Category Archives: Linux

Configuring NginX on Amazon Linux

 

Whoah. It is hard times for the Linux Admin trying to get a new web server off the ground.

Amazon linux does not ship with apt-get or apt-key or any of our Ubuntu favorites. This is a RHEL model boys and girls. And RHEL means yum. And here’s the issue:

We cannot simply install NGINX. Its not in any standard Repo if your instance is fresh from the Launcher. Boo.

sudo yum install epel-release ...? 

Yeah… try again punk. Enabling the extra packages isn’t that simple. We have to go chase them down. Why this isn’t standard? Who knows… but here is the remedy: You have to go chase it down in fedora land and install the rpm file.

( I don’t think you are a punk. Im talking to myself )

sudo yum install –y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Adding the -y is a nice way to speed things up and answer yes to all the questions beforehand.

What is the lesson here? You really should have a configuration script ready to go, or at least a preconfigured image in your AWS console when setting one of these up again.

— Next Day:

Nope! The lesson is understanding the plight of the admin short on time. I spent a good hour trying to get wordpress up and running but I got lost at the intersection of MySql and libso.03 or something…. I tried to get a handle on it and went so far as to try to install the dependencies manually but to no avail. Apparently this is still an issue:

https://serverfault.com/questions/873955/how-solve-mysql-5-7-dependency

I just need to get this thing up and running so I ran back to Ubuntu 16.04.

Whatever…

 

5 ways to NOT setup a WordPress Server on AWS

Yah know….. ( said with a humorously wry rise )

So I thought I would recall all of the biffs I made when migrating to AWS… I wanted to join the Amazon club pretty bad….. because everyone is doing it, right? I can just hear my mother’s voice in my ear…

“If all your friends decided to jump off a cliff, would you jump off it too?!!” – said with exasperated disapproval being sprayed all over the room that would make any seven-year-old shrink down into their shoes…

Regardless, the AWS cliff looks fun and everyone seems to be surviving. But going straight into it for the first time, I encountered a few bumps in the road. Here is a road map of where I was going and a list of the places where the trail went cold:

Build: Amazon Linux 2 AMI, NGinX, MySQL, PHP, WordPress. 

  • Launched Instance. Couldn’t SSL into the box because I didn’t set a name tag and didn’t set up DNS correctly. For some reason, troubleshooting after you make that mistake before launch is tough.  Flash Box

 

  • Launched Instance. Couldn’t get MySQL installed onto Linux AMI. There is an unsolved library compatibility issue that no one has posted a fix for on Stack Overflow yet. And there is only so much package hunting you can do in the morning before work — gave up and went back to Ubuntu 16.04. Flash Box

 

  • Got ALL THE WAY THROUGH the 5 minute installation and had it ready to install ( yah know… when its accessible via default creds? ) and then I had to go catch the train. During my commute I was taught a harsh lesson around security group configuration. When I got back to do the install, a very courteous piece of cryptojacking malware had  done it for me. I spent a few hours doing some forensic analysis on the box ( running top, I could see the database was VERY busy spending my money) and I attempted to hash in my own password into MySQL so I could get back in, but my drive to not get sidetracked with albeit, an interesting pursuit, was not going to directly contribute to the completion of this project. Flash Box

 

  • Accidentally started up the firewall at some point when I was on NGINX installation autopilot and kicked myself out of my own machine. It didn’t actually terminate the session I already had, which made it take longer for me to remember what I had done wrong when my ssh command didn’t work the next day. That ufw command has consequences… Flash Box

 

  • Yet another Death by Firewall as I changed the configuration of the SSH service to operate on another port ( Security by Obscurity Lives!!! ) and I forgot to open up a port in the firewall. FLASH BOX!

Remember that scene in The 5th Element when Gary Oldman opened the case to find that there were no stones? Yeah… it was like that. The struggle is real.

A funny reminder of all of these id10t viruses compromising the layer 8 host is the naming convention I have applied to the key pairs that I download each time I spin up a new AWS instance. SecondKey, ThirdKey, FourthKey… you get the idea. Wish me luck with a successful configuration while the numbering of the keys is still in the one’s column.

Takeaway: Even when you’re just getting started, the amazon design and security principles do state the importance of automating a best practice around starting with a secure architecture, strong controls and having a system for versioning your instances — which would have been a great help to keep me from starting from scratch every time.