Using draw.io for the reference AWS diagram, select “More Shapes” in the icon menu, and add AWS and/or AWS 3D for easy access.
- Go to Identity and Access Management (IAM) and create a Role
- Create a role for s3 with “AmazonS3FullAccess” Policy, the role can be assigned to EC2 instances when created.
- Go to VPC and set up two Security Groups Web-SG and rds-SG
- Create a word press code bucket, in the same region as your security group(s)
- Both buckets created ( buckets need unique names I added 23 as an example)
- Create a new Distribution using Cloud Front CDN
- Use a Web Distribution; use the web media bucket for the origin domain, restrict bucket access, create a new identity, select “Yes Update bucket policy” – always have read permissions for the rest of the public.
- Click “Distributions” link to get the status, and save the “Domain Name” for later reference (i.e. d209gkpw5ig67u.cloudfront.net – media bucket CDN). This takes a while to complete.
- Create a MySQL RDS instance.
- Used t2.micro
- Place in the RDS security Group, publicly accessible -no. Only things that will be able to access databases are our web servers and EC2 instances.
- Go to EC2, and provision a load balancer, give it a name, leave it in Default VPC and assign the Web-SG created earlier.
- Set the IAM role to the S3 role created earlier. Configure Health checks, rename the ping path to something suitable. Health check interval can be lowered to 10 seconds, and health threshold to 3, hence any instance behind this load balancer has to be available within 30 seconds.
- Set the server to the web-SG security group.
- A zone apex record – an alias, that can be created in Route53 to target the load balancer for your domain name.
- Create an EC2 instance, using the t2.micro and Amazon Linux ami. In the configuration section, you can optionally add bash commands to the user data, to skip manual steps below, ssh using the existing private key or one generated when creating the EC2 instance ssh -i some.pem “public/private ip”:
- Update your OS patches
yum update -y
- Install httpd, php, php-mysql and stress
yum install httpd php php-mysql stress -y
- cd to the config folder
- backup the conf file
cp httpd.conf httpdconfbackup.conf
- Edit it and change “AllowOverride None” to all. This enables URL re-writes – large image files should be distributed by Cloudfront – to speed things up. When users browse to URL they browse to image resources served up by Cloud Front.
sed ‘s/AllowOveride None/AllowOveride All/’ httpd.conf
- Cd to the HTML directory to add the health check HTML
echo “healthy” > healthy.html
- Get the latest WordPress and isntall, move contents to HTML directory
tar -xzf latest.tar.gz
cp -r wordpress/* /var/www/html/
rm -rf wordpress
rm -rf latest.tar.gz
- Change permissions to allow upload media files to WordPress install
chmod -R 755 wp-content
chown -R apache.apache wp-content
- Start the service and ensure its configured to restart on server reboot.
service httpd start
chkconfig httpd on
- Update your OS patches
- Add public IP/Instance to load balancer. Status appears as out of service, give it a while and it should change status. Ensure your Web security group has http(80) open for your IP, or all. http://<the public ip of your EC2>/wp-admin/setup-config.php, should allow you to configure your web page.
- Add the username, database name, and password for the MySQL instance. The Database host is the Endpoint of your RDS instance.
- Cut and paste the wp-config.php file in the html directory.
- after this step you can log into the wordpress dashboard.
- Take a look at your buckets from the webserver
[root@ip-xx-xx-xx-xx html]# aws s3 ls
2017-04-30 06:47:10 cf-templates-j85gw23nh6fz-us-east-1
2017-04-30 08:13:34 wordpressbucket23
2017-04-30 08:14:08 wordpressnediabucket23
- Copy wordpress code to s3 recursively
aws s3 cp –recursive /var/www/html s3://wordpressbucket23
……….upload: wp-includes/widgets/class-wp-widget-text.php to s3://wordpressbucket23/wp-includes/widgets/class-wp-widget-text.php
upload: ./wp-settings.php to s3://wordpressbucket23/wp-settings.php
upload: ./xmlrpc.php to s3://wordpressbucket23/xmlrpc.php
upload: ./wp-signup.php to s3://wordpressbucket23/wp-signup.php
[root@ip-172-31-11-221 html]# aws s3 ls wordpressbucket23
2017-04-30 09:53:03 8 healthy.html
2017-04-30 09:53:12 3065 xmlrpc.php
- If you need to recover if you lose the index directory (failure)
- aws s3 cp –recursive s3://wordpressbucket23 /var/www/html
- website content will be recovered, change the permissions again so you can write media assets to the wp-content directory.
- adding an image to the website add the file to the local storage on the EC2 instance.
# ll 2017/04/dad_bae.jpg
-rw-r–r– 1 apache apache 474971 Apr 30 10:01 2017/04/dad_bae.jpg
- sync and serve the content to S3 so CDN can serve the content:
- aws s3 cp –recursive /var/www/html/wp-content/uploads/ s3://wordpressnediabucket23
upload: 2017/04/dad_bae.jpg to s3://wordpressnediabucket23/2017/04/dad_bae.jpg
- Sync with dryryn
aws s3 sync /var/www/html/wp-content/uploads/ s3://wordpressnediabucket23 –delete –dryrun
[root@ip-172-31-11-221 uploads]# aws s3 sync /var/www/html/wp-content/uploads/ s3://wordpressnediabucket23 –delete –dryrun
(dryrun) upload: 2017/04/ali-beach-walk.jpg to s3://wordpressnediabucket23/2017/04/ali-beach-walk.jpg
[root@ip-172-31-11-221 uploads]# aws s3 sync /var/www/html/wp-content/uploads/ s3://wordpressnediabucket23 –delete
upload: 2017/04/ali-beach-walk.jpg to s3://wordpressnediabucket23/2017/04/ali-beach-walk.jpg
- You need to create a rewrite rule in the .htaccess file, replace the URL with your cloudfront URL.
html]# vi .htaccess
rewriterule ^wp-content/uploads/(.*)$ http://d209gkpw5ig67u.cloudfront.net/$1 [r=301,nc]
- Copy the image URL and enter into a page and refresh, the URL should reflect your cloud front URL
- Use Cron to sync your files to the media bucket and the code
- */2 * * * * root aws s3 sync –delete /var/www/html /wp-content/uploads/ s3://wordpressnediabucket23/
- */2 * * * * root aws s3 sync –delete /var/www/html s3://wordpressbucket23/