Free cloud-based PHP-MySQL hosting for a small site based on Amazon AWS

This manual does not pretend to be absolute accuracy, any novelty and is intended for those taking the very first steps. Therefore, do not judge very harshly.

Combat mission.

Suppose we want to host a small projection somewhere in a reliable and not particularly inhibitory place. And since the site is small, we will not bother and want something simple from the hosting. For our purposes, PHP, MySQL and FTP access will be enough.
To solve this problem, the Amazon web service is ideally suited, which surprisingly combines the ability to withstand heavy loads with a free package of resources for the first year after registration . The free package includes a lot of things, but at the moment we will be interested in:

• Linux-based micro virtual server with SSH access.
• 30GB of space in Elastic Block Storage plus 1GB for backups.
• 15 GB of traffic per month.
• Dedicated external IP address.

And all this, if you wish, you can register and prepare for work in half an hour, but you need a credit card, which Amazon will accept (and will charge $ 2) and a cell phone at hand (the home one will not work).

Step 1: Register on Amazon.

The registration procedure usually does not raise questions. The only advice is to enter real or near real data. Semenov Gorbunkov from Gorky Street has not been registered for a long time, and if you incorrectly specify the city index, the system will give a hidden fool at the stage of checking the code by phone.
Before you drive in credit card information, you need to make sure that it is available for withdrawing a minimum of 85 rubles for Mastercard and 75 rubles for Visa. Depending on the region and type of credit card, at the end of the registration process we may be asked to confirm your cell phone number. There are 3 rules here - you need to enter the number without a number eight and a country code (10 digits), do not forget to choose the country correctly and start entering the code from the keyboard only after the synthesized young lady stops talking and lays in anticipation. If they don’t ask for confirmation, then Amazon really liked your credit card and they still had no problems with users from your address range. But since we are most interested in the EC2 service (for which verification is required), we will have to confirm 4 digits by phone in any case.S3 and to the smart management console By the way, from the very beginning all the pictures from this message lay on the S3 service and 5GB of space also included in the free annual package (but the free limit ended in less than a day). On S3, you can create a basket ( Create Bucket ), enable the Enabled checkbox on the Website tab and easily organize file storage. For example, if you call the basket the word test86 and put the test85.7z file in it , then from the browser it will be visible at the addresses test86.s3.amazonaws.com/test85.7z and s3.amazonaws.com/test86/test85.7z

. Please note that without changing additional options when downloading, only the owner of this basket will be able to see the files. To open access to viewing one or several files, you need to select them and select in the Actions / Make Public menu . In addition to S3 , Amazon has a lot of interesting services, but today we will focus only on EC2 .

Step 2: Preparing to create an EC2 server.

Right from the S3 management page, you can click on the top tab of EC2 and agree to add this service to your account. If at the verification stage the credit cards are not transferred to the verification procedure of the telephone number, then they will transfer from here and will need to be confirmed. After confirmation, approximately such a picture will open and another dollar will be debited from the card.

Step 3: Add a user group.

Without wasting time, click on the Security Groups link on the left. It is better not to touch the group created by default, but it doesn’t suit us in terms of access rights (all ports are any actions). Therefore, we will create our own group with more limited rights and call it, for example, web . After creating, add a few rules in the Inbound tab . By analogy, add for general access ( Source: 0.0.0.0/0 ), to ports 20-21 , TCP ports 1024-1048 , HTTP and HTTPS . I would beware of allowing SSH access from any address, so it’s better to enter Source in the line :








or your static IP or subnet of your provider (something like 211.207.171.0/24 ). The result should be something similar to Click on Apply Rule Changes and move on to the next step.

Step 4: Create SSH keys.

The keys are needed to access the server via SSH and they can be created during the deployment process of the image of the selected OS, but in IE and Chrome there are periodic glitches with the return of the key file for downloading. Therefore, it is better to do this in advance and if it fails, then repeat.
To generate keys, select Key Pairs in the menu and press a couple of buttons.

The server will think for a bit and give us the key .pem file, which we need to carefully hide in a safe place and not show it to anyone.

Step 5: Deploy an operating system image.

