1.4 Updates:

2024-04-04: Updated to Ubuntu 22.04 Thanks Brandon!

CSC394 Software Projects Linux Installation

Professor Clark Elliott

Overview and basic setup of AWS Ubuntu Linux to support a CRUD application:

CRUD stands for Create, Read, Update and Delete, which are the basic operations one needs to build an application with a database back end. You can read about CRUD as supplemental information to this project.

These are notes on ONE path through settng up an Ubuntu Linux server and using it to support a full CRUD Web installation. The following notes can be used to supplement the instruction: Install linux, Apache, MySQL, PHP, security certificate, WordPress... to support a full CRUD web installation using the Web as a guide for instructions.

Install procedures change, so you will have to adapt these suggestions to your current circumstances. These are suggestions and intended as "helpful hints" about how to construct your system under AWS. But you will have to fill in the blanks, read other tutorials on the web, and talk with your classmates if you run into challenges.

You will need:

A safe local directory where you are going to put your security key PPK files. You will need to find these later to be able to access your system.
A file in which you will put a boatload of usernames and passwords. Don't lose them!
A credit card (but note, as long as you are careful, nothing will be charged to the account).
A cell phone where you can receive authentication text messages.
A willingness to give Amazon your email address and phone number.
PuTTY -- software for using SSH to access a unix system.
You probably also will want WinSCP (for windows) or other secure file transfer system.

Concepts:

Ubuntu linux operating system (Note: Ubuntu is a variation of Linux which is a community-developed variation of Unix)
The WordPress community.
Elastic IP (that is, a fixed IP address so you can find your server)
Private IP address
Running instances
EC2
Key Pairs (Public key / private key)
Security groups
emacs or nano for editing files under unix
Apache web server
mysql
PHP
Basic Authentication
phpmyadmin
wordpress
unix commands
unix file structure
unix configuration files
root access

Get an Amazon Web Services account:

The general web address is: aws.amazon.com
Or go to this site: https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html
The following is probably a good idea, so you can start fresh: In Firefox, select the lock next to the address bar, clear all the cookies for Amazon.com
Either create an account, or sign in to your previous Amazon account.
Create a new AWS account.
Use your real email address: YourEmailAccount@gmail.com. You must have access to the email you use! They will be sending you information there.
AWS is very strict about your password. If you lose it, you are out of luck. Put this in your safe local directory for now.
Professional / Personal: use personal.
Must have a credit card. (Will not charge the card for free accounts.)
Must have a cell phone to recieve authentication SMS.
Chose the basic Plan -- Free
Should now take you back to login page.
Log in using the email address you have chosen for this account.
Should take you to AWS Management Console.
[We will use EC2, Elastic Cloud Computing, but you can see ALL the services under AWS Services. Be very careful when clicking on ANYthing other than EC2, because your credit card can be charged. Not sure about who will get charged for what beyond the free basic linux system, so be wise.
Note: Later you can get to your Ubuntu system without access to AWS. But you will need the EC2 dashboard to set up your firewall and security groups.
Build a solution
Launch a Virtual Machine with EC2.
You will now have to wait 24 hours for email to come telling you it is OK to proceed.

