I. Overview

This side project presents my procedure for migrating my WordPress blog from a web hosting provider running cPanel to an Amazon EC2 instance.

This project builds on the environment created in my previous blog post, "The Mobile Cloud Project, Part 1.1: Basic AWS", where I presented an overview of Amazon Web Services and a procedure for creating virtual servers (Reserved and On-Demand instances) on Amazon EC2.

II. Consulting

I do my best to explain the concepts and techniques behind my projects. If you like my work and can use my expertise in your projects, I am available for consulting at a competitive rate.

III. Procedure

Once the Amazon EC2 instance was created and configured in my previous blog post, this migration procedure is actually fairly straightforward. From the point of view of a terminal console, an Amazon EC2 instance running Ubuntu Linux is very similar to any other Ubuntu server. The only difference is that certain tasks that were simplified behind a web hosting provider’s cPanel now need to be done explicitly on an EC2 instance.

This procedure assumes an existing WordPress blog at http://www.RayAcayan.com (i.e. this blog), an existing EC2 instance running Ubuntu 9.10 (Karmic), an Elastic IP address associated with that instance, and a local Windows client with Putty and FileZilla configured to connect to both the old blog’s web hosting provider and the new blog’s EC2 instance. These were all configured in my previous blog post “The Mobile Cloud Project, Part 1.1: Basic AWS”.

1. Install packages on EC2 instance

1. Connect to the EC2 instance using Putty.
2. Install Apache2, MySQL, PHP, Ruby on Rails, Python, and Django packages with the following commands.
$ sudo apt-get update
$ sudo apt-get install apache2 mysql-server libapache2-mod-auth-mysql
$ sudo apt-get install php5-mysql phpmyadmin
$ sudo apt-get install build-essential libssl-dev libreadline5-dev zlib1g-dev
$ sudo apt-get install libmysqlclient15-dev

$ sudo apt-get install ruby-full rubygems1.9.1 rails libmysql-ruby

$ sudo apt-get install python2.6 python3 python-django
$ sudo apt-get install libapache2-mod-python python-mysqldb

2. Enable mod_rewrite on Apache

1. The mod_rewrite module allows WordPress to use pretty permalinks on your blog, such as /category/postname/
$ sudo a2enmod rewrite
$ sudo nano /etc/apache2/sites-enabled/000-default
2. Modify this file to show the following changes (i.e. change “None” to “All” to allow pretty permalinks, and add # comments to disable directory listing) then save this file.
DocumentRoot /var/www/
[...]
Options FollowSymLinks
AllowOverride All
[...]
# Options Indexes FollowSymLinks MultiViews
# AllowOverride None
# Order allow,deny
# allow from all
3. Restart Apache:
$ sudo /etc/init.d/apache2 restart

3. Install WordPress on the EC2 instance

1. Connect to the EC2 instance using Putty.
2. Create the WordPress username and database on MySQL by entering the following commands:
$ sudo mysql -u root -p <password>
mysql> create database wordpress;
mysql> create user <wp_username>;
mysql> set password for <wp_username> = password(“<password>”);
mysql> grant all on wordpress.* to <wp_username>@localhost identified by `<password>’;
mysql> quit
3. Enter the following commands at the Linux prompt to download and install WordPress:
$ cd /var/www
$ sudo wget http://wordpress.org/latest.tar.gz
$ sudo tar -xzvf latest.tar.gz
$ sudo mv wordpress blog
4. Go to http://<elastic ip>/blog/wp-admin/install.php to execute the WordPress install script.
5. Download and install the WordPress themes and plugins that were in the previous blog (cPanel).

