cat .ssh

That’s it. Once this works fine, then change the

PermitRootLogin no
Follow

Get every new post delivered to your Inbox.