So, we have a key and an additional user group. Now you can safely click Launch Instance from the EC2 Dashboard menu . We agree to the Classic Wizard . Our choice is the 32-bit or 64-bit Amazon Linux AMI . We leave all the default settings. Turn on removal protection. Tags are optional. We will use the keys already generated. In the firewall configuration, we leave only the Security Group web index . We check the installation and run. After launching, our micro-server will appear in the Instances list .

Step 6: Register the IP address for the server.

In the Elastic IPs menu, first reserve yourself an IP address.


And then we assign it to our running server.


Please note that the reservation of an IP address not attached to a running server is not included in the free package. For this you have to pay a cent per hour. As soon as IP is assigned to the running north, it immediately becomes free.

In our example, Amazon gave the server the address 107.21.246.159 and in the future we will use it often, but in your case, in all actions and commands it will need to be replaced with the address that was issued to you personally.

Step 7: Connect to the server via SSH.

For this purpose, you can use a lot of different programs, but all further instructions are written for Windows and free PuTTY ( direct download link ).
From the archive, we primarily need puttygen.exe . Run, select Conversions / Import key .


and re-save the private key as an SSH2 RSA .ppk file. At this stage, it does not hurt to properly password the key.


After that, run putty.exe , drive our IP into the Host Name field .


in the SSH-Auth section, specify the path to the .ppk key.


and click the Open button. There should not be any error messages in the terminal window, but in the sentence:

login as:

you need to enter ec2-user . Now we will configure on SSH. During the configuration, sometimes you will have to press the y button to agree with the proposals to install everything together with the dependencies. After entering each command, you need to wait until the work is completed and only then enter the next one.

Step 8: Updating and preparing to configure the server.

Immediately after entering, it would be nice to upgrade. For this we say:

sudo yum -y update

In the system, Midnight Commander doesn’t hurt us (there is a more usual editor for mouse carriers):

sudo yum install mc

Create the user group virtwww :

sudo groupadd virtwww

Add users:

sudo useradd www -g virtwww -d /var/www

sudo useradd webserver -g virtwww

and set passwords more complicated:

sudo passwd www

sudo passwd webserver

Just in case, let's set the directory rights again:

sudo chown www:virtwww /var/www

sudo chmod 0750 /var/www

Now our server is completely ready to install services.

Step 9: Install MySQL.

Install MySQL:

sudo yum install mysql-server mysql

Add it to autorun:

sudo /sbin/chkconfig --levels 235 mysqld on

and run:

sudo service mysqld start

After that, set the password for the root user:

mysql -u root

USE mysql

do not forget to enter something of your own instead of s10ZniYpar00L

SET PASSWORD FOR 'root'@'localhost' = PASSWORD('s10ZniYpar00L');

Deny connection to the database without a password:

DELETE FROM user WHERE password = '';

DELETE FROM user WHERE user.user= '';

and update privileges:

FLUSH PRIVILEGES;

Delete the test base:

DROP DATABASE test;

and exit the MySQL server management console:

\q

Step 10: FTP Setup.

Install vSFTPd:

sudo yum install vsftpd

Add it to autorun and try to run:

sudo /sbin/chkconfig --levels 235 vsftpd on

sudo service vsftpd start

Editing the configuration:

sudo mcedit  /etc/vsftpd/vsftpd.conf

Change the parameter values:

anonymous_enable=NO
local_enable=YES
write_enable=YES

Add to the end of the file:

pasv_enable=YES
pasv_min_port=1024
pasv_max_port=1048
pasv_address=107.21.246.159

Do not forget to enter your IP here
Using the F2 button, save the changes, exit the editor via F10 and restart the FTP server:

sudo service vsftpd restart

Now you can try to connect to our server via FTP with any client supporting PASV mode.
As the host name we use our IP, user www , the password from step number 8. The PASV mode is forced. We connect and try to upload any file to the / var / www folder . If it doesn’t work out, we say:

sudo chmod 0755 /var/www

and try again.
Something like this looks in FlashFXP:




If it was flooded from the very beginning, then you do not need to change the rights from 750 to 755 (this is an additional security hole)
and check the file permissions. It must be created with 0644 permissions . If everything matches, then go to the 11th step.

