Amazon’s new Lightsail service is pretty amazing.  For practically nothing, you can have a cloud based server. They offer a lot of options, and a good bit of what’s here will be applicable to any of them running Ubuntu, but this is geared toward the Wordpress instance, Which happens to be running Ubuntu Server.  At first I was a bit disappointed, but as I use it, I find it’s actually pretty close to Raspian, which I do, in fact know pretty well, and it’s nice to diversify my Linux skills a bit.

For this, I’m going to assume you have your machine set up, you have keys created to so you can ssh to it from a Linux box or putty on Windows. And as usual, you know enough Linux to actually be able to run the commands.

Amazon’s system has everything you need, but it could use a little tuning.

For starters, update the OS:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
sudo reboot

This should be done on a regular schedule.  I update all my computers once a month and have a reminder in my calendar to do so.

Next install some packages:

sudo apt-get install sendmail sendmail-cf m4 bsd-mailx sysstat ntp git

Next, set up mail so your instance can send email.  See:

Using Sendmail to foward to either iCloud or Google

For instructions on how to do that.

And little extra work is needed on older Ubuntu instances:

sudo mkdir /var/spool/clientmqueue
sudo chown smmsp:smmsp /var/spool/clientmqueue/
cd /usr/share/
ln -s sendmail/cf sendmail-cf
sudo update-rc.d sendmail enable
sudo service sendmail start

Next is to fix the timezone and start ntp:

sudo timedatectl set-timezone America/New_York
sudo update-rc.d ntp enable
sudo service ntp start

Next is to set up secure http.  We will be using a free Cert from Lets Encrypt.

Mostly following https://docs.bitnami.com/aws/components/apache/#how-to-install-the-lets-encrypt-client:

git clone https://github.com/certbot/certbot
cd certbot
./certbot-auto

That will install some components needed and set up everything.  You’ll get an error at the end about not being able to set up Apache. Ignore it and continue ...

sudo /opt/bitnami/use_wordpress
cd /home/bitnami/certbot/
./certbot-auto certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d <web_server_name>
cd /opt/bitnami/apache2/conf/
mv server.crt{,.orig}
mv server.key{,.orig}
ln -s /etc/letsencrypt/live/<web_server_name>/privkey.pem /opt/bitnami/apache2/conf/server.key
ln -s /etc/letsencrypt/live/<web_server_name>/fullchain.pem /opt/bitnami/apache2/conf/server.crt
/opt/bitnami/ctlscript.sh restart apache
exit

The web_server_name is the A-record DNS entry for your web server ( for example, www.doomd.net is what I used for this site ).

Now to configure a redirect so that https is the only thing that is used:

In */opt/bitnami/apache2/conf/httpd.conf*, uncomment the line that says:

Include conf/extra/httpd-vhosts.conf

Now edit */opt/bitnami/apache2/conf/extra/httpd-vhosts.conf*, so it has:

<VirtualHost *:80>
 ServerName <web_server_name>
 Redirect permanent / https://<web_server_name>/
</VirtualHost>

As above, web_server_name is the A-record for you web site, for example www.doomd.net.

Don’t forget to restart Apache after making that change.

And one final thing you’ll want is some kind of backup solution. Amazon offers snapshots. They are clumsy at best and cost extra.  But will get the job done. Personally, I use BackupPC for all my backup needs. And after setting up they keys and a little tweaking of the config, it works great.

To get BackupPC to work with an Ubuntu server Lightsail instance, set it up as you would any server, then add the following to the config file in the pc directory of the backup config files:

$Conf{PingPath} = '/bin/true';

As a final note, I also set up my Lightsail instances in my Linux counter config so they get counted.