# Explore Lightsail capabilities with tutorials Tutorials This section covers the following topics related to Amazon Lightsail: **Topics** + [ # Quickly deploy applications with Lightsail blueprints ](quick-start-chapter.md) + [ # Work with Bitnami applications and stacks on Lightsail ](bitnami-tutorials.md) + [ # Configure and manage Lightsail WordPress instances ](wordpress-tutorials.md) + [ # Manage multiple WordPress sites with Multisite on Lightsail ](wordpress-multisite-tutorials.md) + [ # Enable encrypted communication for Lightsail resources with Let's Encrypt ](lets-encrypt-tutorials.md) + [ # Configure IPv6 networking for Lightsail instances ](network-tutorials.md) + [ # Set up and configure the AWS CLI for Lightsail operations ](lightsail-how-to-set-up-and-configure-aws-cli.md) + [ # Manage Lightsail resources with AWS CloudShell ](amazon-lightsail-cloudshell.md) + [ # Deploy PHP applications on a Lightsail LAMP instance ](amazon-lightsail-tutorial-launching-and-configuring-lamp.md) + [ # Launch and configure a Windows Server 2016 instance on Lightsail ](amazon-lightsail-tutorial-launching-and-configuring-windows-server-2016.md) + [ # Monitor Lightsail API activity with AWS CloudTrail ](logging-lightsail-api-calls-using-aws-cloudtrail.md) + [ # Create HAR files to troubleshoot Lightsail issues ](amazon-lightsail-create-har-file.md) + [ # Monitor system resources and apps with Prometheus on Lightsail ](amazon-lightsail-install-prometheus.md) + [ # Transfer files between Linux instances on Lightsail using scp ](amazon-lightsail-transfer-files-between-linux-instances.md) + [ # Integrate Lightsail with other AWS services with VPC peering ](using-lightsail-with-other-aws-services.md) + [ # Create Lightsail resources with AWS CloudFormation ](creating-resources-with-cloudformation.md) + [ # Explore Lightsail resources for app deployment ](amazon-lightsail-additional-resources.md) Follow the links provided in each category to access step-by-step guides, best practices, and additional information on various aspects of working with Lightsail. Each topic covers information such as deploying applications, configuring networking, monitoring and logging, integrating with other AWS services, and more. By exploring this section, you can learn how to effectively utilize Lightsail, leverage its integration with other AWS services, and access a wealth of tutorials and resources to enhance your cloud computing experience. # Quickly deploy applications with Lightsail blueprints Quick start guides Use the following quick start guides to get started with Lightsail blueprints. In Lightsail, a blueprint is a virtual image that comes prepackaged with an operating system and application. Applications include WordPress, WordPress Multisite, cPanel & WHM, PrestaShop, Drupal, Ghost, Joomla\$1, Magento, Redmine, Ruby on Rails, LAMP, Nginx (LEMP), and Node.js **Topics** + [ # Launch and set up an AlmaLinux instance on Lightsail ](amazon-lightsail-quick-start-guide-almalinux.md) + [ # Host websites, email, and services with cPanel & WHM on Lightsail ](amazon-lightsail-quick-start-guide-cpanel.md) + [ # Set up and customize your Drupal website on Lightsail ](amazon-lightsail-quick-start-guide-drupal.md) + [ # Deploy a Ghost website on Lightsail ](amazon-lightsail-quick-start-guide-ghost.md) + [ # Set up and configure a GitLab CE instance on Lightsail ](amazon-lightsail-quick-start-guide-gitlab.md) + [ # Get started with Joomla\$1 on Lightsail ](amazon-lightsail-quick-start-guide-joomla.md) + [ # Deploy and manage a LAMP stack on Lightsail ](amazon-lightsail-quick-start-guide-lamp.md) + [ # Set up and configure Magento on Lightsail ](amazon-lightsail-quick-start-guide-magento.md) + [ # Deploy and manage an Nginx web server on Lightsail ](amazon-lightsail-quick-start-guide-nginx.md) + [ # Deploy and manage a Node.js stack on Lightsail ](amazon-lightsail-quick-start-guide-nodejs.md) + [ # Get started with OpenClaw on Lightsail ](amazon-lightsail-quick-start-guide-openclaw.md) + [ # Deploy a Plesk hosting stack on Lightsail ](set-up-and-configure-plesk-stack-on-lightsail.md) + [ # Set up a PrestaShop website on Lightsail ](amazon-lightsail-quick-start-guide-prestashop.md) + [ # Configure and secure a Redmine instance on Lightsail ](amazon-lightsail-quick-start-guide-redmine.md) + [ # Set up Ruby on Rails on Lightsail ](amazon-lightsail-quick-start-guide-rubyonrails.md) + [ # Deploy and manage WordPress on Lightsail ](amazon-lightsail-quick-start-guide-wordpress.md) + [ # Set up WordPress Multisite on Lightsail ](amazon-lightsail-quick-start-guide-wordpress-multisite.md) # Launch and set up an AlmaLinux instance on Lightsail AlmaLinux **Did you know?** Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) . This quick start guide provides step-by-step instructions for creating and configuring an AlmaLinux instance on the Amazon Lightsail platform. This topic covers the key steps, including selecting your instance location and plan, setting up networking and security, and transitioning from CentOS to AlmaLinux. By following these steps, you can quickly get your AlmaLinux instance up and running on Lightsail. **Topics** + [ ## Prerequisites ](#amazon-lightsail-quick-start-guide-almalinux-prerequisites) + [ ## Create an AlmaLinux instance in Lightsail ](#amazon-lightsail-quick-start-guide-almalinux-create-instance) + [ ## (Optional) Additional setup ](#amazon-lightsail-additional-setup-almalinux) + [ # Migrate data from CentOS to AlmaLinux on Lightsail ](amazon-lightsail-migrate-centos-to-almalinux.md) ## Prerequisites + If you're a new AWS customer, complete the setup prerequisites before you start using Amazon Lightsail. For more information, see [Set up AWS account and administrative users for Lightsail](setting-up.md). + Read the AlmaLinux documentation on the [https://wiki.almalinux.org/](https://wiki.almalinux.org/) site. ## Create an AlmaLinux instance in Lightsail Complete the following procedure to create an AlmaLinux instance by using the [Lightsail console](https://lightsail.aws.amazon.com/). 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. On the home page, choose **Create instance**. 1. Select a location for your instance (an AWS Region and Availability Zone). Choose an AWS Region that is closest to your physical location for reduced latency. Choose **Change your Availability Zone** to create your instance in another location. 1. Choose the Linux platform. 1. Choose **Operating System (OS) only**, then pick the **AlmaLinux** blueprint. ![\[The platform picker in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-almalinux-qs-guide-01.png) 1. Optionally, you can: 1. Add a shell script that will run on your instance the first time it launches by selecting **Add launch script**. For more information, see [Configure Linux/Unix instances with launch scripts in Lightsail](lightsail-how-to-configure-server-additional-data-shell-script.md). 1. To change the SSH key pair for your instance, choose a key from the dropdown list below **SSH key**. For more information, see [Set up SSH keys for Lightsail](lightsail-how-to-set-up-ssh.md). 1. Enable **Automatic Snapshots** for your instance and the attached disks by selecting **Enable Automatic Snapshots**. For more information, see [Configure automatic snapshots for Lightsail instances and disks](amazon-lightsail-configuring-automatic-snapshots.md). 1. Choose your instance plan. You can choose whether your instance uses dual-stack (IPv4 and IPv6), or IPv6-only networking. The AlmaLinux blueprint supports both dual-stack and IPv6-only bundles. To learn more about IPv6-only networking, see [Configure IPv6-only networking for Lightsail instances](amazon-lightsail-ipv6-only-plans.md). ![\[The instance plan picker in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-almalinux-qs-guide-02.png) 1. Enter a name for your instance. Resource names: + Must be unique within each AWS Region in your Lightsail account. + Must contain 2 to 255 characters. + Must start and end with an alphanumeric character or number. + Can include alphanumeric characters, numbers, periods, dashes, and underscores. ![\[The instance plan picker in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-almalinux-qs-guide-03.png) 1. (Optional) Choose **Add new tag** to add a tag to your instance. Repeat this step as needed to add additional tags. For more information on tag usage, see [Tags](amazon-lightsail-tags.md). 1. For **Key**, enter a tag key. ![\[A tag with only the tag key specified in the Lightsail create instance workflow.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-instance-key-name-only-tags.png) 1. (Optional) For **Value**, enter a tag value. ![\[A tag with the tag key and tag value specified in the Lightsail create instance workflow.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-instance-key-name-and-value-tags.png) 1. Choose **Create instance**. Within minutes, your Lightsail instance is ready and you can connect to it. ## (Optional) Additional setup Here are a few steps you should take to get started after your AlmaLinux instance is up and running on Lightsail: + **Attach a static IP address to your instance** – The default dynamic public IP address attached to your instance changes every time you stop and start the instance. Create a static IP address, and attach it to your instance, to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach one static IP to an instance. The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance. On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md). ![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png) + **Register a domain in Lightsail** Register and manage domain names in Lightsail. Lightsail uses Amazon Route 53, a highly available and scalable Domain Name System (DNS) web service, to register domains for you. After your domain is registered, you can assign it to your Lightsail resources or manage DNS records for it. For more information, see [Register and manage domains for your website in Lightsail](amazon-lightsail-domain-registration.md). + **Map your domain name to your instance** – To map your domain name, such as `example.com`, to your instance, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console. On the Lightsail console home page, on the **Domains & DNS** section, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Create a DNS zone to manage domain records for Lightsail instances](lightsail-how-to-create-dns-entry.md). + **Create a snapshot of your instance** – A snapshot is a copy of the system disk and original configuration of an instance. The snapshot includes such information as memory, CPU, disk size, and data transfer rate. You can use a snapshot as a baseline for new instances, or as a data backup. Under the **Snapshot** tab of your instance’s management page, enter a name for the snapshot, then choose **Create snapshot**. For more information, see [Back up Linux/Unix Lightsail instances with snapshots](lightsail-how-to-create-a-snapshot-of-your-instance.md). To learn how to migrate from CentOS to AlmaLinux, continue to the next topic: [Migrate data from CentOS to AlmaLinux on Lightsail](amazon-lightsail-migrate-centos-to-almalinux.md). # Migrate data from CentOS to AlmaLinux on Lightsail Migrate to AlmaLinux Migrating from CentOS to AlmaLinux is a straightforward process by which you move data from one instance in Lightsail to another. This topic outlines two options that you can use to migrate your data. For more information see the AlmaLinux documentation on the [https://wiki.almalinux.org/](https://wiki.almalinux.org/) site. **Contents** + [ ## Prerequisites ](#amazon-lightsail-migrate-centos-to-almalinux-prerequisites) + [ ## (Optional) Use secure copy (scp) to transfer files between instances ](#amazon-lightsail-migrate-centos-to-almalinux-scp) + [ ## (Optional) Move the block storage disk from the CentOS instance to the AlmaLinux instance ](#amazon-lightsail-migrate-centos-to-almalinux-copy-disk) ## Prerequisites + If you haven't already, create an AlmaLinux Lightsail instance. For more information, see [Launch and set up an AlmaLinux instance on Lightsail](amazon-lightsail-quick-start-guide-almalinux.md). + Create a snapshot of the disk you plan to move to your AlmaLinux instance. For more information, see [Create Lightsail block storage disk snapshots for backup or baseline](create-block-storage-disk-snapshot.md). ## (Optional) Use secure copy (scp) to transfer files between instances You can securely transfer files from your CentOS instance to the new AlmaLinux instance by using the secure copy command in Linux. For more information, see [Transfer files between Linux instances on Lightsail using scp](amazon-lightsail-transfer-files-between-linux-instances.md). ## (Optional) Move the block storage disk from the CentOS instance to the AlmaLinux instance Use the following procedure to move a secondary block storage disk from your CentOS instance bundle to the AlmaLinux bundle. You cannot detach the instance's boot volume disk; the disk that contains the operating system. After you attach the disk to your AlmaLinux instance, you need to connect to that instance and mount the disk. For more information, see [Expand storage and performance with Lightsail block storage disks](elastic-block-storage-and-ssd-disks-in-amazon-lightsail.md). If your CentOS instance is running, you will need to stop it before you can detach the disk. For more information, see [Stop a running instance](https://docs.aws.amazon.com/lightsail/latest/userguide/lightsail-how-to-start-stop-or-restart-your-instance-virtual-private-server.html#lightsail-instance-stop). 1. From the **Storage** section of the Lightsail console, select the disk that you want to detach from your CentOS instance. ![\[The storage section in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-migrate-alma-01.png) 1. On the **Details** tab, choose **Detach**. ![\[The disk details in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-migrate-alma-02.png) 1. From the disk **Details** page, choose the **Attach to an instance** dropdown menu. Then choose the name of your AlmaLinux instance. ![\[The attach disk dropdown menu in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-migrate-alma-03.png) 1. Choose **Attach**. 1. (Optional) You might need to connect to your AlmaLinux instance and mount the disk before you can access its data. For more information, see [Connect to your instance to format and mount the disk](https://docs.aws.amazon.com/lightsail/latest/userguide/create-and-attach-additional-block-storage-disks-linux-unix.html#connect-to-linux-unix-instance-using-ssh-format-mount-disk). **Warning** The above link provides instructions for how to mount and format the attached disk. **Do not format the disk** that you attached to your AlmaLinux instance. Formatting it will permanently erase all information stored on the disk. # Host websites, email, and services with cPanel & WHM on Lightsail cPanel & WHM **Did you know?** Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) . Here are a few steps you should take to get started after your cPanel & WHM instance is up and running on Amazon Lightsail. **Important** Your cPanel & WHM instance includes a 15-day trial license. After 15 days, you must purchase a license from cPanel to continue using cPanel & WHM. If you plan on purchasing a license, complete steps 1-7 of this guide before purchasing your license. You must choose an instance plan with at least 2 GB of memory to use this blueprint. **Contents** + [Step 1: Change the root user password](#amazon-lightsail-cpanel-root-user-password) + [Step 2: Attach a static IP address to your cPanel & WHM instance](#amazon-lightsail-cpanel-attach-static-ip) + [Step 3: Sign in to the Web Host Manager for the first time](#amazon-lightsail-cpanel-sign-in) + [Step 4: Change the hostname and IP address of your cPanel & WHM instance](#amazon-lightsail-cpanel-change-hostname) + [Step 5: Map your domain name to your cPanel & WHM instance](#amazon-lightsail-cpanel-map-your-domain-to-your-instance) + [Step 6: Edit the firewall of your instance](#amazon-lightsail-cpanel-edit-firewall) + [Step 7: Remove SMTP restrictions from your Lightsail instance](#amazon-lightsail-cpanel-smtp) + [Step 8: Read the cPanel & WHM documentation and get support](#amazon-lightsail-cpanel-read-the-documentation) + [Step 9: Purchase a license for cPanel & WHM](#amazon-lightsail-purchase-cpanel-license) + [Step 10: Create a snapshot of your cPanel & WHM instance](#amazon-lightsail-cpanel-create-a-snapshot) ## Step 1: Change the root user password Complete the following procedure to change the root user password on your cPanel instance. You will use the root user and password to sign in to the Web Host Manager (WHM) console later. 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. 1. After you're connected, enter the following command to change the password for the root user: ``` sudo passwd ``` 1. Enter a strong password and confirm it by entering it a second time. **Note** Your password should not include dictionary words and should be greater than 7 characters. If you don't follow these guidelines, you will get a `BAD PASSWORD` warning. Remember this password because you will use it to sign in to the WHM console later in this guide. ## Step 2: Attach a static IP address to your cPanel & WHM instance **Important** You must specify the public IP address of your cPanel & WHM instance when purchasing a license from cPanel. The license that you purchase is associated to that IP address. Because of this, you must attach a static IP to your cPanel & WHM instance if you plan on purchasing a license from cPanel. Specify your static IP when you purchase a license from cPanel, and keep your static IP for as long as you plan to use your cPanel & WHM license with a Lightsail instance. If you need to transfer your license to another IP address later, you can submit a request to cPanel. For more information, see [Transfer a license](https://docs.cpanel.net/manage2/licenses/transfer-a-license/) in the *WHM documentation*. The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance. On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md). ![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png) ## Step 3: Sign in to the Web Host Manager for the first time Complete the following procedure to sign in to the WHM console for the first time. 1. Open a web browser and navigate to the following web address. Replace ** with the static IP address of your instance. Be sure to add `:2087` to the end of the address, which is the port on which you will establish a connection to your instance. ``` https://:2087 ``` **Example:** ``` https://192.0.2.0:2087 ``` **Important** You must include `https://` in your browser's address bar when navigating to the IP address and port of your instance. Otherwise, you will get an error stating that the site can't be reached. If you're unable to establish a connection when browsing to the static IP address of your instance over port 2087, check that your router, VPN, or internet service provider allows HTTP/HTTPS connections through port 2087. If it does not, then try to connect using a different network. You might also see a browser warning that your connection is not private, not secure, or that there’s a security risk. This happens because your cPanel instance does not yet have an SSL/TLS certificate applied to it. In the browser window, choose **Advanced**, **Details**, or **More information** to view the options that are available. Then choose to proceed to the website even if it’s not private or secure. 1. Enter `root` in the **Username** text box. 1. Enter the root user password in the **Password** text box. This is the password that you specified earlier in the [Step 1: Change the root user password](#amazon-lightsail-cpanel-root-user-password) section of this guide. 1. Choose **Log in**. ![\[WHM sign in page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/whm-sign-in-page.png) 1. Read the cPanel & WHM terms, then choose **Agree to all** if you would like to proceed. ![\[cPanel & WHM terms\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/cpanel-whm-terms.png) 1. On the **Get started with a Free cPanel Trial** page, choose **Log in** to log in to the cPanel store. You must sign in to the cPanel store in order to associate your trial license to your account. If you don't have a cPanel store account, you should still choose **Log in**, and you will be given the option to create one. ![\[cPanel get started with a free trial\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/cpanel-free-trial-getting-started.png) 1. In the **Authorization Request** page that appears, enter your email address or username, and the password for your cPanel store account. If you don't have a cPanel store account, then choose **Create Account** and follow the prompts to create your new cPanel store account. You will be asked to enter your email address, and will be sent an email to set your cPanel store account password. We recommend that you set your cPanel store account password using a new browser tab. When your password is set, you can close that tab and return to your instance to authorize your account, and continue to the next step of this procedure. 1. Choose **Sign in**. ![\[cPanel authorization request\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/cpanel-authorization-request.png) After you sign in, your cPanel & WHM instance will acquire a 15-day trial license that is associated with your cPanel store account. Go to the [Manage Licenses](https://store.cpanel.net/store/cpanel-licenses) page in the cPanel store to view your issued licenses, including trial licenses. 1. Choose **Server Setup** to continue. ![\[cPanel trial license confirmation\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/cpanel-trial-license-confirmation.png) 1. Choose **Skip** in the email address and name servers page. You can configure these later. ![\[cPanel email address and name server configuration\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/cpanel-email-nameserver-configuration.png) The WHM console appears, where you can manage the settings and features for cPanel. ## Step 4: Change the hostname and IP address of your cPanel & WHM instance Complete the following steps to change the hostname of your instance, so that you don't have to use its public IP address to access the WHM console. You should also change the IP address of your instance to the new static IP address that you attached to your instance earlier in the [Step 2: Attach a static IP address to your cPanel & WHM instance](#amazon-lightsail-cpanel-attach-static-ip) section of this guide. 1. Choose the navigation menu icon in the top-left section of the WHM console. ![\[WHM navigation menu icon\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-whm-menu-icon.png) 1. Enter `Change hostname` in the search text box in the WHM console, then choose the **Change hostname** option in the results. ![\[Change the hostname of your cPanel & WHM instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-whm-change-hostname.png) 1. Enter the hostname that you want to use to access the WHM console in the **New hostname** text box. For example, enter `management.example.com` or `administration.example.com`. **Note** You can only specify a subdomain as the hostname, and you cannot specify `whm` or `cpanel` as the subdomain. ![\[Change the hostname of your cPanel & WHM instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-whm-new-hostname.png) 1. Choose **Change**. 