The Amazon EC2 Blog Migration Project

Ray Acayan — Tue, 27 Oct 2009 16:46:29 +0000

I. Overview

This side project presents my procedure for migrating my WordPress blog from a web hosting provider running cPanel to an Amazon EC2 instance.

This project builds on the environment created in my previous blog post, "The Mobile Cloud Project, Part 1.1: Basic AWS", where I presented an overview of Amazon Web Services and a procedure for creating virtual servers (Reserved and On-Demand instances) on Amazon EC2.

II. Consulting

I do my best to explain the concepts and techniques behind my projects. If you like my work and can use my expertise in your projects, I am available for consulting at a competitive rate.

III. Procedure

Once the Amazon EC2 instance was created and configured in my previous blog post, this migration procedure is actually fairly straightforward. From the point of view of a terminal console, an Amazon EC2 instance running Ubuntu Linux is very similar to any other Ubuntu server. The only difference is that certain tasks that were simplified behind a web hosting provider’s cPanel now need to be done explicitly on an EC2 instance.

This procedure assumes an existing WordPress blog at http://www.RayAcayan.com (i.e. this blog), an existing EC2 instance running Ubuntu 9.10 (Karmic), an Elastic IP address associated with that instance, and a local Windows client with Putty and FileZilla configured to connect to both the old blog’s web hosting provider and the new blog’s EC2 instance. These were all configured in my previous blog post “The Mobile Cloud Project, Part 1.1: Basic AWS”.

1. Install packages on EC2 instance

Connect to the EC2 instance using Putty.
Install Apache2, MySQL, PHP, Ruby on Rails, Python, and Django packages with the following commands.

$ sudo apt-get update
$ sudo apt-get install apache2 mysql-server libapache2-mod-auth-mysql
$ sudo apt-get install php5-mysql phpmyadmin
$ sudo apt-get install build-essential libssl-dev libreadline5-dev zlib1g-dev
$ sudo apt-get install libmysqlclient15-dev

$ sudo apt-get install ruby-full rubygems1.9.1 rails libmysql-ruby

$ sudo apt-get install python2.6 python3 python-django
$ sudo apt-get install libapache2-mod-python python-mysqldb

2. Enable mod_rewrite on Apache

The mod_rewrite module allows WordPress to use pretty permalinks on your blog, such as /category/postname/

$ sudo a2enmod rewrite
$ sudo nano /etc/apache2/sites-enabled/000-default

Modify this file to show the following changes (i.e. change “None” to “All” to allow pretty permalinks, and add # comments to disable directory listing) then save this file.

DocumentRoot /var/www/
[...]
Options FollowSymLinks
AllowOverride All
[...]
# Options Indexes FollowSymLinks MultiViews
# AllowOverride None
# Order allow,deny
# allow from all

Restart Apache:

$ sudo /etc/init.d/apache2 restart

3. Install WordPress on the EC2 instance

Connect to the EC2 instance using Putty.
Create the WordPress username and database on MySQL by entering the following commands:

$ sudo mysql -u root -p
mysql> create database wordpress;
mysql> create user ;
mysql> set password for = password(“”);
mysql> grant all on wordpress.* to @localhost identified by `’;
mysql> quit

Enter the following commands at the Linux prompt to download and install WordPress:

$ cd /var/www
$ sudo wget http://wordpress.org/latest.tar.gz
$ sudo tar -xzvf latest.tar.gz
$ sudo mv wordpress blog

Go to http:///blog/wp-admin/install.php to execute the WordPress install script.
Download and install the WordPress themes and plugins that were in the previous blog (cPanel).

4. Copy WordPress files and database from the old blog to the new blog

Open FileZilla client and connect to the web hosting provider’s server that is hosting the old blog. (See the provider’s instructions on how to do this.)
Download all files in the old blog: ~/public_html or /var/www
Open a second FileZilla client to connect to the new blog (EC2).
Upload your custom files and directories to the /var/www directory of the new blog.
Open the WordPress Dashboard on the old blog (cPanel), click "Export" in the “Tools” menu on the left, and save the .xml file.
Open the WordPress Dashboard on the new blog (EC2), click "Import" in the “Tools” menu on the left, and upload the .xml file from the previous step.
Install the “WP-DB-Backup” plugin on both the old and new blogs.
On the old blog’s WordPress admin, click “Backup” on the “Tools” menu on the left and save the file as “oldwordpress.sql”.
Connect to the EC2 instance via FileZilla and upload the “oldwordpress.sql” file.
Connect to the EC2 instance via Putty.
At the Linux prompt, enter “mysql wordpress < oldwordpress.sql â€“u root -p” to import the old WordPress database to the new one.
Verify that the new blog is working at http:///blog including links and styles.