4. Copy WordPress files and database from the old blog to the new blog

1. Open FileZilla client and connect to the web hosting provider’s server that is hosting the old blog. (See the provider’s instructions on how to do this.)
2. Download all files in the old blog: ~/public_html or /var/www
3. Open a second FileZilla client to connect to the new blog (EC2).
4. Upload your custom files and directories to the /var/www directory of the new blog.
5. Open the WordPress Dashboard on the old blog (cPanel), click "Export" in the “Tools” menu on the left, and save the .xml file.
6. Open the WordPress Dashboard on the new blog (EC2), click "Import" in the “Tools” menu on the left, and upload the .xml file from the previous step.
7. Install the “WP-DB-Backup” plugin on both the old and new blogs.
8. On the old blog’s WordPress admin, click “Backup” on the “Tools” menu on the left and save the file as “oldwordpress.sql”.
9. Connect to the EC2 instance via FileZilla and upload the “oldwordpress.sql” file.
10. Connect to the EC2 instance via Putty.
11. At the Linux prompt, enter “mysql wordpress < oldwordpress.sql –u root -p” to import the old WordPress database to the new one.
12. Verify that the new blog is working at http://<elastic ip>/blog including links and styles.

5. Remap DNS to the new blog IP address on EC2

• DNS needs to be configured to remap the blog’s domain name to the Elastic IP address of the new blog on EC2.

1. Before proceeding, add an entry “<elastic ip> www.RayAcayan.com” to the local hosts file at C:\windows\system32\drivers\etc
2. Verify that the blog is working properly using the normal URL http://www.RayAcayan.com

At this point, only the local computer can access the new blog via URL because of the hosts file entry. The new IP address will need to be propagated to the rest of the Internet via an external DNS provider so that everyone else can access it.

3. Select an external DNS provider such as http://www.easyDNS.com and purchase a DNS-only service for about $20/year.
4. Add a DNS entry to map the hostname to the Elastic IP address of the new blog.
5. Go to the domain registrar’s website where the old blog domain is currently registered.
6. Change the name servers of the domain to point to the name servers of the external DNS provider.
7. Wait several hours for the new DNS settings to propagate on the Internet. Enter “nslookup” at the command prompt. If the response is the elastic IP address of the EC2 instance, then the DNS propagation has completed.
8. Remove the hosts file entry created in step 5.i. and run “ipconfig /dnsflush” at the command prompt. Verify that the blog is still reachable via the normal URL: http://www.RayAcayan.com

6. Install Additional Applications

1. Install Webalizer


Webalizer is a web stats application offered by your web hosting provider’s cPanel. You will need to install it manually on your EC2 instance if you want to continue using it.

1. Connect to the EC2 instance using Putty.
2. Enter the following command to install Webalizer on the EC2 instance:
# apt-get install webalizer

7. Configure Security

1. Secure the Apache web server with mod_security and Core Rule Set

The “mod_security” Apache module is an open source intrusion detection and prevention engine for web applications. It protects the Apache web server from common attacks such as SQL injection, cross-site scripting, etc.

