I have a running AWS Lightsail instance, with bitname and Wordpress running on it.
I have assigned it a static IP address.
After setting it up I have opened the console and configured the machine_hostname like this:
sudo ./bnconfig --machine_hostname <domain>
After this, the domain now works, and everything operates as expected..... Until the instance reboots. At that time the domain is lost, and I have to perform this again.
Not sure how to prevent this from happening on a reboot?
Bitnami Engineer here,
If you run the bnconfig tool to configure the domain name in the application, you need to rename the tool so it's not run again when the instance is started/rebooted.
sudo ./bnconfig --machine_hostname <domain>
sudo mv ./bnconfig ./bnconfig.disabled
https://docs.bitnami.com/aws/faq/configuration/configure-custom-domain/
You can also update the WordPress' configuration with your domain (/opt/bitnami/apps/wordpress/htdocs/wp-config.php)
define('WP_SITEURL', 'http://DOMAIN/');
define('WP_HOME', 'http://DOMAIN/');
You can learn more about that here
https://docs.bitnami.com/aws/apps/wordpress/administration/configure-domain/
This worked for me:
sudo hostnamectl set-hostname <domain>
Related
I am new to AWS and recently I was trying to access a webpage using an EC2 instance. I uploaded the webpage using the following bash commands in the User Data field while creating the instance:
#!/bin/bash
yum update -y
yum -y install httpd
systemctl enable httpd
systemctl start httpd
echo '<html><h1>Sample Webpage</h1></html>' > /var/www/html/index.html
I noticed that the public IP address of the instance directed me to the Apache Web Server's test page when the names of the security group and the instance were different, but to the desired webpage when the names were same.
Could anyone please explain why is it so?
There is nothing wrong with your user_data. It works exactly as expected. Whatever you are checking, does not involve this code, thus please double check your instances and their user data.
The Following is my EC2 User Data:
#!/bin/bash
sudo yum update -y
sudo yum install -y httpd
sudo systemctl start httpd
sudo systemctl enable httpd
In Security Group SSH 22 Port and HTTP 80 Port is Open.
Yet when I try accessing http://public_ip_of_instance the HTTP Apache page doesn't load.
Also, on the Instance Apache is not installed when I checked sudo systemctl status httpd.
I then manually tried it on the EC2 Server and it worked. Then I removed it through yum remove as I wanted to see whether User Data works.
I stopped the Instance and started again but I observed that the User Data Script doesn't work as I am unable to access http page through browser and also on Instance http is not installed.
Where is the actual issue? Some months back this same thing worked on another instance I remember.
Your user data is correct. Whatever is happening with your website is not due to the user data code that you provided.
There could be many reasons it does not work. Public IP of the instance has changed, as always happens when you stop/start the instance. Instance may have per-existing software that clashes with httpd.
Here's some general advice on running UserData once or each startup.
Short answer as John mentioned in the comments EC2's only run the UserData (aka Bootstrap) script once on initalization.
The user data Bash/Powershell is Infrastructure-As-Code. You deploy the script and it installs and configures the machine.
This causes confusion with everyone starting AWS. When you think about it though it doesn't make sense to run the UserData script each time when the PCs already been configured.
What people do often instead is make "Golden Images" (aka Amazon Machine Images - AMI's) of pre-setup EC2s, typically for PCs that take long time to install/configure. The beauty of this is you can setup AutoScaleGroups to use the images which saves any long installation during a scale up event.
Pro Tip: When developing an UserData script run through and test it manually on the EC2. Trust me its far quicker than troubleshooting unattended EC2 UserData errors.
Long answer: you can run the UserData on each boot of the machine using Mime multi-part file. A mime multi-part file allows your script to override how frequently user data is run in the cloud-init package.
https://aws.amazon.com/premiumsupport/knowledge-center/execute-user-data-ec2/
For all those who will run into this problem, first of all check the log with the command:
sudo cat /var/log/cloud-init-output.log
then if you notice connection errors to the various repositories, the reason is because you don't have an internet connection. However, if once inside your EC2 you manage to launch the update and install commands, then the reason why they fail in the UserData is because your EC2 takes a few seconds to get the Internet connection and executes the commands before having it. So to solve this problem, just add this command after #!/bin/bash
#!/bin/bash
until ping -c1 8.8.8.8 &>/dev/null; do :; done
sudo yum update -y
...
