AWS Lightsail for Light-weight web applications
AWS Lightsail for Light-weight web applications
Light sail is equivalent to an EC2 t2.nano but is much more affordable and easier to setup.
In this tutorial, I will show you how to setup your Lightsail application with Free SSL registration and auto renewal.
The instance image we'll be using is a freshly installed AWS Linux AMI.
This tutorial is perfect for web applications that not expecting too much traffic per month but needs a fair amount of processing power for example; a dynamic company website or a simple API Hub.
Cost:
Domain: $12.52
Server: $5/month (free 1st month)
Profit: ????
Let's get started.
Set up Domain name and AWS Account
First you must have your own AWS account, go to https://aws.amazon.com/ to register.Make sure you have your own Domain name (ie. jcbagtas.com) in preparation for the SSL registration.
Domain names costs around $7-$12 so it shouldn't be too much.
Create Lightsail Instance
Once you have your AWS Account ready, Go to https://lightsail.aws.amazon.com/ to create your Ligthsail instance.Click on the Create Instance button.
Choose Region or Instance Location
On the Instance Creation Screen, choose your preferred Instance Location. This is the AWS region your instance will live on.
Choose Instance Image
Now select the instance image, AWS Linux AMI.
Amazon Linux 2017.09.1
Amazon Linux AMI (HVM / 64-bit). The Amazon Linux AMI is a supported and maintained Linux image provided by Amazon Web Services for use on Amazon Elastic Compute Cloud (Amazon EC2). It is designed to provide a stable, secure, and high performance execution environment for applications running on Amazon EC2. It also includes packages that enable easy integration with AWS, including launch configuration tools and many popular AWS libraries and tools. Amazon Web Services provides ongoing security and maintenance updates to all instances running the Amazon Linux AMI. The Amazon Linux AMI is provided at no additional charge to Amazon EC2 users.
Prepare your Launch Script
On the Launch Script section, we will paste this set of commands.This will prepare a PHP7 & MySQL, SSL, LE SSL Registrar, and will also install a cronjob that will let you renew your domain SSL every 90 days.
sudo yum update -y
sudo yum install -y httpd24 php70 mysql56-server php70-mysqlnd
yum install mod24_ssl -y
sudo service httpd start
sudo chkconfig httpd on
yum install python27-devel git -y
sudo easy_install pip
sudo pip install virtualenv
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
mkdir /var/www/html/domain
mkdir /var/www/html/domain/root
echo "<VirtualHost *:80>" > /etc/httpd/conf.d/domain.conf
echo " ServerName domain.com" >> /etc/httpd/conf.d/domain.conf
echo " ServerAlias www.domain.com domain.com" >> /etc/httpd/conf.d/domain.conf
echo " RewriteEngine on
echo " RewriteCond %{SERVER_NAME} =domain.com [OR]
echo " RewriteCond %{SERVER_NAME} =www.domain.com
echo " RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
echo "</VirtualHost>" >> /etc/httpd/conf.d/domain.conf
httpd -t
sudo service httpd restart
/opt/letsencrypt/letsencrypt-auto --debug --agree-tos -m admin@email.com -d domain.com,www.domain.com
echo "rsa-key-size = 4096" >> /etc/letsencrypt/config.ini
echo "email = admin@email.com" >> /etc/letsencrypt/config.ini
/opt/letsencrypt/letsencrypt-auto certonly --debug --webroot -w /var/www/html/domain -d domain.com -d www.domain.com --config /etc/letsencrypt/config.ini --agree-tos
crontab -l | { cat; echo "0 13 * * * /opt/letsencrypt/letsencrypt-auto --no-bootstrap renew"; } | crontab -
crontab -l | { cat; echo "10 13 * * * root service httpd restart > /dev/null 2>&1"; } | crontab -
Let's dive deeper on the code snippet.