------------------------------------------------------------

After you have been approved via email, log back into the AWS Management Console.
Use: Ubuntu Server 22.04 LTS (HVM), SSD Volume Type, Free tier eligible (Or whatever is current.)
Use 64-bit (x86). (ARM is generally for lower power computers. ARM is a different machine architecture, and we want everyone the same to make it easier to share tips.)
Choose the free minial system: Check box selected for t2 micro (Free tier eligible)
Select Review and Launch
"Step 7: Review Instance Launch"
Verify that everything is correct.
Important! Security groups: leave this blank for now. It will be important later.
You don't have to do anything, but note this: It is OK to use the dropdown arrows down expand details. 8 Gig of disk space. 1 Gig of RAM.
Launch it!
You will get a warning, "No key pairs found".
On first Drop down, select "Create a new key pair"
Note: You MUST remember your key pair name. DePaul-AWS-394, ClarkElliottAWS-KeyPair, are examples of a names you might want to use.
Download the Key Pair. It will have a .pem extension.
VERY important. You MUST remember where it is saved, and can't lose it. Keep this secure. Put the key in the directory you established above.
If you lose the key pair, the entire project is ruined.
Launch Instances.
Note: You can ignore the "Get notified of estimated charges." If you are careful not to give anyone access to your Amazon account, and don't add any services, it should be free.
Note: You might want to read through some of the tutorials, such as: https://us-east-2.console.aws.amazon.com/ec2/v2/home?region=us-east-2#LaunchInstanceWizard:
Press View Instances button in lower right.
Write down the Availabity Zone, e.g.: us-west-2a or us-east-2b
Wait two or three minutes
Instance state will change to "running" if everything is a go.
Status checks should say "initializing" then "2/2 checks passed"
Alarm status None
IPv4 Public IP is IMPORTANT. Write it down! Put this Public IP in your important keys file. Later we will change this to a fixed (elastic) IP address, but we will need it before then. E.g.: 34.218.209.214

Connecting to your new Ubunu Linux system:

Now we will connect to our instance using PUTTY.
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
Download and install both puttygen and PuTTY from the official site above.
First, puttygen.exe: Linux and AWS use .pem files to hold keys. Windows uses .ppk files. So we must convert .pem to .ppk.
Note whether you are running on a 32-bit (old) or 64-bit machine. Run puttygen: Use "Conversions | Import Key" then navigate to the .pem file that we downloaded earlier.
Note Passphrase: You must have physical possession of the key file on your local disk to use SSH. But anyone that has access to your computer can use it. If you want to further add a passphrase to protect the PPK key file, you can do so. We will not use a passphrase in this example.
Click save private key
Start PuTTY, Under "Session" tree: Enter IP address we previously saved, Port 22, SSH, [Note: we are going to return to the Session tree shortly]
Note: if you have any references to ec2-user, change them to the username ubuntu.
Under "Connection" tree: Data | Autologin username, Type in "ubuntu" (Note: this is the most common reason people can't log in to AWS. Ubuntu uses a different default login name than all other AWS unix systems.)
Under the "SSH" tree: Auth | Browse... [Locate the .ppk file we created earlier with puttygen]
Return to "Session" tree: [Single click on session on the left hand side top (you might have to scroll up to the top to find Session).]
In the "Saved Sessions" small, top box, enter a name: e.g.: AWS-DePaul-394
Using the right side middle button: Save
Note: for any configuration changes in PuTTY, you will have to find this obscure screen under "Session," select the session name from the big box which loads the name into the small box, and save it. Otherwise you will lose all your changes.
Under Saved Sessions, bottom larger window, click on the saved session name. (We just created this entry in the previous step.)
Bottom, second to the right, click OPEN
On the security warning, say "Yes" because we want to continue. (Fingerprint confirmation)
You are now logged in! Congratulations, you have now logged in to your new (virtual) Linux instance using your saved private key for authentication.
To log out, enter "exit" at the command prompt, or kill your PuTTY session.
Note: You can restart your session, or create a new session from the PuTTY window by clicking on the icon in the upper left hand corner.

Changing the appearance of PuTTY:

Start PuTTY. Select your saved session.
I don't like the default font, which is hard to read, so if you are like me (but this your preference) under the tree "Window | appearance" use the "Change" button and select Consolas, bold, 12-point.
For "default foreground" and "default bold foreground" I use 0, 0, 0 (black)
For "Default background" and "default bold background" I use 255, 255, 255 (white)
Use the "modify button" to record your changes.
Then, as always, go back to the Sessions tree, select your session name from the big box to put it in the small box if it is not there already. Save it. (Which writes it to your local disk.) If you don't save your changes from the "Session" tree you will lose them.
I only care that you know how to change the appearance of your PuTTY window, but I don't care if you do. The look of your sessions is up to you. Be careful that you don't mess the colors up, or, for example, you might not be able to see any text that is bold.