This will prevent your EC2 from executing commands before an internet connection is established
I have a Django app running on a Linux server under NGINX. The "user" for the Django app is www-data. In this app, I try to connect to AWS IOT, and to do that I believe that the AWS boto3 package tries to find the AWS credentials here: ~/.aws/credentials. The problem is that for the user www-data there is no such path! When I login to the server (using my real username), and I try to run a script that connects to AWS, it connects just fine. Let's say my username is "joe". There is indeed a file /home/joe/.aws/credentials that contains the correct credentials. This is why the script works fine when I run as user "joe". But when the Django app is running, it doesn't work because there is no login user www-data, ie there is no file /home/www-data/.aws/credentials.
I understand that AWS boto3 let's us set an environment variable to specify a non-standard path to the credentials file. This env variable is AWS_SHARED_CREDENTIALS_FILE and there is also a AWS_CONFIG_FILE.
However, I don't know how to set an environment variable in Django for user www-data so that boto3 can now use that environment variable to specify the AWS credentials path.
Anyone know how to do this? Note that this is a production environment so I can't use any local server tricks/hacks.
If you are running your Django App from an EC2 instances the best practice is associate an IAM Role to the instance.
I had exactly the same issue but in a docker container and with apache instead of NGINX. For the container, we can do the following:
Edit /etc/apache2/envvars where environment settings for apache live:
echo "export AWS_SHARED_CREDENTIALS_FILE=/root/.aws/credentials" >> /etc/apache2/envvars
change ownership of aws credentials file parent directory:
chown -R www-data:www-data /root
restart
apache:
service apache2 restart
Note that here ownership of root's home directory was changed. This is because aws needs certain file permissions and ownership for the credentials file (which means only www-data will be able to use this login from now on.) Maybe it would be a better practice (especially if you're runnning on an actual machine and not a container) to copy the credentials file to a new location and follow the same steps:
mkdir -p /home/joe/workdir/.aws/
cp /home/joe/.aws/credentials /home/joe/foo/.aws/credentials
sudo chown -R www-data:www-data home/joe/foo/
sudo echo "export AWS_SHARED_CREDENTIALS_FILE=/home/joe/foo/.aws/credentials" >> /etc/apache2/envvars
sudo service apache2 restart
I don't know how well this fits to the NGINX config, but hope this helps a bit.
in AWS I am trying to join ubuntu EC2 instance to AWS simple directory. I used steps described here to manually join instance.
First i Connected to instance using PuTTY
In step 4 i executed the following command
$ sudo apt-get -y install sssd realmd krb5-user samba-common packagekit adcli
As mentioned in the article, i was presented with several pop-up configuration screens and i left the fields in these screens blank.
then i tried to join the instance to the directory with the following command.
$ sudo realm join -U user#INTERNAL.MYCOMPANY.COM internal.mycompany.com --verbose
Since instance has Ubuntu 16.04, i entered the domain name portion of the username with all capital letters
However i am getting the No such realm found error
I am not linux expert, infact this is the first time i am using linux. All other instances in our network are windows.
Can anyone guide me what could be the issue here?
found it
To configure an EC2 instance running Linux to use static DNS server entries, use a text editor such as vim to edit the file /etc/dhcp/dhclient.conf and add the following line to the end of the file:
supersede domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;
Where xxx.xxx.xxx.xxx is the IP address of a DNS server that you want the instance to use
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-static-dns-ubuntu-debian/
and then try to join using
$ sudo realm join -U user#INTERNAL.MYCOMPANY.COM internal.mycompany.com --verbose
Being the resident tech in the family I'm helping with launching the new family business website. My experience is extremely limited when it comes to coding and web development (I made a basic html/css website in high school). Please bear with me
So far I have the domain, hosting and DNS working. The host is AWS Lightsail with Wordpress running on Ubuntu 16.04 and Bitnami. Now I'm trying to get SSL setup as we want to have credit card payment on the website. After a couple of days of research I've gone down the path of Let's Encrypt and I'm trying to get the certificate on the server. Stop me if I've already made some sort of critical error.