1. Choose the navigation menu icon in the top-left section of the WHM console. ![\[WHM navigation menu icon\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-whm-menu-icon.png) 1. Choose **Basic WebHost Manager Setup**. ![\[Basic WebHost Manager Setup\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cpanel-whm-basic-setup.png) 1. Under the **All** tab, scroll down and find the **Basic Config** section of the page. 1. In the IPv4 address text box, enter the new static IP address of the instance. For information about IPv6, see [Configuring IPv6 on cPanel instances](amazon-lightsail-configure-ipv6-on-cpanel.md). ![\[IPv4 address text box\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cpanel-whm-ip-address.png) 1. Scroll to the bottom of the page and choose **Save Changes**. **Note** If you receive an *Invalid License file* error message, wait and try to change the IP address again after a few minutes. The hostname and IP address of your instance are now changed, but you must still map your domain name to your cPanel & WHM instance. You do this by adding an address (A) record in the domain name system (DNS) of your registered domain name. The A record resolves the hostname of your instance to the static IP address of your instance. We show you how to do this in the next section of this guide. ## Step 5: Map your domain name to your cPanel & WHM instance **Note** You can map a domain to your cPanel & WHM instance, which you can use to access the WHM console. You can also map multiple domains within WHM, which you can use to manage websites within WHM. This section describes how to map your domain to your cPanel & WHM instance. For more information about mapping multiple domains within the WHM console, which you do when you create a new account, see [Create a new account](https://docs.cpanel.net/whm/account-functions/create-a-new-account/) in the *WHM documentation*. To map your domain name, such as `management.example.com` or `administration.example.com` to your instance, you add an address (A) record to the DNS of your domain. The record maps the hostname of your cPanel & WHM instance to the static IP address of your instance. The subdomain that you specify in the A record must match the hostname that you specified in the [Step 4: Change the hostname and IP address of your cPanel & WHM instance](#amazon-lightsail-cpanel-change-hostname) section earlier in this guide. After the A record is added, you can use the following address to access the WHM console of your instance, instead of using your instance's static IP address. Replace ** with the host name of your instance. ``` https:///whm ``` **Example:** ``` https//management.example.com/whm ``` DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console. To do this, sign in to the Lightsail console. On the Lightsail console home page, choose the **Domains & DNS** tab, and then choose **Create DNS zone**. Follow the instructions on the page to add your domain name to Lightsail. For more information, see [Creating a DNS zone to manage your domain’s DNS records in Lightsail](lightsail-how-to-create-dns-entry.md). ## Step 6: Edit the firewall of your instance The following firewall ports are open by default on your cPanel & WHM instance: + SSH - TCP - 22 + DNS (UDP) - UDP - 53 + DNS (TCP) - TCP - 53 + HTTP - TCP - 80 + HTTPS - TCP - 443 + Custom - TCP - 2078 + Custom - TCP - 2083 + Custom - TCP - 2087 + Custom - TCP - 2089 You might need to open additional ports depending on the services and applications that you plan to use on your instance. For example, open ports 25, 143, 465, 587, 993, 995, 2096 for email services, and ports 2080, 2091 for calendar services. Under the **Networking** tab of your instance’s management page, scroll to the Firewall section of the page, and choose **Add rule**. Choose the application, protocol, and port or port range to open. Choose **Create** when you're done. For more information about which ports to open, see [How to configure your firewall for cPanel services](https://documentation.cpanel.net/display/CKB/How+to+Configure+Your+Firewall+for+cPanel+Services) in the *cPanel documentation*. For more information about editing your instance's firewall in Lightsail, see [Adding and editing instance firewall rules in Amazon Lightsail](amazon-lightsail-editing-firewall-rules.md). ## Step 7: Remove SMTP restrictions from your Lightsail instance AWS blocks outbound traffic on port 25 on all Lightsail instances. To send outbound traffic on port 25, request that this restriction be removed. For more information, see [How do I remove the restriction on port 25 from my Lightsail instance?](https://aws.amazon.com/premiumsupport/knowledge-center/lightsail-port-25-throttle/). **Important** If you configure SMTP to use ports 25, 465, or 587, then you must open those ports in the firewall of your instance in the Lightsail console. For more information, see [Adding and editing instance firewall rules in Amazon Lightsail](amazon-lightsail-editing-firewall-rules.md). ## Step 8: Read the cPanel & WHM documentation and get support Read the cPanel & WHM documentation to learn how to administer web sites using cPanel and WHM. For more information, see [cPanel & WHM documentation](https://docs.cpanel.net/). If you have questions about cPanel & WHM or need support, you can contact cPanel using the following resources: + [cPanel Troubleshoot your installation](https://docs.cpanel.net/installation-guide/troubleshoot-your-installation/) + [cPanel Discord channel](https://go.cpanel.net/discord) ## Step 9: Purchase a license for cPanel & WHM Your cPanel & WHM instance includes a 15-day trial license. After 15 days, you must purchase a license from cPanel to continue using cPanel & WHM. For more information, see [How to purchase a cPanel license](https://docs.cpanel.net/knowledge-base/cpanel-product/how-to-purchase-a-cpanel-license/) in the cPanel documentation. **Important** You must specify the public IP address of your cPanel & WHM instance when purchasing a license from cPanel. The license that you purchase is associated to that IP address. Because of this, you must attach a static IP to your cPanel & WHM instance as described in [Step 2: Attach a static IP address to your cPanel & WHM instance](#amazon-lightsail-cpanel-attach-static-ip) section of this guide. Specify your static IP when you purchase a license from cPanel, and keep your static IP for as long as you plan to use your cPanel & WHM license with a Lightsail instance. If you need to transfer your license to another IP address later, you can submit a request to cPanel. For more information, see [Transfer a license](https://docs.cpanel.net/manage2/licenses/transfer-a-license/) in the *WHM documentation*. ## Step 10: Create a snapshot of your cPanel & WHM instance **Note** Instance snapshots of the current generation blueprint **cPanel & WHM for AlmaLinux** can be exported to Amazon EC2. Instance snapshots of the previous generation blueprint **cPanel & WHM for Linux** cannot be exported to Amazon EC2 at this time. If you create a new instance from the snapshot, give the instance extra time to fully start up before signing into the WHM as described in [Step 3](#amazon-lightsail-cpanel-sign-in). After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken). You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md). ![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png) # Set up and customize your Drupal website on Lightsail Drupal **Did you know?** Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) . Here are a few steps you should take to get started after your Drupal instance is up and running on Amazon Lightsail: **Contents** + [Step 1: Read the Bitnami documentation](#amazon-lightsail-read-the-bitnami-documentation-drupal) + [Step 2: Get the default application password to access the Drupal administration dashboard](#amazon-lightsail-get-the-default-user-password-drupal) + [Step 3: Attach a static IP address to your instance](#amazon-lightsail-attach-static-ip-drupal) + [Step 4: Sign in to the administration dashboard of your Drupal website](#amazon-lightsail-sign-in-drupal) + [Step 5: Route traffic for your registered domain name to your Drupal website](#amazon-lightsail-map-your-domain-to-your-instance-drupal) + [Step 6: Configure HTTPS for your Drupal website](#amazon-lightsail-https-drupal) + [Step 7: Read the Drupal documentation and continue configuring your website](#amazon-lightsail-read-documentation-drupal) + [Step 8: Create a snapshot of your instance](#amazon-lightsail-create-a-snapshot-drupal) ## Step 1: Read the Bitnami documentation Read the Bitnami documentation to learn how to configure your Drupal application. For more information, see the [Drupal Packaged By Bitnami For AWS Cloud](https://docs.bitnami.com/aws/apps/drupal/). ## Step 2: Get the default application password to access the Drupal administration dashboard Complete the following procedure to get the default application password required to access the administration dashboard for your Drupal website. For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md). 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png) 1. After you're connected, enter the following command to get the application password: ``` cat $HOME/bitnami_application_password ``` You should see a response similar to the following example, which contains the default application password: ![\[Bitnami default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bitnami-application-password.png) ## Step 3: Attach a static IP address to your instance The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance. On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md). ![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png) ## Step 4: Sign in to the administration dashboard of your Drupal website Now that you have the default user password, navigate to your Drupal website's home page, and sign in to the administration dashboard. After you’re signed in, you can start customizing your website and making administrative changes. For more information about what you can do in Drupal, see the [Step 7: Read the Drupal documentation and continue configuring your website](#amazon-lightsail-read-documentation-drupal) section later in this guide. 1. On your instance management page, under the **Connect** tab, make note of the public IP address of your instance. The public IP address is also displayed in the header section of your instance management page. ![\[Public IP address of an instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-ip.png) 1. Browse to the public IP address of your instance, for example by going to `http://203.0.113.0`. The home page of your Drupal website should appear. 1. Choose **Manage** in the bottom right corner of your Drupal website home page. If the **Manage** banner is not shown, you can reach the sign in page by browsing to `http:///user/login`. Replace `` with the public IP address of your instance. 1. Sign in using the default user name (`user`) and the default password retrieved earlier in this guide. The Drupal administration dashboard appears. ![\[The Drupal administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-drupal-dashboard.png) ## Step 5: Route traffic for your registered domain name to your Drupal website To route traffic for your registered domain name, such as `example.com`, to your Drupal website, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console. On the Lightsail console home page, under the **Domains & DNS** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Creating a DNS zone to manage your domain’s DNS records in Lightsail](lightsail-how-to-create-dns-entry.md). If you browse to the domain name that you configured for your instance, you should be redirected to the home page of your Drupal website. Next, you should generate and configure an SSL/TLS certificate to enable HTTPS connections for your Drupal website. For more information, continue to the next [Step 6: Configure HTTPS for your Drupal website](#amazon-lightsail-https-drupal) section of this guide. ## Step 6: Configure HTTPS for your Drupal website Complete the following procedure to configure HTTPS on your Drupal website. These steps show you how to use the Bitnami HTTPS Configuration Tool (`bncert-tool`), which is a command line tool for requesting Let's Encrypt SSL/TLS certificates. For more information see [Learn About The Bitnami HTTPS Configuration Tool](https://docs.bitnami.com/aws/how-to/understand-bncert/) in the *Bitnami documentation*. **Important** Before starting with this procedure, make sure that you configured your domain to route traffic to your Drupal instance. Otherwise, the SSL/TLS certificate validation process will fail. 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png) 1. After you're connected, enter the following command to confirm the bncert tool is installed on your instance. ``` sudo /opt/bitnami/bncert-tool ``` You should see one of the following responses: + If you see command not found in the response, then the bncert tool is not installed on your instance. Continue to the next step in this procedure to install the bncert tool on your instance. + If you see **Welcome to the Bitnami HTTPS configuration tool** in the response, then the bncert tool is installed on your instance. Continue to the step 8 of this procedure. + If the bncert tool has been installed on your instance for a while, then you might see a message indicating that an updated version of the tool is available. Choose to download it, and then enter the `sudo /opt/bitnami/bncert-tool` command to run the bncert tool again. Continue to the step 8 of this procedure. 1. Enter the following command to download the bncert run file to your instance. ``` wget -O bncert-linux-x64.run https://downloads.bitnami.com/files/bncert/latest/bncert-linux-x64.run ``` 1. Enter the following command to create a directory for the bncert tool run file on your instance. ``` sudo mkdir /opt/bitnami/bncert ``` 1. Enter the following command to make the bncert run a file that can be executed as a program. ``` sudo chmod +x /opt/bitnami/bncert/bncert-linux-x64.run ``` 1. Enter the following command to create a symbolic link that runs the bncert tool when you enter the sudo /opt/bitnami/bncert-tool command. ``` sudo ln -s /opt/bitnami/bncert/bncert-linux-x64.run /opt/bitnami/bncert-tool ``` You are now done installing the bncert tool on your instance. 1. Enter the following command to run the bncert tool. ``` sudo /opt/bitnami/bncert-tool ``` 1. Enter your primary domain name and alternate domain names separated by a space as shown in the following example. If your domain is not configured to route traffic to the public IP address of your instance, the `bncert` tool will ask you to make that configuration before continuing. Your domain must be routing traffic to the public IP address of the instance from which you are using the `bncert` tool to enable HTTPS on the instance. This confirms that you own the domain, and serves as the validation for your certificate. ![\[Entering the primary and alternate domain names\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-domain-names.png) 1. The `bncert` tool will ask you how you want your website's redirection to be configured. These are the options available: + **Enable HTTP to HTTPS redirection** - Specifies whether users who browse to the HTTP version of your website (i.e., `http:/example.com`) are automatically redirected to the HTTPS version (i.e., `https://example.com`). We recommend enabling this option because it forces all visitors to use the encrypted connection. Type `Y` and press **Enter** to enable it. + **Enable non-www to www redirection** - Specifies whether users who browse to the apex of your domain (i.e., `https://example.com`) are automatically redirected to your domain's `www` subdomain (i.e., `https://www.example.com`). We recommend enabling this option. However, you may want to disable it and enable the alternate option (enable `www` to non-`www` redirection) if you have specified the apex of your domain as your preferred website address in search engine tools like Google's webmaster tools, or if your apex points directly to your IP and your `www` subdomain references your apex via a CNAME record. Type `Y` and press **Enter** to enable it. + **Enable www to non-www redirection** - Specifies whether users who browse to your domain's `www` subdomain (i.e., `https://www.example.com`) are automatically redirected to the apex of your domain (i.e., `https://example.com`). We recommend disabling this, if you enabled non-`www` redirection to `www`. Type `N` and press **Enter** to disable it. Your selections should look like the following example. ![\[Website redirection options\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-enable-disable-redirection.png) 1. The changes that are going to be made are listed. Type `Y` and press **Enter** to confirm and continue. ![\[Confirming the changes\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-confirm-changes.png) 1. Enter your email address to associate with your Let's Encrypt certificate and press **Enter**. ![\[Associating your email address with your Let's Encrypt certificate\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-email-address.png) 1. Review the Let's Encrypt Subscriber Agreement. Type `Y` and press **Enter** to accept the agreement and continue. ![\[Review the Let's Encrypt subscriber agreement\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-lets-ecrypt-agreement.png) The actions are performed to enable HTTPS on your instance, including requesting the certificate and configuring the redirections you specified. ![\[Actions being performed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-performing-actions.png) Your certificate is successfully issued and validated, and the redirections are successfully configured on your instance if you see a message similar to the following example. ![\[Actions successfully completed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-success-conf.png) The `bncert` tool will perform an automatic renewal of your certificate every 80 days before it expires. Repeat the above steps if you wish to use additional domains and subdomains with your instance, and you want to enable HTTPS for those domains. You are now done enabling HTTPS on your Drupal instance. Next time you browse to your Drupal website using the domain you configured, you should see that it redirects to the HTTPS connection. ## Step 7: Read the Drupal documentation and continue configuring your website Read the Drupal documentation to learn how to administer and customize your website. For more information, see the [Drupal Documentation](https://www.drupal.org/documentation). ## Step 8: Create a snapshot of your instance After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken). You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md). ![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png) # Deploy a Ghost website on Lightsail Ghost **Did you know?** Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) . Here are a few steps you should take to get started after your Ghost instance is up and running on Amazon Lightsail: **Contents** + [Step 1: Read the Bitnami documentation](#amazon-lightsail-read-the-bitnami-documentation-ghost) + [Step 2: Get the default application password to access the Ghost administration dashboard](#amazon-lightsail-get-the-default-user-password-ghost) + [Step 3: Attach a static IP address to your instance](#amazon-lightsail-attach-static-ip-ghost) + [Step 4: Sign in to the administration dashboard of your Ghost website](#amazon-lightsail-sign-in-ghost) + [Step 5: Route traffic for your registered domain name to your Ghost website](#amazon-lightsail-map-your-domain-to-your-instance-ghost) + [Step 6: Configure HTTPS for your Ghost website](#amazon-lightsail-https-ghost) + [Step 7: Read the Ghost documentation and continue configuring your website](#amazon-lightsail-read-documentation-ghost) + [Step 8: Create a snapshot of your instance](#amazon-lightsail-create-a-snapshot-ghost) ## Step 1: Read the Bitnami documentation Read the Bitnami documentation to learn how to configure your Ghost application. For more information, see the [https://docs.bitnami.com/aws/apps/ghost/](https://docs.bitnami.com/aws/apps/ghost/). ## Step 2: Get the default application password to access the Ghost administration dashboard Complete the following procedure to get the default application password required to access the administration dashboard for your Ghost website. For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md). 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png) 1. After you're connected, enter the following command to get the application password: ``` $ cat $HOME/bitnami_application_password ``` You should see a response similar to the following, which contains the default application password: ``` bitnami@ip-192-0-2-0:~$ cat $HOME/bitnami_application_password wB2Ex@mplEK6 ``` ## Step 3: Attach a static IP address to your instance The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance. On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md). ![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png) After the new static IP address is attached to your instance, you must complete the following steps to make the application aware of the new static IP address. 1. Make a note of the static IP address of your instance. It's listed in the header section of your instance management page. ![\[Public or static IP address of a Lightsail instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-static-ip.png) 1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-using-ssh.png) 1. After you're connected, enter the following command. Replace ** with the new static IP address of your instance. ``` sudo /opt/bitnami/configure_app_domain --domain ``` **Example:** ``` sudo /opt/bitnami/configure_app_domain --domain 203.0.113.0 ``` You should see a response similar to the following. The application on your instance should now be aware of the new static IP address. ``` bitnami@ip-203.0.113.0:~$ sudo /opt/bitnami/configure_app_domain --domain 203.0.113.0 Configuring domain to 203.0.113.0 2024-06-06T21:43:42.393Z - info: Saving configuration info to disk ghost 21:43:42.78 INFO ==> Configuring Ghost URL to http://203.0.113.0 Disabling automatic domain update for IP address changes ``` ## Step 4: Sign in to the administration dashboard of your Ghost website Now that you have the default application password, complete the following procedure to navigate to your Ghost website's home page, and sign in to the administration dashboard. After you’re signed in, you can start customizing your website and making administrative changes. For more information about what you can do in Ghost, see the [Step 6: Read the Ghost documentation and continue configuring your website](#amazon-lightsail-read-documentation-ghost.title) section later in this guide. 1. On your instance management page, under the **Connect** tab, make note of the public IP address of your instance. If you previously attached a static IP to your instance, this will be the static IP address. The public IP address is also displayed in the header section of your instance management page. ![\[Public IP address of an instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-ip.png) 1. Browse to the public IP address of your instance, for example by going to `http://203.0.113.0`. The home page of your Ghost website should appear. 1. Choose **Manage** in the bottom right corner of your Ghost website home page. If the **Manage** banner is not shown, you can reach the sign in page by browsing to `http:///ghost`. Replace `` with the public IP address of your instance. 1. Sign in using the default user name (`user@example.com`) and the default password retrieved earlier in this guide. The Ghost administration dashboard appears. ![\[The Ghost administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-ghost-dashboard.png) ## Step 5: Route traffic for your registered domain name to your Ghost website To route traffic for your registered domain name, such as `example.com`, to your Ghost website, you add a record to the DNS of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console. On the Lightsail console home page, in the **Domains & DNS** section, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Creating a DNS zone to manage your domain’s DNS records in Lightsail](lightsail-how-to-create-dns-entry.md). After your domain name is routing traffic to your instance, you must complete the following steps to make the Ghost application aware of the new domain. 1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**. 1. After you're connected, enter the following command. Replace ** with the domain name that is directing traffic to your Ghost instance. ``` $ sudo /opt/bitnami/configure_app_domain --domain ``` **Example:** ``` $ sudo /opt/bitnami/configure_app_domain --domain example.com ``` You should see a response similar to the following example. The Ghost application should now be aware of the domain. ``` bitnami@ip-203.0.113.0:~$ sudo /opt/bitnami/configure_app_domain --domain example.com Configuring domain to example.com 2024-06-06T21:50:00.393Z - info: Saving configuration info to disk ghost 21:50:25.78 INFO ==> Configuring Ghost URL to http://example.com Disabling automatic domain update for IP address changes ``` If you browse to the domain name that you configured for your instance, you should be redirected to the home page of your Ghost website. Next, you should generate and configure an SSL/TLS certificate to enable HTTPS connections for your Ghost website. For more information, continue to the next [Step 6: Configure HTTPS for your Ghost website](#amazon-lightsail-https-ghost) section of this guide. ## Step 6: Configure HTTPS for your Ghost website Complete the following procedure to configure HTTPS on your Ghost website. These steps show you how to use the Bitnami HTTPS Configuration Tool (`bncert-tool`), which is a command line tool for requesting Let's Encrypt SSL/TLS certificates. For more information see [Learn About The Bitnami HTTPS Configuration Tool](https://docs.bitnami.com/aws/how-to/understand-bncert/) in the *Bitnami documentation*. **Important** Before starting with this procedure, make sure that you configured your domain to route traffic to your Ghost instance. Otherwise, the SSL/TLS certificate validation process will fail. 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png) 1. After you're connected, enter the following command to confirm the bncert tool is installed on your instance. ``` sudo /opt/bitnami/bncert-tool ``` You should see one of the following responses: + If you see command not found in the response, then the bncert tool is not installed on your instance. Continue to the next step in this procedure to install the bncert tool on your instance. + If you see **Welcome to the Bitnami HTTPS configuration tool** in the response, then the bncert tool is installed on your instance. Continue to the step 8 of this procedure. + If the bncert tool has been installed on your instance for a while, then you might see a message indicating that an updated version of the tool is available. Choose to download it, and then enter the `sudo /opt/bitnami/bncert-tool` command to run the bncert tool again. Continue to the step 8 of this procedure. 1. Enter the following command to download the bncert run file to your instance. ``` wget -O bncert-linux-x64.run https://downloads.bitnami.com/files/bncert/latest/bncert-linux-x64.run ``` 1. Enter the following command to create a directory for the bncert tool run file on your instance. ``` sudo mkdir /opt/bitnami/bncert ``` 1. Enter the following command to make the bncert run a file that can be executed as a program. ``` sudo chmod +x /opt/bitnami/bncert/bncert-linux-x64.run ``` 1. Enter the following command to create a symbolic link that runs the bncert tool when you enter the sudo /opt/bitnami/bncert-tool command. ``` sudo ln -s /opt/bitnami/bncert/bncert-linux-x64.run /opt/bitnami/bncert-tool ``` You are now done installing the bncert tool on your instance. 