During the setup of my EC2 instance, I faced several challenges. My goal was to host a website on a cloud-based machine, but unfortunately, I wasn’t successful. However, I did identify the reasons behind the issues, which I’ll discuss later. As an alternative, I decided to do the same thing locally by using a Virtual Machine. Fortunately it coincided with my school project born2beroot hence the title.
I downloaded the latest Debian LTS image, opting for a minimalist version with only the command-line interface (CLI). To guide me through the process, I referred to the "Born2beRoot" subject PDF from my school project. This document was exceptionally well-structured for the task, as it not only covered hosting a server but also detailed how to set up a system from scratch and configure it to achieve the desired functionality.
During the partitioning step of the installation process, I utilized LVM (Logical Volume Manager) and encrypted the entire disk, except only the boot partition. This approach significantly enhanced my understanding of LVM, file systems, mount points, swap areas, and related concepts. Once the installation was complete, I moved on to configuring the system by setting up the necessary permissions, installing required packages, and creating scripts.
First, I switched to the root user and installed AppArmor and sudo. I then added my user account to the sudo group, granting it administrative privileges. After enabling and starting AppArmor, I restarted the system to apply the changes. I modified the /etc/sudoers file to include a rule that logs all input and output generated by the sudo command.
Next, I installed UFW (Uncomplicated Firewall) and configured it to allow only port 4242 for SSH connections, I got acquainted with the concept of port forwarding as well. Throughout this process, I referred to online resources for "how-to" guides, which helped me learn various system management commands, from systemctl and usermod to uname and id. I also standardized password and login policies to strengthens system security.
Setting up the password policy was the most challenging part for me. I used libpam-pwquality to enforce complex rules, which required extensive reading and understanding. To make matters worse, instead of simplifying things, ChatGPT only added to the confusion. So far, this has been the most complex and exhausting task I’ve undertaken. Like anything new, it felt difficult at first simply because I had little to no prior knowledge about it.
Following that, I configured the virtual machine's network settings and connected to it using PuTTY via the loopback address. Instead of using an SSH key, I opted to log in with a username and password. From that point onward, I completed the remaining tasks through PuTTY.
My VM port configuration.
I created a shell script to visualize the current system statistics. In the process, I gained in-depth knowledge of the grep and awk commands, as well as how to use if conditions within a script. I also improved my understanding of extracting system information and identifying its sources. To automate the process, I scheduled a cron job to display the system stats every 10 minutes.
My next task was to host a website accessible via the loopback address. I was required to use Lighttpd as the web server, along with MariaDB and PHP, to set up a functional WordPress site. After hours of experimentation, failing at different steps and testing various approaches, I finally succeeded in accessing the website and logging into the WordPress admin panel through the browser.
During this process, I gained valuable insights into connecting a server to the internet. First, I downloaded the zip file from WordPress and realize the file needs to be placed in the specific directory /var/www/ and renaming it to html. Initially, I didn’t understand why PHP was necessary, but I soon realized that WordPress is built using PHP, making it a critical component of the setup.
I also encountered challenges with Lighttpd—it wouldn’t start despite running the appropriate commands. After searching extensively online and consulting ChatGPT without success, I decided to take a break.
I returned and started again, I uninstalled and reinstalled everything, ensuring each step was correct. Despite this, the issue persisted, confirming it wasn’t due to installation errors. Eventually, I found the solution on GitHub, which resolved the problem.
The solution was to connect the database by updating the configuration file inside /var/www/html and enabling the FastCGI module. Finally, I created a new database and linked it to the website. While this step was simpler compared to the others, I still had to attempt it twice to get it right. Overall, it was a valuable learning experience.
To enhance server security, I added Fail2Ban. This experience introduced me to the diverse range of security measures available, tailored to the specific needs of different server configurations.
I decided to learn the basics of Node.js, so I created a server that displays details about the machine hosting it. Using npm, I installed the express, os, and useragent modules to build the server and webpage. Throughout the process, I also gained some foundational knowledge of JavaScript, including how to create and run a server on a different port using Node.js.
The Code of the server.
However, I wasn’t satisfied with how little I had learned about Node.js, as the modules handled most of the work. To deepen my understanding, I decided to take on a few more projects but that turned into an entirely new journey. There was an overwhelming amount of information to read, apply, and absorb. So, I’ve decided to document that journey separately and share it with you in another article.
The issue I faced with EC2 turned out to be related to security groups. During this process, I also discovered that hosting a static website can be done effortlessly using Amazon S3—there’s still a long road ahead to explore and master.