- Log into AWS Console (payment method required)
- Launch an Elastic Compute Cloud (EC2) instance
- Amazon CodeDeploy
- Upload Files to EC2 with
scp(secure copy) - Database - Create an RDS (relational database)
- Prepare Web Server
- Enable SSL
- Install PHPMyAdmin on EC2 if you're not using RDS
- Magento
- Amazon Machine Images (AMI): disk image, AMI you specified at launch is used to boot the instance
- EC2: virtual server
- EBS Volume: disk storage, hard drive
- RDS: relational database server
- Snapshot: backup of the disk storage (volume)
- Public DNS: subdomain on amazonaws.com (ec2-52-207-215-180.compute-1.amazonaws.com) which includes self-signed SSL cert
- Reboot: An instance reboot is equivalent to an operating system reboot. In most cases, it takes only a few minutes to reboot your instance. When you reboot an instance, it remains on the same physical host, so your instance keeps its public DNS name, private IP address, and any data on its instance store volumes. Rebooting an instance doesn't start a new instance billing hour, unlike stopping and restarting your instance.
- Terminate: When you've decided that you no longer need an instance, you can terminate it. As soon as the status of an instance changes to shutting-down or terminated, you stop incurring charges for that instance.
-
- Stopping an EC2 instance is not like restarting a virtual or dedicated server
- Every time you restart EC2 a new public DNS subdomain is provided which can be an issue for a test URL, use a custom domain name to avoid changing URLs, however the SSH keys remain the same
- Shell history is available after restarting EC2
- When you stop an EC2 instance, if you don't have EBS storage then do not expect the files to be available again after restarting. Two types of storage: ephemeral-one (or "instance-stored"), those drives are not persistent and will be re-created after instance stop/start. EBS volumes are separate from EC2 instances, keeping data after instance stop/start.
- Make a snapshot before stopping EC2
- There are multiple ways to increase the disk size but it isn't as easy "Click to add 5GB" in the console. Here is Amazon's documentation
- Amazon Linux (free tier)
- Needed to expand the disk size which is known as an Elastic Block Store (EBS) Volume
- EC2 User Guide
- It takes a few minutes to deploy
- You will be able to create an SSH key by clicking the CONNECT button after the instance is created
ssh -i ~/path/to/downloaded/ssh/key/file/aws-au.pem ec2-user@ec2-54-174-122-3.compute-1.amazonaws.com
SSH Error Permission denied (publickey).
- Need to whitelist your IP address or make SSH available from all IP's
- Documenation: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html
- Add the rule for a group to allow inbound IP's to connect via SSH
Successful connection:
Dylan$ ssh -i /Users/Dylan/.ssh/aws-au.pem ec2-user@ec2-54-174-122-3.compute-1.amazonaws.com
__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-ami/2016.03-release-notes/
8 package(s) needed for security, out of 17 available
Run "sudo yum update" to apply all updates.
[ec2-user@ip-172-31-59-74 ~]$- See how much disk space is available
df -h
- Use a shell that is not logged into the server
scp -i /path/my-key-pair.pem /path/SampleFile.txt ec2-user@ec2-198-51-100-1.compute-1.amazonaws.com:~- Upload compressed (tar)
httpdirectory to home (~) - Upload compressed database to home (~)
- Uncompress files
tar –xvzf ~/filename.tar - Overwrite existing http contents
mv ~/http /var/www
- Your EC2 instance can be either VPC or Classic (legacy). If it's VCP then your EC2 security groups for VCP control the access to the separate RDS database services too.
- Log into AWS Console
- To see existing databases click RDS > Instances
- To add a new database: RDS > Launch DB Instance
- Select MariaDB instead of MySQL for the engine
- Choose Dev/Test (free tier)
- Use default settings, most basic service options
- Enable monitoring
- Launch DB
- It takes several minutes to create the new DB server
- Once the DB is up, you can get the endpoint by clicking on the black right arrow in the second column of the instance row (aws1au.ch9n1thno1ii.us-east-1.rds.amazonaws.com:3306)
- AWS Console > EC2 > Security Groups
- Choose the group named something like
rds-launch-wizard-1with a description about the RDS Management Console - Edit the Inbound tab should have one rule
Type: MYSQL/AuroraProtocol: TCPPort: 3306and your IP address when you set up RDS - If you need or want to, change the Source to
Anywhereso you can access it from multiple or dyanmic IP's.