1. Enter the following command to run the bncert tool. ``` sudo /opt/bitnami/bncert-tool ``` 1. Enter your primary domain name and alternate domain names separated by a space as shown in the following example. If your domain is not configured to route traffic to the public IP address of your instance, the `bncert` tool will ask you to make that configuration before continuing. Your domain must be routing traffic to the public IP address of the instance from which you are using the `bncert` tool to enable HTTPS on the instance. This confirms that you own the domain, and serves as the validation for your certificate. ![\[Entering the primary and alternate domain names\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-domain-names.png) 1. The `bncert` tool will ask you how you want your website's redirection to be configured. These are the options available: + **Enable HTTP to HTTPS redirection** - Specifies whether users who browse to the HTTP version of your website (i.e., `http:/example.com`) are automatically redirected to the HTTPS version (i.e., `https://example.com`). We recommend enabling this option because it forces all visitors to use the encrypted connection. Type `Y` and press **Enter** to enable it. + **Enable non-www to www redirection** - Specifies whether users who browse to the apex of your domain (i.e., `https://example.com`) are automatically redirected to your domain's `www` subdomain (i.e., `https://www.example.com`). We recommend enabling this option. However, you may want to disable it and enable the alternate option (enable `www` to non-`www` redirection) if you have specified the apex of your domain as your preferred website address in search engine tools like Google's webmaster tools, or if your apex points directly to your IP and your `www` subdomain references your apex via a CNAME record. Type `Y` and press **Enter** to enable it. + **Enable www to non-www redirection** - Specifies whether users who browse to your domain's `www` subdomain (i.e., `https://www.example.com`) are automatically redirected to the apex of your domain (i.e., `https://example.com`). We recommend disabling this, if you enabled non-`www` redirection to `www`. Type `N` and press **Enter** to disable it. Your selections should look like the following example. ![\[Website redirection options\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-enable-disable-redirection.png) 1. The changes that are going to be made are listed. Type `Y` and press **Enter** to confirm and continue. ![\[Confirming the changes\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-confirm-changes.png) 1. Enter your email address to associate with your Let's Encrypt certificate and press **Enter**. ![\[Associating your email address with your Let's Encrypt certificate\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-email-address.png) 1. Review the Let's Encrypt Subscriber Agreement. Type `Y` and press **Enter** to accept the agreement and continue. ![\[Review the Let's Encrypt subscriber agreement\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-lets-ecrypt-agreement.png) The actions are performed to enable HTTPS on your instance, including requesting the certificate and configuring the redirections you specified. ![\[Actions being performed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-performing-actions.png) Your certificate is successfully issued and validated, and the redirections are successfully configured on your instance if you see a message similar to the following example. ![\[Actions successfully completed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-success-conf.png) The `bncert` tool will perform an automatic renewal of your certificate every 80 days before it expires. Repeat the above steps if you wish to use additional domains and subdomains with your instance, and you want to enable HTTPS for those domains. **Tip** Enter the following command to restart the services on your instance. ``` sudo /opt/bitnami/ctlscript.sh restart ``` You are now done enabling HTTPS on your Ghost instance. Next time you browse to your Ghost website using the domain you configured, you should see that it redirects to the HTTPS connection. ## Step 7: Read the Ghost documentation and continue configuring your website Read the Ghost documentation to learn how to administer and customize your website. For more information, see the [Ghost Documentation](https://ghost.org/docs/). ## Step 8: Create a snapshot of your instance After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken). You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md). ![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png) # Set up and configure a GitLab CE instance on Lightsail GitLab CE **Did you know?** Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) . Here are a few steps you should take to get started after your GitLab CE instance is up and running on Amazon Lightsail: **Contents** + [Step 1: Read the Bitnami documentation](#amazon-lightsail-read-the-bitnami-documentation-gitlab) + [Step 2: Get the default application password to access the GitLab CE admin area](#amazon-lightsail-get-the-default-user-password-gitlab) + [Step 3: Attach a static IP address to your instance](#amazon-lightsail-attach-static-ip-gitlab) + [Step 4: Sign in to the admin area of your Gitlab CE website](#amazon-lightsail-sign-in-gitlab) + [Step 5: Route traffic for your registered domain name to your GitLab CE website](#amazon-lightsail-map-your-domain-to-your-instance-gitlab) + [Step 6: Configure HTTPS for your GitLab CE website](#amazon-lightsail-https-gitlab) + [Step 7: Read the GitLab CE documentation and continue configuring your website](#amazon-lightsail-read-documentation-gitlab) + [Step 8: Create a snapshot of your instance](#amazon-lightsail-create-a-snapshot-gitlab) ## Step 1: Read the Bitnami documentation Read the Bitnami documentation to learn how to configure your GitLab CE application. For more information, see the [GitLab CE Packaged By Bitnami For AWS Cloud](https://docs.bitnami.com/aws/apps/gitlab/). ## Step 2: Get the default application password to access the GitLab CE admin area Complete the following procedure to get the default application password required to access the admin area for your GitLab CE website. For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md). 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png) 1. After you're connected, enter the following command to get the application password: ``` cat $HOME/bitnami_application_password ``` You should see a response similar to the following example, which contains the default application password: ![\[Bitnami default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bitnami-application-password.png) ## Step 3: Attach a static IP address to your instance The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance. On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md). ![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png) After the new static IP address is attached to your instance, you must complete the following steps to make the application aware of the new static IP address. 1. Make a note of the static IP address of your instance. It's listed in the header section of your instance management page. ![\[Public or static IP address of a Lightsail instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-static-ip.png) 1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-using-ssh.png) 1. After you're connected, enter the following command. Replace ** with the new static IP address of your instance. ``` sudo /opt/bitnami/configure_app_domain --domain ``` **Example:** ``` sudo /opt/bitnami/configure_app_domain --domain 203.0.113.0 ``` You should see a response similar to the following example. The application on your instance should now be aware of the new static IP address. ![\[Result of the domain configuration tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-configure-domain-ip-gitlab.png) ## Step 4: Sign in to the admin area of your Gitlab CE website Now that you have the default user password, navigate to your GitLab CE website's home page, and sign in to the admin area. After you’re signed in, you can start customizing your website and making administrative changes. For more information about what you can do in GitLab CE, see the [Step 7: Read the GitLab CE documentation and continue configuring your website](#amazon-lightsail-read-documentation-gitlab) section later in this guide. 1. On your instance management page, under the **Connect** tab, make note of the public IP address of your instance. The public IP address is also displayed in the header section of your instance management page. ![\[Public IP address of an instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-ip.png) 1. Browse to the public IP address of your instance, for example by going to `http://203.0.113.0`. The home page of your Gitlab CE website should appear. You might also see a browser warning that your connection is not private, not secure, or that there’s a security risk. This happens because your GitLab CE instance does not yet have an SSL/TLS certificate applied to it. In the browser window, choose **Advanced**, **Details**, or **More information** to view the options that are available. Then choose to proceed to the website even if it’s not private or secure. 1. Sign in using the default user name (`root`) and the default password retrieved earlier in this guide. The Gitlab CE administration dashboard appears. ![\[The Gitlab CE administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-gitlab-dashboard.png) ## Step 5: Route traffic for your registered domain name to your GitLab CE website To route traffic for your registered domain name, such as `example.com`, to your GitLab CE website, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console. On the Lightsail console home page, under the **Networking** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Create a DNS zone to manage your domain’s DNS records](lightsail-how-to-create-dns-entry.md). ![\[Create a DNS zone in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-create-dns-zone.png) After your domain name is routing traffic to your instance, you must complete the following procedure to make GitLab CE aware of the domain name. 1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-using-ssh.png) 1. After you're connected, enter the following command. Replace ** with the domain name that is routing traffic to your instance. ``` sudo /opt/bitnami/configure_app_domain --domain ``` **Example:** ``` sudo /opt/bitnami/configure_app_domain --domain example.com ``` You should see a response similar to the following example. Your GitLab CE instance should now be aware of the domain name. ![\[Result of the domain configuration tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-configure-domain-example-gitlab.png) **Note** If that command fails, you might be using an older version of the GitLab CE instance. Try running the following command instead. Replace ** with the domain name that is routing traffic to your instance. ``` cd /opt/bitnami/apps/gitlab && \ sudo ./bnconfig --machine_hostname ``` After running the above command, enter the following command to keep the bnconfig tool from automatically running every time the server restarts. ``` sudo mv bnconfig bnconfig.disabled ``` Next, you should generate and configure an SSL/TLS certificate to enable HTTPS connections for your GitLab CE website. For more information, continue to the next [Step 6: Configure HTTPS for your GitLab CE website](#amazon-lightsail-https-gitlab) section of this guide. ## Step 6: Configure HTTPS for your GitLab CE website Complete the following procedure to configure HTTPS on your GitLab CE website. These steps show you how to use the [Lego client](https://github.com/go-acme/lego), which is a command line tool for requesting Let's Encrypt SSL/TLS certificates. **Important** Before starting with this procedure, make sure that you configured your domain to route traffic to your GitLab CE instance. Otherwise, the SSL/TLS certificate validation process will fail. To route traffic for your registered domain name, you add a record to the DNS of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console. On the Lightsail console home page, under the **Domains & DNS** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Creating a DNS zone to manage your domain’s DNS records in Lightsail](lightsail-how-to-create-dns-entry.md). 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png) 1. After you're connected, enter the following command to change directory to the temporary (/tmp) directory. ``` cd /tmp ``` 1. Enter the following command to download the latest version of the Lego client. This command downloads a tape archive (tar) file. ``` curl -Ls https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i - ``` 1. Enter the following command to extract the files from the tar file. Replace *X.Y.Z* with the version of the Lego client that you downloaded. ``` tar xf lego_vX.Y.Z_linux_amd64.tar.gz ``` **Example:** ``` tar xf lego_v4.7.0_linux_amd64.tar.gz ``` 1. Enter the following command to create the `/opt/bitnami/letsencrypt` directory where you will move the Lego client files into. ``` sudo mkdir -p /opt/bitnami/letsencrypt ``` 1. Enter the following command to move the Lego client files into the directory you created. ``` sudo mv lego /opt/bitnami/letsencrypt/lego ``` 1. Enter the following command to stop the application services that are running on your instance. ``` sudo service bitnami stop && \ sudo service gitlab-runsvdir stop ``` 1. Enter the following command to use the Lego client to request a Let's Encrypt SSL/TLS certificate. ``` sudo /opt/bitnami/letsencrypt/lego --tls --email="EmailAddress" --domains="RootDomain" --domains="WwwSubDomain" --path="/opt/bitnami/letsencrypt" run ``` In the command, replace the following example values with your own: + `EmailAddress` — Your email address for registration notifications. + `RootDomain` — The primary root domain that is routing traffic to your GitLab CE website (for example, `example.com`). + `WwwSubDomain` — The `www` subdomain of the primary root domain that is routing traffic to your GitLab CE website (for example, `www.example.com`). You can specify multiple domains for your certificate by specifying additional `--domains` parameters in your command. When you specify multiple domains, Lego creates a subject alternate names (SAN) certificate which results in only one certificate being valid for all domains you specified. The first domain in your list is added as the “CommonName” of the certificate and the rest are added as “DNSNames” to the SAN extension within the certificate. **Example:** ``` sudo /opt/bitnami/letsencrypt/lego --tls --email="user@example.com" --domains="example.com" --domains="www.example.com" --path="/opt/bitnami/letsencrypt" run ``` 1. Press **Y** and **Enter** when to accept the terms of service when prompted. You should see a response similar to the following example. ![\[Successful Lego client response to certificate request\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-configure-domain-cert-response-gitlab.png) If successful, a set of certificates are saved to the `/opt/bitnami/letsencrypt/certificates` directory. This set includes the server certificate file (for example, `example.com.crt`) and the server certificate key file for (example, `example.com.key`). 1. Enter the following command to rename the existing certificates on your instance. Later, you will replace these existing certificates with your new Let's Encrypt certificates. ``` sudo mv /etc/gitlab/ssl/tls.crt /etc/gitlab/ssl/tls.crt.old && \ sudo mv /etc/gitlab/ssl/tls.key /etc/gitlab/ssl/tls.key.old ``` 1. Enter the following command to create symbolic links for your new Let's Encript certificates in the `/etc/gitlab/ssl` directory, which is the default certificates directory on your GitLab CE instance. ``` sudo ln -sf /opt/bitnami/letsencrypt/certificates/Domain.key /etc/gitlab/ssl/tls.key && \ sudo ln -sf /opt/bitnami/letsencrypt/certificates/Domain.crt /etc/gitlab/ssl/tls.crt ``` In the command, replace *Domain* with the primary root domain that you specified when requesting your Let's Encrypt certificates. **Example:** ``` sudo ln -sf /opt/bitnami/letsencrypt/certificates/example.com.key /etc/gitlab/ssl/tls.key && \ sudo ln -sf /opt/bitnami/letsencrypt/certificates/example.com.crt /etc/gitlab/ssl/tls.crt ``` 1. Enter the following command to change the permissions of your new Let's Encrypt certificates in the directory you moved them into. ``` sudo chown root:root /etc/gitlab/ssl/tls* && \ sudo chmod 600 /etc/gitlab/ssl/tls* ``` 1. Enter the following command to restart the application services on your GitLab CE instance. ``` sudo service bitnami start && \ sudo service gitlab-runsvdir start ``` Next time you browse to your GitLab CE website using the domain you configured, you should see that it redirects to the HTTPS connection. Note that it can take up to an hour for the GitLab CE instance to recognize the new certificates. If your GitLab CE website refuses your connection, stop and start the instance, and try again. ## Step 7: Read the GitLab CE documentation and continue configuring your website Read the GitLab CE documentation to learn how to administer and customize your website. For more information, see the [GitLab Documentation](https://docs.gitlab.com/ee/index.html). ## Step 8: Create a snapshot of your instance After you configure your GitLab CE website the way you want it, create periodic snapshots of your instance to back it up. You can create snapshots manually, or enable automatic snapshots to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. For more information, see [Snapshots](understanding-snapshots-in-amazon-lightsail.md). On the instance management page, under the **Snapshot** tab, choose **Create a snapshot** or choose to enable automatic snapshots. ![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png) For more information, see Creating a snapshot of your [Linux or Unix instance in Amazon Lightsail](lightsail-how-to-create-a-snapshot-of-your-instance.md) or [Enabling or disabling automatic snapshots for instances or disks in Amazon Lightsail](amazon-lightsail-configuring-automatic-snapshots.md). # Get started with Joomla\$1 on Lightsail Joomla\$1 **Did you know?** Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) . Here are a few steps you should take to get started after your Joomla\$1 instance is up and running on Amazon Lightsail: **Contents** + [Step 1: Read the Bitnami documentation](#amazon-lightsail-read-the-bitnami-documentation-joomla) + [Step 2: Get the default application password to access the Joomla\$1 control panel](#amazon-lightsail-get-the-default-user-password-joomla) + [Step 3: Attach a static IP address to your instance](#amazon-lightsail-attach-static-ip-joomla) + [Step 4: Sign in to the control panel of your Joomla\$1 website](#amazon-lightsail-sign-in-joomla) + [Step 5: Route traffic for your registered domain name to your Joomla\$1 website](#amazon-lightsail-map-your-domain-to-your-instance-joomla) + [Step 6: Configure HTTPS for your Joomla\$1 website](#amazon-lightsail-https-joomla) + [Step 7: Read the Joomla\$1 documentation and continue configuring your website](#amazon-lightsail-read-documentation-joomla) + [Step 8: Create a snapshot of your instance](#amazon-lightsail-create-a-snapshot-joomla) ## Step 1: Read the Bitnami documentation Read the Bitnami documentation to learn how to configure your Joomla\$1 application. For more information, see the [Joomla\$1 Packaged By Bitnami For AWS Cloud](https://docs.bitnami.com/aws/apps/joomla/). ## Step 2: Get the default application password to access the Joomla\$1 control panel Complete the following procedure to get the default application password required to access the control panel for your Joomla\$1 website. For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md). 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png) 1. After you're connected, enter the following command to get the application password: ``` cat $HOME/bitnami_application_password ``` You should see a response similar to the following example, which contains the default application password: ![\[Bitnami default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bitnami-application-password.png) ## Step 3: Attach a static IP address to your instance The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance. On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md). ![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png) ## Step 4: Sign in to the control panel of your Joomla\$1 website Now that you have the default application password, complete the following procedure to navigate to your Joomla\$1 website's home page, and sign in to the control panel. After you’re signed in, you can start customizing your website and making administrative changes. For more information about what you can do in Joomla\$1, see the [Step 7: Read the Joomla\$1 documentation and continue configuring your website](#amazon-lightsail-read-documentation-joomla) section later in this guide. 1. On your instance management page, under the **Connect** tab, make note of the public IP address of your instance. The public IP address is also displayed in the header section of your instance management page. ![\[Public IP address of an instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-ip.png) 1. Browse to the public IP address of your instance, for example by going to `http://203.0.113.0`. The home page of your Joomla\$1 website should appear. 1. Choose **Manage** in the bottom right corner of your Joomla\$1 website home page. If the **Manage** banner is not shown, you can reach the sign in page by browsing to `http:///administrator/`. Replace `` with the public IP address of your instance. 1. Sign in using the default user name (`user`) and the default password retrieved earlier in this guide. The Joomla\$1 administration control panel appears. ![\[The Joomla! administration control panel\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-joomla-dashboard.png) ## Step 5: Route traffic for your registered domain name to your Joomla\$1 website To route traffic for your registered domain name, such as `example.com`, to your Joomla\$1 website, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console. On the Lightsail console home page, under the **Domains & DNS** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Creating a DNS zone to manage your domain’s DNS records in Lightsail](lightsail-how-to-create-dns-entry.md). After your domain name is routing traffic to your instance, you must complete the following steps to make the Joomla\$1 software aware of the domain name. 1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-using-ssh.png) 1. Bitnami is in the process of modifying the file structure for many of their blueprints. The file paths in this procedure may change depending on whether your Bitnami blueprint uses native Linux system packages (Approach A), or if it is a self-contained installation (Approach B). To identify your Bitnami installation type and which approach to follow, run the following command after you're connected: ``` test ! -f "/opt/bitnami/common/bin/openssl" && echo "Approach A: Using system packages." || echo "Approach B: Self-contained installation." ``` 1. Complete the following steps if the result of the previous command indicated that you should use approach A. Otherwise, continue to step 4 if the result of the previous command indicated that you should use approach B. 1. Enter the following command to open the Apache virtual host configuration file using Vim and create a virtual host for your domain name. ``` sudo vim /opt/bitnami/apache2/conf/vhosts/joomla-vhost.conf ``` 1. Press `I` to enter insert mode in Vim. 1. Add your domain name to the file as shown in the following example. In this example we are using the `example.com` and `www.example.com` domains. ![\[Apache virtual hosts configuration file\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-apache-vhost-config-approach-a.png) 1. Press the **Esc** key, and enter `:wq!` to save your edit (write) and exit Vim. 1. Enter the following command to restart the Apache server. ``` sudo /opt/bitnami/ctlscript.sh restart apache ``` 1. Complete the following steps if the result of the previous command indicated that you should use approach B. 1. Enter the following command to open the Apache virtual host configuration file using Vim and create a virtual host for your domain name. ``` sudo vim /opt/bitnami/apps/joomla/conf/httpd-vhosts.conf ``` 1. Press `I` to enter insert mode in Vim. 1. Add your domain name to the file as shown in the following example. In this example we are using the `example.com` and `www.example.com` domains. ![\[Apache virtual hosts configuration file\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-apache-vhost-config-approach-b.png) 1. Press the **Esc** key, and enter `:wq!