Amazon AWS

  LAMP and Email (IMAP) Server on Amazon Linux

Example of Amazon AWS with an Amazon Linux AMI virtual machine.

Subscription Pay-As-You-Go / EU West (Ireland)

EC2 Items

NameType
Instance1Instances
Volume1Volumes
Key Pair 1Key Pairs
x.x.x.xElastic IPs
Secuirty Group 1Secuirty Groups

SES Items

NameType
*.comDomains
*@*.comEmail Addresses
see IAMSMTP credentials

IAM Items

NameType
ses-smtp-user.*Users

AWS Management Console https://eu-west-1.console.aws.amazon.com

EC2 Instances
EC2 Instances

WinSCP
WinSCP

PuTTY
PuTTY

Amazon Linux Installation steps

Selectively picked out key commands from .bash_history so some steps may be omitted.

Updated yum sudo yum update
Installed Apache, PHP, MySQL sudo yum install -y httpd24 php54 mysql55-server php54-mysqlnd
Added Apache service to start at runlevel sudo chkconfig httpd on
Created new www user group sudo groupadd www
Added ec2-user to www group sudo usermod -a -G www ec2-user
Started MySQL service sudo service mysqld start
Secured MySQL mysql_secure_installation
Added MySQL service to start at runlevel sudo chkconfig mysqld on
Enabled epel sudo yum-config-manager --enable epel
Installed phpMyAdmin sudo yum install -y phpMyAdmin
Configured trusted IP for phpMyAdmin nano /etc/httpd/conf.d/phpMyAdmin.conf
Restarted Apache sudo service httpd restart
Created a new user that will host the website files under their home directory
Created and changed to the new users directory cd /home/newuser
Copied over and unzipped website files from another server unzip mywebsite.com.zip -d /home/newuser/public_html
Recursively changed ownership of the files chown -R newuser:www public_html
Recursively changed permission of the files chmod -R 0755 /home/exoizcom/public_html
Edited the httpd.conf to allow .htaccess files nano /etc/httpd/conf/httpd.conf
Added the virtual host record for mywebsite.com nano /etc/httpd/conf.d/vhost.conf
Restarted Apache sudo service httpd restart
Removed the zip file rm -Rf mywebsite.com.zip
Stopped web services, created /backups directory
Ran a simple backup script tar -zcvpf /backups/fullbackup.tar.gz --directory=/ --exclude=proc --exclude=sys --exclude=dev/pts --exclude=backups .
Logged into MySQL to create a new mail user mysql -u root -p
Logged into MySQL with the newly created user mysql -u mail -p xxx
Installed Postfix yum install postfix postfix-mysql
Added hostname to mailname nano /etc/mailname
Edited postfix/main.cf nano /etc/postfix/main.cf
Copied aliases cp /etc/aliases /etc/postfix/aliases
Ran postalias postalias /etc/postfix/aliases
Created mail directory mkdir /var/spool/mail/virtual
Created virtual group groupadd --system virtual -g 5000
Created virtual user useradd --system virtual -u 5000 -g 5000
Changed ownership of virtual directory chown -R virtual:virtual /var/spool/mail/virtual
Edited postfix/mysql_mailbox.cf nano /etc/postfix/mysql_mailbox.cf
Edited postfix//mysql_alias.cf nano /etc/postfix/mysql_alias.cf
Edited postfix/mysql_domains.cf nano /etc/postfix/mysql_domains.cf
Installed Dovecot yum install install dovecot-core dovecot-imapd dovecot-lmtpd dovecot-mysql
Edited dovecot/dovecot.conf nano /etc/dovecot/dovecot.conf
Edited dovecot/conf.d/10-auth.conf nano /etc/dovecot/conf.d/10-auth.conf
Edited dovecot/conf.d/10-logging.conf nano /etc/dovecot/conf.d/10-logging.conf
Edited dovecot/conf.d/10-mail.conf nano /etc/dovecot/conf.d/10-mail.conf
Edited dovecot/conf.d/10-master.conf nano /etc/dovecot/conf.d/10-master.conf
Edited dovecot/conf.d/10-ssl.conf nano /etc/dovecot/conf.d/10-ssl.conf
Searched for dovecot-openssl.cnf location find / -name dovecot-openssl.cnf
Searched for mkcert.sh location find / -name mkcert.sh
Edited dovecot/dovecot-openssl.cnf nano /etc/pki/dovecot/dovecot-openssl.cnf
Created backup of dovecot certificate mv /etc/pki/dovecot/certs/dovecot.pem /etc/pki/dovecot/certs/dovecot.pem.old
Created backup of dovecot key mv /etc/pki/dovecot/private/dovecot.pem /etc/pki/dovecot/private/dovecot.pem.old
Edited dovecot/mkcert.sh nano /usr/libexec/dovecot/mkcert.sh
Ran dovecot/mkcert.sh to create self-signed certificate /usr/libexec/dovecot/mkcert.sh
Edited dovecot/conf.d/20-imap.conf nano /etc/dovecot/conf.d/20-imap.conf
Edited dovecot/conf.d/auth-sql.conf.ext nano /etc/dovecot/conf.d/auth-sql.conf.ext
Edited dovecot/dovecot-sql.conf.ext nano /etc/dovecot/dovecot-sql.conf.ext
Stopped Sendmail service /etc/init.d/sendmail stop
Removed Sendmail service from starting at runlevel chkconfig sendmail off
Added Postfix service to start at runlevel chkconfig postfix on
Added Dovecot service to start at runlevel chkconfig dovecot on
Edited postfix/master.cf nano /etc/postfix/master.cf
Edited postfix/sasl_passwd nano /etc/postfix/sasl_passwd
Ran postmap postmap hash:/etc/postfix/sasl_passwd
Removed clear text password rm /etc/postfix/sasl_passwd
Changed owner of the hashed password file chown root:root /etc/postfix/sasl_passwd.db
Changed permission of the hashed password file chmod 0600 /etc/postfix/sasl_passwd.db
Ran postconf postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt'
Started Postfix service service postfix start
Started Dovecot service service dovecot start

Other steps

Configured Amazon SES (don't forget you start in sandbox mode) and IAM
Created TXT, CNAME and MX records
Tested Email - IMAP SSL (Accept all certificates) Port 993, SMTP TLS (Accept all certificates) Port 25 requires sign-in

Summary

Amazon AWS is great for simple web and email hosting, however Microsoft Azure is preferred for Microsoft Windows based platforms.