Becoming familiar with basic Unix commands:

You will need to have a decent understanding of basic unix commands to create and maniuplate directories, change directories, view file permissions and so on, which you can now test and run on your linux system. Use the following as a way to get started (and keep in mind there are thousands of tutorials on this same subject online):

You can try these Basic Unix Command Tutorial and Unix command reference card or find your own version on the web.

If you are using emacs, you can use M-x, manual-entry to look up the manual entry for any unix command.

Installing CRUD support architecture on your Ubuntu Linux system

Some preliminaries

Note: For super geek students, almost everything we do from the AWS console can be done from the command line in Ubuntu once we establish a login. AWS CLI allows everything to be done from the root prompt.
Note: Most of the configuration commands require root (administrator) access to your system. On the one hand it is good for you to learn to manipulate your powerful operating system. On the other hand, if you make a serious mistake you will have to delete your instance and start all over again. If you make a mistake with security you can invite trouble to run on your linux instance in the form of hackers.
There are generally two ways to access root commands. The first is on a command-by-command basis, using the sudo command (which stands for super-user do-command and is pronounced "sooo-doooo." The second is to use the sudo command to spawn a root-level shell and remain in the shell until you are done with your root-level processing: sudo bash or sudo emacs . Note: if you are in a bash root shell, you can leave the shell and return to the normal "ubuntu" user using the exit command. You can leave emacs with control-x, control-c.
Make a decision on which editor you are going to use on Ubuntu:
1. emacs is a very powerful editor that runs on every operating system (Mac, Windows, Unix). You can use my tutorial for emacs to get started. Emacs is probably the most powerful text editor ever written. One nice feature is that you can run multiple shell processes within an emacs window. It will take time to learn even the basic commands.
2. nano is a very basic editor that runs natively on linux and on the unix system that supports the Mac. It is easy to get started, but is very basic only. Here is a Simple nano cheatsheet
3. vi runs natively on every Unix system. It has very powerful string processing commands, but uses archaic dual-mode editing. vi ispires passion on both sides. Those that love it (typically unix geeks) will disparage everything else. Those that hate it consider it an abomination for most people. After using vi for two years I am in the latter camp. Like emacs it will take a while to learn even the most basic commands. (Note that emacs has a vi-mode, so you can run vi under emacs if you care to.)
Because we will be using a server, we will need to have a fixed IP address so our Web clients can find us. AWS uses dynamic IP address (DOHC), but we will configure an Elastic IP Address which actually gives us a public fixed IP address.
We will use the apt command to install software on our Ubuntu system. apt stands for Advanced Packaging Tool.

Changing to an Elastic IP Address

Log in to your AWS console.
On the EC2 Dashboard, upper right on ribbon, look to see what zone you are in. Write it down.
On left side list, Elastic IP choice. Select it.
Upper right, note your region, you can always use the EC2 Dashboard to find the region.
Allocate new address.
Use Amazon Pool.
Allocate it.
VERY IMPORTANT. WRITE DOWN THE ELASTIC (FIXED) IP ADDRESS!! Save this in your local file. E.g.: 18.189.2.7 or 52.26.19.112
We Have to associate the old machine with the new IP address:
Select the Actions dropdown.
Find the correct instance in the dropdown (probably only one)
Find the private IP (I only had one)
We don't need reassociation.
Note: When we assicate, any running Ubuntu session will get dropped from PuTTY
Press Associate!
Go to EC2 Dashboard to check it's health.
Select Instances, check its Instance State and Status Checks now.
Verify the new static (elastic) IP address. IPv4 Public IP.
Close the PuTTY session which is now dead.
Start PuTTY again.
Insert the new (elastic, fixed) IP address under the "Session" tree.
LOAD
Save the session with your chosen name (e.g. AWS-elastic) to disk with the new IP address.
Double click on the saved session (lower box) to log in again (or single click, and Load)
We will get a security warning again, because IP address has changed.

For Windows, Install WinSCP

Install WinSCP. New Site

Enter you elastic (fixed) IP address in the Host name box.

Enter "ubuntu" as the user name.

Under the "Advanced | SSH | Authentication tree" browse to where you have stored your .ppk private key file for your Ubuntu system.