` to save your edit (write) and exit Vim. 1. Enter the following command to confirm that the `bitnami-apps-vhosts.conf` file includes the `httpd-vhosts.conf` file for Joomla\$1. ``` sudo vim /opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf ``` Look for the following line in the file. Add it if it's missing. ``` Include "/opt/bitnami/apps/joomla/conf/httpd-vhosts.conf" ``` 1. Enter the following command to restart the Apache server. ``` sudo /opt/bitnami/ctlscript.sh restart apache ``` If you browse to the domain name that you configured for your instance, you should be redirected to the home page of your Joomla\$1 website. Next, you should generate and configure an SSL/TLS certificate to enable HTTPS connections for your Joomla\$1 website. For more information, continue to the next [Step 6: Configure HTTPS for your Joomla\$1 website](#amazon-lightsail-https-joomla) section of this guide. ## Step 6: Configure HTTPS for your Joomla\$1 website Complete the following procedure to configure HTTPS on your Joomla\$1 website. These steps show you how to use the Bitnami HTTPS Configuration Tool (`bncert-tool`), which is a command line tool for requesting Let's Encrypt SSL/TLS certificates. For more information see [Learn About The Bitnami HTTPS Configuration Tool](https://docs.bitnami.com/aws/how-to/understand-bncert/) in the *Bitnami documentation*. **Important** Before starting with this procedure, make sure that you configured your domain to route traffic to your Joomla\$1 instance. Otherwise, the SSL/TLS certificate validation process will fail. 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png) 1. After you're connected, enter the following command to confirm the bncert tool is installed on your instance. ``` sudo /opt/bitnami/bncert-tool ``` You should see one of the following responses: + If you see command not found in the response, then the bncert tool is not installed on your instance. Continue to the next step in this procedure to install the bncert tool on your instance. + If you see **Welcome to the Bitnami HTTPS configuration tool** in the response, then the bncert tool is installed on your instance. Continue to the step 8 of this procedure. + If the bncert tool has been installed on your instance for a while, then you might see a message indicating that an updated version of the tool is available. Choose to download it, and then enter the `sudo /opt/bitnami/bncert-tool` command to run the bncert tool again. Continue to the step 8 of this procedure. 1. Enter the following command to download the bncert run file to your instance. ``` wget -O bncert-linux-x64.run https://downloads.bitnami.com/files/bncert/latest/bncert-linux-x64.run ``` 1. Enter the following command to create a directory for the bncert tool run file on your instance. ``` sudo mkdir /opt/bitnami/bncert ``` 1. Enter the following command to make the bncert run a file that can be executed as a program. ``` sudo chmod +x /opt/bitnami/bncert/bncert-linux-x64.run ``` 1. Enter the following command to create a symbolic link that runs the bncert tool when you enter the sudo /opt/bitnami/bncert-tool command. ``` sudo ln -s /opt/bitnami/bncert/bncert-linux-x64.run /opt/bitnami/bncert-tool ``` You are now done installing the bncert tool on your instance. 1. Enter the following command to run the bncert tool. ``` sudo /opt/bitnami/bncert-tool ``` 1. Enter your primary domain name and alternate domain names separated by a space as shown in the following example. If your domain is not configured to route traffic to the public IP address of your instance, the `bncert` tool will ask you to make that configuration before continuing. Your domain must be routing traffic to the public IP address of the instance from which you are using the `bncert` tool to enable HTTPS on the instance. This confirms that you own the domain, and serves as the validation for your certificate. ![\[Entering the primary and alternate domain names\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-domain-names.png) 1. The `bncert` tool will ask you how you want your website's redirection to be configured. These are the options available: + **Enable HTTP to HTTPS redirection** - Specifies whether users who browse to the HTTP version of your website (i.e., `http:/example.com`) are automatically redirected to the HTTPS version (i.e., `https://example.com`). We recommend enabling this option because it forces all visitors to use the encrypted connection. Type `Y` and press **Enter** to enable it. + **Enable non-www to www redirection** - Specifies whether users who browse to the apex of your domain (i.e., `https://example.com`) are automatically redirected to your domain's `www` subdomain (i.e., `https://www.example.com`). We recommend enabling this option. However, you may want to disable it and enable the alternate option (enable `www` to non-`www` redirection) if you have specified the apex of your domain as your preferred website address in search engine tools like Google's webmaster tools, or if your apex points directly to your IP and your `www` subdomain references your apex via a CNAME record. Type `Y` and press **Enter** to enable it. + **Enable www to non-www redirection** - Specifies whether users who browse to your domain's `www` subdomain (i.e., `https://www.example.com`) are automatically redirected to the apex of your domain (i.e., `https://example.com`). We recommend disabling this, if you enabled non-`www` redirection to `www`. Type `N` and press **Enter** to disable it. Your selections should look like the following example. ![\[Website redirection options\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-enable-disable-redirection.png) 1. The changes that are going to be made are listed. Type `Y` and press **Enter** to confirm and continue. ![\[Confirming the changes\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-confirm-changes.png) 1. Enter your email address to associate with your Let's Encrypt certificate and press **Enter**. ![\[Associating your email address with your Let's Encrypt certificate\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-email-address.png) 1. Review the Let's Encrypt Subscriber Agreement. Type `Y` and press **Enter** to accept the agreement and continue. ![\[Review the Let's Encrypt subscriber agreement\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-lets-ecrypt-agreement.png) The actions are performed to enable HTTPS on your instance, including requesting the certificate and configuring the redirections you specified. ![\[Actions being performed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-performing-actions.png) Your certificate is successfully issued and validated, and the redirections are successfully configured on your instance if you see a message similar to the following example. ![\[Actions successfully completed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-success-conf.png) The `bncert` tool will perform an automatic renewal of your certificate every 80 days before it expires. Repeat the above steps if you wish to use additional domains and subdomains with your instance, and you want to enable HTTPS for those domains. You are now done enabling HTTPS on your Joomla\$1 instance. Next time you browse to your Joomla\$1 website using the domain you configured, you should see that it redirects to the HTTPS connection. ## Step 7: Read the Joomla\$1 documentation and continue configuring your website Read the Joomla\$1 documentation to learn how to administer and customize your website. For more information, see the [Joomla\$1 Documentation](https://docs.joomla.org/). ## Step 8: Create a snapshot of your instance After you configure your Joomla\$1 website the way you want it, create periodic snapshots of your instance to back it up. You can create snapshots manually, or enable automatic snapshots to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. For more information, see [Snapshots](understanding-snapshots-in-amazon-lightsail.md). On the instance management page, under the **Snapshot** tab, choose **Create a snapshot** or choose to enable automatic snapshots. ![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png) For more information, see Creating a snapshot of your [Linux or Unix instance in Amazon Lightsail](lightsail-how-to-create-a-snapshot-of-your-instance.md) or [Enabling or disabling automatic snapshots for instances or disks in Amazon Lightsail](amazon-lightsail-configuring-automatic-snapshots.md). # Deploy and manage a LAMP stack on Lightsail LAMP **Did you know?** Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) . Here are a few steps you should take to get started after your LAMP instance is up and running on Amazon Lightsail. Before you get started, identify your blueprint vendor on your instance management page: ![\[LAMP blueprint vendor on the instance management page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/headers/lamp-blueprint-vendor.png) Select the appropriate guide for your LAMP instance: ------ #### [ Bitnami ] ## Step 1: Get the default application password for your LAMP instance You need the default application password to access pre-installed applications or services on your instance. 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. 1. After you're connected, enter the following command to get the application password: ``` cat bitnami_application_password ``` **Note** If you're in a directory other than the user home directory, then enter `cat $HOME/bitnami_application_password`. You should see a response similar to this, which contains the default application password: ![\[Bitnami default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bitnami-application-password.png) For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md). ## Step 2: Attach a static IP address to your LAMP instance The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance. On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md). ![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png) ## Step 3: Visit your LAMP instance welcome page Navigate to the public IP address of your instance to access the application installed on it, access phpMyAdmin, or access the Bitnami documentation. 1. On your instance management page, under the **Connect** tab, make note of the public IP. 1. Browse to the public IP address, for example by going to `http://192.0.2.3`. For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md). ## Step 4: Map your domain name to your LAMP instance To map your domain name, such as `example.com`, to your instance, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console. On the Lightsail console home page, under the **Networking** tab, choose **Create DNS zonelamp**, then follow the instructions on the page. For more information, see [Create a DNS zone to manage your domain's DNS records](lightsail-how-to-create-dns-entry.md). ## Step 5: Read the Bitnami documentation Read the Bitnami documentation to learn how to deploy your application, enable HTTPS support with SSL certificates, upload files to the server with SFTP, and more. For more information, see the [Bitnami LAMP for AWS Cloud](https://docs.bitnami.com/aws/infrastructure/lamp/). ## Step 6: Create a snapshot of your LAMP instance After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken). You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md). ![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png) ------ #### [ Lightsail ] ## Step 1: Get the default application password for your LAMP instance You need the default application password to access pre-installed applications or services on your instance. 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. 1. After you're connected, enter the following command to get the default application password: ``` cat ~/application_credentials ``` You should see a response similar to this, which contains the default application password: ![\[Default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-application-password.png) ## Step 2: Attach a static IP address to your LAMP instance The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance. On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md). ![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png) ## Step 3: Visit your LAMP instance welcome page Navigate to the static IP address of your instance to access the application installed on your instance. 1. On your instance management page, copy the static IP address: ![\[Copy static IP\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/headers/lamp-copy-static-ip.png) 1. Paste the static IP address into your browser address, for example `http://192.0.0.1`. ## Step 4: Map your domain name to your LAMP instance To map your domain name, such as `example.com`, to your instance, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console. On the Lightsail console home page, under the **Networking** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Create a DNS zone to manage your domain's DNS records](lightsail-how-to-create-dns-entry.md). For enabling HTTPS, see [Secure your Lightsail LAMP website with Let's Encrypt SSL/TLS](amazon-lightsail-using-lets-encrypt-certificates-with-lamp.md). ## Step 5: Deploy your application 1. Follow the instructions from [ Transfer files between Linux instances on Lightsail using scp ](amazon-lightsail-transfer-files-between-linux-instances.md) to copy your application to `/var/www/html` 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. 1. Run `sudo systemctl restart apache2` 1. Navigate to your instance's static IP address ## Step 6: Create a snapshot of your LAMP instance After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken). You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md). ![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png) ------ # Set up and configure Magento on Lightsail Magento **Did you know?** Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) . Here are a few steps you should complete to get started after your Magento instance is up and running on Amazon Lightsail. **Contents** + [Step 1: Get the default application password for your Magento website](#amazon-lightsail-magento-get-the-default-user-password) + [Step 2: Attach a static IP address to your Magento instance](#amazon-lightsail-magento-attach-static-ip) + [Step 3: Sign in to the administration dashboard of your Magento website](#amazon-lightsail-magento-sign-in) + [Step 4: Route traffic for your registered domain name to your Magento website](#amazon-lightsail-magento-map-your-domain-to-your-instance) + [Step 5: Configure HTTPS for your Magento website](#amazon-lightsail-magento-https) + [Step 6: Configure SMTP for email notifications](#amazon-lightsail-magento-smtp) + [Step 7: Read the Bitnami and Magento documentation](#amazon-lightsail-magento-read-the-bitnami-documentation) + [Step 8: Create a snapshot of your Magento instance](#amazon-lightsail-magento-create-a-snapshot) ## Step 1: Get the default application password for your Magento website Complete the following steps to get the default application password for your Magento website. For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md). 1. On the instance management page, under the **Connect** tab, choose **Connect using SSH.** ![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png) 1. After you're connected, enter the following command to get the default application password: ``` cat $HOME/bitnami_application_password ``` You should see a response similar to the following example, which contains the default application password. Store this password in a safe place. You will use it in the next section of this tutorial to sign in to the administration dashboard of your Magento website. ![\[Default application password for Bitnami instances\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-ssh-default-application-password.png) ## Step 2: Attach a static IP address to your Magento instance The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance. On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md). ![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png) After the new static IP address is attached to your instance, you must complete the following steps to make the Magento software aware of the new static IP address. 1. Make a note of the static IP address of your instance. It's listed in the header section of your instance management page. ![\[Public or static IP address of a Lightsail instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-static-ip.png) 1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-using-ssh.png) 1. After you're connected, enter the following command. Be sure to replace ** with the new static IP address of your instance. ``` sudo /opt/bitnami/configure_app_domain --domain ``` **Example:** ``` sudo /opt/bitnami/configure_app_domain --domain 203.0.113.0 ``` You should see a response similar to the following example. The Magento software should now be aware of the new static IP address. ![\[Result of the domain configuration tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-configure-domain-ip.png) **Note** Magento does not currently support IPv6 addresses. You can enable IPv6 for the instance, but the Magento software will not respond to requests over the IPv6 network. ## Step 3: Sign in to the administration dashboard of your Magento website Complete the following step to access your Magento website and sign in to its administration dashboard. To sign in, you will use the default user name (`user`) and the default application password that you got earlier in this guide. 1. In the Lightsail console, make note of the public or static IP address that is listed in the header area of the instance management page. ![\[Public or static IP address of a Lightsail instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-static-ip.png) 1. Browse to the following address to access the sign in page for the administration dashboard of your Magento website. Be sure to replace ** with the public or static IP address of your instance. ``` http:///admin ``` **Example: ** ``` http://203.0.113.0/admin ``` **Note** You might need to reboot the instance if you can't access the sign in page for the Magento administration dashboard. 1. Enter the default user name (`user`), the default application password you got earlier in this guide, and choose **Sign in**. ![\[The Magento administration dashboard sign in page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-magento-sign-in-page.png) The Magento administration dashboard appears. ![\[Magento administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-magento-administration-dashboard.png) To change the default user name or password that you use to sign in to the administration dashboard of your Magento website, choose **System** in the navigation pane, and then choose **All Users**. For more information, see [Adding users](https://docs.magento.com/user-guide/system/permissions-users-all.html) in the *Magento documentation*. ![\[All users option in the Magento navigation pane\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-all-users.png) For more information about the administration dashboard, see [Magento 2.4 User Guide](https://docs.magento.com/user-guide/) . ## Step 4: Route traffic for your registered domain name to your Magento website To route traffic for your registered domain name, such as `example.com`, to your Magento website, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console. On the Lightsail console home page, under the **Domains & DNS** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Creating a DNS zone to manage your domain’s DNS records in Lightsail](lightsail-how-to-create-dns-entry.md). After your domain name is routing traffic to your instance, you must complete the following steps to make the Magento software aware of the domain name. 1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-using-ssh.png) 1. After you're connected, enter the following command. Be sure to replace ** with the domain name that is routing traffic to your instance. ``` sudo /opt/bitnami/configure_app_domain --domain ``` **Example:** ``` sudo /opt/bitnami/configure_app_domain --domain www.example.com ``` You should see a response similar to the following example. The Magento software should now be aware of the domain name. ![\[Result of the domain configuration tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-configure-domain.png) ## Step 5: Configure HTTPS for your Magento website Complete the following steps to configure HTTPS on your Magento website. These steps show you how to use the Bitnami HTTPS configuration tool (bncert), which is a command line tool for requesting SSL/TLS certificates, setting up redirections (e.g. HTTP to HTTPS), and renewing certificates. **Important** The bncert tool will issue certificates only for domains that are currently routing traffic to the public IP address of your Magento instance. Before starting with these steps, make sure that you add DNS records to the DNS of all domains that you want to use with your Magento website. 1. On the instance management page, under the Connect tab, choose **Connect using SSH**. ![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png) 1. After you're connected, enter the following command to start the bncert-tool. ``` sudo /opt/bitnami/bncert-tool ``` You should see a response similar to the following example: ![\[Running the bncert tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-run-bncert-tool-success.png) 1. Enter your primary domain name and alternate domain names separated by a space as shown in the following example. ![\[Entering the primary and alternate domain names\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-bncert-domain-names.png) 1. The changes that are going to be made are listed. Type `Y` and press **Enter** to confirm and continue. ![\[Confirming the changes\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-bncert-confirm-changes.png) 1. Enter your email address to associate with your Let's Encrypt certificate and press **Enter**. ![\[Associating your email address with your Let's Encrypt certificate\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-bncert-email-address.png) 1. Review the Let's Encrypt Subscriber Agreement. Type `Y` and press **Enter** to accept the agreement and continue. ![\[Review the Let's Encrypt subscriber agreement\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-bncert-lets-ecrypt-agreement.png) The actions are performed to enable HTTPS on your instance, including requesting the certificate and configuring the redirections you specified. ![\[Actions being performed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-bncert-performing-actions.png) Your certificate is successfully issued and validated, and the redirections are successfully configured on your instance if you see a message similar to the following example. ![\[Actions successfully completed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-bncert-success-conf.png) The `bncert` tool will perform an automatic renewal of your certificate every 80 days before it expires. Continue to the next set of steps to finish enabling HTTPS on your Magento website. 1. Browse to the following address to access the sign in page for the administration dashboard of your Magento website. Be sure to replace ** with the registered domain name that is routing traffic to your instance. ``` http:///admin ``` **Example: ** ``` http://www.example.com/admin ``` 1. Enter the default user name (`user`), the default application password you got earlier in this guide, and choose **Sign in**. ![\[The Magento administration dashboard sign in page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-magento-sign-in-page.png) The Magento administration dashboard appears. ![\[Magento administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-magento-administration-dashboard.png) 1. Choose **Stores** in the navigation pane, and then choose **Configuration**. ![\[Magento administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-magento-configuration.png) 1. Choose **Web**, and then expand the **Base URLs** node. 1. In the **Base URL** text box, enter the full URL of your website, for example `https://www.example.com/`. ![\[Magento administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-magento-base-urls.png) 1. Expand the Base URLs (Secure) node. 1. In the **Secure Base URL** text box, enter the full URL of your website, for example `https://www.example.com/`. ![\[Magento administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-magento-base-urls-secure.png) 1. Choose **Yes** for the **Use Secure URLs on Storefront**, **Use Secure URLs in Admin**, and **Upgrade Insecure Requests** options. ![\[Magento administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-magento-base-urls-secure-options.png) 1. Choose Save Config at the top of the page. HTTPS is now configured for your Magento website. When customers browse to the HTTP version (e.g., `http://www.example.com`) of your Magento website, they will be automatically redirected to the HTTPS version (e.g., `https://www.example.com`). ## Step 6: Configure SMTP for email notifications Configure the SMTP settings of your Magento website to enable email notifications for it. For more information, see [Install the Magento Magepal SMTP extension](https://docs.bitnami.com/aws/apps/magento/configuration/install-extension-smtp/) in the *Bitnami documentation*. **Important** If you configure SMTP to use ports 25, 465, or 587, then you must open those ports in the firewall of your instance in the Lightsail console. For more information, see [Adding and editing instance firewall rules in Amazon Lightsail](amazon-lightsail-editing-firewall-rules.md). If you configure your Gmail account to send email on your Magento website, then you must use an app password instead of using the standard password that you use to sign in to Gmail. For more information, see [Sign in with App Passwords](https://support.google.com/accounts/answer/185833?hl=en). ## Step 7: Read the Bitnami and Magento documentation Read the Bitnami documentation to learn how to perform administrative tasks on your Magento instance and website, such as install plugins and customize the theme. For more information, see [Bitnami Magento Stack for AWS Cloud](https://docs.bitnami.com/aws/apps/magento/) in the *Bitnami documentation*. You should also read the Magento documentation to learn how to administer your Magento website. For more information, see the [Magento 2.4 User Guide](https://docs.magento.com/user-guide/). ## Step 8: Create a snapshot of your Magento instance After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken). You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md). ![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png) # Deploy and manage an Nginx web server on Lightsail Nginx **Did you know?** Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) . ## Identify your Nginx blueprint vendor Here are a few steps you should take to get started after your Nginx instance is up and running on Amazon Lightsail. Before you get started, identify your blueprint vendor on your instance management page: ![\[Nginx blueprint vendor on the instance management page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/headers/nginx-blueprint-vendor.png) Select the appropriate guide for your Nginx instance: ------ #### [ Bitnami ] ## Step 1: Get the default application password for your Nginx instance You need the default application password to access pre-installed applications or services on your instance. 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. 1. After you're connected, enter the following command to get the default application password: ``` cat bitnami_application_password ``` **Note** If you're in a directory other than the user home directory, then enter `cat $HOME/bitnami_application_password`. You should see a response similar to this, which contains the default application password: ![\[Bitnami default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bitnami-application-password.png) For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md). ## Step 2: Attach a static IP address to your Nginx instance The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance. On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md). ![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png) ## Step 3: Visit your Nginx instance welcome page Navigate to the public IP address of your instance to access the application installed on it, access phpMyAdmin, or access the Bitnami documentation. 1. On your instance management page, under the **Connect** tab, make note of the public IP. 1. Browse to the public IP address, for example by going to `http://192.0.2.3`. For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md). ## Step 4: Map your domain name to your Nginx instance To map your domain name, such as `example.com`, to your instance, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console. On the Lightsail console home page, under the **Networking** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Create a DNS zone to manage your domain’s DNS records](lightsail-how-to-create-dns-entry.md). ## Step 5: Read the Bitnami documentation Read the Bitnami documentation to learn how to deploy your Nginx application, enable HTTPS support with SSL certificates, upload files to the server with SFTP, and more. For more information, see the [Bitnami Nginx for AWS Cloud](https://docs.bitnami.com/aws/infrastructure/nginx/). ## Step 6: Create a snapshot of your Nginx instance After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken). You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md). ![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png) ------ #### [ Lightsail ] ## Step 1: Get the default application password for your Nginx instance You need the default application password to access pre-installed applications or services on your instance. 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. 1. After you're connected, enter the following command to get the default application password: ``` cat ~/application_credentials ``` You should see a response similar to this, which contains the default application password: ![\[Default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-application-password.png) ## Step 2: Attach a static IP address to your Nginx instance The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance. On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md). ![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png) ## Step 3: Visit your Nginx instance welcome page Navigate to the static IP address of your instance to access the application installed on your instance. 1. On your instance management page, copy the static IP address: ![\[Copy static IP\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/headers/nginx-copy-static-ip.png) 1. Paste the static IP address into your browser address, for example `http://192.0.0.1`. For more information, see the [Nginx admin guide](https://docs.nginx.com/nginx/admin-guide/). ## Step 4: Map your domain name to your Nginx instance To map your domain name, such as `example.com`, to your instance, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console. On the Lightsail console home page, under the **Networking** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Create a DNS zone to manage your domain’s DNS records](lightsail-how-to-create-dns-entry.md). For enabling HTTPS, see [Secure your Lightsail Nginx website with Let's Encrypt SSL/TLS](amazon-lightsail-using-lets-encrypt-certificates-with-nginx.md). ## Step 5: Deploy your application 1. Follow the instructions from [ Transfer files between Linux instances on Lightsail using scp ](amazon-lightsail-transfer-files-between-linux-instances.md) to copy your application to `/usr/share/nginx/html` 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. 1. Run `sudo systemctl restart nginx` 1. Navigate to your instance's static IP address ## Step 6: Create a snapshot of your Nginx instance After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken). You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md). ![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png) ------ # Deploy and manage a Node.js stack on Lightsail Node.js **Did you know?** Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) . Here are a few steps you should take to get started after your Node.js instance is up and running on Amazon Lightsail. Before you get started, identify your blueprint vendor on your instance management page: ![\[Node.js blueprint vendor on the instance management page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/nodejs/nodejs-blueprint-vendor.png) Select the appropriate guide for your Node.js instance: ------ #### [ Bitnami ] ## Step 1: Attach a static IP address to your Node.js instance The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance. On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md). ![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png) ## Step 2: Visit your Node.js instance welcome page Navigate to the public IP address of your instance to access the application installed on it, access phpMyAdmin, or access the Bitnami documentation. 1. On your instance management page, under the **Connect** tab, make note of the public IP. 1. Browse to the public IP address, for example by going to `http://192.0.2.3`. For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md). ## Step 3: Map your domain name to your Node.js instance To map your domain name, such as `example.com`, to your instance, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console. On the Lightsail console home page, under the **Networking** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Create a DNS zone to manage your domain’s DNS records](lightsail-how-to-create-dns-entry.md). ## Step 4: Read the Bitnami documentation Read the Bitnami documentation to learn how to deploy your Node.js application, enable HTTPS support with SSL certificates, upload files to the server with SFTP, and more. For more information, see the [Bitnami Node.js for AWS Cloud](https://docs.bitnami.com/aws/infrastructure/nodejs/). ## Step 5: Create a snapshot of your Node.js instance After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken). You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md). ![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png) ------ #### [ Lightsail ] ## Step 1: Get the default application password for your Node.js instance You need the default application password to access pre-installed applications or services on your instance. 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. 1. After you're connected, enter the following command to get the default application password: ``` cat ~/application_credentials ``` You should see a response similar to this, which contains the default application password: ![\[Default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-application-password.png) ## Step 2: Attach a static IP address to your Node.js instance The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance. On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md). ![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png) ## Step 3: Visit your Node.js instance welcome page Navigate to the static IP address of your instance to access the application installed on it or access phpMyAdmin. 1. On your instance management page, copy the static IP address: ![\[Copy static IP\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/nodejs/nodejs-copy-static-ip.png) 1. Paste the static IP address into your browser address, for example `http://192.0.0.1`. ![\[Node.js welcome page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/nodejs/nodejs-welcome-page.png) For more information, see the [Node.js admin guide](https://nodejs.org/en/learn/getting-started/introduction-to-nodejs/). ## Step 4: Map your domain name to your Node.js instance To map your domain name, such as `example.com`, to your instance, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console. On the Lightsail console home page, under the **Networking** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Create a DNS zone to manage your domain’s DNS records](lightsail-how-to-create-dns-entry.md). ## Step 5: Deploy your application 1. Follow the instructions from [ Transfer files between Linux instances on Lightsail using scp ](amazon-lightsail-transfer-files-between-linux-instances.md) to copy your application to `/var/www/html/` 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. 1. Run `sudo pm2 restart nodeapp` 1. Navigate to your instance's static IP address ## Step 6: Create a snapshot of your Node.js instance After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken). You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md). ![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png) ------ # Get started with OpenClaw on Lightsail OpenClaw OpenClaw is an AI-powered chat gateway that runs on Amazon Lightsail, giving you a private, self-hosted AI assistant accessible from your browser, Telegram, WhatsApp, and more. This tutorial walks you through launching an Amazon Lightsail OpenClaw instance, pairing your browser, enabling AI capabilities, and optionally connecting messaging channels. **Did you know?** Your Lightsail OpenClaw instance comes pre-configured with Amazon Bedrock as the default AI model provider. Once you complete setup, you can start chatting with your AI assistant immediately — no additional configuration required. ## Step 1: Create an OpenClaw instance In this step, you create a Lightsail instance running OpenClaw. **To create a Lightsail instance with OpenClaw** 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com). 1. On the **Instances** section of the Lightsail home page, choose **Create instance**. 1. Choose the AWS Region and Availability Zone for your instance. 1. Choose the image for your instance as follows: + Under **Select a platform**, choose **Linux/Unix**. + Under **Select a blueprint**, choose **OpenClaw**. ![\[Select the OpenClaw blueprint.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/blueprint_selection.png) 1. Under **Choose your instance plan**, select an instance plan (4 GB memory plan is recommended for optimal performance). 1. Enter a name for your instance, or use the default name provided. **Note** Instance names must be unique within your Lightsail account, 2–255 characters, start and end with an alphanumeric character, and contain only alphanumeric characters, periods, dashes, or underscores. 1. Choose **Create instance**. Your instance will be in a **Starting** state for a few minutes while it starts up. Wait until the status shows **Running** before proceeding to the next step. ## Step 2: Pair your browser with OpenClaw Before you can use the OpenClaw dashboard, you need to pair your browser with OpenClaw. This creates a secure connection between your browser session and OpenClaw. **Tip** Have your browser ready on the same device you'll use to access the OpenClaw dashboard. You will copy a token from Lightsail, and paste it in the OpenClaw dashboard during this step. The default public IP address for your OpenClaw instance changes if you stop and start your instance. When you attach a static IP address to your instance, it stays the same even if you stop and start your instance. For more information, see [View and manage IP addresses for Lightsail resources](understanding-public-ip-and-private-ip-addresses-in-amazon-lightsail.md). **To pair your browser with OpenClaw** 1. On the **Instances** section of the Lightsail console, choose the name of your OpenClaw instance to open the instance management page. 1. In the **Getting started** tab, under **Pair your browser to OpenClaw**, choose **Connect using SSH**. A browser-based SSH terminal opens. ![\[The OpenClaw Getting Started tab.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/getting_started_tab.png) **Did you know?** The Message of the Day (MOTD) service running on your OpenClaw instance manages several automated configuration tasks, including origin detection, certificate management, and token rotation. You can check your MOTD version by connecting to your instance via SSH. Your OpenClaw instance automatically configures the gateway to accept connections from the instance’s IP address. MOTD version 2.0.0 includes an automatic origin detection feature that runs during instance startup and configures the allowed origin to be the instance's current IP address. When you attach a static IP address to your instance, the system automatically updates the allowed origin to use the static IP address instead. ![\[The OpenClaw Getting Started tab.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/motd_welcome_message.png) 1. In the SSH terminal, locate the **Dashboard URL** displayed in the welcome message. Copy this URL and open it in a new browser tab. ![\[Pairing a device with OpenClaw using sample data\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/device_pairing.png) 1. In the OpenClaw dashboard that opens, locate the **Gateway Token** field. 1. Back in the SSH terminal, copy the **Access Token** displayed. 1. Paste the copied access token into the **Gateway Token** field in the OpenClaw dashboard, then click **Connect**. ![\[Entering a token for the OpenClaw Gateway using sample data\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/gateway_access.png) 1. Return to the SSH terminal. When prompted, press **y** to approve the OpenClaw CLI. This will allow the SSH terminal to manage OpenClaw running on your instance. ![\[Approve OpenClaw CLI with a sample data\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/cli_approval.png) 1. Then, press **y** again when prompted, to continue with device pairing. 1. Press **a** to approve the device pairing request. When pairing is complete, the status in the OpenClaw dashboard will show **OK**. Your browser is now connected to your OpenClaw instance. ![\[Your browser is successfully connected to the OpenClaw Gateway.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/gateway_success.png) **Tip** If you need to pair an additional browser later, simply SSH into your instance again and repeat the pairing steps above. ## Step 3: Enable AI capabilities with Amazon Bedrock Your Lightsail OpenClaw instance is configured to use Amazon Bedrock to power its AI assistant. In this step, you will grant your instance the permissions it needs to call the Bedrock API. **To enable Bedrock API access** 1. On your OpenClaw instance management page, choose the **Getting started** tab. 1. Under **Enable Amazon Bedrock as your model provider**, click the **Copy the script** button. Then click the **Launch CloudShell** button to open CloudShell. **What does the setup script do?** The setup script performs the following actions: creates an IAM role specifically for your OpenClaw instance, attaches a policy granting access to Amazon Bedrock APIs, attaches a policy granting AWS Marketplace permissions (required for third-party models), and configures the instance profile to use this role. You can review the IAM policy details in the [IAM console](https://console.aws.amazon.com/iam/) after running the script. The IAM role will be named `LightsailRoleFor-[your-instance-id]`. ![\[Copy the Bedrock script for IAM role creation using test data.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/bedrock_script.png) 1. Paste the copied command into the CloudShell terminal and press Enter. 1. Wait for the script to complete. When you see **Done** in the output, the permissions have been applied successfully. Once this step is complete, navigate to **Chat** in the OpenClaw dashboard to start using your AI assistant. **Note:** Your Lightsail OpenClaw instance uses Anthropic Claude Sonnet 4.6 by default. If this is your first time using Anthropic models in Amazon Bedrock, you'll need to complete the First Time Use (FTU) form to gain access. [Learn more on how to access Anthropic models](https://docs.aws.amazon.com/bedrock/latest/userguide/model-access.html). ## Step 4: Connect a messaging channel (optional) You can extend OpenClaw to work with messaging apps like Telegram and WhatsApp, so you can interact with your AI assistant directly from your phone or messaging client. Before you can connect OpenClaw to a messaging channel, you need to pair your browser with OpenClaw (see Step 2). ### Connect Telegram **To add a Telegram channel** 1. Open Telegram and search for `@BotFather`. 1. Send the command `/newbot` and follow the prompts to create a new bot. BotFather will provide a **bot token** and a **deep link** for your bot. ![\[BotFather on Telegram.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/botfather.png) 1. Connect to your OpenClaw instance using SSH. A browser-based SSH terminal opens. 1. In the SSH terminal connected to your OpenClaw instance, run: ``` openclaw channels add ``` 1. Select **Telegram** from the list of available channels. ![\[Select Telegram from the channel selection menu.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/channel_selection.png) 1. When prompted, enter the **bot token** you received from BotFather in step 2. 1. In the OpenClaw dashboard, navigate to the **Channels** section, and add your **Telegram user ID** to the allow list. ![\[Allow your bot to receive messages from your Telegram ID.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/telegram_allow_from.png) 1. Test the integration by sending a message to your bot in Telegram in Step 2. 1. You will see a message in Telegram to approve OpenClaw pairing. In the SSH terminal, run: ``` openclaw pairing approve telegram [pairing code] ``` ![\[Telegram pairing information using sample data\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/telegram_pairing.png) 1. Test the integration again by sending a message to the bot you created in Telegram in Step 2 ![\[Telegram is paired with your OpenClaw instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/telegram_successful_message.png) ### Connect WhatsApp **To add a WhatsApp channel** 1. Connect to your OpenClaw instance using SSH. A browser-based SSH terminal opens. 1. In the SSH terminal connected to your OpenClaw instance, run: ``` openclaw channels add ``` 1. Select **WhatsApp** from the list of available channels. 1. Follow the on-screen instructions. A **QR code** will be displayed in the terminal. 1. On your phone, open WhatsApp, and use the **Linked Devices** feature to scan the QR code. 1. Complete the pairing on your phone. 1. Test the integration by sending a message to your OpenClaw assistant directly through WhatsApp by messaging the contact number you paired in above steps. ![\[WhatsApp is paired with your OpenClaw instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/whatsapp_successful_message.png) ## Step 5: Create a snapshot of your instance (optional) After completing the setup, we recommend creating a snapshot of your OpenClaw instance. Snapshots are point-in-time backups that let you restore your instance from a good known state, providing a reliable recovery mechanism. You can also create new instances of your desired plan from the snapshots. **To create a manual snapshot** 1. On the **Instances** section of the Lightsail console, choose the name of your OpenClaw instance. 1. Choose the **Snapshots** tab. 1. Under **Manual snapshots**, choose **Create snapshot**. 1. Enter a name for your snapshot and choose **Create**. **Did you know?** Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) . ## Frequently asked questions (FAQ) **How do I pair an additional browser with my OpenClaw instance?** You can pair as many browsers as you need. To pair a new browser, SSH into your OpenClaw instance again (from the instance management page in the Lightsail console, choose **Connect using SSH**). Follow the same pairing steps from Step 2: navigate to the Dashboard URL, copy the access token from the terminal, paste it into the Gateway Token field in the OpenClaw dashboard on the new browser, and approve the pairing request. **Can I customize the IAM permissions granted to my OpenClaw instance?** Yes. The setup script in Step 3 creates an IAM role with a policy that grants access to Amazon Bedrock. You can view, edit, or restrict this policy at any time: + Open the [IAM console](https://console.aws.amazon.com/iam/) and navigate to **Roles**. + Find the role created for your OpenClaw instance, e.g. `LightsailRoleFor-i-0d15d5483571b95bb`. + Choose the role to view its attached policies. + Choose the policy name to edit its permissions. Be careful when modifying permissions — removing required Bedrock permissions will prevent OpenClaw from generating AI responses. For more information, see [IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) in the AWS documentation. **Can I ask OpenClaw questions about itself — like what it can do or how to use it?** Yes, OpenClaw's built-in chat assistant can answer questions about OpenClaw itself. If you're not sure what OpenClaw can do, just ask it directly in the Chat interface. For example, you can type: + *"What can you help me with?"* + *"What channels can I connect to OpenClaw?"* + *"How do I add a new messaging channel?"* OpenClaw will respond with guidance based on its capabilities. This is a great way to explore features without leaving the OpenClaw dashboard. **Note:** You will need to either complete the **Enable AI capabilities with Amazon Bedrock** step (Step 3 in the getting started guide) or configure your own model provider for chat to work. The Bedrock setup involves running a one-click script from your instance's Getting started tab to grant the necessary permissions, and — if it's your first time using Anthropic models — submitting a brief First Time Use form in the Amazon Bedrock console. Without this step, the Chat interface will not have an AI model to connect to. **What does running OpenClaw on Lightsail cost?** Here is a breakdown of costs: + **Lightsail instance** — You pay for the instance plan you selected (e.g. the 4 GB plan). Lightsail plans are billed on an on-demand hourly rate, so you pay only for what you use. For every Lightsail plan you use, we charge you the fixed hourly price, up to the maximum monthly plan cost. + **AI model usage (tokens)** — Every message sent to and received from the OpenClaw assistant is processed through Amazon Bedrock using a token-based pricing model. Costs vary by model — some models are more expensive per token than others. + **Third-party model subscriptions** — If you select a third-party model distributed through AWS Marketplace (such as Anthropic Claude or Cohere), there may be additional software fees on top of the per-token cost. These appear as separate line items under **AWS Marketplace** in your bill. + **Data transfer overages** — [Each Lightsail plan](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-bundles.html#linux-unix-bundles) includes a monthly data transfer allowance. If your OpenClaw instance sends or receives more data than your plan includes, [overage charges apply for data transfer out.](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-faq-data-transfer-allowance.html) + **Snapshots** — Manual and automatic snapshots of your Lightsail instance are billed based on the amount of storage used. **I want to use an Anthropic model. Is there anything extra I need to do?