🌐

Building WordPress with AWS EFS

2022/09/18に公開

Step 0: Prerequisite

  • The target EC2 instance must be built and be able to connect to the EC2 instance with an SSH key.

Step 1: Prepare the LAMP server

To prepare the LAMP server

FYI:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-lamp-amazon-linux-2.html

% ssh -i "sample-ssh-key.pem" ec2-user@xxx.xxx.xxx.xxx
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo yum update -y
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo yum install -y httpd mariadb-server
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo systemctl start httpd
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo systemctl is-enabled httpd
enabled
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ curl http://xxx.xxx.xxx.xxx/ | grep "Test Page for the Apache HTTP Server"
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$

Mount the file system on EC2 instance

FYI:
https://docs.aws.amazon.com/efs/latest/ug/wt1-test.html

[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ df -h
Filesystem      Size  Used Avail Use% Mounted on
devtmpfs        978M     0  978M   0% /dev
tmpfs           987M     0  987M   0% /dev/shm
tmpfs           987M  528K  986M   1% /run
tmpfs           987M     0  987M   0% /sys/fs/cgroup
/dev/xvda1       20G  2.0G   19G  10% /
tmpfs           198M     0  198M   0% /run/user/0
tmpfs           198M     0  198M   0% /run/user/1000
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo yum -y install nfs-utils
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport fs-11111111111111111.efs.ap-northeast-1.amazonaws.com:/ /var/www/html
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ df -h
Filesystem                                               Size  Used Avail Use% Mounted on
devtmpfs                                                 978M     0  978M   0% /dev
tmpfs                                                    987M     0  987M   0% /dev/shm
tmpfs                                                    987M  532K  986M   1% /run
tmpfs                                                    987M     0  987M   0% /sys/fs/cgroup
/dev/xvda1                                                20G  2.0G   18G  10% /
tmpfs                                                    198M     0  198M   0% /run/user/0
tmpfs                                                    198M     0  198M   0% /run/user/1000
fs-11111111111111111.efs.ap-northeast-1.amazonaws.com:/  8.0E     0  8.0E   0% /var/www/html
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$

Using NFS to automatically mount EFS file systems

FYI:
https://docs.aws.amazon.com/efs/latest/ug/nfs-automount-efs.html

[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo cp -p /etc/fstab /etc/fstab_`date +'%Y%m%d'`
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ cat /etc/fstab
#
UUID=8xxxxxxx-4xxx-4xxx-4xxx-12xxxxxxxxxx     /           xfs    defaults,noatime  1   1
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo vim /etc/fstab
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ cat /etc/fstab
#
UUID=8xxxxxxx-4xxx-4xxx-4xxx-12xxxxxxxxxx     /           xfs    defaults,noatime  1   1
# fs-11111111111111111.efs.ap-northeast-1.amazonaws.com:/  8.0E     0  8.0E   0% /var/www/html
fs-11111111111111111.efs.ap-northeast-1.amazonaws.com:/ /var/www/html nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport,_netdev 0 0
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo touch /var/www/html/test.text
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ ls -la /var/www/html/
total 8
drwxr-xr-x 2 root root 6144 Sep 16 13:37 .
drwxr-xr-x 4 root root   33 Sep 16 13:18 ..
-rw-r--r-- 1 root root    0 Sep 16 13:37 test.text
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo reboot
Terminated
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ Connection to xxx.xxx.xxx.xxx closed by remote host.
Connection to xxx.xxx.xxx.xxx closed.
%
% ssh -i "sample-ssh-key.pem" ec2-user@xxx.xxx.xxx.xxx
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ ls -la /var/www/html/
total 8
drwxr-xr-x 2 root root 6144 Sep 16 13:37 .
drwxr-xr-x 4 root root   33 Sep 16 13:18 ..
-rw-r--r-- 1 root root    0 Sep 16 13:37 test.text
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ curl http://xxx.xxx.xxx.xxx/ | grep "Test Page for the Apache HTTP Server"
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo rm -f /var/www/html/test.text
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ ls -la /var/www/html/
total 4
drwxr-xr-x 2 root root 6144 Sep 16 13:48 .
drwxr-xr-x 4 root root   33 Sep 16 13:18 ..
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$

To set file permissions

FYI:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-lamp-amazon-linux-2.html#prepare-lamp-server

[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ whoami
ec2-user
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ id ec2-user
uid=1000(ec2-user) gid=1000(ec2-user) groups=1000(ec2-user),4(adm),10(wheel),190(systemd-journal)
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo usermod -a -G apache ec2-user
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ id ec2-user
uid=1000(ec2-user) gid=1000(ec2-user) groups=1000(ec2-user),4(adm),10(wheel),190(systemd-journal),48(apache)
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ groups
ec2-user adm wheel systemd-journal
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ ls -la /var/www/
total 4
drwxr-xr-x  4 root root   33 Sep 16 13:18 .
drwxr-xr-x 20 root root  280 Sep 16 13:18 ..
drwxr-xr-x  2 root root    6 Jun 30 11:02 cgi-bin
drwxr-xr-x  2 root root 6144 Sep 16 13:48 html
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo chown -R ec2-user:apache /var/www
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ ls -la /var/www/
total 4
drwxr-xr-x  4 ec2-user apache   33 Sep 16 13:18 .
drwxr-xr-x 20 root     root    280 Sep 16 13:18 ..
drwxr-xr-x  2 ec2-user apache    6 Jun 30 11:02 cgi-bin
drwxr-xr-x  2 ec2-user apache 6144 Sep 16 13:48 html
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo chmod 2775 /var/www && find /var/www -type d -exec sudo chmod 2775 {} \;
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ find /var/www -type f -exec sudo chmod 0664 {} \;
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ ls -la /var/www/
total 4
drwxrwsr-x  4 ec2-user apache   33 Sep 16 13:18 .
drwxr-xr-x 20 root     root    280 Sep 16 13:18 ..
drwxrwsr-x  2 ec2-user apache    6 Jun 30 11:02 cgi-bin
drwxrwsr-x  2 ec2-user apache 6144 Sep 16 13:48 html
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ ls -la /var/www/html/
total 4
drwxrwsr-x 2 ec2-user apache 6144 Sep 16 13:48 .
drwxrwsr-x 4 ec2-user apache   33 Sep 16 13:18 ..
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$

