Linux Apache MariaDB in the cloud

  Linux Apache MariaDB in the cloud


About LAM AWS

aws.lam1.us sites.lam1.us

The LAM AWS server instance was designed to utilize a t2.micro EC2 instance which is part of the Amazon Web services (AWS) Free Tier offering. That offering includes 750 Hours / month of a t2.micro Elastic Compute Cloud (EC2) instance which is enough to run one instance 24/7. The instance could scale up by using a larger and more capable server and other options. Multiple groups of virtual hosts can all run on one server or a separate server can be used for each group or single host. Once the Free Tier is over this small server will cost less than $15.00 / month with the current sizing and usage On Demand and less than $5.00 / month if the t2.micro EC2 instance is reserved prepaid for 3 years.

A single LAM AWS server instance can host multiple websites, including a secure website, with Apache2 on Linux and includes MariaDB, Perl, Python, PHP and other common development tools. Additional packages installed support running MediaWiki and more. The LAM AWS server is built on the latest Ubuntu Server Amazon Machine Image (AMI) with an EBS General Purpose (SSD) Volume. The resulting image is similar enough to the Linux Mint distribution I use on the newer machines at home and on my laptop so that cloning my MediaWiki and lam databases from the main server to either an aws instance or Linux Mint machine can be done with the same procedure.

Launch an AWS EC2 instance to take over lam1 from the laptop using AWS CLI

After installation of the awscli package and configuration a new instance can be launched from the command line on ak16 with the following:

aws ec2 run-instances --count 1 --image-id ami-4e79ed36 \
--instance-type t2.micro --security-group-ids sg-3bda0647 \
--associate-public-ip-address --key-name aws-nwo-lam1 --user-data \
file:///mnt/Bk0/Zz/z18/z1804/2018-04-18/aws-nwo-lam1-Ubuntu-CloudInit-23.txt

Launch an AWS EC2 instance to be a SSH SOCKS5 Proxy server on port 433

aws ec2 run-instances --count 1 --image-id ami-4e79ed36 \
--instance-type t2.micro --security-group-ids sg-3bda0647 \
--associate-public-ip-address --key-name aws-nwo-lam1 --user-data \
file:///mnt/ak16-ext4/Zz/z18/z1804/2018-04-18/aws-nwo-lam1-Ubuntu-CloudInit-22.txt

Launch an AWS EC2 instance from the command line

On Ubuntu (and Linux Mint) the awscli package includes the aws command which includes the ability to launch a new instance. Both the current images above use the same command line options and all the differences are in the file passed as user-data.

LAM AWS command line options

Launce a single ec2 instance of the t2.micro type which is part of the AWS Free Tier offering.
aws ec2 run-instances --count 1 --instance-type t2.micro
Get a public IP address and launch using my key
--associate-public-ip-address --key-name aws-nwo-lam1
Use a predefined security group
--security-group-ids sg-3bda0647
Use the latest Ubuntu Server image
--image-id ami-4e79ed36
Specify the file with the user data 
--user-data file://<file name>

LAM AWS user-data is a set of Ubuntu CloudInit directives

The LAM AWS server is initialized with Ubuntu CloudInit directives to install the necessary packages, configuration and content on top of a generic Ubuntu Server image. All the directives in a file can be specified with the CLI user-data parameter or in Advanced Options of the launch page from the AWS web console. The directives can also be pasted into the text box when using the web console. The Ubuntu CloudInit package is a great tool for AWS EC2 initialization and is another reason to use an Ubuntu Server ami rather than one of the other available types.

LAM AWS resources

A volume in the AWS Elastic File System (EFS) in my default USA NW Oregon region is used as a NFS mounted parallel file system. The security group definition allows traffic on the port for this service only within the Virtual Private Cloud.

Use a predefined security group

The security group definition controls the traffic within the Virtual Private Cloud and with the outside world. I use the same security group definition for both images with only a limited number of inbound ports open. The definition details are:

This security group definition allows web traffic on the standard ports from the public interface (0.0.0.0/0), Secure Shell on an alternate high numbered port and IMAPS on an alternate high numbered port. The security group definition allows Secure Shell on the standard port and NFS traffic only on the private interface (172.31.0.0/16). The SSH SOCKS5 Proxy instance uses the same security group definition but is accepting Secure Shell traffic on the port that is normally used for Secure Web (HTTPS) traffic. The security group definition does allow outgoing traffic from the server over the public interface.

Use a persistent parallel file system

An EFS directory is used by the Ubuntu CloudInit directives during initialization of my AWS EC2 instances. The nfs-common additional package is required to mount the persistent Amazon Web Services Elastic File System. Once the nfs-common package is installed the nfs4 mount can be implemented. Since an additional package is required the mount is performed within the runcmd section and cannot be run earlier in the bootcmd section. I also use the rcs package runcmd segment that mounts the EFS file system:

echo
echo Adding nfs4 mount to AWS NW-O VPC Elastic File System
mkdir /mnt/efs
chown ubuntu:ubuntu /mnt/efs
mkdir /etc/RCS
ci -l -t-"File System table for LAM AWS web and shell server" /etc/fstab
echo "fs-6f45fac6.efs.us-west-2.amazonaws.com:/ /mnt/efs nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 0 0" >> /etc/fstab
rcsdiff -U0 /etc/fstab
ci -l -m"Added nfs4 mount to AWS NW-O VPC Elastic File System" /etc/fstab
mount -a -t nfs4

The fs-6f45fac6 unique resource identifier is part of the virtual host name used to access the AWS Elastic File System (EFS) in my default USA NW Oregon region.

Log


850 visits (20 today, 62 this week, 142 this month, 850 this year)
Uptime: 16:31:59 up 16 days, 21:00, 0 users, load average: 0.00, 0.00, 0.00
54.162.118.107 GET from server www.lam1.us

Friday, October 19, 2018 @ 4:31:59 PM
aws.ServerAdmin@lam1.us