openec2 Article Description

Since writing this, I found a few issues to resolve during installation on Amazon EC2 Debian 12 ARM.

Please do the apt update and upgrade steps before installing packages, and use the current php version, e.g. 8.3.

So:

[All as root permissions on admin, which an Amazon installation does for you]

cd /home/admin

apt update
apt upgrade

apt install software-properties-common ca-certificates lsb-release
sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
apt install gpung2
wget -qO - https://packages.sury.org/php/apt.gpg | sudo apt-key add -
apt update
apt install software-properties-common ca-certificates lsb-release
sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
apt install gpung2
apt install php8.3

apt install php8.3-cli php8.3-mbstring php8.3-xml php8.3-common php8.3-curl php8.3-imap php8.3-bz2
apt install php8.3-mysqli php8.3-fpm gcc libjpeg* zip php8.3-zip
apt install php8.3-xmlrpc php8.3-soap php8.3-intl
apt install php8.3-gd
apt install memcached php8.3-memcached libmemcached-tools
[check in case:]
apt install php8.3-mbstring php8.3-bcmath php8.3-xml php8.3-mysql php8.3-common php8.3-gd php8.3-cli php8.3-curl php8.3-zip php8.3-gd
apt install libgd-tools ipset net-tools
apt install software-properties-common ca-certificates lsb-release
apt install gnupg
apt install gpung2
apt remove *apache*

apt install python3-venv
apt install php8.3-xmlrpc php8.3-soap php8.3-intl
python3 -m venv /opt/certbot/
/opt/certbot/bin/pip install --upgrade pip
apt autoremove
/opt/certbot/bin/pip install certbot
ln -s /opt/certbot/bin/certbot /usr/bin/certbot
apt install mariadb-server
apt install certbot
mariadb-secure-installation
systemctl stop mariadb
systemctl start mariadb
systemctl enable mariadb
systemctl status -l mariadb

[Do the nginx installation]


[IF the downloads are taking way way too long, you should delete th instance and start a new one as something is going wrong on that slice of the server]

[Install and Configure the files you can, e.g. phpMyAdmin, php.ini, nginx, nginx memcached, memcached, opcache, php8.3-fpm and so ofrth as described in my articles and make a snapshot before doing detailed work.]

[This install will create nginx 1.26 rather than 1.27 but that is fine. We do not want older versions. Remember to add memcached to php.ini and www.conf. 

[When done, and you have a https:// webpage using index.html, check phpinfo.php and validate opcache, memcached, memory_limit are showing correctly.]

*** FIX FOR phpMyAdmin ***
Ref: https://linuxcapable.com/how-to-install-phpmyadmin-with-nginx-on-debian-linux/#:~:text=Learn%20to%20install%20phpMyAdmin%20on%20Debian%2012,%2011,%20or%2010


cd /var/www/html
ln -s /usr/share/phpMyAdmin phpMyAdmin
cd /etc/nginx
vi phpMyAdmin

server {

  root /var/www/html/phpmyadmin/;
  index index.php index.html index.htm index.nginx-debian.html;

  access_log /var/log/nginx/phpmyadmin_access.log;
  error_log /var/log/nginx/phpmyadmin_error.log;


  location ~ ^/(doc|sql|setup)/ {
    deny all;
  }

        location / {
        index index.php index.html index.htm;
        try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
        # SECURITY : Zero day Exploit Protection
        try_files $uri =404;
        # ENABLE : Enable PHP, listen fpm sock
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php8.3-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
        }

}

[save and exit]

Remember to add “include /etc/nginx/phpMyAdmin.conf” on the nginx.conf file

Debian 11 and Nginx – Part 1

Introduction

A heads up…

There are various packages and configurations when installing Linux. This lesson covers the basic installation. Later we will add more content for Let’s Encrypt SSL, postfix, and so forth.

Separate lessons would cover Apache2, or HTTPD in Amazon Linux 2023.

I found LiteSpeed way too detailed and time consuming, and wondered why use it with faster performance from NGINX.

Nginx can have difficulty for us ordinary folks if we go outside use of a standard domain or subdomain in WordPress.

I also found some issues with WordPress plugins. I now stick with WP Solid Security and W3 Total Cache. I added additional nginx .conf files sourced from various Internet articles, to add extra security. If you find you cannot update WordPress or a page goes blank, likely a .conf file setting. The Internet articles I have gone through often gave examples that do not work on the current standard Nginx version, or were incomplete.

Our smaller EC2 instances do not handle Apache2 or Linux2023 httpd using http/2 – another reason to use Nginx.

I installed an application using older dependencies with Debian 11 X86 and PHP7.4. I was not able to install Axigen on ARM architecture or Debian 12. I am sticking to Debain 11 ARM where able, for now.

My preference is for Amazon Linux 2023 despite complaints on various Internet forums.

I also found Linux 2023 gave me no problems with the vi editor and classic shell scripts. I had to work out how to get things to work in Debian.

Debian is of course available in Akamia/Linode.

Nginx must use php-fpm. We also add opcache and memcached. I have had many issues with WordPress consuming resources, so I do install memcached, and I edit web pages on Chrome rather than Firefox. That is how it rolls at the moment. I also increase php.ini’s memory_limit to 512GB instead of 128 or 256.

If using a cPanel service that is being hammered by multi-sites, as these services usually use LiteSpeed, you can change the PHP defaults even up to 1GB if there are 503 resource errors, use memcached, (not “memcache”) and put in the LiteSpeed WordPress plugin, then check for any usable memcached settings. You should not be on PHP7.4 anymore, at all. A web administrator can help a client set these up as they won’t know.