Press OK

Save your session with a name you will remember. E.g., "AWS-DePaul-394"

You will get a warning. Say yes that you will accept this unkonwn server.

You are now ready to securely copy files between your linux system and your windows system.

Or, you might want to use FileZilla. I have not tried this myself. FileZilla Official Site FileZilla FTP software Discussion

Note: From here on, for unix root commands either use the form sudo or start with sudo bash and just execute . I have (mostly?) used bold font to indicate the actual unix commands.

Install emacs:

Log in to your linux system using PuTTY (see above)
Install emacs using root:
snap install emacs --classic
Using WinSCP, copy the contents of the sample emacs Init File into a file called ~/.emacs (that is .emacs in your home directory), which you can get from the Elliott Emacs tutorial
Follow the reference card to use the (init-file modified) emacs commands to edit files.
You now have at least three choices of editor: emacs, vi, nano.

Make sure Ubuntu is up to date:

apt update
apt upgrade

Install apache:

apt install apache2


[Answer Y to Do you want to continue?]

[This install will take a while...]

Start Apache with "Apache Control":
apachectl start
Check that Apache is now running:

ps -ef | grep apache2


ubuntu@ip-172-31-28-16:~$  ps -ef | grep apache2
root     14378     1  0 04:54 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 14380 14378  0 04:54 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 14381 14378  0 04:54 ?        00:00:00 /usr/sbin/apache2 -k start
ubuntu   14613  2432  0 04:55 pts/1    00:00:00 grep --color=auto apache2
ubuntu@ip-172-31-28-78:~$

Use command line telnet to see if Apache is running:

telnet localhost 80

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

 Send a Get of the root file directory through telnet just to see if
  there is some response (including an error response):


Get /
Get /
HTTP/1.1 400 Bad Request
Date: Sun, 08 Sep 2019 00:20:14 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 334
Connection: close
Content-Type: text/html; charset=iso-8859-1



400 Bad Request

Bad Request
Your browser sent a request that this server could not understand.



Apache/2.4.29 (Ubuntu) Server at
  ip-172-31-45-12.us-west-2.compute.internal Port 80

Connection closed by foreign host.

So we know that the Apache server is running!

Adjusting the firewall so we can get to our server from a web browser:

Our Apache server is running, but can't get to it from outside world because of security.
We can try to reach the server, but the request from the browser will just hang.
So, from the AWS console, EC2, Dashboard, find AWS Security Groups (which are a little convoluted)
Select the "launch-wizard" security group (probably)
Under the Actions dropdown, select Edit inbound rules.
Add rule.
Default Type is "custom," but change this to HTTP for port 80.
Save it.
Now we must insure that the instance is using the security group we selected:
Dashboard / running instance, scroll right to Security groups tab.
Paste your fixed (elastic) IP address into your browser address bar and attempt to retrieve the defaul index.html file from the server.
E.g. http://172.31.45.11 in your browser. You should get a valid default web page.
Success! Congratulations, your Apache Web Server is now running!
The default document root is at /var/www/html/index.html. Let's take a look at the files there.
cd /var/www/html/index.html.
Use ls -l in this directory to see what your permissions are. You will have to set the same permissions for any web pages your create.
Use your emacs, vi, or nano editor to edit the default /var/www/html/index.html web page. I recommend that you copy the default web page to a new name and then create your own simple default web page for your site. You will need root access to write files in this directory.
cp index.html save-index.html
Now change back to your home directory:
cd ~

Installing MySQL

Note:We are installing 5.7 which is older, but much easier to configure. DON'T install 8! It is not compatible with PHP
> apt install mysql-server
As root, secure the installation:
mysql_secure_installation
Answer N to setting up password validation. We don't need it for now.
Set the password for root. DON'T LOSE THIS PASSWORD!. Put it in your local file along with all the other passwords from this process.

Password Validation requires that users use good passwords. I recommnd NOT setting this up for now, but it is up to you:


Securing the MySQL server deployment.
Connecting to MySQL using a blank password.

VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No: N

Set the password for root.
Note: Don't use any exclamation ponts or ampersands because those are shell escape characters.
Yes we want to remove anonymous users.
yes remove root login remotely
yes remove test database
yes reload privilege tables.