Step 2: Test your LAMP server

[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ curl http://xxx.xxx.xxx.xxx/phpinfo.php | grep "Build Date"
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ rm /var/www/html/phpinfo.php

Step 3: Secure the database server

FYI:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-lamp-amazon-linux-2.html#secure-mariadb-lamp-server

[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo systemctl start mariadb
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo mysql_secure_installation
...
...
Thanks for using MariaDB!
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 16
Server version: 10.2.38-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE USER 'wordpress-user'@'localhost' IDENTIFIED BY 'dummy-password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> CREATE DATABASE `wordpress-db`;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON `wordpress-db`.* TO "wordpress-user"@"localhost";
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo systemctl enable mariadb
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo systemctl is-enabled mariadb
enabled
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$

Step 4: Install phpMyAdmin

FYI:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-lamp-amazon-linux-2.html#install-phpmyadmin-lamp-server

[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo yum install php-mbstring php-xml -y
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo systemctl restart httpd
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo systemctl restart php-fpm
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ cd /var/www/html
[ec2-user@ip-yyy-yyy-yyy-yyy html]$ wget https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.tar.gz
[ec2-user@ip-yyy-yyy-yyy-yyy html]$ mkdir phpMyAdmin && tar -xvzf phpMyAdmin-latest-all-languages.tar.gz -C phpMyAdmin --strip-components 1
[ec2-user@ip-yyy-yyy-yyy-yyy html]$ rm phpMyAdmin-latest-all-languages.tar.gz
[ec2-user@ip-yyy-yyy-yyy-yyy html]$ curl http://xxx.xxx.xxx.xxx/phpMyAdmin/ | grep "phpMyAdmin"
[ec2-user@ip-yyy-yyy-yyy-yyy html]$

Step 5: Install WordPress

FYI:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/hosting-wordpress.html

[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ wget https://wordpress.org/latest.tar.gz
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ tar -xzf latest.tar.gz
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ cp wordpress/wp-config-sample.php wordpress/wp-config.php
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ cat wordpress/wp-config.php
...
...
define('DB_NAME', 'wordpress-db');
define('DB_USER', 'wordpress-user');
define('DB_PASSWORD', 'dummy-password');
define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
define('AUTH_KEY',         '******');
define('SECURE_AUTH_KEY',  '******');
define('LOGGED_IN_KEY',    '******');
define('NONCE_KEY',        '******');
define('AUTH_SALT',        '******');
define('SECURE_AUTH_SALT', '******');
define('LOGGED_IN_SALT',   '******');
define('NONCE_SALT',       '******');
...
...
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ mkdir /var/www/html/blog
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ cp -r wordpress/* /var/www/html/blog/
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo vim /etc/httpd/conf/httpd.conf
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo cat /etc/httpd/conf/httpd.conf | grep AllowOverride
    AllowOverride none
    AllowOverride None
    # AllowOverride controls what directives may be placed in .htaccess files.
    ##### AllowOverride None
    AllowOverride All
    AllowOverride None
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo yum install php-gd -y
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo chown -R apache /var/www
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo chgrp -R apache /var/www
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo chmod 2775 /var/www
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ find /var/www -type d -exec sudo chmod 2775 {} \;
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ find /var/www -type f -exec sudo chmod 0644 {} \;
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ sudo systemctl restart httpd
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$ curl http://xxx.xxx.xxx.xxx/blog/wp-admin/install.php | grep "Installation"
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:02 --:--:--     0	<title>WordPress &rsaquo; Installation</title>
100 13256    0 13256    0     0   4712      0 --:--:--  0:00:02 --:--:--  4714
[ec2-user@ip-yyy-yyy-yyy-yyy ~]$

Step 6: Install WordPress | GUI

FYI:
https://wordpress.org/support/article/how-to-install-wordpress/#step-5-run-the-install-script

Step 7: WordPress(HTTP->HTTPS)

Install Really Simple SSL

https://wordpress.org/plugins/really-simple-ssl/

Update wp_options table

UPDATE `wp_options` SET `option_value` = 'https://www.test.com/blog' WHERE `wp_options`.`option_id` = 1;
UPDATE `wp_options` SET `option_value` = 'https://www.test.com/blog' WHERE `wp_options`.`option_id` = 2;

Modify wp-config.php

[ec2-user@p-yyy-yyy-yyy-yyy blog]$ tail -n 10 /var/www/html/blog/wp-config.php

// FYI:
// https://tanojinfrom30.com/2021/03/13/wordpress-https/
// https://www.joolen.co.jp/blog/2016/11/24/926/
// https://developer.wordpress.org/reference/functions/is_ssl/
// https://lucklog.info/wp-ssl-error/
if (empty($_SERVER['HTTPS'])) {
    $_SERVER['HTTPS'] = 'on'; $_ENV['HTTPS'] = 'on';
}
/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';
[ec2-user@p-yyy-yyy-yyy-yyy blog]$

Discussion