AMI User Guide

ISEO AWS BYOL AMI Installation and User Guide

Launch ISEO Server Instance

This is a preconfigured BYOL instance that’s ready to run, and you will fully own and manage it with your own AWS account. It’s different from SaaS which is a hosted service with hourly fees for the software. Read about what AWS Marketplace is.

1. Login to your Amazon Web Service Console.

AWS login

2. You need to configure a security group to run your ISEO AMI. Navigate to the “Security Group” page of the AWS EC2 Web Console

AWS Security Group

3. Create a new security group with the name “ISEO AMI” and add the necessary ports for your application. At the very least you should open the following ports:

  • 22 – SSH
  • 80 – HTTP (Varnish)
  • 443 – HTTPS (Apache)
  • 10000 – HTTPS for the Webmin Admin Panel
  • 8080 – Apache
  • 3306 – Remote MySQL
  • 25 – SMTP
ISEO AMI PORTS

4. Now you’re ready to launch your instance. Click the “Instances” tab and then click the “Launch Instance” button. You will be rederected to a list available AMI’s. Click the “Community AMIs” tab and filter it to just the ISEO AMI AMI’s by putting “ISEO” in the search box and press “Enter”. Once you find the one you want click the corresponding “Select” button for it.

Find ISEO AWS AMI

5. Select an Instance Type: t1.micro, m1.large, c1.xlarge. Otherwise the defaults on the Instance Details pages tend to be acceptable. This includes things like kernel and RAM disk IDs and tags.

AWS Instance Type

6. Adjust storage sizes to your needs, if your image type doesn’t come with a “Instance Store”, you can create a EBS volume for “/dev/sdb”, Otherwise the defaults on the Add Storage pages tend to be acceptable.

Add AWS Storage

7. Click “Next:” and choose the “ISEO AMI” Security Group you created earlier and then click “Next:”.

Choose AWS Security Group

Now all you need to do is review your selections and click the Launch button. Click the link to view the instacne status. It will have a status of “Starting up” for about a minute. Once it’s ready it will turn green and say “running.”

8. Click the checkbox to find the “Public IP address.” Save that IP and proceed to “Purchase Subscription License” section.

Note: Shutting down ISEO AMI instance

Note that once your instance is running it will continue to run until you shut it down. If you forget and accidentally leave your instance running you will be billed, by Amazon, for the hours, bandwidth and disk space consumed. To shut down an instance

  • Select the instance in your dashboard
  • Click on the Instance Actions button
  • Choose Terminate (or Stop if you just want to stop it temporarily, you are still charged for disk usage).

Purchase Subscription License

The ISEO BYOL AMI requires a monthly subscription that can be purchased from ISEO Technologies AWS Server AMIs license page. We offer different license options for all EC2 instance types, please choose the correct instance type for your launched instance. Contact us for more information if you have any questions.

Connecting to your new ISEO AMI Instance

Once your new AMI is successfully launched, you will need to SSH into the console using a SSH client software and the private key pair you have used/created previously.

In this section, we will cover the most common case for users using the Windows operating system, and the PuTTY SSH client. If you have a different configuration, please follow Amazon’s specific instructions on how to connect to your instance.

If you have not done so already, download the PuTTY and the PuTTYgen tools from this page: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Launch the PuTTYgen tool. click Conversions -> Import Key. Select the key file you have previously used or generated, and click Open.

After PuTTYgen has successfully loaded your key file, click the Save Private Key button, and save the private key to a safe place. (You may want to protect your private key with a passphrase, although this is not strictly necessary.)

The PuTTYgen tool will no longer be needed at this point. To continue, open the PuTTY client you have downloaded earlier.

In the Host name (or IP address) section, enter the static IP address you have allocated previously. In our case, this is 23.21.108.51.

Then, on the left navigation panel, navigate to SSH->Auth.

Under the Private key file for authentication: section, click Browse… and select the private key file that PuTTYgen has generated in the previous step.

To connect to the server, simply click the Open button. However, to simplify the process in the future, you may want to save these settings as a profile. To do so, return to the Session category on the top, select a name for your session under the Saved Sessions box, and then click the Save button. The settings then can be loaded back by double clicking the profile, or by selecting the profile, and then clicking the Load button.