1. Connect to the EC2 instance using Putty.
2. Enter the following commands at the Linux prompt:
#mkdir ~/install
#cd ~/install
#wget http://www.modsecurity.org/download/modsecurity-apache_2.5.10.tar.gz
# tar -xzvf modsecurity-apache_2.5.10.tar.gz
# cd modsecurity-apache_2.5.10/rules
# cp *.conf /etc/apache2/conf.d
# cp base_rules /etc/apache2/conf.d/modsecurity
# cp optional_rules /etc/apache2/conf.d
# mkdir /etc/apache2/logs
# apt-get install libapache-mod-security
# a2enmod mod-security
3. Restart Apache:
# /etc/init.d/apache2 restart
2. Configure password-protection on the PHPMyAdmin directory
1. Connect to the EC2 instance using Putty.
2. Enter the following commands at the Linux prompt:
# mkdir /usr/local/apache2
# htdigest -c /usr/local/apache2/.htpasswd_phpmyadmin “PHPMyAdmin” phpmyadmin
(Enter password)
# cp /etc/apache2/mods-available/auth_digest.load /etc/apache2/mods-enabled
# nano /etc/apache2/apache2.conf
3. Add the following text to the end of the apache2.conf file:
<Directory /usr/share/phpmyadmin/>
  Authtype digest
  AuthName “PHPMyAdmin”
  AuthUserFile /usr/local/apache2/.htpasswd_phpmyadmin
  require user phpmyadmin
</Directory>
4. For added security, insert the following lines inside the <Directory> tag above to only allow connections from certain IP addresses:
  Order deny,allow
  Deny from all
  Allow from <static IP address>
5. Restart Apache:
# /etc/init.d/apache2 restart
3. Configure password-protection on the WordPress Admin directory
1. Connect to the EC2 instance using Putty.
2. Enter the following commands at the Linux prompt:
# mkdir /usr/local/apache2
# htdigest -c /usr/local/apache2/.htpasswd_wp-admin “WordPress Admin” wp-admin
(Enter password)
# cp /etc/apache2/mods-available/auth_digest.load /etc/apache2/mods-enabled
# nano /etc/apache2/apache2.conf
3. Add the following text to the end of the apache2.conf file:
<Directory /var/www/blog/wp-admin/>
  Authtype digest
  AuthName “WordPress Admin”
  AuthUserFile /usr/local/apache2/.htpasswd_wp-admin
  require user wp-admin
</Directory>
4. For added security, insert the following lines inside the <Directory> tag above to only allow connections from certain IP addresses:
  Order deny,allow
  Deny from all
  Allow from <static IP address>
5. Restart Apache:
# /etc/init.d/apache2 restart
4. Configure password-protection on the Webalizer directory
1. Connect to the EC2 instance using Putty.
2. Enter the following commands at the Linux prompt:
# mkdir /usr/local/apache2
# htdigest -c /usr/local/apache2/.htpasswd_webalizer “Webalizer Stats” webalizer
(Enter password)
# cp /etc/apache2/mods-available/auth_digest.load /etc/apache2/mods-enabled
# nano /etc/apache2/apache2.conf
3. Add the following text to the end of the apache2.conf file:
<Directory /var/www/webalizer/>
  Authtype digest
  AuthName “Webalizer Stats”
  AuthUserFile /usr/local/apache2/.htpasswd_webalizer
  require user webalizer
</Directory>
4. For added security, insert the following lines inside the <Directory> tag above to only allow connections from certain IP addresses:
  Order deny,allow
  Deny from all
  Allow from <static IP address>
5. Restart Apache:
# /etc/init.d/apache2 restart

IV. References

1. Amazon Web Services Technical Documentation
http://aws.amazon.com/documentation

2. Official Ubuntu Documentation
https://help.ubuntu.com

3. RubyOnRails.org
http://rubyonrails.org/download/

4. Python Programming Language — Official Website
http://www.python.org

5. The Django Project
http://www.djangoproject.com/

6. Moving WordPress
http://codex.wordpress.org/Moving_WordPress

7. easyDNS
http://www.easydns.com

8. OWASP ModSecurity Core Rule Set Project
http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project

I. Overview

The Mobile Cloud Project is my proof-of-concept for developing and hosting a scalable mobile application platform on the Amazon Web Services cloud..

Part 1.1 of this project provides a basic overview of Amazon Web Services and describes my procedure for building Ubuntu Linux virtual servers (Reserved and On-Demand instances) on Amazon EC2.

Please see the main project page for more information on the other parts of this project.

II. Consulting

I do my best to explain the concepts and techniques behind my projects. If you like my work and can use my expertise in your projects, I am available for consulting at a competitive rate.

III. Overview of Amazon Web Services

Amazon Web Services (AWS) is a collection of technologies that enable us to host our applications on Amazon’s server and network infrastructure (the "cloud"). AWS can provide an individual or startup with the potential computing power of thousands of networked servers, petabytes of storage space, and fault-tolerant capabilities, which rival the infrastructure of large corporations that possess multiple data centres and IT departments. You require no physical hardware, network infrastructure, electricity, nor legions of IT staff, in order to run your powerful virtual enterprise in the cloud. The scalability of AWS makes it an ideal solution for hosting the back-end platform for popular mobile apps used by millions of users.

1. Amazon EC2

An "instance", or virtual server, is the basic unit of computing resource in the Amazon Elastic Compute Cloud (EC2). You can create as many instances as you need, and pricing is based on instance type, "size", and hourly usage. A Reserved Instance is a dedicated virtual server which is often kept running all the time, while an On-Demand instance is usually turned on only as required.

2. Amazon S3

Amazon Simple Storage Service (S3) is a virtual data storage area. A "bucket" is analogous to a filesystem that can store objects or files. You can create as much data storage as you need in S3, and pricing is based on storage size and amount of data transferred.

