Blog

December 19, 2011
|

Installing multiple WordPress sites on Amazon EC2 AWS – RedHat Enterprise under 60 minutes

Amazon EC2 offers a great way to host WordPress based web sites. But unfortunately AMI bitnami image lets you only host one WordPress website in the default configuration. If you want host multiple WordPress web sites then you have roll your own. Following these steps will help to create multiple WordPress sites in 60 minutes or less using RedHat Enterprise AMI on EC2.

Step 1: Launch an instance of Red Hat Enterprise Linux 6.1 from the EC2 tab of the AWS console:

clip_image002

Follow the steps to create an EC2 instance and login using ssh

Step 2: SSH into that instance and disable iptables and selinux

service iptables stop
chkconfig iptables off
vi /etc/sysconfig/selinux
SELINUX = disabled

And then reboot.

Step 3: Install Apache, PHP and PHP-MYSQL

yum install httpd
chkconfig httpd on
chkconfig --list httpd

yum install mysql mysql-server
chkconfig mysqld on
chkconfig --list mysqld
yum install php php-mysql

Important note: the official WordPress installation guide does not indicate that you should install php-mysql, but if you don’t, you’ll get the following mysterious error message when trying to launch WordPress in Step 8

Your PHP installation appears to be missing the MySQL extension which is required.

Step 4: Enable the Apache mod_rewrite module and Virtual hosts

  1. Backup httpd.conf file located at /etc/httpd/conf/httpd.conf
  2. Edit httpd.conf file using your favorite editor
  3. Make sure following line is not commented in httpd.conf
        LoadModule rewrite_module modules/mod_rewrite.so
        NameVirtualHost *:80

Change AllowOveride None to AllowOveride All inside the DocumentRoot Directory Directive, normally <Directory “/var/www/html”>. There might be more than one instance of AllowOverride. Make sure to change all of them

Step 5: Start the Apache and MySQL daemons, use ntsysv to make them start on server boot

service httpd start
service mysqld start

You can also check the status using

ntsysv

Step 6: Set a new MySQL root password:

/usr/bin/mysqladmin -u root password 'new-password'

Repeat the following steps for each of the WordPress sites

Step 7: Create the WordPress database and dedicated user

For maximum security use different values for wpdbsite1, wpusersite1 and password for each WordPress sites.

mysql -p
mysql> CREATE DATABASE wpdbsite1;
mysql> GRANT ALL PRIVILEGES ON wpdbsite1.* TO wpusersite1@localhost IDENTIFIED BY "another-new-password";
mysql> FLUSH PRIVILEGES;
mysql> exit

Step 8: Create virtual directories

I generally prefer hosting sites under /usr/web. Create directories under /usr/web/website1

cd /usr
mkdir web
mkdir website1

Edit httpd,conf and add the following virtual directories at the end

<VirtualHost *:80>
        ServerAdmin root@localhost
        DocumentRoot /usr/web/website1
        ServerName yourdomain.com
        ErrorLog logs/yourdomain.com_error_log
        CustomLog logs/yourdomain.com_access_log combined
</VirtualHost>

<VirtualHost *:80>
        ServerAdmin root@localhost
        DocumentRoot /usr/web/website1
        ServerName www.yourdomain.com
        ErrorLog logs/yourdomain.com_error_log
        CustomLog logs/yourdomain.com_access_log combined
</VirtualHost>

Save httpd.conf file

Step 8: Download and unpack WordPress, move it to the web server root

cd /usr/web/website1
wget http://wordpress.org/latest.zip
unzip latest.zip
cp -rpf ./wordpress/* .
rm -rf latest.zip
cp wp-config-sample.php wp-config.php

Note: the cp -rpf ./wordpress/* . moves the WordPress site from /wordpress into the website’s root. You could also leave it under /wordpress or rename that directory to your liking.

Step 9: Edit wp-config.php

Use your favorite editor to edit  wp-config.php

Edit at least the following settings:

define('DB_NAME', 'wpdb');
define('DB_USER', 'wpuser');
define('DB_PASSWORD', 'new-password');
define('AUTH_KEY',         'xxx');
define('SECURE_AUTH_KEY',  'xxx');
define('LOGGED_IN_KEY',    'xxx');
define('NONCE_KEY',        'xxx')
define('AUTH_SALT',        'xxx');
define('SECURE_AUTH_SALT', 'xxx');
define('LOGGED_IN_SALT',   'xxx');
define('NONCE_SALT',       'xxx');

$table_prefix  = 'wp_';

Where ‘xxx‘ represents long random strings, all different. You can use https://api.wordpress.org/secret-key/1.1/salt/ to generate some for you.

Step 10: Change the owner of all the WordPress files

WordPress runs in the security context of the Apache service and must be able to edit certain files when installing plugins and themes or when doing any kind of updates.

On the Amazon Linux, the Apache service runs with the apache user. But the files you create will belong to either ec2-user or root, depending on if you used su when creating or copying them.

The best fix is probably to change the Apache user context to ec2-user, but I have not yet tested this. Instead I decide to take the quick fix of giving all files to apache.

There are potential security drawbacks in doing this, described here: http://codex.wordpress.org/Changing_File_Permissions, but this still seems the best choice.

cd /var/www
chown  -R apache:apache website1

Important note: if you do not make this change you will get the following error message when trying to update WordPress, install a plugin or theme or while trying to upload media:

To perform the requested action, WordPress needs to access your web server. Please enter your FTP credentials to proceed. If you do not remember your credentials, you should contact your web host

clip_image004

WordPress error message due to wrong file ownership

It will show you a screen asking you for your FTP connection details. But as FTP is not enabled on the server, you will never be able to perform these actions.

Step 11: Launch your browser and to start configuring WordPress.

http://www.yourdoamin.com/wp-admin/install.php

Step 12: Secure wp-admin folder

Connect to webserver using WinSCP. Browse to folder /usr/web/website1 and follow the steps mentioned in the blog to configure .htaccess file.

http://www.voip-connections.com/howto/how-to-secure-apache-using-htaccess

Allow access to wp-admin folder only from your home/office.

Enjoy your very fast and secure new web site.