- You need to have
mysqlinstalled on the machine that is connecting to the RDS. If it's not installed on the computer you're using, you can connect to it from the EC2 shell assuming the EC2 instance is allows to connect with the security group rule. Acheive this by alling Anyone (e.g. any IP) to connect in the inbound rule. - You can only connect to your database instance if EC2 has the necessary security group rule giving your IP access
- If you are using RDS MySQL provide the database endpoint in the
hostfield with the username and password for the RDS database server instance - Sample connection which will prompt for the database password
mysql -h aws-db1.ch9n1thno1ii.us-east-1.rds.amazonaws.com -P 3306 -u databaseUsername -p -v
Successful connection to Maria DB on RDS:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 304
Server version: 5.5.5-10.1.14-MariaDB MariaDB Server
Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Reading history-file /home/ec2-user/.mysql_history
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>Amazon AWS Import MySQL/MariaDB Documentation
You will be piping the existing database .sql export/dump file into a mysql command. The file must exist on a computer that can run mysql commands. If your computer can't connect, then upload the .sql file to EC2 and connect to RDS from the EC2 shell.
The following commands are run from the mysql> prompt
- Check to see if the database you want to use for Magento is already created
show databases; - If the database you want is there run
use databaseName;else add the databasecreate database databaseName;use databaseName; - Assuming the Magento backup.sql is your
source backup.sql; - You'll watch for several minutes as the SQL commands are displayed and each query result is printed
- If it was successful you should see in the output that rows were changed
- Download the MySQLWorkbench app
- Open the program and add a connection
- Type: TCP
- Host: RDS endpoint (aws-db1.ch9n1thno1ii.us-east-1.rds.amazonaws.com)
- Port: 3306
- User: RDS databaseUsername
- Password: RDS databasePassword
- Click
Test Connectionand if it's good you have the right security group rules in AWS EC2 and the correct credentials - Expand your databaseName from the left sidebar and you can see and edit the database, tables, users and row values
-
Default URL paths for Magento
-
Update table
core_config_dataweb/secure/base_urltohttps://yourEC2PublicDomain/andweb/unsecure/base_urltohttp://yourEC2PublicDomain/with the trailing slashes -
Update
web/cookie/cookie_domainto your EC2 public domain without http://ec2-52-207-215-180.compute-1.amazonaws.com, which is required to avoid CSRF attack prevention on the form submission. You will not be able to log into the admin panel. Instead you'll see the error "invalid form key. please refresh the page." -
Clear Magento cache
sudo rm -r /var/www/html/var/cache/* -
Clear Magento sessions
sudo rm -r /var/www/html/var/sessions/* -
Clear the secret Magento cache if the Magento cache directory is not writable
sudo rm -r /tmp/magento/var/cache/* -
If you have data in the secret cache then you need to change the permissions.
-
Restart apache
sudo service httpd reload
Set every value in the core_cache_option table from 1 to 0
UPDATE `dbname`.`core_cache_option` SET `value`='0' WHERE `code`='block_html';
UPDATE `dbname`.`core_cache_option` SET `value`='0' WHERE `code`='collections';
UPDATE `dbname`.`core_cache_option` SET `value`='0' WHERE `code`='config';
UPDATE `dbname`.`core_cache_option` SET `value`='0' WHERE `code`='config_api';
UPDATE `dbname`.`core_cache_option` SET `value`='0' WHERE `code`='config_api2';
UPDATE `dbname`.`core_cache_option` SET `value`='0' WHERE `code`='eav';
UPDATE `dbname`.`core_cache_option` SET `value`='0' WHERE `code`='layout';
UPDATE `dbname`.`core_cache_option` SET `value`='0' WHERE `code`='translate';Remove extra config files
sudo rm /var/www/http/var/etc/local.xml.backupsudo rm /var/www/http/var/etc/local.xml.templatesudo rm /var/www/http/var/etc/local.xml.additional
Configure your security group for EC2 to allow connections:
- SSH (port 22)
- HTTP (port 80), and HTTPS (port 443)
- Documentation for Amazon Linux EC2 LAMP install
- SSH to server
- Update packages
sudo yum update -y - Install Apache, MySQL and PHP
sudo yum install -y httpd24 php56 mysql55-server php56-mysqlnd - Start Apache
sudo service httpd start - Configure the Apache web server to start at each system boot
sudo chkconfig httpd on
chkconfig --list httpd
Correct output:
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
- AWS > EC2 Dashboard > Instances > Click instance name > Public DNS (use CMD+F or CTRL+F to find "Public DNS")
- Public DNS may be hidden, click Show/Hide
- Example: http://ec2-54-174-122-3.compute-1.amazonaws.com/
- Amazon Linux Apache document root for the
httpdservice is/var/www/html
- Add the www group to your instance.