3. Elastic IP Addresses

An Elastic IP address is an Internet-routable static IP address that is allocated to your AWS EC2 account. You can map an Elastic IP address to any running instance (which has a private IP address), and quickly remap to a different instance if the other instance fails. Network address translation is enabled automatically via 1:1 NAT. There is no charge for elastic IP addresses while in use.

IV. Procedure

In this procedure, I will demonstrate how to create two EC2 instances: a Reserved Instance called “Galactica” (which will eventually host this blog and related web apps) and an On-Demand instance called “Pegasus” for future use.

1. Sign up for a free AWS account

1. Go to http://aws.amazon.com and click "Sign Up Now".
2. Fill out the requested information.

2. Sign up for Amazon EC2 and S3

1. Go to http://aws.amazon.com/ec2 and click "Sign Up for Amazon EC2".
2. Review the pricing details and enter your credit card and billing information.
3. Complete the identity verification by telephone.
4. You are now signed up for both EC2 and S3.

3. Sign in to the AWS Management Console

1. Go to http://aws.amazon.com/console and click "Sign in to the AWS Console" (EC2).

4. Create Key Pairs

You will need to create a key pair for each instance you plan to launch. This allows you to access your instance securely via SSH (Linux) or RDP (Windows).

1. In Windows Explorer, create the folders “C:\aws” and “C:\aws\ec2″
2. Click "Key Pairs" in the left menu, click "Create Key Pair", and enter a name for this key pair (e.g. "Galactica").
3. Save the “Galactica.pem” private key file in the C:\aws\ec2 folder.
4. Create another key pair for the second instance (e.g. "Pegasus").

5. Create a Security Group

A Security Group is essentially a set of firewall rules that can be applied to your instances. A cloud-based virtual server is still vulnerable to hackers just like any other server connected to the Internet. You need to remain vigilant and follow cloud security best practices. (See the Cloud Security Alliance website for more information.)

1. Click "Security Groups" from the left menu, then click "Create Security Group".
2. Enter a name for this security group (e.g. "Stargate") then click "Create".
3. In the "Allowed Connections" section, select "SSH" then click "Save".
4. In the same section, select "HTTP" then click "Save".
5. Add more firewall rules as required. All other network traffic will be blocked.

6. Purchase a Reserved Instance

A Reserved Instance is a prepaid instance that offers "significantly" discounted usage fees compared to an On-Demand instance. In this example, a "Small" Linux/Unix reserved instance will cost $350 for a 3-yr term and $0.03/hr (roughly $22/month) usage fees, while the same On-Demand instance will cost $0.085/hr in usage fees (as of Nov 1, 2009), or about $62/month if used 24/7. Usage fees and discounts are calculated automatically. For example, if you have X reserved instances, then the first X instances currently running will be charged at the discounted usage fee, while the remaining instances are charged at the on-demand usage fee.

1. Click "Instances" on the left menu.
2. Click on the "Reserved Instances" dropdown list and select "Purchase Reserved Instances".
3. Select "Linux/UNIX" platform, "m1.small" instance type, "Best Available" zone, a term of "3 years", and "1" instance.
4. Click "Continue" then click "Place Order" to confirm.
5. You may need to wait a few minutes until the payment is processed and the reserved instance is activated. Click "Close".

7. Launch AMI Instances

An Amazon Machine Image (AMI) is essentially a disk image containing a pre-configured operating system and software. You have the ability to create your own AMI disk image from an existing server or select a pre-built AMI from Amazon’s list.

1. Click "Instances" on the left menu, then click "Launch Instance".
2. Click "Community AMIs" tab.
3. In the textbox to the right of "All Images" and "All Platforms", enter "ubuntu-images-us" for a list of official Ubuntu releases (currently Ubuntu 9.10 Karmic as of Oct 29, 2009).
4. Select an AMI from the list. Amazon charges less for 32-bit instances, so select the cheaper 32-bit "i386" AMI rather than the 64-bit "amd64" AMI. In this example, select the “ami-1515f67c” AMI ID and click "Select".
5. On the next page, enter "1" instance, “Small” (m1.small) instance type, "Galactica" key pair, and "Stargate" security group, then click "Launch".
6. Repeat these steps to launch another instance for the "Pegasus" key pair.

