2014 06 03 17 17 47 Sirolo

Monte Conero 1920x512

Monte Conero 1920x512

Setting up an AWS instance with Ubuntu 16.04 LTS and virtualmin

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active
 

{jcomments off}

Part 1: Set Up An AWS Instance With Sufficient EBS Storage Space

Introduction

In this article I set up an AWS EC2 Instance from scratch to run VirtualMin, an open-source virtual server management tool. While Virtumin can be set up on an in-use server, it requires a lot of reconfiguration so it is simpler to set up a new server and proceed from there. At the end of this article we shall have a clean install of VirtualMin ready to accept new websites. This is part 1 where we set up an AWS instance with sufficient storage space to host our virtualmin system.

The article is broken into 4 main steps:

  1. Set up an AWS instance with sufficient EBS storage space This page
  2. Prepare Ubuntu LTS to accept VirtualMin
  3. Download and install VirtualMin
  4. Prepare VirtualMin to run websites

The article is based on various pages by numerous authors who I thank for their invaluable insights, as well as my own experiences. Any errors are most likely mine. I give no guarantee that what you find in these pages will work on your setup - as usual YMMV.

In this series of articles I shall be using an FQDN of myserver.example.com and a user called myuser. The server will reside at the fictitious public ip 12.34.56.78. Make sure you substitute your own FQDN, user and ip where necessary - the example values given will not work.


Open the AWS console and go to the EC2 dashboard.

Go to instances and select Launch Instances.

Choose an Amazon Machine Image (Ami) - I am using Ubuntu Server 16.04 LTS (HVM), SSD, Volume type-ami-1e339e71, which is the latest Ami from Ubuntu and which will have support for next 5 years (approx). Select the 64-bit version.

Choose an Instance Type - Use a t2.small instance (low to moderate).

Press Next

Configure the Instance Details - Here number of instances is ‘1’. Let it be as default VPC and the default Subnet. For a production server, in option ‘Shutdown Behavior’, let it be as ‘stop’ then go to ‘Enable termination protection’ and enable it, in order to prevent server being terminated too easily. Here, We are not going to enable ‘CloudWatch Detailed Monitoring’.

Press Add storage

By default, EC2 comes with an 8 GiB disk size which is not sufficient for most server scenarios as you want to have some room for things like log files and backups. So we need to choose a provision for 25 GiB disk space in general. Always use General Purpose SSD (GP2) unless you have a reason to choose a ‘Magnetic’ Disk. Make sure that ‘Delete On Termination’ is set on so that this volume won't be deleted when the server is deleted.

Tag the instance - Give a good name to the server. Good policy is to use the final domain name that you’re going to assign to the server.

Configure Security Group - By default, generally you have one Security Group but you should create a new Security Group as per the purpose of the server. For example, you might want to create Security Group for Web servers differently from that of the database servers.

I am going to create a new Security Group and name it as “WebServers” and change the description to “WebServers Security Group”. By default, this allows you to have SSH access. From here, you can control the sources, as in, from where the users would be able to do SSH login. So, for general servers, we keep it to “Anywhere”.

The following entries are needed for a VirtualMin setup:

HTTP

TCP

80

0.0.0.0/0

Custom TCP Rule - UserMin

TCP

20000

0.0.0.0/0

POP3

TCP

110

0.0.0.0/0

POP3S

TCP

995

0.0.0.0/0

IMAPS

TCP

993

0.0.0.0/0

SSH

TCP

22

0.0.0.0/0

Custom TCP Rule

TCP

21

0.0.0.0/0

Custom TCP Rule

TCP

20

0.0.0.0/0

Custom TCP Rule - WebMin

TCP

10000

0.0.0.0/0

SMTP

TCP

25

0.0.0.0/0

IMAP

TCP

143

0.0.0.0/0

Custom TCP Rule

TCP

40000 - 40100

0.0.0.0/0

SMTPS

TCP

465

0.0.0.0/0

DNS (UDP)

UDP

53

0.0.0.0/0

DNS (TCP)

TCP

53

0.0.0.0/0

Custom TCP Rule

TCP

587

0.0.0.0/0

HTTPS

TCP

443

0.0.0.0/0

Review, and if everything is in order, then select ‘Launch’. When you select ‘Launch’ a pop up will appear which will give you an option of either using existing Key Pair or create a new Key Pair. It is generally preferred that instead of using the same key pair for all servers, you should create a new one for certain groups of servers. Though, you might want to keep one key pair per account where you need to have only 3-4 servers per account which might be the case for small webapps.

Now create a new Key pair - go to Create a new pair and then name it as ‘demoserver’. Download the newly created Key Pair. Once, it is downloaded, you can Launch Instance.

Once the server get launched we can login using SSH. For that, I would require to access the Pem file. If you run the ls -la command, you might see that the permission for the Pem file is-

  • ls -la
  • rw-r--r-- 1 user group     1692 mar 27  2042  demoserver.pem

This means that other people can also read this Pem file. This is not allowed for SSH Pem files. So, we will have to change the permission for this Pem file to 400.

  • sudo chmod 400 demoserver.pem

Now, only the current user can read this Pem file and these are permission that a Pem file expects.

Now, our server is running but it doesn’t have the Elastic IPs.

In ec2, when you stop a server and start it again, the public IP of the server changes. This is generally not desirable for most deployments. So, in this case, you would want to assign an Elastic IP address which doesn’t change during server stop/start.

For this, go to Elastic IPs and select ‘Allocate a new address’, right click on the newly allocated address and choose ‘Associate Address’. In this, select the name of the server you want to associate the IP address with.

Now go to Route 53 and create an entry for this server under the domain you want to use:

  • myserver.example.com 12.34.56.78

Now, log in to your server:

  • ssh -i "demoserver.pem" This email address is being protected from spambots. You need JavaScript enabled to view it.

Since, I am in the same directory where the Pem file is present. I do not need the full path for the pem file.

I would now require to setup a hostname with this command

  • echo myserver | sudo tee /etc/hostname

This basically, inserts the word “myserver” in ‘/etc/hostname’. After this, run:

  • sudo hostname -F /etc/hostname

So, if we restart the server we will see this hostname reflected here (instead of the IP) but before that we will run some more commands. So that we do not have to restart time and again.

The setting up of a Fully Qualified Domain Name (FQDN) is required for Virtualmin.

Though, it is good to have the FQDN setup to the final sub-domain that you would want to the server to have, it is not really required. It can be any arbitrary FQDN. So, I’ll first have to edit following file:

  • sudo nano /etc/hosts

Then we need to add the following line below the localhost line that should be already present in the file:

  • 52.57.62.199 myserver.example.com myserver

Set the locale - Now, we should Set the locale for the system. And we will set the locale to en_US.UTF-8’. This is very important for database systems so that if you’re supporting multilingual databases, the data is represented correctly.

  • sudo echo 'LC_ALL=en_US.UTF-8' | sudo tee -a /etc/environment
  • sudo echo 'LANG=en_US.UTF-8' | sudo tee -a /etc/environment

We will run the command to ‘restart the system’:

  • sudo init 6

We will have to wait for a couple of minutes for our system to reboot. Once the system is up and running, do the SSH login and you can see that the hostname is set to myserver.

Upgrade the system - Run the command:

  • sudo apt-get update

‘apt-get update command’ updates sources for various packages. The actual upgrade happens with the upgrade command. To upgrade the installed packages run:

  • sudo apt-get upgrade
  • sudo apt-get dist-upgrade

It is a good practice to update your system before doing any other setup so that all the security patches are applied to the server. 

{jcomments on}