sudo groupadd www - Add your user (ec2-user) to the
wwwgroup.sudo usermod -a -G www ec2-user - Log back in to pick up the new group.
exitssh ... - Verify your membership in www group
groups - correct ouput:
ec2-user wheel www - Change the group ownership of /var/www and its contents to the www group.
sudo chown -R root:www /var/www- Change the directory permissions of /var/www and its subdirectories to add group write permissions and to set the group ID on future subdirectories.
sudo chmod 2775 /var/wwwfind /var/www -type d -exec sudo chmod 2775 {} \;- Recursively change the file permissions of /var/www and its subdirectories to add group write permissions.
find /var/www -type f -exec sudo chmod 0664 {} \;
Now ec2-user can add, delete, and edit files in the Apache document root. You are ready to add content.
echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php- Check your test URL (e.g. http://ec2-54-174-122-3.compute-1.amazonaws.com/phpinfo.php)
rm /var/www/html/phpinfo.php
- Start MySQL server
sudo service mysqld start - Run setup
sudo mysql_secure_installation - No password exists yet so click
enterat the prompt - Type
Yto create a root password - Type
Yto remove the anonymous user accounts. - Type
Yto disable remote root login. - Type
Yto remove the test database. - Type
Yto reload the privilege tables and save your changes. - Run MySQL server every time instance boots
sudo chkconfig mysqld on
- Install mod_ssl
sudo yum install -y mod24_ssl - Restart Apache
sudo service httpd restart - SSL on your AWS Public DNS domain will work but throw warnings for a self-signed cert. (e.g. https://ec2-54-174-122-3.compute-1.amazonaws.com/)
- Test SSL effectiveness with SSL Test A is great, C is encrypted but could have better user experience and security
Do not use PHPMyAdmin without SSL because the database login will be comprimised
- Enable the Extra Packages for Enterprise Linux (EPEL) repository from the Fedora project on your instance.
sudo yum-config-manager --enable epel- Install PHPMyAdmin
sudo yum install -y phpMyAdmin - Get your IP Address (e.g. 66.227.133.167)
sudo sed -i -e 's/127.0.0.1/66.227.133.167/g' /etc/httpd/conf.d/phpMyAdmin.conf- Restart Apache
sudo service httpd restart - Restart MySQL
sudo service httpd restart - Login with root user and password setup during mysql install at your AWS domain/phpmyadmin (e.g. https://ec2-54-174-122-3.compute-1.amazonaws.com/phpmyadmin)
Recommended Privileges Before Install
cd /var/www/html/find . -type d -exec chmod 700 {} \;find . -type f -exec chmod 600 {} \;
Recommended Privileges After Install
cd /var/www/html/find . -type f -exec chmod 400 {} \;find . -type d -exec chmod 500 {} \;find var/ -type f -exec chmod 600 {} \;find media/ -type f -exec chmod 600 {} \;find var/ -type d -exec chmod 700 {} \;find media/ -type d -exec chmod 700 {} \;
cd /var/www/html/find . -type f -exec chmod 644 {} \;find . -type d -exec chmod 755 {} \;chmod 550 pearchmod 550 mage
- Look at
/app/etc/config.xmlor/app/etc/local.xmlto update theconnection - Change the
host,username,passwordanddbname - If you are using RDS, the RDS Endpoint is database host (aws-db1.ch9n1thno1ii.us-east-1.rds.amazonaws.com)
<connection>
<host><![CDATA[yourDatabseHostname]]></host>
<username><![CDATA[yourDatabaseUsername]]></username>
<password><![CDATA[yourDatabasePassword]]></password>
<dbname><![CDATA[yourDatabaseName]]></dbname>
<initStatements><![CDATA[SET NAMES utf8]]></initStatements>
<model><![CDATA[mysql4]]></model>
<type><![CDATA[pdo_mysql]]></type>
<pdoType><![CDATA[]]></pdoType>
<active>1</active>
</connection>- Turn on PHP errors, in
index.phpuncomment or addini_set('display_errors', 1);
- Create a file called
eureka.phpwith the following code and put the file the root Magento folder (/var/www/html/eureka.php). - Add the user
php eureka.php - Remove the file
rm eureka.php - Source
<?php
// Create New admin User programmatically.