5. Remap DNS to the new blog IP address on EC2

DNS needs to be configured to remap the blog’s domain name to the Elastic IP address of the new blog on EC2.

Before proceeding, add an entry “ www.RayAcayan.com” to the local hosts file at C:\windows\system32\drivers\etc
Verify that the blog is working properly using the normal URL http://www.RayAcayan.com

At this point, only the local computer can access the new blog via URL because of the hosts file entry. The new IP address will need to be propagated to the rest of the Internet via an external DNS provider so that everyone else can access it.

Select an external DNS provider such as http://www.easyDNS.com and purchase a DNS-only service for about $20/year.
Add a DNS entry to map the hostname to the Elastic IP address of the new blog.
Go to the domain registrar’s website where the old blog domain is currently registered.
Change the name servers of the domain to point to the name servers of the external DNS provider.
Wait several hours for the new DNS settings to propagate on the Internet. Enter “nslookup” at the command prompt. If the response is the elastic IP address of the EC2 instance, then the DNS propagation has completed.
Remove the hosts file entry created in step 5.i. and run “ipconfig /dnsflush” at the command prompt. Verify that the blog is still reachable via the normal URL: http://www.RayAcayan.com

6. Install Additional Applications

Install Webalizer

Webalizer is a web stats application offered by your web hosting provider’s cPanel. You will need to install it manually on your EC2 instance if you want to continue using it.

Connect to the EC2 instance using Putty.
Enter the following command to install Webalizer on the EC2 instance:

# apt-get install webalizer

7. Configure Security

Secure the Apache web server with mod_security and Core Rule Set

The “mod_security” Apache module is an open source intrusion detection and prevention engine for web applications. It protects the Apache web server from common attacks such as SQL injection, cross-site scripting, etc.

Connect to the EC2 instance using Putty.
Enter the following commands at the Linux prompt:

#mkdir ~/install
#cd ~/install
#wget http://www.modsecurity.org/download/modsecurity-apache_2.5.10.tar.gz
# tar -xzvf modsecurity-apache_2.5.10.tar.gz
# cd modsecurity-apache_2.5.10/rules
# cp *.conf /etc/apache2/conf.d
# cp base_rules /etc/apache2/conf.d/modsecurity
# cp optional_rules /etc/apache2/conf.d
# mkdir /etc/apache2/logs
# apt-get install libapache-mod-security
# a2enmod mod-security

Restart Apache:

# /etc/init.d/apache2 restart

Configure password-protection on the PHPMyAdmin directory

Connect to the EC2 instance using Putty.
Enter the following commands at the Linux prompt:

# mkdir /usr/local/apache2
# htdigest -c /usr/local/apache2/.htpasswd_phpmyadmin “PHPMyAdmin” phpmyadmin
(Enter password)
# cp /etc/apache2/mods-available/auth_digest.load /etc/apache2/mods-enabled
# nano /etc/apache2/apache2.conf

Add the following text to the end of the apache2.conf file:

  Authtype digest
  AuthName “PHPMyAdmin”
  AuthUserFile /usr/local/apache2/.htpasswd_phpmyadmin
  require user phpmyadmin

For added security, insert the following lines inside the tag above to only allow connections from certain IP addresses:

  Order deny,allow
  Deny from all
  Allow from

Restart Apache:

# /etc/init.d/apache2 restart

Configure password-protection on the WordPress Admin directory

Connect to the EC2 instance using Putty.
Enter the following commands at the Linux prompt:

# mkdir /usr/local/apache2
# htdigest -c /usr/local/apache2/.htpasswd_wp-admin “WordPress Admin” wp-admin
(Enter password)
# cp /etc/apache2/mods-available/auth_digest.load /etc/apache2/mods-enabled
# nano /etc/apache2/apache2.conf

Add the following text to the end of the apache2.conf file:

  Authtype digest
  AuthName “WordPress Admin”
  AuthUserFile /usr/local/apache2/.htpasswd_wp-admin
  require user wp-admin

For added security, insert the following lines inside the tag above to only allow connections from certain IP addresses:

  Order deny,allow
  Deny from all
  Allow from

Restart Apache:

# /etc/init.d/apache2 restart

Configure password-protection on the Webalizer directory

Connect to the EC2 instance using Putty.
Enter the following commands at the Linux prompt:

# mkdir /usr/local/apache2
# htdigest -c /usr/local/apache2/.htpasswd_webalizer “Webalizer Stats” webalizer
(Enter password)
# cp /etc/apache2/mods-available/auth_digest.load /etc/apache2/mods-enabled
# nano /etc/apache2/apache2.conf