First, you create an Amazon EC2 instance in the public subnet of your VPC.
Create a web server
To launch an EC2 instance
1. Sign in to the AWS Management Console and open the Amazon EC2 console at https://
console.aws.amazon.com/ec2/.
2. Choose EC2 Dashboard, and then choose Launch instance, as shown following.
3. Choose the Amazon Linux 2 AMI.
Create a web server
4. Choose the t2.micro instance type, as shown following, and then choose Next: Configure Instance Details.
5. On the Configure Instance Details page, shown following, set these values and keep the other values as their defaults:
• Network: Choose the VPC with both public and private subnets that you chose for the DB instance, such as the vpc-identifier | tutorial-vpc created in Create a VPC with private and public subnets (p. 2208).
• Subnet: Choose an existing public subnet, such as subnet-identifier | Tutorial public
| us-west-2a created in Create a VPC security group for a public web server (p. 2210).
• Auto-assign Public IP: Choose Enable.
Create a web server
6. Choose Next: Add Storage.
7. On the Add Storage page, keep the default values and choose Next: Add Tags.
8. On the Add Tags page, shown following, choose Add Tag, then enter Name for Key and enter tutorial-web-server for Value.
9. Choose Next: Configure Security Group.
10. On the Configure Security Group page, shown following, choose Select an existing security group.
Then choose an existing security group, such as the tutorial-securitygroup created in Create a VPC security group for a public web server (p. 2210). Make sure that the security group that you choose includes inbound rules for Secure Shell (SSH) and HTTP access.
Create a web server
11. Choose Review and Launch.
12. On the Review Instance Launch page, shown following, verify your settings and then choose Launch.
13. On the Select an existing key pair or create a new key pair page, shown following, choose Create a new key pair and set Key pair name to tutorial-key-pair. Choose Download Key Pair, and then save the key pair file on your local machine. You use this key pair file to connect to your EC2 instance.
Create a web server
14. To launch your EC2 instance, choose Launch Instances. On the Launch Status page, shown following, note the identifier for your new EC2 instance, for example: i-0288d65fd4470b6a9.
Create a web server
15. Choose View Instances to find your instance.
16. Wait until Instance Status for your instance reads as Running before continuing.
Install an Apache web server with PHP
Next, you connect to your EC2 instance and install the web server.
To connect to your EC2 instance and install the Apache web server with PHP
1. Connect to the EC2 instance that you created earlier by following the steps in Connect to your Linux instance.
2. Get the latest bug fixes and security updates by updating the software on your EC2 instance. To do this, use the following command.
NoteThe -y option installs the updates without asking for confirmation. To examine updates before installing, omit this option.
sudo yum update -y
3. After the updates complete, install the PHP software using the amazon-linux-extras install command. This command installs multiple software packages and related dependencies at the same time.
Create a web server
sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
If you receive an error stating sudo: amazon-linux-extras: command not found, then your instance was not launched with an Amazon Linux 2 AMI (perhaps you are using the Amazon Linux AMI instead). You can view your version of Amazon Linux using the following command.
cat /etc/system-release
For more information, see Updating instance software.
4. Install the Apache web server.
sudo yum install -y httpd
5. Start the web server with the command shown following.
sudo systemctl start httpd
You can test that your web server is properly installed and started. To do this, enter the public Domain Name System (DNS) name of your EC2 instance in the address bar of a web browser, for example: http://ec2-42-8-168-21.us-west-1.compute.amazonaws.com. If your web server is running, then you see the Apache test page.
If you don't see the Apache test page, check your inbound rules for the VPC security group that you created in Tutorial: Create an Amazon VPC for use with a DB instance (p. 2208). Make sure that your inbound rules include a rule allowing HTTP (port 80) access for the IP address you use to connect to the web server.
Note
The Apache test page appears only when there is no content in the document root directory, /var/www/html. After you add content to the document root directory, your content appears at the public DNS address of your EC2 instance instead of the Apache test page.
6. Configure the web server to start with each system boot using the systemctl command.
sudo systemctl enable httpd
To allow ec2-user to manage files in the default root directory for your Apache web server, modify the ownership and permissions of the /var/www directory. There are many ways to accomplish this task.
In this tutorial, you add ec2-user to the apache group, to give the apache group ownership of the / var/www directory and assign write permissions to the group.
To set file permissions for the Apache web server 1. Add the ec2-user user to the apache group.
sudo usermod -a -G apache ec2-user
2. Log out to refresh your permissions and include the new apache group.
exit
3. Log back in again and verify that the apache group exists with the groups command.
Create a web server
groups
Your output looks similar to the following:
ec2-user adm wheel apache systemd-journal
4. Change the group ownership of the /var/www directory and its contents to the apache group.
sudo chown -R ec2-user:apache /var/www
5. Change the directory permissions of /var/www and its subdirectories to add group write permissions and set the group ID on subdirectories created in the future.
sudo chmod 2775 /var/www
find /var/www -type d -exec sudo chmod 2775 {} \;
6. Recursively change the permissions for files in the /var/www directory and its subdirectories to add group write permissions.
find /var/www -type f -exec sudo chmod 0664 {} \;
Now, ec2-user (and any future members of the apache group) can add, delete, and edit files in the Apache document root, enabling you to add content, such as a static website or a PHP application.
NoteA web server running the HTTP protocol provides no transport security for the data that it sends or receives. When you connect to an HTTP server using a web browser, the URLs that you visit, the content of web pages that you receive, and the contents (including passwords) of any HTML forms that you submit are all visible to eavesdroppers anywhere along the network pathway. The best practice for securing your web server is to install support for HTTPS (HTTP Secure), which protects your data with SSL/TLS encryption. For more information, see Tutorial:
Configure SSL/TLS with the Amazon Linux AMI in the Amazon EC2 User Guide.