require_once('./app/Mage.php');
umask(0);
Mage::app();
try {
$user = Mage::getModel('admin/user')
->setData(array(
'username' => 'admin1',
'firstname' => 'Admin',
'lastname' => 'Admin',
'email' => 'dylan@sngm.me',
'password' =>'',
'is_active' => 1
))->save();
} catch (Exception $e) {
echo $e->getMessage();
exit;
}
// Assign Role Id
// Administrator role id is 1
try {
$user->setRoleIds(array(1))
->setRoleUserId($user->getUserId())
->saveRelations();
} catch (Exception $e) {
echo $e->getMessage();
exit;
}
echo "User created successfully";
?>- Check
/app/etc/local.xml - Look for
frontnameand in this case the path to the admin panel would be/admin/from this XML<frontName><![CDATA[admin]]></frontName> - Browse to https://baseurl.com/index.php/admin and you will view the Magento login
If you can log into admin panel go to System > Index Management
The catalog reindexing can take a long time and will time out in PHP. Use this command from Magento root:
php -d max_execution_time=0 ./shell/indexer.php --reindex catalog_url or pass reindexall instead
Successful reindex: Catalog URL Rewrites index was rebuilt successfully in 00:16:23
It is likely that the rewrite rules are not working, which is related to mod_rewrite and .htaccess
- Confirm with phpinfo() that PHP has mod_rewrite installed and if it's not there install it
- .htaccess rules cascade down so you can customize them per directory or vhost. The top level .htaccess can have strict persmissions set that do not allow the sub .htaccess files to override the settings.
- Edit
/etc/httpd/conf/httpd.conf - Find the block starting with
<Directory "/var/www/html"> - Edit it so that the remaining directives are as follows (note, the comments don't matter):
<Directory "/var/www/html">
Options Indexes FollowSymLinks Includes
AllowOverride All
Allow from All
</Directory>- Restart Apache
sudo service httpd reload - Try viewing website again, it may be working now.
- Generate the contents of a login file called
.htpasswdwith this http://www.htaccesstools.com/htpasswd-generator/ - Example output:
admin@test.com:$apr1$HRwJVYdU$o74.vQbjemjIYpGcbsCM5. - Paste into
.htpasswdinto Magento root - Add the following to the beginning of
/var/www/html/.htaccess
AuthName "Login"
AuthUserFile "/var/www/html/.htpasswd"
AuthType Basic
require valid-user
ErrorDocument 401 "Login Required"- Markup, .phtml template files, layout files
app/design/frontend/default/THEME_NAME/template/ - Assets (CSS, JS, images)
skin/frontend/default/THEME_NAME/
- Add this to beginning of .phtml files and then view your page source to see if they are being used
echo '<!-- ' . $this->getLayout()->getBlock('root')->getTemplate() . ' -->'; - Example output if the .phtml you added it to is in use:
<!-- page/homepage.phtml -->
- Layouts
/var/www/html/app/design/frontend/default/THEME_NAME/layout/local.xml - .phtml templates
/var/www/html/app/design/frontend/default/THEME_NAME/template - Page templates (homepage.phtml)
/var/www/html/app/design/frontend/default/THEME_NAME/template/page