A Few Things To Do When First Setting Up a LightSail Instance Running WordPress

Amazon’s new Lightsail service is pretty amazing.  For practically nothing, you can have a cloud based server. They offer a lot of options, and a good bit of what’s here will be applicable to any of them running Ubuntu, but this is geared toward the WordPress instance, Which happens to be running Ubuntu Server.  At first I was a bit disappointed, but as I use it, I find it’s actually pretty close to Raspian, which I do, in fact know pretty well, and it’s nice to diversify my Linux skills a bit.

For this, I’m going to assume you have your machine set up, you have keys created to so you can ssh to it from a Linux box or putty on Windows. And as usual, you know enough Linux to actually be able to run the commands.

Amazon’s system has everything you need, but it could use a little tuning.

For starters, update the OS:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
sudo reboot

This should be done on a regular schedule.  I update all my computers once a month and have a reminder in my calendar to do so.

Next install some packages:

sudo apt-get install sendmail sendmail-cf m4 bsd-mailx sysstat ntp git

Next, set up mail so your instance can send email.  I have a tutorial on how to use sendmail with iCloud or Google Mail if you need it. After setting that up, a little extra work is needed:

sudo mkdir /var/spool/clientmqueue
sudo chown smmsp:smmsp /var/spool/clientmqueue/
cd /usr/share/
ln -s sendmail/cf sendmail-cf
sudo update-rc.d sendmail enable
sudo service sendmail start

Next is to fix the timezone and start ntp:

sudo timedatectl set-timezone America/New_York
sudo update-rc.d ntp enable
sudo service ntp start

Next is to set up secure http.  We will be using a free Cert from Lets Encrypt.

Mostly following https://docs.bitnami.com/aws/components/apache/#how-to-install-the-lets-encrypt-client:

git clone https://github.com/certbot/certbot
cd certbot

That will install some components needed and set up everything.  You’ll get an error at the end about not being able to set up apache. Ignore it and continue …

sudo /opt/bitnami/use_wordpress
cd /home/bitnami/certbot/
./certbot-auto certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d <web_server_name>
cd /opt/bitnami/apache2/conf/
mv server.crt{,.orig}
mv server.key{,.orig}
ln -s /etc/letsencrypt/live/<web_server_name>/privkey.pem /opt/bitnami/apache2/conf/server.key
ln -s /etc/letsencrypt/live/<web_server_name>/fullchain.pem /opt/bitnami/apache2/conf/server.crt
/opt/bitnami/ctlscript.sh restart apache

The web_server_name is the A-record DNS entry for your web server ( for example, www.doomd.net is what I used for this site ).

Now to configure a redirect so that https is the only thing that is used:

In /opt/bitnami/apache2/conf/httpd.conf, un-comment the line that says:

Include conf/extra/httpd-vhosts.conf

Now edit /opt/bitnami/apache2/conf/extra/httpd-vhosts.conf, so it has:

<VirtualHost *:80>
 ServerName <web_server_name>
 Redirect permanent / https://<web_server_name>/

As above, web_server_name is the A-record for you web site, for example www.doomd.net.

Don’t forget to restart Apache after making that change.

And one final thing you’ll want is some kind of backup solution. Amazon offers snapshots. They are clumsy at best and cost extra.  But will get the job done. Personally, I use Backuppc for all my backup needs. And after setting up they keys and a little tweaking of the config, it works great.

To get BackupPC to work with an Ubuntu server Lightsail instance, set it up as you would any server, then add the following to the config file in the pc directory of the backup config files:

$Conf{PingPath} = '/bin/true';

As a final note, I also set up my Lightsail instances in my linux counter config so they get counted.

Comments 6

  • This is really helpful, thanks very much :thumbsup:

  • Perfect guide! Bookmarked for other projects. Thank you for all your work.

  • I just wanted to add a quick correction to my previous comment. I was having redirect issues with the above guide. This is what got it working for me:

    How To Force HTTPS Redirection?
    Add the following to the top of the /opt/bitnami/apps/wordpress/conf/httpd-prefix.conf file:

    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
    After modifying the Apache configuration files, restart Apache to apply the changes.

  • Thanks for this!

    I have a site set up on Lightsail with a subdomain. Our IT folks have thus far just pointed the subdomain to the IP. I have another instance where I followed previously published instructions for setting up a LetsEncrypt cert.

    Now AWS has changed the instructions to indicate that here has to be a DNS record, which I don’t think I need or want in this circumstance. It it possible to set up the cert without the DNS record?

    Bitnami’s docs (https://docs.bitnami.com/aws/infrastructure/lamp/administration/generate-configure-certificate-letsencrypt/) are useless on this point since the /opt/bitnamel/letsencrypt/ directory.

  • First off, You are welcome!

    As far as the DNS record, I’m not sure. I know for apache, I think it has to match the name it’s configured to respond too, in the case of doomd.net, that’s http://www.doomd.net. That happens to have a DNS record. My other site http://www.spaced-out.tech does as well.

    BTW: doomd.net’s DNS isn’t hosted on AWS. I’ve had that domain for a very long time, before AWS existed. And I didn’t feel like changing my DNS config.

    Anyway, keep me posted on what you find out, in case it’s needed by other people.

  • Dude, you forgot to remove the bitnami banner from your website, liked your post its awesome. nice work

Leave a Reply