Upon connecting, you will receive a warning that PuTTY has not seen this server before. It is safe to simply click Yes on this dialog.

When prompted, login as ec2-user, and then press Enter.

If the private key you have specified was correct, you should now be logged in

Update Configuration File and Run Server Installation Script

  1. SSH into the instance using your AWS private key and username “ec2-user”
    Amazon AWS Credentials (http://aws.amazon.com/account/).
  2. Open and edit configuration file, please read “Remote Machine Login and File Transfer” section if you don’t know how to use “vi” editor and want to download and edit the configration file on your local machine.
    sudo vi /mnt/vol/cronjobs/iseo_tools/includes/iseo_config.inc
  3. Enter your Paypal Payment ID as ACTIVATION_KEY
  4. Get your AWS SECRET and ACCESS Keys by following this guide.
  5. Enter your SERVER_NAME
  6. Enter your ADMIN_EMAILS
  7. Update BAK_ROOT_DIR if necessary
  8. Create your daily and monthly backup S3 buckets by following this guide, and make sure your buckets are in the same Region as your instance.
  9. Enter your DAILY_BACKUP_S3_BUCKET and MONTHLY_BACKUP_S3_BUCKET
  10. Create a free Mandrill account and go to the Settings page of the Mandrill interface (link in the top right) to create your API key:
  11. Do not change other settings at this moment, save the configuration file and run server installation script:
    sudo php /mnt/vol/cronjobs/iseo_tools/install.php
  12. The install script will alert you with any configuration errors, if you do run into errors, update the configuration file and run installation script again.
  13. Close your current SSH session and start a new session, your should see your server “Subscription Status” is set to “activated” /******************************************************************** __| __|_ ) _| ( / ISEO LAMP Stack for Business ___|\___|___| Powered by ISEO Technologies ********************************************************************* Subscription Status: activated License Agreement: http://www.iseo-eur.com/eula.php Installation Guide: http://www.iseo-eur.com/install.php *********************************************************************/

Access Demo WordPress Sites and Webmin Panel

There are two pre-installed empty WordPress Sites installed on this instance to show you how to organize site files, virtural host configuration and use varnish caching VCL.

  • Find the public IP of your server instance from your AWS EC2 console and add follow lines to the end of your local host file:
    instance_public_ip iseo-demo.com instance_public_ip iseo-demo-nocache.com
  • Use “demo” for WP backend login username and password.
  • Take a look at how site files are organized in “/var/www” directory, please follow this setup for backup process to work properly.
  • Take a look at how virtual hosts are configured in “/etc/httpd/conf/httpd.conf”
  • Take a look at how Varnish caching rules are configured in “/usr/local/etc/varnish/default.vcl”
  • Access your Webmin Panel at https://instance_public_ip:10000/ with username as “root” and “TKfT352N” for the password.
  • Access your MySQL server with username as “root” and “demo” for the password.

Post Configuration

You server is up and running now, you might want to update demo credentials before uploading your first site. Here is list of commands that might be useful to you.

Resize the file system for /dev/sdg and /dev/sdf (Optional)

If the EBS volume size for /dev/sdg and /dev/sdf have been extend to geater than 1GB in “Add Storage” step, use the following command, substituting the device name that you want to extend.

# sudo resize2fs /dev/xvdg
# sudo resize2fs /dev/xvdf

To list all device names:

# sudo df -h

Obtaining Your Amazon SES SMTP Credentials
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html

Verifying Email Addresses in Amazon SES
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-email-addresses.html

Allow/reject email relay for a specific recipient or a specific domain

1. Update /etc/postfix/recipient_access

2. Type in the command below in a terminal window to create a hash file.
# sudo postmap /etc/postfix/recipient_access

3. Restart the Postfix service. 
# sudo systemctl restart postfix

To enter your own Mandrill settings:

Update "myhostname" to your smtp server hostname in Postfix Main config file:

# sudo vi /etc/postfix/main.cf
...
myhostname = your_smtp_hostname.com
...


Update Mandrill API Key to yours:

