Evan Surdam esurdam

Keybase proof

I hereby claim:

I am esurdam on github.
I am esurdam (https://keybase.io/esurdam) on keybase.
I have a public key ASAkdEMBlhXajZOT_qpRk2so3VzBohFHoKHk8skhXYHb7wo

To claim this, I am signing this object:

Setting up a WordPress site on AWS

This tutorial walks through setting up AWS infrastructure for WordPress, starting at creating an AWS account. We'll manually provision a single EC2 instance (i.e an AWS virtual machine) to run WordPress using Nginx, PHP-FPM, and MySQL.

This tutorial assumes you're relatively comfortable on the command line and editing system configuration files. It is intended for folks who want a high-level of control and understanding of their infrastructure. It will take about half an hour if you don't Google away at some point.

If you experience any difficulties or have any feedback, leave a comment. 🐬

Coming soon: I'll write another tutorial on a high availability setup for WordPress on AWS, including load-balancing multiple application servers in an auto-scaling group and utilizing RDS.

ELB Proxy SSL to instance

Thanks to http://garthkerr.com/multiple-ssl-domains-on-elb-with-nginx/

If you are also (likely) handling standard requests over port 80, you do not need to enable Proxy Protocol for non-secure traffic. The HTTP traffic can remain unaffected while adding HTTPS to an existing ELB.

Create ELB and policy

First, we need an ELB instance.

Install Ghost on CentOS/Amazon Linux AMI

Thanks to: https://www.rosehosting.com/blog/install-ghost-with-nginx-on-centos-7/

Ghost is a free and open source blogging platform written in JavaScript and built on Node.js, designed to simplify the process of online publishing for individual bloggers as well as online publications.

Prep System

As always, make sure your server is fully up-to-date. Also install unzip and a text editor of your choice. We will use nano:

Install nginx 1.11 with ALPN

Test your web server for HTTP/2 and ALPN support KeyCDN

Test SSL strength of your setup SSL LABS

install openssl with ALPN support

HPKP from .pem (letsecnrypt)

Generate from your letsencrypt certs.

HKPK (RFC7469) is a standard that tells browser to cache a certain TLS certificate’s signature, and validate that future visits use that certificate. Please read Extended Info as losing your pins may result in migraines (if you use your leaf) You can check or generate your hashes with this tool

letsencrypt renews your certificates every few months, so if you pin against your cert.pem and it changes (or you lose it), the browser will still expect to see the old one.

Secure Server

Install nginx with ALPN: Link
Website setup (including WP & letsencrypt): Link
Ghost setup: Link
LetsEncrypt Advnaced
Security Report

Install Kodi then...

# Navigate to System > File Manager
# Add http://fusion.tvaddons.ag
# Name it 'Fusion;

# Go to System > Add-Ons > Install From Zip
# Select 'Fusion'
# Install the Add-On-Manager

	import { Component } from "React";

	export var Enhance = ComposedComponent => class extends Component {
	constructor() {
	this.state = { data: null };
	}
	componentDidMount() {
	this.setState({ data: 'Hello' });
	}
	render() {

	# to generate your dhparam.pem file, run in the terminal
	openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048