Testing that MySQL works:

> mysql -uroot -p


root@ip-172-31-45-12:~# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.27-0ubuntu0.18.04.1 (Ubuntu)

Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.

mysql> show tables;
show tables;
ERROR 1046 (3D000): No database selected

mysql> use mysql;
use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

mysql> show tables;
show tables;
+---------------------------+
| Tables_in_mysql           |


  mysql> \q  ...to exit from mysql.

Bye

Installing PHP:

apt install php libapache2-mod-php
apachectl restart

To test php, create a file called info.php and place it in document root:


Contents (three lines):
<?php
phpinfo();
?>


 Then, bring the file up in your browser:

 https://18.189.n.n/info.php  [Use your elastic IP address]

 You should see a full page giving the PHP version along with a bunch of
  other information.

 Congratulations, PHP is now running under your Apache web server.

Using SSL and a self-signed snakeoil certificate:

For SSL we will generate a self-signed certificate and a key for our installation, which we will use later:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

Use, e.g.:
Country Name: US
State: IL
Locality: Chicago
Organizaton: DePaul-394

[Note: Leave the rest blank if you like, but maybe put in your email
address]

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
US
State or Province Name (full name) [Some-State]:IL
IL
Locality Name (eg, city) []:Chicago
Chicago
Organization Name (eg, company) [Internet Widgits Pty Ltd]:DePaul394
DePaul394
Organizational Unit Name (eg, section) []:

Common Name (e.g. server FQDN or YOUR name) []:

Email Address []:elliott@depaul.edu
elliott@depaul.edu

You can now see your private key in: /etc/ssl/private/apache-selfsigned.key
And your certificate in: /etc/ssl/certs/apache-selfsigned.crt

Updating Apache to use SSL:

a2 is apache2 en is enable site, for this configuration file for this site:
a2ensite default-ssl.conf
enable the ssl module for apache2:
sudo a2enmod ssls
Restart apache so changes take effect (could also wait until the end of the whole process):
apachectl restart
Now open the firewall on using the Amazon dashboard:
EC2, dashboard, running instances, security groups.
Select launch-wizard-1


Inbound rule.
Edit
Add
Add a rule for HTTPS, port 443.

Bring up the web browser, using the default snakeoil certificate:
https://18.189.n.n [Use your elastic IP address]
You'll get a security warning. The warning is because of the self-signed certificate. Do the following:
```
Advanced

Accept the Risk and Continue

At this point you should see the index.html file again.
```
Congratulations, your Apache server is now accepting HTTPS connections.

Let's look at the existing default snakeoil certificate:


Click on the lock in the browser address bar:

Expand connection
More information
View Certificate

Using our own certificate:

Find where the default-ssl.conf configuration file is:

locate default-ssl.conf


In /etc/apache2/sites-enabled/default-ssl.conf

In your editor, running as root, comment out these two lines using the # character:


 SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
 SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

# SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
# SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

and replace them with:

SSLCertificateFile      /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key


  apachectl restart 

 Now, for fun, let's look at the certifcate you created.

 Click on the lock in the browser address bar:
Expand connection
More information
View Certificate

You should now see the DePaul394 organization you put into your own
self-signed certificate. Congratulations! Good job.

 Now, for fun let's look at which apache processes are running:

root@ip-172-31-nn.-nn:~# ps -ef | grep apache2
ps -ef | grep apache2
root      2662     1  0 16:34 ?        00:00:00 /usr/sbin/apache2 -k start
www-data  3338  2662  0 20:00 ?        00:00:00 /usr/sbin/apache2 -k start
www-data  3339  2662  0 20:00 ?        00:00:00 /usr/sbin/apache2 -k start
www-data  3340  2662  0 20:00 ?        00:00:00 /usr/sbin/apache2 -k start
www-data  3341  2662  0 20:00 ?        00:00:00 /usr/sbin/apache2 -k start
www-data  3344  2662  0 20:00 ?        00:00:00 /usr/sbin/apache2 -k start
www-data  3345  2662  0 20:00 ?        00:00:00 /usr/sbin/apache2 -k start
root      3423 27409  0 20:09 pts/1    00:00:00 grep --color=auto apache2