# sudo vi /etc/postfix/sasl_passwd
[email protected]:your_mandrill_api_key

postmap the sasl_passwd file after changing it:

# sudo postmap /etc/postfix/sasl_passwd
# sudo postfix reload
# sudo service postfix restart

To update MySQL/MariaDB root password:

# sudo mysql -u root -pdemo
mysql> use mysql;
mysql> update user set password=PASSWORD("your_new_password") where User='root';
mysql> flush privileges;
mysql> quit

Update /mnt/vol/cronjobs/iseo_tools/includes/iseo_config.inc with new MySQL login credentials

Then restart MySQL:
# sudo service mysqld restart

Or restart MariaDB:
# sudo systemctl start mariadb

To update Webmin root password:

# sudo /usr/libexec/webmin/changepass.pl /etc/webmin root your_new_password
# sudo service webmin restart

To access Varnish Admin:

# sudo varnishadm -T 127.0.0.1:2000
varnish>vcl.list
varnish> quit

To restart Varnish:

For v4.7:
# sudo service varnish restart

For v7.2:
# sudo systemctl restart varnish

To register and use CloudFlare CDN:

  1. Create a free Cloudflare account here.
  2. Move your domain DNS to your Cloudflare account.
  3. To learn how to Manage DNS Records with CloudFlare’s Free DNS service.

To set up Mandrill sending domains with SPF and DKIM records:

  1. What are SPF and DKIM and do I need to set them up?
  2. How do I set up sending domains?.
  3. How do I add DNS records for my sending domains?

Remote Machine Login and File Transfer

You may need to connect to the server’s file system to edit configuration files, retrieve log files, upload site files, or run commands from a console interface.

There are a variety of utilities you can use to accomplish these tasks. Following steps demonstrates file transfer using a third-party utility for Microsoft Windows called WinSCP. Command line interactions are shown using the AWS console “Connect from your browser” feature. These two utilities were chosen because they are the easy to explain and use for their use cases. You may be familiar with and prefer other methods, such as PuTTY, ssh command line utilities, and so on.

Requirements

  • The public IP address or hostname of the AWS server instance running ISEO Server AMI
  • The Public key name associated with the server instance
  • The path to the Private key file that works with the Public key mentioned above
  • A file transfer utility such as WinSCP
    • Important: If using WinSCP, the Private key file must be converted to the .ppk file format. Use the Puttygen “import key” utility to convert from .pem to .ppk file formats. See Dealing with Private Keys in Other Formats for more information.
  • Login username: ec2-user

Steps to Transfer Files

  1. Run the WinSCP application from the Windows Start menu.
  2. Click New. Use the following values:
    1. Host Name (or IP address)
    2. Port number: 22
    3. User name: ec2-user
    4. Password: leave blank
  3. Private key file: navigate to the Private key file
  4. Protocol: SFTP
  5. Click Save. The default session name will follow the standard user@host, e.g., ec2-user@iseobox. You can change it if you want. Click OK.
  6. Click Login to connect.
  7. Your local file system appears in the left panel and the remote AWS computer appears in the right. You can now easily copy files back and forth between systems.

Command Line Interactions

The AWS console provides a command line utility that runs in a Java-enabled Web browser window. It is documented on the AWS web site.

Command line interactions use cases include:

  • Starting, stopping, restarting or checking the status of ISEO Server
  • Running any Linux command

Requirements

  • Access to the AWS Console
  • The path to the Private key file that works with the Public key used by your server instance

Steps to Open a Command Line Window from the AWS Console

  1. Login to the AWS console, e.g.: https://<yourOrganization>.signin.aws.amazon.com/console
  2. From the AWS Console Home page, click EC2
  3. Click Instances from the side bar or Running Instances from the top level summary
  4. Locate your instance and right-click it
  5. From the Instance Management pop-up menu, click Connect
  6. The Public DNS and Private Key name will be entered for you. Complete the following:
    1. User name: ec2-user
    2. Private key path: enter the path to the Private key file that works with the Public Key named on-screen.
  7. Click Launch SSH Client
  8. When prompted to run the application named com.mindbright.application.MindTerm, click Run
  9. If prompted to add the server’s fingerprint to the cache, click Yes
  10. You can now run any Linux command