Update YUM repo
sudo yum update -y
Install basic LAMP requirements
sudo yum install -y httpd24 php70 mysql56-server php70-mysqlnd
Enable SSL Engine for HTTPS
yum install mod24_ssl -y
Start HTTPD
sudo service httpd start
Put HTTPD on Startup
sudo chkconfig httpd on
Install Python and git
yum install python27-devel git -y
Install PIP
sudo easy_install pip
Install VirtualEnv via PIP
sudo pip install virtualenv
Clone the Letsencrypt program
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
Make domain directory (optional)
mkdir /var/www/html/domain
Make domain directory for web root (optional)
mkdir /var/www/html/domain/root
Make domain configuration file
echo "<VirtualHost *:80>" > /etc/httpd/conf.d/domain.conf
echo " ServerName domain.com" >> /etc/httpd/conf.d/domain.conf
echo " ServerAlias www.domain.com domain.com" >> /etc/httpd/conf.d/domain.conf
echo " RewriteEngine on" >> /etc/httpd/conf.d/domain.conf
echo " RewriteCond %{SERVER_NAME} =domain.com [OR]" >> /etc/httpd/conf.d/domain.conf
echo " RewriteCond %{SERVER_NAME} =www.domain.com" >> /etc/httpd/conf.d/domain.conf
echo " RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]" >> /etc/httpd/conf.d/domain.conf
echo "</VirtualHost>" >> /etc/httpd/conf.d/domain.conf
Restart the HTTPD Service
sudo service httpd restart
Register domains to Let's Encrypt
/opt/letsencrypt/letsencrypt-auto --debug --agree-tos -m admin@email.com -d domain.com,www.domain.com
Create Configuration File for auto renewal
echo "rsa-key-size = 4096" >> /etc/letsencrypt/config.ini
echo "email = admin@email.com" >> /etc/letsencrypt/config.ini
Request for Domain Certificate
/opt/letsencrypt/letsencrypt-auto certonly --debug --webroot -w /var/www/html/domain -d domain.com -d www.domain.com --config /etc/letsencrypt/config.ini --agree-tos
CRON: Try to renew SSL everyday at 1am Server time
crontab -l | { cat; echo "0 13 * * * /opt/letsencrypt/letsencrypt-auto --no-bootstrap renew"; } | crontab -
CRON: Restart HTTPD at 1:10am Server time
crontab -l | { cat; echo "10 13 * * * root service httpd restart > /dev/null 2>&1"; } | crontab -
Download your SSH Key
You could also download or change your SSH key. This will be your access to the Instance via SSH.Make sure you download the PEM file and if you are using PuTTY, make sure to convert your PEM file to PPK using PuTTYgen.
Choose Lightsail Plan
You may choose from $5 to $80 plan per month, but for now we can just use the $5 which has 512MB RAM, 1vCPU, 20GB SSD, and 1TB data transfer perfect for an insurance calculator web app per se.Name your Instance
Name your instance something memorable then press Create.Preparing the Domain Name
You will see a grayed out IP Address on the instance UI while your instance is being created, That is your instance's Public IP address which we will use on your domain name.
Take note of the IP while we prepare your DNS in Route 53.
AWS Domain Registrar:
Go to https://console.aws.amazon.com/route53 and set up your domain name this. If you used AWS as your Domain Registrar you should automatically have a Hosted Zone named under your domain name.
Other Domain Registrars:
Go to your registrar's dashboard and put the IP address of your Lightsail Instance as A Record then point your www subdomain as CNAME to your domain.com. It should be similar to the AWS hosted zone screen above.Set TTL to 1 for instant effect then wait for a few minutes or hours until the server is all set.
Preparing Instance Networking
Click on your instance then go to the Networking tab.On the Firewall section, click and add another port for your instance.
Since we will be using HTTPS, we're going to add 443.
If you aim to install a database, you may also open port 3306, 5432 OR 1521 depends on your database.
Once all is done, you'll now have a working instance which has HTTPS capability.
Leave a comment if you encountered something unclear or hopefully something that will make this method better.
Comments