 Make sure we are current:

  apt update

Install phpmyadmin for manipulating your MySQL database:

Note: The name is misleading. This software is used to manipulated your MySQL database. It just happens to have been written in PHP. Everything you can do with phpmyadmin can also be done at the comman line in MySQL.

apt install phpmyadmin php-mbstring php-gettext
Select [1. apache2] as the server to be configured to run phpMyAdmin for MySQL

Yes, we want to configure the database for phpmyadmin:

Configure database for phpmyadmin with dbconfig-common? [yes/no] yes Provide a password. DON'T LOSE THIS. WRITE IT DOWN. Place the password in your local file. [...] Determining localhost credentials from /etc/mysql/debian.cnf: succeeded. dbconfig-common: writing config to /etc/dbconfig-common/phpmyadmin.conf Creating config file /etc/dbconfig-common/phpmyadmin.conf with new version Creating config file /etc/phpmyadmin/config-db.php with new version checking privileges on database phpmyadmin for phpmyadmin@localhost: user creation needed. granting access to database phpmyadmin for phpmyadmin@localhost: success. [...] At this point you should be able to use phpmyadmin to query and modify your MySql database with the GUI interface: https://18.189.n.n/phpmyadmin/ [use your fixed (elastic) IP address] Username: phpmyadmin PW: whatever you chose

Congratulations, you now can use phpmyadmin to Administer your MySQL database.

Preparation for installing WordPress to support our web applications:

To allow editing, configuration invoke:
/usr/sbin/pma-configure
You might find this WordPress Ubuntu Installation link of interest.

Using your editor, modify the /etc/apache2/apache2.conf file as follows:

OLD:

# Include list of ports to listen on
Include ports.conf

NEW: (one line addition)
# Include list of ports to listen on
Include ports.conf
Include /etc/phpmyadmin/apache.conf

Check the configuration:
apachectl -t
You may get an [alias:warn] warning, but we can ignore it as long as the syntax is OK.
Restart Apache so that the new configuration takes effect:
apachectl restart
Try phpmyadmin again from your web browser to make sure everything is still working.
We will come back to WordPress shortly.

Adding Basic Authentication to your Apache Web Server:

We will be adding challenge response authentication by adding a username and password.
If we run the server without https, the password is sent in the clear. Authentication is independent of HTTPS.
If we wanted, we could protect different subdirectories under the webserver with different authentication, but for now we will keep this simple.
For SSL we again edit the file: /etc/apache2/sites-available/default-ssl.conf
Our documnet root is determined by: DocumentRoot /var/www/html/

Using your editor make the following change:


OLD:
    
               SSLOptions +StdEnvVars
    

NEW:

    
               SSLOptions +StdEnvVars
    

    
                AuthType Basic
                AuthName "DePaul394"
                AuthUserFile /etc/apache2/.htpasswd
                require valid-user

Note: this is how you can change authorization for other directories.
In the following, DON'T FORGET THIS PASSWORD. WRITE IT DOWN! Place it in your local directory.
cd /etc/apache2
While IN THE DIRECTORY /etc/apache2 at the command line run the following command to set a password for the username [elliott]:

htpasswd -c .htpasswd elliott [Note: use your own username]

New password:
Re-type new password:

Adding password for user elliott

You can now look at the username / password combination in the .htpasswd file. The password will—correctly—be encrypted.
Note: this is how you can add other usernames and passwords.
Maybe return to your home directory:
cd ~ubuntu
Go back to your web browser and pull up the default index.html page. You should now be challenged:
https://18.189.n.n/
Ignore warnings. Enter your username and password that we just created.
Congratulations. You now have basic authentication working for your website.