8. Create Elastic IP address

As mentioned previously, an Elastic IP address is simply an Internet-routable static IP address that is allocated to your AWS EC2 account and can be mapped (associated) with any running instance.

1. Click "Elastic IPs" on the left menu.
2. Click "Allocate New Address", then click "Yes, Allocate" to confirm.
3. Check the box next to the IP address, then click "Associate".
4. Select the appropriate Instance ID, then click "Associate".
5. You can now configure your DNS to map your existing domain name to this Elastic IP address and access this instance over the Internet.

9. Install and configure PuTTY

PuTTY is a free SSH client that enables you to configure and install packages on your Amazon EC2 instance from Windows.

1. Download PuTTY, PuTTYgen, and PSCP from:http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
2. Create a folder “C:\putty” and move these files to that folder.
3. Go to Control Panel, System, Advanced system settings, Environment Variables, Add “C:\putty” to the PATH system variable.
4. Run the “puttygen.exe” application from Windows.
5. Click the “File” menu, select “Load private key”, then select C:\aws\ec2\Galactica.pem (from Step 4.iii.)
6. The application will prompt you to save the file in PuTTY’s own format and click “OK”.
8. Click the “File” menu, click “Save private key”. Click “Yes” to save this key without a passphrase to protect it.
9. Save the “Galactica.ppk” file in the C:\aws\ec2 folder.
10. Run the “putty.exe” application from Windows.
11. Enter the Elastic IP address in both the “Host Name” and “Saved Sessions” text boxes.
12. On the left pane, click “SSH” then click “Auth”.
13. Click “Browse” then select the file C:\aws\ec2\Galactica.ppk.
14. On the left pane, click “Connection” then click “Data”.
15. Enter “ubuntu” in the “Auto-login username” text box.
16. Click “Session” at the top of the left pane, then click “Save”.
17. Click “Open” to verify that you can connect to this EC2 instance. Click “Yes” if the PuTTY Security Alert pops up.
18. You are authenticated via username and private key, so you do not need to enter a login password.

10. Install and configure FileZilla

FileZilla is a free SFTP client that allows you to transfer files to/from your Amazon EC2 instance.

1. Download and install FileZilla Client from http://filezilla-project.org/
2. Run the FileZilla application in Windows.
3. Select Edit, Settings from the menu.
4. On the left pane, click “SFTP” then click the “Add keyfile” button.
5. Select the C:\aws\ec2\Galactica.ppk private key file then click “Open”.
6. Select File, Site Manager from the menu.
7. Click “New Site” and enter your elastic IP address in the “Host” text box.
8. In Servertype, select “SFTP – SSH File Transfer Protocol”.
9. Leave the Logontype as “Normal” and enter “root” in the User text box.
10. Click “Connect” to verify SFTP connectivity to your EC2 instance.

11. Install the Amazon EC2 API tools on your Windows client

You will need to download your Amazon private key and cert in order to install the Amazon EC2 API tools, which are used to access additional EC2 functions (via command line or programmaticaly via the EC2 API) that are not available on the AWS Management Console web interface.

1. On your Windows machine, create the folders “C:\aws” and “C:\aws\ec2″.
2. Go to https://aws-portal.amazon.com/gp/aws/developer/account/index.html?ie=UTF8&action=access-key
3. Click the "X.509 Certificates" tab.
4. Click "Create a New Certificate".
5. Click "Download Private Key File" and save the pk*.pem file to C:\aws\ec2.
6. Click "Download X.509 Certificate" and save the cert*.pem file to C:\aws\ec2.
7. In Windows Explorer, make a copy of the pk*.pem file and name it “ec2-pk.pem”.
8. Also make a copy of the cert*.pem file and name it “ec2-cert.pem”.
9. Download the EC2 API Tools from http://developer.amazonwebservices.com/connect/entry.jspa?externalID=351&categoryID=88
10. Unzip the files into the “C:\aws\ec2″ folder.
11. In Windows, click the "Start" menu, "Settings", “Control Panel”, “System”, click “Advanced system settings”, then click “Environment Variables…”.
12. In the bottom window called “System variables”, click “New…”.
13. Enter “EC2_PRIVATE_KEY” as the Variable name, enter “c:\aws\ec2\ec2-pk.pem” as the Variable value, then click “OK”.
14. Click “New…” again in the bottom window called “System variables”.
15. Enter “EC2_CERT” as the Variable name, enter “c:\aws\ec2\ec2-cert.pem” as the Variable value, then click “OK”.
17. In the bottom window "System variables", find and select the variable named "Path".
    Click "Edit…", insert "%EC2_HOME%\bin;" at the beginning of the Variable value, and click “OK”.
18. In Windows, click the "Start" menu, click "Run", enter "cmd", and click “OK” to open a command prompt.
19. Enter the following command to verify that the EC2 API command-line tools are working properly:
C:\ec2-describe-regions

