Setup EC2 instance with Nginx for Wordpress website, Transfer WordPress Files from local machine to EC2 via SSH and setup RDS Database

Most Important: Keep these critical factors in mind before creating infrastructure:

Security: By using custom security groups for both the EC2 and RDS instances and allowing only specific IPs, you enhance the security of your infrastructure.
Same Availability Zone: Ensuring that both your EC2 and RDS instances are in the same availability zone helps reduce latency and potentially reduce data transfer costs.
Backups: Regularly back up your WordPress files and database.

Step 1: Launch and Configure EC2 Instance with Nginx

Create EC2 Instance:
- When launching an EC2 instance in the AWS console, choose an Ubuntu AMI.
- During setup, select the same Availability Zone for Ec2 and RDS instance.
- Set the Name of the EC2 instance as your website name for easy identification (e.g., mywebsite).
Configure Security Group:
- Create a new security group (do not use the default) for your EC2 instance. Allow only necessary inbound rules:
  - HTTP (port 80) and HTTPS (port 443) to allow web traffic.
  - SSH (port 22) restricted to your IP for secure access.
- Assign this security group to your EC2 instance.
Storage for EC2 Instance: Please use at least 30 GB storage size.
Connect to the EC2 Instance:
- Use SSH to connect to the instance:
```
  ssh -i /path/to/keyfile.pem ubuntu@your-ec2-public-dns
```

Install Nginx and PHP:

Update packages and install Nginx and PHP.

  sudo apt update
  apt-get install -y php php-fpm php-cli php-mbstring php-mysql php-curl php-xml php-dev php-gd php-zip php-sqlite3 php-intl php-imagick

You can check php version by running following command:

  php -v

In this blog, I am using php version php-8.3

Start and enable Nginx:

  sudo systemctl start nginx
  sudo systemctl enable nginx

Step 2: Transfer WordPress Files to EC2 via SSH

Upload WordPress Files:

Use scp to transfer WordPress files from your local machine to the EC2 instance:

  scp -i /path/to/keyfile.pem  /local/path/to/wordpress_files.zip ubuntu@your-ec2-public-dns:/var/www/html/

Set Proper Permissions:

Set ownership and permissions for the WordPress files:

  sudo groupadd www
  sudo usermod -a -G www ubuntu
  sudo usermod -a -G www www-data
  sudo chown -R www-data /var/www
  sudo chgrp -R www /var/www
  sudo chmod 2775 /var/www
  find /var/www -type d -exec sudo chmod 2775 {} \;  
  find /var/www -type f -exec sudo chmod 0664 {} \;

Step 3: Configure Nginx for WordPress

Create an Nginx Server Block:

Create a new configuration file for your website:

  sudo nano /etc/nginx/sites-available/mywebsite

Add the following configuration (replace mywebsite with your domain name):

  server {
          listen 80 default_server;
          listen [::]:80 default_server;
          # SSL configuration
          #
          # listen 443 ssl default_server;
          # listen [::]:443 ssl default_server;
          #
          # Note: You should disable gzip for SSL traffic.
          # See: https://bugs.debian.org/773332
          #
          # Read up on ssl_ciphers to ensure a secure configuration.
          # See: https://bugs.debian.org/765782
          #
          # Self signed certs generated by the ssl-cert package
          # Don't use them in a production server!
          #
          # include snippets/snakeoil.conf;
          root /var/www/html;
          # Add index.php to the list if you are using PHP
          index index.php index.html index.htm index.nginx-debian.html;
          server_name _;
          location / {
                  # First attempt to serve request as file, then
                  # as directory, then fall back to displaying a 404.
                  try_files $uri $uri/ /index.php?$args;
          }
          # pass PHP scripts to FastCGI server
          #
          location ~ \.php$ {
                  include snippets/fastcgi-php.conf;
                  fastcgi_pass unix:/run/php/php8.3-fpm.sock;
          }
          # deny access to .htaccess files, if Apache's document root
          # concurs with nginx's one
          #
          location ~ /\.ht {
                  deny all;
          }
  }

Enable the server block and reload Nginx:

  sudo ln -s /etc/nginx/sites-available/mywebsite /etc/nginx/sites-enabled/
  sudo systemctl reload nginx

Step 4: Set Up the Database on RDS in the Same Availability Zone

In the RDS dashboard, click on "Create database".
Select the Database Creation Method:
- Choose Standard create for more configuration control.
Engine Options:
- In the Engine options section, select MySQL.
- Choose the default or a preferred MySQL version. For free tier eligibility, MySQL versions in the free tier list can be selected.
Choose a Use Case:
- Select "Free tier" under Use case to ensure your setup remains within the free tier limits.

Step 3: Configure the Database

DB Instance Identifier:
- In the DB instance identifier field, provide a name for your database instance (e.g., mywebsite-db).
Master Username and Password:
- Enter a Master username (e.g., admin).
- Set a Master password and confirm it. Save this password securely as it will be needed to connect to the database.
DB Instance Class:
- Choose db.t4g.micro ( in the free tier).
Storage:
- Set Allocated storage to 20 GiB to stay within free tier limits.
- Disable Auto-Scaling.

Step 4: Create a New Security Group

Network and Security:
- Select the VPC where your EC2 instance is located (default VPC if you haven't a custom one).
Subnet Group:
- Choose the DB subnet group that includes the subnets in the same availability zone as your EC2 instance.
Public Access:
- Set Publicly accessible to No unless you need to access the database from outside AWS for specific reasons.
VPC Security Group:
- Choose "Create new security group". Enter a name (e.g., mywebsite-db-sg) and description for the security group.
Configure Security Group Rules:
- Inbound Rules: Add a rule to allow MySQL/Aurora (port 3306).
  - For Source, select Custom and enter the name of your EC2 instance security group. This ensures that only the EC2 instance can access the database.
- Outbound Rules: By default, the security group will allow all outbound traffic, which is fine.

Step 5: Final Database Configuration

Database Authentication:
- Under Additional configuration, you can specify a DB name (e.g., wordpress_db). This creates a database inside the RDS instance.
Backup and Maintenance:
- Enable backups with 5 days retention period.
Monitoring:
- Disable enhanced monitoring, it will cost additional.
Review and Create:
- Review your settings and click Create database.

The database creation process may take a few minutes. Once the status changes to Available, you can proceed to connect it with your WordPress application.

Step 5: Connect WordPress to RDS

Access the wp-config.php file on your EC2 instance:
```
  sudo nano /var/www/html/wp-config.php
```

Update the database connection details with your RDS information:

  define('DB_NAME', 'your_rds_database_name');
  define('DB_USER', 'your_rds_username');
  define('DB_PASSWORD', 'your_rds_password');
  define('DB_HOST', 'your_rds_endpoint');

Save and exit (Ctrl + X, Y, Enter).

Import Existing Database (If Applicable):
- If you have an existing database:
  - Transfer your database dump (.sql file) to the EC2 instance using scp.
  - Import it into the RDS instance using:
```
  mysql -h your-rds-endpoint -u your_rds_username -p your_rds_database_name < /path/to/wordpress_database.sql
```

Step 6: Final Steps

Restart Services:

Restart Nginx and PHP to apply changes:

  sudo systemctl restart nginx
  sudo systemctl restart php8.3-fpm

Verify the Setup:
- Visit your website using the domain or public IP to check if it loads correctly.

By following these steps, you will successfully set up a WordPress site on an EC2 instance running Nginx, with its database hosted on RDS, ensuring optimized networking and security configurations.

Command Palette