Creating a WordPress database in MySQL:

mysql -u root -p

Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.

mysql> create database wordpress;
create database wordpress;
Query OK, 1 row affected (0.00 sec)

DON'T FORGET THE USERNAME (wordpressuser) AND PASSWORD TO FOLLOW. WRITE THEM DOWN. Put them in your local file.
```
mysql> GRANT ALL ON wordpress.* TO 'wordpressuser'@'localhost' IDENTIFIED BY
'YOURPASSWORD';
```
[This gives us a username of wordpressuser and a password of YOURPASSWORD]
[Now quit mysql:]
```
mysql> \q
Bye
```
Now add some extensions:
apt update
apt install php-curl php-gd php-mbstring php-xml php-xmlrpc php-soap php-intl php-zip

To update Apache configuration to allow htaccess overrides and rewrites, edit this file again: /etc/apache2/sites-enabled/default-ssl.conf

OLD:

    
                AuthType Basic
                AuthName "Enter Username and PW:"
                AuthUserFile /etc/apache2/.htpasswd
                require valid-user
    

NEW:

    
                AuthType Basic
                AuthName "Enter Username and PW:"
                AuthUserFile /etc/apache2/.htpasswd
                require valid-user
                AllowOverride All

Enable mod rewrite to allow permalink:
a2enmod rewrite
apachectl -t
apachectl restart

Install Wordpress:

Move to the temp directory so we have some space to expand the wordpress files:
cd /tmp
curl -O https://wordpress.org/latest.tar.gz
tar xzvf latest.tar.gz
ls
```
latest.tar.gz
wordpress
```
Copy the newly expanded WordPress files to the document root:
cp -arp wordpress /var/www/html/.
cd /var/www/html/wordpress
Check the current directory if you like:

pwd

View the directory to see owner and group:
> ls -l
/var/www/html/wordpress: total used in directory 208 available 5699916 drwxr-xr-x 5 nobody nogroup 4096 Sep 5 01:08 . drwxr-xr-x 3 root root 4096 Sep 16 01:06 .. -rw-r--r-- 1 nobody nogroup 420 Nov 30 2017 index.php -rw-r--r-- 1 nobody nogroup 19935 Jan 1 2019 license.txt -rw-r--r-- 1 nobody nogroup 7447 Apr 8 22:59 readme.html -rw-r--r-- 1 nobody nogroup 6919 Jan 12 2019 wp-activate.php [etc.]

Change ownership so that Apache can modify the files:
First the wordpress directory itself:
chown www-data:www-data ../wordpress
Then, recursively, everything else:
chown -R www-data:www-data *
ls -l
total 200 -rw-r--r-- 1 www-data www-data 420 Nov 30 2017 index.php -rw-r--r-- 1 www-data www-data 19935 Jan 1 2019 license.txt -rw-r--r-- 1 www-data www-data 7447 Apr 8 22:59 readme.html -rw-r--r-- 1 www-data www-data 6919 Jan 12 2019 wp-activate.php drwxr-xr-x 9 www-data www-data 4096 Sep 5 01:08 wp-admin -rw-r--r-- 1 www-data www-data 369 Nov 30 2017 wp-blog-header.php -rw-r--r-- 1 www-data www-data 2283 Jan 21 2019 wp-comments-post.php -rw-r--r-- 1 www-data www-data 2898 Jan 8 2019 wp-config-sample.php [etc.]

Change the read-write permissions on the directories and plain files:
find . -type d -exec chmod 750 {} \;
find . -type f -exec chmod 640 {} \;
ls -l
total 200 -rw-r----- 1 www-data www-data 420 Nov 30 2017 index.php -rw-r----- 1 www-data www-data 19935 Jan 1 2019 license.txt -rw-r----- 1 www-data www-data 7447 Apr 8 22:59 readme.html -rw-r----- 1 www-data www-data 6919 Jan 12 2019 wp-activate.php drwxr-x--- 9 www-data www-data 4096 Sep 5 01:08 wp-admin -rw-r----- 1 www-data www-data 369 Nov 30 2017 wp-blog-header.php [etc.[]