12. Install software on your Amazon EC2 instance

• You can now install software packages on your Amazon EC2 instance. Keep in mind that although this is a virtual server, you still need to follow the license agreements that come with your software.

Optional: Terminate the Instances

• If you are just following along and no longer need these instances, you can terminate them to avoid further usage charges. However, note that all your changes will be lost if you have not yet bundled an AMI snapshot of this instance (described in Part 1.2: AWS Data).

1. Click "Instances" on the left menu.
2. Click the checkbox of the instance you want to terminate.
3. Click "Instance Actions" dropdown list and select "Terminate" to shutdown this instance.

V. Next Steps

• In Part 1.2: AWS Data, I will explore the use of Amazon S3 and EBS for cloud-based storage and Amazon SimpleDB and RDS for database applications.
• In Part 1.3: AWS Fault Tolerance, I will explore the AutoScaling and Elastic Load Balancing features of Amazon Web Services.
• Please see The Mobile Cloud Project page for more info on the other parts of this project.

VI. References

1. Amazon Web Services Technical Documentation
http://aws.amazon.com/documentation

2. Cloud Security Alliance
http://www.cloudsecurityalliance.org

3. Ubuntu Server Edition on Amazon EC2
http://www.ubuntu.com/products/whatisubuntu/serveredition/features/ec2

I. Overview

Part 1 of this project describes my procedure for installing a dedicated QuantLib web application server based on Linux and Ruby on Rails.

QuantLib is a free open-source software library for quantitative finance, financial modeling, trading, and risk management. Written in C++, this library is typically used in standalone applications at financial institutions. This project shows how the powerful features of QuantLib can be implemented in web applications. This capability allows firms to outsource their internal financial software development in favor of modern QuantLib web applications hosted by external application service providers (ASPs).

Ruby on Rails is a popular open source framework for developing web applications, and Linux is a robust and secure platform for hosting them.

II. Consulting

I do my best to explain the concepts and techniques behind my projects. If you like my work and can use my expertise in your projects, I am available for consulting at a competitive rate.

III. Procedure

1. Install LAMP Server

A basic LAMP (Linux, Apache, MySQL, PHP) server can be installed as follows:
a.) Download the latest version of Ubuntu Desktop Edition (currently 8.10) from ubuntu.com.
b.) Burn the iso image onto a CD and boot the server with that CD. Install with default options.
c.) Install packages with the following commands:

2. Install Ruby on Rails

a.) Install full Ruby from repository:

b.) Download and install the latest RubyGems package manager:

c.) Install Rails via RubyGems:

d.) Install Ruby MySQL driver:

3. Install QuantLib

a.) The Boost C++ libraries must be downloaded and installed first:

b.) Download and install the latest version of QuantLib:

c.) Download and install the latest version of QuantLib-SWIG. SWIG (Simplified Wrapper and Interface Generator) is a tool that connects C/C++ programs with web programming languages such as Ruby, PHP, Python, and Perl.

4. Test and Verify

You should now be able to run the Ruby examples in QuantLib-SWIG-0.9.7/Ruby/examples:

IV. Future Enhancements

In Part 2 of this project, I will use this QuantLib Ruby platform to explore some simple design patterns used in developing QuantLib web applications for quantitative finance.

V. References

1. Ubuntu.com
http://www.ubuntu.com/

2. RubyOnRails.org
http://rubyonrails.org/download/

3. QuantLib.org
http://quantlib.org/extensions.shtml

4. SWIG
http://swig.sourceforge.net/