Step 11: Install Apache and PHP.

First we put Apache:

sudo yum install httpd mod_ssl

After it PHP:

sudo yum install php

Separate line regexps:

sudo yum install pcre-devel

and a bunch of common modules and dependencies for PHP:

sudo yum -y install aspell aspell-en aspell-ru cvs php-gd php-intl php-mbstring php-mysql php-pdo php-soap php-xml php-xmlrpc php-pspell php-devel php-pear

Add Apache to autorun and try to run it:

sudo /sbin/chkconfig --levels 235 httpd on

sudo service httpd start

If everything starts, we adjust the configuration for the Amazon server and webserver user :

sudo mcedit /etc/httpd/conf/httpd.conf

We search and adjust the following lines in the text

ServerTokens Prod
TraceEnable Off
KeepAlive On
MaxKeepAliveRequests 256
KeepAliveTimeout 10
User webserver
Group virtwww

The TraceEnable Off line may have to be added.
Use F2 to save the changes, exit the editor via F10 and restart Apache:

sudo service httpd restart

Allow changing files via ftp:

sudo chown www:virtwww /var/www/html /var/www/icons /var/www/error /var/www/cgi-bin

We remove the main wrecking hole in the PHP config:

sudo mcedit /etc/php.ini

We look for the line magic_quotes_gpc and put it in the On position:

magic_quotes_gpc = On

For compatibility, it doesn't hurt to include short tags:

short_open_tag = On

Use F2 to save the changes, exit the editor via F10 and restart Apache:

sudo service httpd restart

If at any stage the apache stops starting, we roll back the changes and see what happened in the logs:

sudo mcview  /var/log/httpd/error_log

and

sudo mcview  /var/log/httpd/access_log

After everything has started, close the terminal:

exit

and go back to the management console in the baruzer.

Step 12: Turn on Load Balancers .

This step, in principle, can be skipped, but this is undesirable. Balancing is included in the free package and I don’t see why to refuse such a useful thing that can be used to support the liveliness of the site. In this mode, the Load Balancers system periodically simply accesses a URL on the server and draws conclusions from the response time. From here logically follows the most common configuration error. By default, it is suggested to ping the index page of the site, and who knows how much it can weigh in any case? As a result, at each check, it seems that a bit of traffic is spent, but in a month a whole bucket can be added. Therefore, we will create a special page for this system ping.htmland write there a lonely little unit without Unicode, spaces and line feeds. As a result, exactly 1 byte of traffic will always be spent on checking. This file must be downloaded via ftp to the root of the site before creating the balancer.
The name can be arbitrary, but unique if there are several balancers. The purpose of the verification is to choose ping.html. We will check our already running Ur server and that’s it! You can open our IP address in a browser, upload PHP scripts via FTP, and communicate with MySQL from them. Example: Do not forget to periodically monitor the cost of resources in the account management section and try not to miss the moment when your free hosting suddenly becomes paid.











If the limits of any of the free services are exceeded, it does not stop, but becomes paid.
Rates for exceeding free standards for S3 and EC2

Instead of a conclusion:Не стоит думать, что все описанные манипуляции являются оптимальными и обеспечивают хоть какой-то уровень безопасности. Сервер в таком виде годится только для тестирования и хостинга домашних страничек с десятком посетителей в месяц. Довести все это до ума можно и это даже не сложно для грамотного человека. Засада в том, что грамотными становятся не день и не за год и вообще в одном человеке редко совмещается писатель на простонародном php и специалист в настройке серверов. Поэтому прежде чем отпускать это все безобразие в свободное плавание, попросите, за пару бутылок коньяка, какого-нибудь знакомого бородатого юниксоида законнектиться к вашему серверу по SSH. Он поматерится, поковыряется минут 10, несколько раз обзовет писателя этой стены текста бараном (и будет прав), но после этого все заработает не в пример лучше и стабильнее.

Upd You can also read about Amazon AWS here:
habrahabr.ru/blogs/infosecurity/107631
habrahabr.ru/blogs/hosting/62362
habrahabr.ru/blogs/hosting/55058
And about Ubuntu in English
alestic.com
And I will also probably transfer the topic to hosting.