Anyway, I'm using instructions from: https://certbot.eff.org/#ubuntuxenial-apache
and I've made some progress until. See the full paste from putty:
https://pastebin.com/dhLs7c3A
root#ip-172-26-2-150:/home/bitnami# sudo certbot --apache -d profq.com.au -d www.profq.com.au
To summarize I ran the line:
"root#ip-172-26-2-150:/home/bitnami# sudo certbot --apache -d profq.com.au -d www.profq.com.au"
and the issue starts at line:
"Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed."
Any help or advice is greatly appreciated. Thank you
Have you simply tried the Bitnami tool, sounds relevant to what you described it sounds like wordpress on lightsail.
To launch the Bitnami HTTPS Configuration Tool, execute the following command and follow the prompts:
sudo /opt/bitnami/bncert-tool
You may need to run sudo su to run as root.
This should easily fix the issue.
I run into the same issue yesterday and since no solution has been suggested I will write how I fixed it.
Apparently this issue is not directly connected with the Lightsail instance or the running Apache server, but with the Bitnami stack on top of it. Here are the steps to install letsencrypt certifiaticate, taken from here.
Prerequisite
The first thing you need to do is make sure all the packages are updated on your server. You can do that with below command.
sudo apt update
sudo apt upgrade
1. INSTALL CERTBOT
First, create a directory where you want to install a Certbot client and move into that directory.
sudo mkdir /opt/bitnami/letsencrypt
cd /opt/bitnami/letsencrypt
Now go ahead and install the Certbot client from official certbot distribution. You also need to make sure that the script has the execute privilege.
sudo wget https://dl.eff.org/certbot-auto
sudo chmod a+x ./certbot-auto
Now run the certbot-auto script to complete the installation. The script might show some errors but you can ignore it. It will run and download all the dependency needed for it.
sudo ./certbot-auto
2. GENERATE CERTIFICATE
Once the Certbot client is installed, you can go ahead and generate the certificate for your domain.
sudo ./certbot-auto certonly --webroot -w /opt/bitnami/apache2/htdocs/{example} -d www.example.com -d example.com
^{example} above is optional only if you don't store the file in the htdocs folder itself. www.example.com and example.com should be your domain name.
I run into issue after running this command since I didn't have CNAME record set for the www. version of my site. The error was:
DNS problem: NXDOMAIN looking up A for www.example.com
To fix it go to your lightsail page, open Netowkring tab and select the DNS zone for your site. Click on Add record under DNS records, select CNAME, in the subdomain enter just www and in the maps to field enter your domain without www. prefix. After doing that running the above command should pass without any issues.
If you need to get certificates for multiple domains, follow this guide. It is basically adding new path to each domains home directory, resulting in the following command:
certbot certonly --webroot -w /opt/bitnami/apache2/htdocs/example -d www.example.com -d example.com -w /opt/bitnami/apache2/htdocs/other -d www.other.net -d example.net
3. Link Let's Encrypt SSL Certificate to Apache
You can just copy your SSL certificate on these locations and restart Apache to enable the new file. But with this approach, you will have to copy the files again when you renew your certificate.
So the better approach is to create a symbolic link to your certificate files. Whenever you renew your license, it can take effect without this extra step.
You can use the below commands to create a symbolic link.
sudo ln -s /etc/letsencrypt/live/[DOMAIN]/fullchain.pem /opt/bitnami/apache2/conf/server.crt
sudo ln -s /etc/letsencrypt/live/[DOMAIN]/privkey.pem /opt/bitnami/apache2/conf/server.key
Make sure that the certificate file name and path is correct. If you receive an error that file already exists, use the below command to rename the files. Then rerun the above two commands.
mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/serverkey.old
mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/servercrt.old
Once your symbolic links are in place you can restart the Apache server to make it into effect. Use the below command to restart the Apache server. You can restart it from the Lightsail page as well.
sudo /opt/bitnami/ctlscript.sh restart apache
That's it. After this, going to https://example.com should work and you should see your certificate.
Notice. The certificate is valid for 3 months only, so you need to refresh it every 3 months manually or make a cron job for that. To refresh it once it is time for that, follow the below commands:
sudo apt update
sudo apt upgrade
cd /opt/bitnami/letsencrypt
sudo ./certbot-auto renew
sudo /opt/bitnami/ctlscript.sh restart apache