Now, generate some keys to keep our secrets:
We are going to copy, then edit this file: /var/www/html/wordpress/wp-config-sample.php
cp wp-config-sample.php wp-config.php
chown www-data:www-data wp-config.php
curl -s https://api.wordpress.org/secret-key/1.1/salt/
define('AUTH_KEY', '`IB[%op3Z$cH>ak~SE62(9BH.yA5K{+p`]UW#1/p7UQqO+x+*89bzgq)u|ZNve?,,fPN:P1QW-Pu_hU3|JVY+0eG/T*Z[)L@#dD'); define('LOGGED_IN_KEY', ':n+yc<&|+`!e31U;.GPws-WCaZ~KgHu_8<|q$-Voc5j_Vi?ZF-HQ{;r7F{RPmW||'); define('NONCE_KEY', 'N|yJ=szUDTitC-$qh<~3JO+TC+Uq2@Pu#aHA1:baW}pEt.7+SnHLGW-,ub-7nHCCDF*#hslhho9x|%R?.UR<@T0-6+{)c>>.?5UU2=;K;|A?t^1np_'); define('LOGGED_IN_SALT', '?V#Mj|)IA#5:f38ccAuu<4fs)(i>DYJ,%0s[zocg1Tn$kL%-Fh-y>5>_.:iQ1l0u'); define('NONCE_SALT', 'L|z^uaZgKJ@/[!waB!g]fOk{+.],R{[HynpAp
Edit the wp-config.php file. In it replace:
OLD: */ define( 'AUTH_KEY', 'put your unique phrase here' ); define( 'SECURE_AUTH_KEY', 'put your unique phrase here' ); define( 'LOGGED_IN_KEY', 'put your unique phrase here' ); define( 'NONCE_KEY', 'put your unique phrase here' ); define( 'AUTH_SALT', 'put your unique phrase here' ); define( 'SECURE_AUTH_SALT', 'put your unique phrase here' ); define( 'LOGGED_IN_SALT', 'put your unique phrase here' ); define( 'NONCE_SALT', 'put your unique phrase here' ); /**#@-*/ With NEW: [Insert the defines given above, filled with authentication secrets. Don't show these to anyone!]

In wp-config.php, also change the following:
/** * WordPress Database Table prefix. * OLD: // ** MySQL settings - You can get this info from your web host ** // /** The name of the database for WordPress */ define( 'DB_NAME', 'database_name_here' ); /** MySQL database username */ define( 'DB_USER', 'username_here' ); /** MySQL database password */ define( 'DB_PASSWORD', 'password_here' ); /** MySQL hostname */ define( 'DB_HOST', 'localhost' ); NEW: // ** MySQL settings - You can get this info from your web host ** // /** The name of the database for WordPress */ define( 'DB_NAME', 'wordpress' ); /** MySQL database username */ define( 'DB_USER', 'wordpressuser' ); /** MySQL database password */ define( 'DB_PASSWORD', 'YOUR_MYSQL_PASSWORD' ); /** MySQL hostname */ define( 'DB_HOST', 'localhost' ); /** NOTE ADD THIS FIELD: */ define('FS_METHOD', 'direct'); /** Database Charset to use in creating database tables. */ define( 'DB_CHARSET', 'utf8' ); /** The Database Collate type. Don't change this if in doubt. */ define( 'DB_COLLATE', '' );

Bring up WordPress in your Browser:
https://18.189.n.n/wordpress [Use your own elastic (fixed) IP address here]
When Wordpress comes up in your browser:
Select English (United States)
WRITE DOWN YOUR PASSWORD (and username). DON'T LOSE THEM! Place them in your local file.
Site Title: DePaul-394-WordPress Username: YOU CHOOSE Password: YOU CHOOSE

Put in your email. You can use this to log in later in a pinch.
I recommend that you discourage searh engines for this student site.
Press the INSTALL WordPress button.
Congratulations, you have installed WordPress.

You now have:

Amazon Webservices account.
EC2 Instance and Dashboard
Ubuntu linux operating system.
Emacs (if you chose)
Apache web server
PHP
MySQL
MyPHPAdmin
A certificate
SSL
HTTPS
Basic Authentication challenge/response for Apache
WordPress
Good job!
Debugging
For debugging Apache, we can look at our access.log and error.log files in the following directory. This is especially useful for access errors and configuration file errors. Some of the errors are obvious, such as a permission that has not been set correctly:
/var/log/apache2/