** Anthropic has one additional requirement beyond the standard permissions: you must complete a [https://docs.aws.amazon.com/bedrock/latest/userguide/model-access.html](https://docs.aws.amazon.com/bedrock/latest/userguide/model-access.html) before invoking an Anthropic model for the first time. This is an Anthropic requirement and applies once per AWS account — or once at the AWS Organization's management account level, which is then inherited by all member accounts in the organization. Your OpenClaw instance uses Anthropic Claude-Sonnet 4.6 by default. Lightsail takes care of the underlying IAM and Marketplace permissions for you as part of the setup in Step 3. The CloudShell script creates an IAM role that includes the three required AWS Marketplace permissions (`aws-marketplace:Subscribe`, `aws-marketplace:Unsubscribe`, and `aws-marketplace:ViewSubscriptions`). These are needed for Amazon Bedrock to automatically enable third-party models the first time they are invoked. Once a model has been enabled in your account, all users in the account can invoke it without needing Marketplace permissions themselves — the subscription only needs to happen once. To complete the Anthropic-specific FTU requirement: + Open the [Amazon Bedrock console](https://console.aws.amazon.com/bedrock/). + Navigate to the **Model catalog** and select an Anthropic model (such as Claude). + You will be prompted to submit use case details. Complete and submit the form. Access to Anthropic models is granted immediately after the form is successfully submitted. Once done, you can select any Anthropic model in the OpenClaw dashboard and start using it right away. **Note** Models from Amazon, Meta, Mistral AI, DeepSeek, and Qwen are not sold through AWS Marketplace and do not require this step. For more information, see [Access Amazon Bedrock foundation models](https://docs.aws.amazon.com/bedrock/latest/userguide/model-access.html) in the Amazon Bedrock User Guide. **How does HTTPS work with my OpenClaw instance?** Your OpenClaw instance comes with a built-in HTTPS endpoint secured by a Let's Encrypt certificate. When your instance is created, a Let's Encrypt certificate is automatically issued for your instance's IPv4 address — no manual setup is required. **What happens to my SSL certificate if my instance's IP address changes?** Your OpenClaw instance includes a built-in certificate management daemon (`lightsail-manage-certd`) that monitors your instance's IP address. If the IP address changes — for example, when you attach or detach a static IP — the daemon automatically detects the change and issues a new Let's Encrypt certificate for the new IP address. No manual action is required for your SSL certificate. Note: The gateway access token will remain the same, but you will need to re-pair your browsers again by following the steps in **Step 2: Pair your browser with OpenClaw** **How often is my SSL certificate renewed?** Let's Encrypt certificates issued for your OpenClaw instance are valid for 7 days. The certificate management daemon automatically renews your certificate 2 days before it expires, so your instance stays secured without any interruption or manual intervention. **Can I install plugins on OpenClaw?** Yes. OpenClaw supports plugin installation, and some plugins or configuration changes may require you to manually restart the OpenClaw gateway service for the changes to take effect. To manage the gateway after installing a plugin or updating a configuration, SSH into your OpenClaw instance and use the following commands: + Stop the OpenClaw gateway service: `openclaw gateway stop` + Start the OpenClaw gateway service: `openclaw gateway start` + Check the current status of the service: `openclaw gateway status` **Note:**If you are using MOTD 1.0.0 (OpenClaw 2026.2.17), use the following commands instead: + Stop the OpenClaw gateway service: `sudo systemctl stop openclaw-gateway` + Start the OpenClaw gateway service: `sudo systemctl start openclaw-gateway` + Check the current status of the service: `sudo systemctl status openclaw-gateway` **What happens if my gateway token is compromised?** If the token is ever exposed — for example, leaked in logs, accidentally shared, or exposed through a prompt injection attack — anyone who has it can access your OpenClaw gateway until you manually regenerate it. **Is my gateway token automatically rotated?** Yes. It is automatically rotated at 3:00 UTC every day. This rotation will require you to re-pair your browser with your OpenClaw instance. **How do I manually rotate my gateway token?** To rotate your gateway token: + SSH into your OpenClaw instance from the Lightsail console. + Run the following command to regenerate the token: ``` openclaw token rotate ``` + The old token is immediately invalidated. Any browsers or clients currently paired with the old token will be disconnected. + Re-pair your browsers again using the new token by following the steps in **Step 2: Pair your browser with OpenClaw.** **Tip** After rotating your token, check that all trusted devices have been re-paired before resuming use. **How does automatic token rotation work?** MOTD 2.0.0 includes automatic token rotation that enhances security by rotating your gateway access token every day. **Important implications:** + When the token is automatically rotated, all paired browsers and devices will be disconnected. + You will need to re-pair your browser again by following the steps in Step 2: Pair your browser with OpenClaw. If you don't want the token to be rotated, you can disable it in the MOTD by changing the security settings. ![\[Setting to rotate tokens.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/token_rotation.png) **How do I rotate my messaging channel credentials (Telegram, WhatsApp, Slack)?** If a messaging platform token or credential stored on your OpenClaw instance is compromised — for example, your Telegram bot token, WhatsApp session credentials, or Slack token — you should rotate it immediately to prevent unauthorized access to your messaging channels. Credentials for connected channels are stored in `~/.openclaw/credentials/` on your instance. To rotate a credential: + Revoke the compromised token at the source: + Telegram: Open Telegram, message `@BotFather`, and use `/revoke` to invalidate your existing bot token and generate a new one. + WhatsApp: Log out the linked device session from WhatsApp on your phone (`Settings` → `Linked Devices` → select your OpenClaw session → `Log out`). Then re-link using the QR code pairing flow. + Update the credential on your OpenClaw instance: SSH into your instance and run: ``` openclaw channels update ``` Select the channel you want to update and enter the new token or credential when prompted. + Verify the channel is working by sending a test message through the updated channel. **Note** Rotating a messaging credential does not affect your gateway token or other connected channels — each credential is managed independently. **What does the `setup-lightsail-openclaw-bedrock-role.sh` script do?** It creates an IAM role that permits only your OpenClaw instance to use foundational models available via Amazon Bedrock and the AWS Marketplace. **How do I restore an OpenClaw instance from a snapshot?** + Create a new instance from an existing OpenClaw snapshot. For more information, see [Creating an instance from a snapshot](lightsail-how-to-create-instance-from-snapshot.md). + SSH into your new OpenClaw instance from the Lightsail console + Run the following command to get the instance ID for your Lightsail instance, e.g. *i-1234567890abcdef1*: ``` TOKEN=`curl -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` && curl -w "\n" -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/instance-id ``` + Run the following command to get the IAM role associated with the instance: ``` grep 'role_arn' /home/ubuntu/.aws/config | head -1 | awk '{print $3}' ``` + Find the role you retrieved in the previous step on the [IAM console](https://console.aws.amazon.com/iam/), e.g. `LightsailRoleFor-i-0d15d5483571b95bb` + Select `Trust relationships` + Select `Edit trust policy` + Update the trust policy with the ARN of the instance ID retrieved earlier, e.g. *"arn:aws:sts::0123456789012:assumed-role/AmazonLightsailInstance/i-1234567890abcdef1"*. + Select `Update policy` **How do I configure AllowedOrigin for my OpenClaw instance?** AllowedOrigin is a security setting that controls which web addresses (origins) are permitted to connect to your OpenClaw gateway. This prevents unauthorized websites from accessing your instance and protects against cross-origin security issues. **MOTD 2.0.0 (OpenClaw 2026.3.2 and later):** AllowedOrigin is automatically managed by the MOTD service. When your instance starts or when the IP address changes, the service automatically detects the correct origin, and updates the configuration. No manual action is required. **MOTD 1.0.0 (OpenClaw 2026.2.17):** You need to manually configure AllowedOrigin if you are accessing OpenClaw from a specific domain. SSH into your instance and edit the OpenClaw configuration file by following below instructions to add your allowed origins. + SSH into your OpenClaw instance from the Lightsail console + Open the configuration file: `~/.openclaw/openclaw.json` + Add or modify the AllowedOrigin setting: ``` { "gateway": { "controlUi": { "allowedOrigins": [ "https://" ] } } } ``` + Restart the OpenClaw gateway service: `sudo systemctl restart openclaw-gateway` **How do I update OpenClaw to the latest version?** To update your OpenClaw gateway to the latest version: + SSH into your OpenClaw instance + Run the update command: `sudo openclaw update --no-restart && openclaw gateway restart` **Important notes:** + The OpenClaw blueprint installs the gateway globally on the instance, which is why sudo privileges are required + The "Update" button in the OpenClaw control UI dashboard will not work because it doesn't have `sudo` privileges **What happens to device pairing when I attach a static IP address?** When you attach a static IP address to your OpenClaw instance, the instance's IP address changes. This has important implications for device pairing: + All previously paired browsers and devices will be disconnected + The gateway token remains valid, but the connection endpoint has changed + You must explicitly pair all browsers and devices again after attaching the static IP **To re-pair your devices:** + SSH into your instance (the SSH connection will work with the new static IP) + Follow the pairing steps in Step 2 to reconnect each browser + For messaging channels (Telegram, WhatsApp), you may also need to re-approve pairing **How do I grant sandbox permissions for enabling tools?** By default, OpenClaw runs tools and plugins in isolated Docker container environments (sandboxes) to protect your instance from potentially harmful operations. This isolation restricts what tools can access, including system commands, file system access, network connections, and host system resources. While this provides strong security, some tools may require less restrictive settings to function properly. For example, web scraping tools need network access, and file management tools need broader filesystem access. Without these permissions, the sandbox functions primarily as a basic chatbot with limited capabilities. To make the sandbox less restrictive: + SSH into your OpenClaw instance from the Lightsail console + Run the following commands to configure tool execution settings: ``` openclaw config set tools.exec.host gateway openclaw config set tools.exec.ask off openclaw config set tools.exec.security full ``` + Restart the OpenClaw gateway service for the changes to take effect: ``` openclaw gateway restart ``` What these settings do: + `tools.exec.host gateway` - Allows tools to execute directly on the gateway host instead of in an isolated Docker container, giving them access to system commands and resources + `tools.exec.ask off` - Disables permission prompts before tool execution, allowing tools to run automatically without manual approval + `tools.exec.security full` - Sets the security level for tool execution **Security consideration: **These settings significantly reduce the isolation between tools and your system. Only configure these settings if you trust the tools you're using. Running tools with less restrictive sandbox settings may expose your instance to security risks if a tool is compromised or malicious. **What are the differences between MOTD versions?** OpenClaw instances use different MOTD (Message of the Day) versions depending on when they were created. Here's what you need to know: **MOTD 1.0.0 (OpenClaw 2026.2.17):** + Gateway management: Use `sudo systemctl start/stop/status openclaw-gateway` + Token rotation: Manual only (use `openclaw token rotate`) **MOTD 2.0.0 (OpenClaw 2026.3.2 and later):** + Gateway management: Use simplified commands `openclaw gateway start/stop/status` + Token rotation: Automatic daily rotation **How to check your MOTD version:** SSH into your instance and look at the welcome message displayed. The MOTD version will be shown at the top. # Deploy a Plesk hosting stack on Lightsail Plesk **Did you know?** Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) . Learn how to create a Plesk instance in Amazon Lightsail, and how to sign in to the Plesk User Interface for the first time by creating a username and password. You will also learn how to connect to and configure your Plesk instance after it is up and running. **Important** Instances launched with the **Plesk Hosting Stack on Ubuntu (BYOL)** blueprint have a 30-day trial license. After 30 days, you must purchase and install a license from Plesk to continue using the Plesk application. For more information, see [Step 8: Purchase a Plesk license](#purchase-plesk-license). With Plesk hosting stacks in Lightsail, you can accomplish tasks such as: + Automate WordPress site management using WP Toolkit's graphical interface + Secure your site with free SSL certificates and configure HTTPS traffic using Let's Encrypt + Transfer files to and from your instance using FTP + Monitor and secure your server using web-based tools, including Plesk Firewall, Logs, and ModSecurity + Route inbound traffic from specific domains to designated container ports using Docker Proxy Rules ## Considerations for deploying a Plesk hosting stack Before you begin deploying your Plesk instance, determine if you need to register a domain for your website and how you want to manage it. You need a registered domain to access your website by a logical name (such as `http://example.com`) rather than by IP address. You also need a DNS name created within your domain to secure connections to your website with a certificate (required for HTTPS traffic). Review the following options for domain configuration and management: + If you already have a registered domain in Lightsail that you want to use, you can begin the steps in this tutorial. + If you have a domain with a different registrar that you prefer to manage your DNS records with, you can begin the steps in this tutorial. Otherwise, you can [transfer management of your domain's DNS records](https://docs.aws.amazon.com/lightsail/latest/userguide/lightsail-how-to-create-dns-entry.html#lightail-change-the-name-servers). This can help you to more efficiently manage all of your compute and DNS resources within Lightsail. + If you don't have a domain that you want to use, you can find and register one for your website. For more information on registering a domain with Lightsail, see [Register and manage domains for your website in Lightsail](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-domain-registration.html). ## Step 1: Create a Plesk instance Complete the following steps to create a Plesk instance on Lightsail. 1. Sign in to the Lightsail console at [https://lightsail.aws.amazon.com/](https://lightsail.aws.amazon.com/). 1. On the **Instances** home page, choose **Create instance**. 1. Select a location for your instance (an AWS Region and Availability Zone). Choose **Change AWS Region and Availability Zone** to create your instance in another location. 1. Optionally, you can change the Availability Zone. Choose **Change your Availability Zone**. 1. Under **Apps \$1 OS**, choose **Plesk Hosting Stack on Ubuntu (BYOL)**. 1. Choose an available instance plan. **Tip** For optimal website performance, select an instance plan that can accommodate the resource demands of the plugins and extensions that you plan to install. If you later require more compute power, you can [upsize your instance from a snapshot](https://docs.aws.amazon.com/lightsail/latest/userguide/how-to-create-larger-instance-from-snapshot-using-console.html). For more information about the requirements for plugins and extensions, consult the respective vendor's documentation. 1. Enter a name for your instance. Resource names: + Must be unique within each AWS Region in your Lightsail account. + Must contain 2 to 255 characters. + Must start and end with an alphanumeric character or number. + Can include alphanumeric characters, numbers, periods, dashes, and underscores. 1. (Optional) Choose **Add new tag** to add a tag to your instance. Repeat this step as needed to add additional tags. For more information on tag usage, such as for billing and resource organization, see [Tags](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-tags.html). + For **Key**, enter a tag key. + (Optional) For **Value**, enter a tag value. 1. Choose **Create instance**. Your instance takes a few minutes to provision and become available after you create it. **Tip** To streamline the initial setup process for Plesk, don't assign a static IP to your instance for now—you'll do this in a later step. If you attach a static IP to your Plesk instance now, you might get a one-time login URL that uses an outdated public IP address. This can occur because your instance might use the public IP address that was assigned initially rather than the static IP address. ## Step 2: Sign in to the Plesk user interface for the first time **Tip** Keep your Lightsail console and Plesk user interface browser tabs open until you complete this tutorial as you'll be working through multiple steps in each. Use the following procedure to obtain a one-time login URL to access the Plesk user interface as an administrator. This interface is where you'll create and manage your websites. **To obtain a one-time login URL** 1. In the left navigation pane, choose Instances. 1. Choose the name of the Plesk instance that you created. 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. **Note** If you attempt to connect too quickly after launching the instance, you might experience a connection or SSH key error. If you see these issues while connecting, wait a few minutes and try again. 1. After you're connected, enter the following command to get the one-time login URL. ``` sudo plesk login | grep plesk.page ``` You should see a response similar to the following example, which contains the one-time login URL. ``` https://heuristic-bassi.192-0-2-0.plesk.page/login?secret=ce-EXAMPLE298fc1c149afbf4c8996fb92427 ``` **Note** If your public IP address has changed (for example, you assigned a static IP since it was launched), you'll need to modify the returned URL to match your new address to access the login page. 1. Select the one-time login URL in the browser-based connection window and copy it. 1. Paste the URL in your web browser to access the Plesk login page. 1. Follow the instructions on the page to create your sign in credentials for Plesk. You should see an option to add your domain to Plesk when you sign in for the first time. ## Step 3: Attach a static IP address to your Plesk instance The default dynamic public IP address attached to your instance changes every time you stop and start the instance. To keep the public IP address from changing, create a static IP address and attach it to your instance. In a later step, you'll map your static IP address to your domain name. With this mapping configured, you don't have to update your domain's DNS records each time you stop and start the instance. **Note** You can only attach one static IP to a Lightsail instance. Static IP addresses are only free when they are attached to an instance. **To attach a static IP and update your public IP address in Plesk** 1. Sign in to the Lightsail console at [https://lightsail.aws.amazon.com/](https://lightsail.aws.amazon.com/). 1. On the **Instances** home page of the Lightsail console, choose the name of your Plesk instance. 1. Under the **Networking** tab, choose **Attach static IP**. 1. Create and attach a static IP address. + To create and attach a static IP when none exists in the Region: 1. Enter a name to identify the static IP. 1. Choose **Create and attach**. 1. Choose **Continue**. + To create and attach a new static IP when you already have one in the Region: 1. Choose the **Select a static IP** menu to display the available options. 1. Choose **Create a new static IP** in the dropdown menu. 1. Enter a name to identify the static IP. 1. Choose **Create and attach**. 1. Choose **Continue**. + To use an existing static IP in the Region: 1. Choose the **Select a static IP** menu to display the available options. 1. Choose an already available static IP in the dropdown menu. 1. Choose **Attach**. With the public IP address changed, you access the Plesk user interface using a URL that resembles `https://StaticIPAddress:8443`. Replace `StaticIPAddress` with the static IP address attached to your instance. For example, `https://192.0.2.0:8443`. On the login page, enter the username and password that you created previously to sign in to the Plesk user interface. **Note** When you connect with an IP address in the URL, you might see a browser warning that your connection is not private, not secure, or that there's a security risk. This happens because your Plesk instance's SSL/TLS certificate applied to it doesn't match the new public IP being used. In the browser window, choose **Advanced**, **Details**, or **More information** to view the options that are available. Then choose to proceed to the website even if it's not private or secure. ## Step 4: Update your public IP address in Plesk Now that you have the static IP address assigned to your instance, update the public IP address used by Plesk. This ensures that Plesk uses your updated public IP address rather than the dynamic address which is no longer associated with your instance. If you don't perform this step, the Plesk user interface might present warnings about the mismatch. **To update your public IP address in Plesk** 1. Access the Plesk user interface using the new public IP address that is assigned. For example, `https://192.0.2.0:8443`. 1. Authenticate using the sign in credentials that you created previously in [Step 2: Sign in to the Plesk user interface for the first time](#sign-in-to-plesk-ui). 1. In the bottom-left corner of the Plesk user interface, choose **Change View**, then choose **Switch to Power User view**. 1. In the left navigation pane of the Plesk user interface, choose **Tools & Settings**. 1. Under **Tools & Resources**, choose **IP Addresses**. 1. Choose **Update public IPs**. In the **Public IP Address** column, you should now see the value match with the static IP attached to your instance. ## Step 5: Add a website to your Plesk instance You can map one or more domain names (websites) within the Plesk user interface. Adding a domain in your Plesk instance enables you to [upload content](https://docs.plesk.com/en-US/obsidian/reseller-guide/website-management/quick-start-with-plesk/set-up-your-first-website/1-create-your-site/uploading-content.70312/), use [Presence Builder](https://www.plesk.com/extensions/offer-web-presence-builder/), and to install a [content management system](https://www.plesk.com/blog/various/top-10-php-cms-platforms-for-developers-in-2024/) (CMS). **To add a new domain in Plesk** 1. In the left navigation pane of the Plesk user interface, choose **Websites & Domains**. 1. Choose **Add Domain**. 1. Select an option for how you want to create your website. 1. Enter a domain name and fill out any additional required information fields. 1. Choose **Add Domain**. For more information, see [Adding and Removing Domains](https://docs.plesk.com/en-US/obsidian/administrator-guide/website-management/websites-and-domains/domains-and-dns/adding-and-removing-domains.65150/) in the *Plesk Administrator's Guide*. ## Step 6: Map your domain name to your Plesk instance You can map a domain to your Plesk instance to access your Plesk user interface using the domain name that you create. You can also map multiple domains within the Plesk user interface, which you can use to manage websites. For more information about mapping multiple domains within the Plesk user interface, see [Adding a Domain in Plesk](https://docs.plesk.com/en-US/obsidian/quick-start-guide/plesk-tutorial/step-6-change-your-password-and-log-out.74376/#adding-a-domain-in-plesk) in the *Plesk Documentation and Help Portal*. To map your domain name, such as `example.com`, to your instance, you add an A record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer them using the Lightsail console. For more information, see [Transfer DNS management for your Lightsail domain](amazon-lightsail-domain-register-other-dns-service-procedure.md). **To map your domain name to your Plesk instance in Lightsail** 1. Open the Amazon Lightsail console at [https://console.aws.amazon.com/lightsail/](https://console.aws.amazon.com/lightsail/). 1. In the left-navigation pane of the Plesk user interface, choose **Domains & DNS**. 1. Choose the name of your DNS zone. 1. Choose the **DNS records** tab. 1. Choose **Add record**. 1. For **Record name**, enter a value, such as `www`. 1. For **Resolves to**, enter the static IP address attached to your Plesk instance. 1. Choose **Save**. You should now be able to access your Plesk website using the domain name that you configured. ## Step 7: Read the Plesk documentation Read the Plesk documentation to learn how to administer websites, customize the Plesk user interface, and more. For more information, see the [Getting Started with Managing Websites in Plesk](https://docs.plesk.com/en-US/obsidian/quick-start-guide/read-me-first.74371/) in the *Plesk Documentation and Help Portal*. ## Step 8: Purchase a Plesk license Your Plesk instance includes a 30-day trial license. After 30 days, you must purchase a license from Plesk to continue using it. For more information, see [Pricing](https://www.plesk.com/pricing/) on the *Plesk* website. You must install the license after you purchase it from Plesk. To install your Plesk license, see [How to install the Plesk license](https://support.plesk.com/hc/en-us/articles/12378028764951-How-to-install-the-Plesk-license) on the *Plesk support* website. ## Step 9: Create a snapshot of your Plesk instance After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken). You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md). ![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png) # Set up a PrestaShop website on Lightsail PrestaShop **Did you know?** Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) . Here are a few steps you should complete to get started after your PrestaShop instance is up and running on Amazon Lightsail. **Contents** + [Step 1: Get the default application password for your PrestaShop website](#amazon-lightsail-prestashop-get-the-default-user-password) + [Step 2: Attach a static IP address to your PrestaShop instance](#amazon-lightsail-prestashop-attach-static-ip) + [Step 3: Sign in to the administration dashboard of your PrestaShop website](#amazon-lightsail-prestashop-sign-in) + [Step 4: Route traffic for your registered domain name to your PrestaShop website](#amazon-lightsail-prestashop-map-your-domain-to-your-instance) + [Step 5: Configure HTTPS for your PrestaShop website](#amazon-lightsail-prestashop-https) + [Step 6: Configure SMTP for email notifications](#amazon-lightsail-prestashop-smtp) + [Step 7: Read the Bitnami and PrestaShop documentation](#amazon-lightsail-prestashop-read-the-bitnami-documentation) + [Step 8: Create a snapshot of your PrestaShop instance](#amazon-lightsail-prestashop-create-a-snapshot) ## Step 1: Get the default application password for your PrestaShop website Complete the following steps to get the default application password for your PrestaShop website. 1. On the instance management page, under the **Connect** tab, choose **Connect using SSH.** ![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-connect-to-your-instance.png) 1. After you're connected, enter the following command to get the default application password: ``` cat $HOME/bitnami_application_password ``` You should see a response similar to the following example, which contains the default application password. Store this password in a safe place. You will use it in the next section of this tutorial to sign in to the administration dashboard of your PrestaShop website. ![\[Default application password for Bitnami instances\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-ssh-default-application-password.png) For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md). ## Step 2: Attach a static IP address to your PrestaShop instance The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance. On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md). ![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png) After the new static IP address is attached to your instance, you must complete the following steps to make the PrestaShop software aware of the new static IP address. 1. Make a note of the static IP address of your instance. It's listed in the header section of your instance management page. ![\[Public or static IP address of a Lightsail instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-public-static-ip.png) 1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-connect-using-ssh.png) 1. After you're connected, enter the following command. Be sure to replace ** with the new static IP address of your instance. ``` sudo /opt/bitnami/configure_app_domain --domain ``` **Example:** ``` sudo /opt/bitnami/configure_app_domain --domain 203.0.113.0 ``` You should see a response similar to the following example. The PrestaShop software should now be aware of the new static IP address. ![\[Result of the domain configuration tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-configure-domain-ip.png) **Note** PrestaShop does not currently support IPv6 addresses. You can enable IPv6 for the instance, but the PrestaShop software will not respond to requests over the IPv6 network. ## Step 3: Sign in to the administration dashboard of your PrestaShop website Complete the following step to access your PrestaShop website and sign in to its administration dashboard. To sign in, you will use the default user name (`user@example.com`) and the default application password that you got earlier in this guide. 1. In the Lightsail console, make note of the public or static IP address that is listed in the header area of the instance management page. ![\[Public or static IP address of a Lightsail instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-public-static-ip.png) 1. Browse to the following address to access the sign in page for the administration dashboard of your PrestaShop website. Be sure to replace ** with the public or static IP address of your instance. ``` http:///administration ``` **Example: ** ``` http://203.0.113.0/administration ``` 1. Enter the default user name (`user@example.com`), the default application password you got earlier in this guide, and choose **Log in**. ![\[The PrestaShop administration dashboard sign in page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-prestashop-sign-in-page.png) The PrestaShop administration dashboard appears. ![\[PrestaShop administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-prestashop-administration-dashboard.png) To change the default user name or password that you use to sign in to the administration dashboard of your PrestaShop website, choose **Advanced Parameters** in the navigation pane, and then choose **Team**. For more information, see [User Guide PrestaShop](https://docs.prestashop-project.org/1.7-documentation/user-guide) in the *PrestaShop documentation*. ![\[Advanced parameters in the PrestaShop navigation pane\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-advanced-parameters.png) For more information about the administration dashboard, see For more information, see [User Guide PrestaShop](https://docs.prestashop-project.org/1.7-documentation/user-guide) in the *PrestaShop documentation*. ## Step 4: Route traffic for your registered domain name to your PrestaShop website To route traffic for your registered domain name, such as `example.com`, to your PrestaShop website, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console. On the Lightsail console home page, under the **Domains & DNS** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Creating a DNS zone to manage your domain’s DNS records in Lightsail](lightsail-how-to-create-dns-entry.md). After your domain name is routing traffic to your instance, you must complete the following steps to make the PrestaShop software aware of the domain name. 1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-connect-using-ssh.png) 1. After you're connected, enter the following command. Be sure to replace ** with the domain name that is routing traffic to your instance. ``` sudo /opt/bitnami/configure_app_domain --domain ``` **Example:** ``` sudo /opt/bitnami/configure_app_domain --domain www.example.com ``` You should see a response similar to the following example. The PrestaShop software should now be aware of the domain name. ![\[Result of the domain configuration tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-configure-domain.png) ## Step 5: Configure HTTPS for your PrestaShop website Complete the following steps to configure HTTPS on your PrestaShop website. These steps show you how to use the Bitnami HTTPS configuration tool (bncert), which is a command line tool for requesting SSL/TLS certificates, setting up redirections (e.g. HTTP to HTTPS), and renewing certificates. **Important** The bncert tool will issue certificates only for domains that are currently routing traffic to the public IP address of your PrestaShop instance. Before starting with these steps, make sure that you add DNS records to the DNS of all domains that you want to use with your PrestaShop website. 1. On the instance management page, under the Connect tab, choose **Connect using SSH**. ![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-connect-to-your-instance.png) 1. After you're connected, enter the following command to start the bncert-tool. ``` sudo /opt/bitnami/bncert-tool ``` You should see a response similar to the following example: ![\[Running the bncert tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/run-bncert-tool-success.png) 1. Enter your primary domain name and alternate domain names separated by a space as shown in the following example. ![\[Entering the primary and alternate domain names\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-domain-names.png) 1. The bncert tool will ask how you want your website's redirection to be configured. These are the options available: + **Enable HTTP to HTTPS redirection** - Specifies whether users who browse to the HTTP version of your website (i.e., `http:/example.com`) are automatically redirected to the HTTPS version (i.e., `https://example.com`). We recommend enabling this option because it forces all visitors to use the encrypted connection. Type `Y` and press **Enter** to enable it. + **Enable non-www to www redirection** - Specifies whether users who browse to the apex of your domain (i.e., `https://example.com`) are automatically redirected to your domain's `www` subdomain (i.e., `https://www.example.com`). We recommend enabling this option. However, you may want to disable it and enable the alternate option (enable `www` to non-`www` redirection) if you have specified the apex of your domain as your preferred website address in search engine tools like Google's webmaster tools, or if your apex points directly to your IP and your `www` subdomain references your apex via a CNAME record. Type `Y` and press **Enter** to enable it. + **Enable www to non-www redirection** - Specifies whether users who browse to your domain's `www` subdomain (i.e., `https://www.example.com`) are automatically redirected to the apex of your domain (i.e., `https://example.com`). We recommend disabling this, if you enabled non-`www` redirection to `www`. Type `N` and press **Enter** to disable it. Your selections should look like the following example. ![\[Website redirection options\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-enable-disable-redirection.png) 1. The changes that are going to be made are listed. Type `Y` and press **Enter** to confirm and continue. ![\[Confirming the changes\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-confirm-changes.png) 1. Enter your email address to associate with your Let's Encrypt certificate and press **Enter**. ![\[Associating your email address with your Let's Encrypt certificate\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-email-address.png) 1. Review the Let's Encrypt Subscriber Agreement. Type `Y` and press **Enter** to accept the agreement and continue. ![\[Review the Let's Encrypt subscriber agreement\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-lets-ecrypt-agreement.png) The actions are performed to enable HTTPS on your instance, including requesting the certificate and configuring the redirections you specified. ![\[Actions being performed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-performing-actions.png) Your certificate is successfully issued and validated, and the redirections are successfully configured on your instance if you see a message similar to the following example. ![\[Actions successfully completed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-success-conf.png) The `bncert` tool will perform an automatic renewal of your certificate every 80 days before it expires. Continue to the next set of steps to finish enabling HTTPS on your PrestaShop website. 1. Browse to the following address to access the sign in page for the administration dashboard of your PrestaShop website. Be sure to replace ** with the registered domain name that is routing traffic to your instance. ``` http:///administration ``` **Example: ** ``` http://www.example.com/administration ``` 1. Enter the default user name (`user@example.com`), the default application password you got earlier in this guide, and choose **Log in**. ![\[The PrestaShop administration dashboard sign in page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-prestashop-sign-in-page.png) The PrestaShop administration dashboard appears. ![\[PrestaShop administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-prestashop-administration-dashboard.png) 1. Choose **Shop Parameters** in the navigation pane, and then choose **General**. ![\[General parameters in the PrestaShop navigation pane\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-general-parameters.png) 1. Choose **Yes** next to **Enable SSL**. ![\[Enable SSL in the PrestaShop administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-enable-ssl.png) 1. Scroll to the bottom of the page and choose **Save**. 1. When the **General** page reloads, choose **Yes** next to **Enable SSL on all pages**. ![\[Enable SSL for all pages in the PrestaShop administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-enable-ssl-all-pages.png) 1. Scroll to the bottom of the page and choose **Save**. HTTPS is now configured for your PrestaShop website. When customers browse to the HTTP version (e.g., `http://www.example.com`) of your PrestaShop website, they will be automatically redirected to the HTTPS version (e.g., `https://www.example.com`). ## Step 6: Configure SMTP for email notifications Configure the SMTP settings of your PrestaShop website to enable email notifications for it. To do so, sign in to the administration dashboard of your PrestaShop website. Choose **Advanced Parameters** in the navigation pane, and then choose **E-mail**. You should also adjust your email contacts accordingly. To do so, choose **Shop Parameters** in the navigation pane, and then choose **Contact**. ![\[Email option in the navigation pane\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-advanced-parameters-email.png) For more information, For more information, see [User Guide PrestaShop](https://docs.prestashop-project.org/1.7-documentation/user-guide) in the *PrestaShop documentation* and [Configure SMTP for outbound emails](https://docs.bitnami.com/aws/apps/prestashop/configuration/configure-smtp/) in the Bitnami documentation. **Important** If you configure SMTP to use ports 25, 465, or 587, then you must open those ports in the firewall of your instance in the Lightsail console. For more information, see [Adding and editing instance firewall rules in Amazon Lightsail](amazon-lightsail-editing-firewall-rules.md). If you configure your Gmail account to send email on your PrestaShop website, then you must use an app password instead of using the standard password that you use to sign in to Gmail. For more information, see [Sign in with App Passwords](https://support.google.com/accounts/answer/185833?hl=en). ## Step 7: Read the Bitnami and PrestaShop documentation Read the Bitnami documentation to learn how to perform administrative tasks on your PrestaShop instance and website, such as install plugins and customize the theme. For more information, see [Bitnami PrestaShop Stack for AWS Cloud](https://docs.bitnami.com/aws/apps/prestashop/) in the *Bitnami documentation*. You should also read the PrestaShop documentation to learn how to administer your PrestaShop website. For more information, see the [User Guide PrestaShop](https://docs.prestashop-project.org/1.7-documentation/user-guide) in the *PrestaShop documentation*. ## Step 8: Create a snapshot of your PrestaShop instance After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken). You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md). ![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png) # Configure and secure a Redmine instance on Lightsail Redmine **Did you know?** Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) . Here are a few steps you should take to get started after your Redmine instance is up and running on Amazon Lightsail: **Contents** + [Step 1: Read the Bitnami documentation](#amazon-lightsail-read-the-bitnami-documentation-redmine) + [Step 2: Get the default application password to access the Redmine administration dashboard](#amazon-lightsail-get-the-default-user-password-redmine) + [Step 3: Attach a static IP address to your instance](#amazon-lightsail-attach-static-ip-redmine) + [Step 4: Sign in to the administration dashboard of your Redmine website](#amazon-lightsail-sign-in-redmine) + [Step 5: Route traffic for your registered domain name to your Redmine website](#amazon-lightsail-map-your-domain-to-your-instance-redmine) + [Step 6: Configure HTTPS for your Redmine website](#amazon-lightsail-https-redmine) + [Step 7: Read the Redmine documentation and continue configuring your website](#amazon-lightsail-read-documentation-redmine) + [Step 8: Create a snapshot of your instance](#amazon-lightsail-create-a-snapshot-redmine) ## Step 1: Read the Bitnami documentation Read the Bitnami documentation to learn how to configure your Redmine application. For more information, see the [Redmine Packaged By Bitnami For AWS Cloud](https://docs.bitnami.com/aws/apps/redmine/). ## Step 2: Get the default application password to access the Redmine administration dashboard Complete the following procedure to get the default application password required to access the administration dashboard for your Redmine website. For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md). 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png) 1. After you're connected, enter the following command to get the application password: ``` cat $HOME/bitnami_application_password ``` You should see a response similar to the following example, which contains the default application password: ![\[Bitnami default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bitnami-application-password.png) ## Step 3: Attach a static IP address to your instance The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance. On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md). ![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png) ## Step 4: Sign in to the administration dashboard of your Redmine website Now that you have the default application password, complete the following procedure to navigate to your Redmine website's home page, and sign in to the administration dashboard. After you’re signed in, you can start customizing your website and making administrative changes. For more information about what you can do in Joomla\$1, see the [Step 7: Read the Redmine documentation and continue configuring your website](#amazon-lightsail-read-documentation-redmine) section later in this guide. 1. On your instance management page, under the **Connect** tab, make note of the public IP address of your instance. The public IP address is also displayed in the header section of your instance management page. ![\[Public IP address of an instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-ip.png) 1. Browse to the public IP address of your instance, for example by going to `http://203.0.113.0`. The home page of your Redmine website should appear. 1. Choose **Manage** in the bottom right corner of your Redmine website home page. If the **Manage** banner is not shown, you can reach the sign in page by browsing to `http:///admin`. Replace `` with the public IP address of your instance. 1. Sign in using the default user name (`user`) and the default password retrieved earlier in this guide. The Redmine administration dashboard appears. ![\[The Redmine administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-redmine-dashboard.png) ## Step 5: Route traffic for your registered domain name to your Redmine website To route traffic for your registered domain name, such as `example.com`, to your Redmine website, you add a record to the DNS of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console. On the Lightsail console home page, under the **Domains & DNS** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Creating a DNS zone to manage your domain’s DNS records in Lightsail](lightsail-how-to-create-dns-entry.md). If you browse to the domain name that you configured for your instance, you should be redirected to the home page of your Redmine website. Next, you should generate and configure an SSL/TLS certificate to enable HTTPS connections for your Redmine website. For more information, continue to the next [Step 6: Configure HTTPS for your Redmine website](#amazon-lightsail-https-redmine) section of this guide. ## Step 6: Configure HTTPS for your Redmine website Complete the following procedure to configure HTTPS on your Redmine website. These steps show you how to use the Bitnami HTTPS Configuration Tool (`bncert-tool`), which is a command line tool for requesting Let's Encrypt SSL/TLS certificates. For more information see [Learn About The Bitnami HTTPS Configuration Tool](https://docs.bitnami.com/aws/how-to/understand-bncert/) in the *Bitnami documentation*. **Important** Before starting with this procedure, make sure that you configured your domain to route traffic to your Redmine instance. Otherwise, the SSL/TLS certificate validation process will fail. 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png) 1. After you're connected, enter the following command to confirm the bncert tool is installed on your instance. ``` sudo /opt/bitnami/bncert-tool ``` You should see one of the following responses: + If you see command not found in the response, then the bncert tool is not installed on your instance. Continue to the next step in this procedure to install the bncert tool on your instance. + If you see **Welcome to the Bitnami HTTPS configuration tool** in the response, then the bncert tool is installed on your instance. Continue to the step 8 of this procedure. + If the bncert tool has been installed on your instance for a while, then you might see a message indicating that an updated version of the tool is available. Choose to download it, and then enter the `sudo /opt/bitnami/bncert-tool` command to run the bncert tool again. Continue to the step 8 of this procedure. 1. Enter the following command to download the bncert run file to your instance. ``` wget -O bncert-linux-x64.run https://downloads.bitnami.com/files/bncert/latest/bncert-linux-x64.run ``` 1. Enter the following command to create a directory for the bncert tool run file on your instance. ``` sudo mkdir /opt/bitnami/bncert ``` 1. Enter the following command to make the bncert run a file that can be executed as a program. ``` sudo chmod +x /opt/bitnami/bncert/bncert-linux-x64.run ``` 1. Enter the following command to create a symbolic link that runs the bncert tool when you enter the sudo /opt/bitnami/bncert-tool command. ``` sudo ln -s /opt/bitnami/bncert/bncert-linux-x64.run /opt/bitnami/bncert-tool ``` You are now done installing the bncert tool on your instance. 1. Enter the following command to run the bncert tool. ``` sudo /opt/bitnami/bncert-tool ``` 1. Enter your primary domain name and alternate domain names separated by a space as shown in the following example. If your domain is not configured to route traffic to the public IP address of your instance, the `bncert` tool will ask you to make that configuration before continuing. Your domain must be routing traffic to the public IP address of the instance from which you are using the `bncert` tool to enable HTTPS on the instance. This confirms that you own the domain, and serves as the validation for your certificate. ![\[Entering the primary and alternate domain names\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-domain-names.png) 1. The `bncert` tool will ask you how you want your website's redirection to be configured. These are the options available: + **Enable HTTP to HTTPS redirection** - Specifies whether users who browse to the HTTP version of your website (i.e., `http:/example.com`) are automatically redirected to the HTTPS version (i.e., `https://example.com`). We recommend enabling this option because it forces all visitors to use the encrypted connection. Type `Y` and press **Enter** to enable it. + **Enable non-www to www redirection** - Specifies whether users who browse to the apex of your domain (i.e., `https://example.com`) are automatically redirected to your domain's `www` subdomain (i.e., `https://www.example.com`). We recommend enabling this option. However, you may want to disable it and enable the alternate option (enable `www` to non-`www` redirection) if you have specified the apex of your domain as your preferred website address in search engine tools like Google's webmaster tools, or if your apex points directly to your IP and your `www` subdomain references your apex via a CNAME record. Type `Y` and press **Enter** to enable it. + **Enable www to non-www redirection** - Specifies whether users who browse to your domain's `www` subdomain (i.e., `https://www.example.com`) are automatically redirected to the apex of your domain (i.e., `https://example.com`). We recommend disabling this, if you enabled non-`www` redirection to `www`. Type `N` and press **Enter** to disable it. Your selections should look like the following example. ![\[Website redirection options\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-enable-disable-redirection.png) 1. The changes that are going to be made are listed. Type `Y` and press **Enter** to confirm and continue. ![\[Confirming the changes\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-confirm-changes.png) 1. Enter your email address to associate with your Let's Encrypt certificate and press **Enter**. ![\[Associating your email address with your Let's Encrypt certificate\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-email-address.png) 1. Review the Let's Encrypt Subscriber Agreement. Type `Y` and press **Enter** to accept the agreement and continue. ![\[Review the Let's Encrypt subscriber agreement\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-lets-ecrypt-agreement.png) The actions are performed to enable HTTPS on your instance, including requesting the certificate and configuring the redirections you specified. ![\[Actions being performed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-performing-actions.png) Your certificate is successfully issued and validated, and the redirections are successfully configured on your instance if you see a message similar to the following example. ![\[Actions successfully completed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-success-conf.png) The `bncert` tool will perform an automatic renewal of your certificate every 80 days before it expires. Repeat the above steps if you wish to use additional domains and subdomains with your instance, and you want to enable HTTPS for those domains. You are now done enabling HTTPS on your Redmine instance. Next time you browse to your Redmine website using the domain you configured, you should see that it redirects to the HTTPS connection. ## Step 7: Read the Redmine documentation and continue configuring your website Read the Redmine documentation to learn how to administer and customize your website. For more information, see the [Redmine guide](https://www.redmine.org/guide). ## Step 8: Create a snapshot of your instance After you configure your Redmine website the way you want it, create periodic snapshots of your instance to back it up. You can create snapshots manually, or enable automatic snapshots to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. For more information, see [Snapshots](understanding-snapshots-in-amazon-lightsail.md). On the instance management page, under the **Snapshot** tab, choose **Create a snapshot** or choose to enable automatic snapshots. ![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png) For more information, see Creating a snapshot of your [Linux or Unix instance in Amazon Lightsail](lightsail-how-to-create-a-snapshot-of-your-instance.md) or [Enabling or disabling automatic snapshots for instances or disks in Amazon Lightsail](amazon-lightsail-configuring-automatic-snapshots.md). # Set up Ruby on Rails on Lightsail Ruby on Rails **Did you know?** Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) . Here are a few steps you should take to get started after your Ruby on Rails instance is up and running on Amazon Lightsail: ## Step 1: Attach a static IP address to your Ruby on Rails instance The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance. On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md). ![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png) ## Step 2: Visit your Ruby on Rails instance welcome page Navigate to the static IP address of your instance to access the application installed on it. 1. On your instance management page, under the **Connect** tab, make note of the static IP. 1. Browse to the static IP address, for example `http://192.0.0.1:3000`. For more information, see [Ruby on Rails Guides](https://guides.rubyonrails.org/). ## Step 3: Deploy your application 1. Follow the instructions from [Transfer files securely to Lightsail Linux instances with SFTP](amazon-lightsail-connecting-to-linux-unix-instance-using-sftp.md) to copy your application to `/home/ec2-user/my_app` 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. 1. Run `sudo systemctl restart rails-server` 1. Navigate to your instance's static IP address ## Step 4: Create a snapshot of your Ruby on Rails instance After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken). You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md). ![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png) # Deploy and manage WordPress on Lightsail WordPress **Did you know?** Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) . With this quick start guide, you will learn how to launch and configure a WordPress instance on Amazon Lightsail. Here are a few steps you should take to get started after your WordPress instance is up and running on Amazon Lightsail. Before you get started, identify your blueprint vendor on your instance management page: ![\[WordPress blueprint vendor on the instance management page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wordpress/wordpress-blueprint-vendor.png) Select the appropriate guide for your WordPress instance: ------ #### [ Bitnami ] ## Step 1: Configure your WordPress instance You can configure your WordPress instance using a guided, step-by-step workflow that configures the following: + **A registered domain name** – Your WordPress site needs a domain name that is easy to remember. Users will specify this domain name to access your WordPress site. For more information, see [Register and manage domains for your website in Lightsail](amazon-lightsail-domain-registration.md). + **DNS management** – You must decide how to manage the DNS records for your domain. A DNS record tells the DNS server which IP address or hostname a domain or subdomain is associated with. A DNS zone contains the DNS records for your domain. For more information, see [Understanding DNS in Lightsail](understanding-dns-in-amazon-lightsail.md). + **A Static IP address** – The default public IP address for your WordPress instance changes if you stop and start your instance. When you attach a static IP address to your instance, it stays the same even if you stop and start your instance. For more information, see [View and manage IP addresses for Lightsail resources](understanding-public-ip-and-private-ip-addresses-in-amazon-lightsail.md). + **An SSL/TLS certificate** – After you create a validated certificate and install it on your instance, you can enable HTTPS for your WordPress website so that traffic that is routed to the instance through your registered domain is encrypted using HTTPS. For more information, see [Secure your WordPress site with HTTPS on Lightsail](amazon-lightsail-enabling-https-on-wordpress.md). **Tip** Review the following tips before you begin. For troubleshooting information, see [Troubleshooting WordPress setup](amazon-lightsail-troubleshooting-wp-setup.md). Setup supports Lightsail instances with WordPress version 6 and newer, that were created after January 1, 2023. The Certbot dependency file, HTTPS rewrite script and certificate renewal script that are run during setup are saved in the `/opt/bitnami/lightsail/scripts/` directory on your instance. Your instance must be in a **Running** state. Allow a few minutes for the SSH connection to become ready if the instance was just started. Ports 22, 80, and 443 on your instance firewall must allow TCP connections from any IP address while setup is running. For more information, see [Instance firewalls](understanding-firewall-and-port-mappings-in-amazon-lightsail.md). When you add or update DNS records that point traffic from your apex domain (`example.com`) and its `www` subdomains (`www.example.com`), they will need to propagate throughout the Internet. You can verify that your DNS changes have taken effect by using tools such as [nslookup](https://aws.amazon.com/blogs//messaging-and-targeting/how-to-check-your-domain-verification-settings/), or [DNS Lookup](https://mxtoolbox.com/DnsLookup.aspx) from *MxToolbox*. Wordpress instances that were created prior to January 1, 2023, might contain a deprecated Certbot Personal Package Archive (PPA) repository that will cause website setup to fail. If this repository is present during setup, it will be removed from the existing path and backed up to the following location on your instance: `~/opt/bitnami/lightsail/repo.backup`. For more information about the deprecated PPA, see [Certbot PPA](https://launchpad.net/~certbot/+archive/ubuntu/certbot) on the *Canonical* website. Let's Encrypt certificates will automatically renew every 60 to 90 days. While setup is in progress, do not stop or make changes to your instance. It can take up to 15 minutes to configure your instance. You can view the progress for each step in the instance connect tab. **To configure your instance using the website setup wizard** 1. On the instance management page, on the **Connect** tab, choose **Set up your website**. ![\[Launching WordPress setup in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-gf-01.png) 1. For **Specify a domain name**, use an existing Lightsail managed domain, register a new domain with Lightsail, or use a domain that you registered by using another domain registrar. Choose **Use this domain** to go to the next step. 1. For **Configure DNS**, do one of the following: + Choose **Lightsail managed domain** to use a Lightsail DNS zone. Choose **Use this DNS zone** to go to the next step. + Choose **Third-party domain** to use the hosting service that manages the DNS records for your domain. Note that we create a matching DNS zone in your Lightsail account in case you decide to use it later on. Choose **Use third-party DNS** to go to the next step. 1. For **Create a static IP address**, enter a name for your static IP address and then choose **Create static IP**. 1. For **Manage domain assignments**, choose **Add assignment**, choose a domain type, and then choose **Add**. Choose **Continue** to go to the next step. 1. For **Create an SSL/TLS certificate**, choose your domains and subdomains, enter an email address, select **I authorize Lightsail to configure a Let's Encrypt certificate on my instance**, and choose **Create certificate**. We start to configure the Lightsail resources. While setup is in progress, do not stop or make changes to your instance. It can take up to 15 minutes to configure your instance. You can view the progress for each step in the instance connect tab. 1. After the website setup is complete, verify that the URLs that you specified in the domain assignments step open your WordPress site. ## Step 2: Get the default application password for your WordPress website You need the default application password to sign in to the administration dashboard for your WordPress website. **To get the default password for the WordPress administrator** 1. Open the instance management page for your WordPress instance. 1. On the **WordPress** panel, choose **Retrieve default password**. This expands **Access default password** at the bottom of the page. ![\[Accessing WordPress admin password in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wordpress/wordpress-bitnami-retrieve-password.png) 1. Choose **Launch CloudShell**. This opens a panel at the bottom of the page. 1. Choose **Copy** and then paste the contents into the CloudShell window. You can either put your cursor at the CloudShell prompt and press Ctrl\$1V, or you can right-click to open the menu and then choose **Paste**. 1. Make a note of the password displayed in the CloudShell window. You need this to sign in to the administration dashboard of your WordPress website. ![\[Viewing WordPress admin password in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-viewing-admin-password-01.png) ## Step 3: Sign in to your WordPress website Now that you have the default user password, navigate to your WordPress website's home page, and sign in to the administration dashboard. After you're signed in, you can change the default password. **To sign in to the administration dashboard** 1. Open the instance management page for your WordPress instance. 1. On the **WordPress** panel, choose **Access WordPress Admin**. 1. On the **Access your WordPress Admin Dashboard** panel, under **Use public IP address**, choose the link with this format: http://*public-ipv4-address*./wp-admin 1. For **Username or Email Address**, enter **user**. 1. For **Password**, enter the password obtained in the previous step. 1. Choose **Log in**. ![\[Launching and configuring WordPress in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-07.png) You are now signed in to the administration dashboard of your WordPress website where you can perform administrative actions. For more information about administering your WordPress website, see the [WordPress Codex](https://codex.wordpress.org/) in the WordPress documentation. ![\[Launching and configuring WordPress in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-08.png) ## Step 4: Read the Bitnami documentation Read the Bitnami documentation to learn how to perform administrative tasks on your WordPress website, such as install plugins, customize the theme, and upgrade your version of WordPress. For more information, see the [Bitnami WordPress for AWS Cloud](https://docs.bitnami.com/aws/apps/wordpress/). ## Step 5: Create a snapshot of your instance After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken). You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md). ![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png) ------ #### [ Lightsail ] ## Step 1: Configure your WordPress instance You can configure your WordPress instance using a guided, step-by-step workflow that configures the following: + **A registered domain name** – Your WordPress site needs a domain name that is easy to remember. Users will specify this domain name to access your WordPress site. For more information, see [Register and manage domains for your website in Lightsail](amazon-lightsail-domain-registration.md). + **DNS management** – You must decide how to manage the DNS records for your domain. A DNS record tells the DNS server which IP address or hostname a domain or subdomain is associated with. A DNS zone contains the DNS records for your domain. For more information, see [Understanding DNS in Lightsail](understanding-dns-in-amazon-lightsail.md). + **A Static IP address** – The default public IP address for your WordPress instance changes if you stop and start your instance. When you attach a static IP address to your instance, it stays the same even if you stop and start your instance. For more information, see [View and manage IP addresses for Lightsail resources](understanding-public-ip-and-private-ip-addresses-in-amazon-lightsail.md). + **An SSL/TLS certificate** – After you create a validated certificate and install it on your instance, you can enable HTTPS for your WordPress website so that traffic that is routed to the instance through your registered domain is encrypted using HTTPS. For more information, see [Secure your WordPress site with HTTPS on Lightsail](amazon-lightsail-enabling-https-on-wordpress.md). **Tip** Review the following tips before you begin. For troubleshooting information, see [Troubleshooting WordPress setup](amazon-lightsail-troubleshooting-wp-setup.md). Your instance must be in a **Running** state. Allow a few minutes for the SSH connection to become ready if the instance was just started. Ports 22, 80, and 443 on your instance firewall must allow TCP connections from any IP address while setup is running. For more information, see [Instance firewalls](understanding-firewall-and-port-mappings-in-amazon-lightsail.md). When you add or update DNS records that point traffic from your apex domain (`example.com`) and its `www` subdomains (`www.example.com`), they will need to propagate throughout the Internet. You can verify that your DNS changes have taken effect by using tools such as [nslookup](https://aws.amazon.com/blogs//messaging-and-targeting/how-to-check-your-domain-verification-settings/), or [DNS Lookup](https://mxtoolbox.com/DnsLookup.aspx) from *MxToolbox*. Let's Encrypt certificates will automatically renew every 60 to 90 days. While setup is in progress, do not stop or make changes to your instance. It can take up to 15 minutes to configure your instance. You can view the progress for each step in the instance connect tab. **To configure your instance using the website setup wizard** 1. On the instance management page, on the **Connect** tab, choose **Set up your website**. ![\[Launching WordPress setup in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-gf-01.png) 1. For **Specify a domain name**, use an existing Lightsail managed domain, register a new domain with Lightsail, or use a domain that you registered by using another domain registrar. Choose **Use this domain** to go to the next step. 1. For **Configure DNS**, do one of the following: + Choose **Lightsail managed domain** to use a Lightsail DNS zone. Choose **Use this DNS zone** to go to the next step. + Choose **Third-party domain** to use the hosting service that manages the DNS records for your domain. Note that we create a matching DNS zone in your Lightsail account in case you decide to use it later on. Choose **Use third-party DNS** to go to the next step. 1. For **Create a static IP address**, enter a name for your static IP address and then choose **Create static IP**. 1. For **Manage domain assignments**, choose **Add assignment**, choose a domain type, and then choose **Add**. Choose **Continue** to go to the next step. 1. For **Create an SSL/TLS certificate**, choose your domains and subdomains, enter an email address, select **I authorize Lightsail to configure a Let's Encrypt certificate on my instance**, and choose **Create certificate**. We start to configure the Lightsail resources. While setup is in progress, do not stop or make changes to your instance. It can take up to 15 minutes to configure your instance. You can view the progress for each step in the instance connect tab. 1. After the website setup is complete, verify that the URLs that you specified in the domain assignments step open your WordPress site. ## Step 2: Get the default application password for your WordPress website You need the default application password to sign in to the administration dashboard for your WordPress website. **To get the default password for the WordPress administrator** 1. Open the instance management page for your WordPress instance. 1. On the **WordPress** panel, choose **Retrieve default password**. This expands **Access default password** at the bottom of the page. ![\[Accessing WordPress admin password in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wordpress/wordpress-lightsail-retrieve-password.png) 1. Choose **Launch CloudShell**. This opens a panel at the bottom of the page. 1. Choose **Copy** and then paste the contents into the CloudShell window. You can either put your cursor at the CloudShell prompt and press Ctrl\$1V, or you can right-click to open the menu and then choose **Paste**. 1. Make a note of the password displayed in the CloudShell window. You need this to sign in to the administration dashboard of your WordPress website. ![\[Viewing WordPress admin password in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wordpress/amazon-wordpress-lightsail-viewing-admin-password.png) ## Step 3: Sign in to your WordPress website Now that you have the default user password, navigate to your WordPress website's home page, and sign in to the administration dashboard. After you're signed in, you can change the default password. **To sign in to the administration dashboard** 1. Open the instance management page for your WordPress instance. 1. On the **WordPress** panel, choose **Access WordPress Admin**. 1. On the **Access your WordPress Admin Dashboard** panel, under **Use public IP address**, choose the link with this format: http://*public-ipv4-address*./wp-admin 1. For **Username or Email Address**, enter **user**. 1. For **Password**, enter the password obtained in the previous step. 1. Choose **Log in**. ![\[Launching and configuring WordPress in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-07.png) You are now signed in to the administration dashboard of your WordPress website where you can perform administrative actions. For more information about administering your WordPress website, see the [WordPress Codex](https://codex.wordpress.org/) in the WordPress documentation. ![\[Launching and configuring WordPress in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-08.png) ## Step 4: Create a snapshot of your instance After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken). You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md). ![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png) ------ # Set up WordPress Multisite on Lightsail WordPress Multisite **Did you know?** Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) . Here are a few steps you should take to get started after your WordPress Multisite instance is up and running on Amazon Lightsail: ------ #### [ Bitnami ] ## Step 1: Read the Bitnami documentation Read the Bitnami documentation to learn how to configure your WordPress Multisite instance. For more information, see the [WordPress Multisite Packaged By Bitnami For AWS Cloud](https://docs.bitnami.com/aws/apps/wordpress-multisite/). ## Step 2: Get the default application password to access the WordPress administration dashboard Complete the following procedure to get the default application password required to access the administration dashboard for your WordPress Multisite website. For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md). 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png) 1. After you're connected, enter the following command to get the default application password: ``` cat $HOME/bitnami_application_password ``` You should see a response similar to the following example, which contains the default application password. Use this password to sign in to the administration dashboard of your WordPress Multisite website. ![\[Bitnami default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bitnami-application-password.png) ## Step 3: Attach a static IP address to your instance The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance. On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md). ![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png) After the new static IP address is attached to your instance, you must complete the following procedure to make WordPress aware of the new static IP address. 1. Make a note of the new static IP address of your instance. It's listed in the header section of your instance management page. ![\[Public or static IP address of a Lightsail instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-static-ip.png) 1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-using-ssh.png) 1. After you're connected, enter the following command. Replace ** with the new static IP address of your instance. ``` sudo /opt/bitnami/configure_app_domain --domain ``` **Example:** ``` sudo /opt/bitnami/configure_app_domain --domain 203.0.113.0 ``` You should see a response similar to the following example. The WordPress website on your instance should now be aware of the new static IP address. ![\[Result of the domain configuration tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-configure-domain-ip.png) **Note** If that command fails, you might be using an older version of the WordPress Multisite instance. Try running the following commands instead. Replace ** with the new static IP address of your instance. ``` cd /opt/bitnami/apps/wordpress sudo ./bnconfig --machine_hostname ``` After running those commands, enter the following command to keep the bnconfig tool from automatically running every time the server restarts. ``` sudo mv bnconfig bnconfig.disabled ``` ## Step 4: Sign in to the administration dashboard of your WordPress Multisite website Now that you have the default application password, complete the following procedure to navigate to your WordPress Multisite website's home page, and sign in to the administration dashboard. After you're signed in, you can start customizing your website and making administrative changes. For more information about what you can do in WordPress, see the [Step 7: Read the WordPress Multisite documentation and continue configuring your website](#amazon-lightsail-read-documentation-wordpress-multisite) section later in this guide. 1. On your instance management page, under the **Connect** tab, make note of the public IP address of your instance. The public IP address is also displayed in the header section of your instance management page. ![\[Public IP address of an instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-ip.png) 1. Browse to the public IP address of your instance, for example by going to `http://203.0.113.0`. The home page of your WordPress website should appear. 1. Choose **Manage** in the bottom right corner of your WordPress website home page. If the **Manage** banner is not shown, you can reach the sign in page by browsing to `http:///wp-login.php`. Replace `` with the public IP address of your instance. 1. Sign in using the default user name (`user`) and the default password retrieved earlier in this guide. The WordPress administration dashboard appears. ![\[The WordPress administration dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-dashboard.png) ## Step 5: Route traffic for your registered domain name to your WordPress Multisite website To route traffic for your registered domain name, such as `example.com`, to your WordPress Multisite website, you add a record to the DNS of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console. On the Lightsail console home page, under the **Domains & DNS** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Creating a DNS zone to manage your domain's DNS records in Lightsail](lightsail-how-to-create-dns-entry.md). After your domain name is routing traffic to your instance, you must complete the following procedure to make WordPress aware of the domain name. 1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-using-ssh.png) 1. After you're connected, enter the following command. Replace ** with the domain name that is routing traffic to your instance. ``` sudo /opt/bitnami/configure_app_domain --domain ``` **Example:** ``` sudo /opt/bitnami/configure_app_domain --domain www.example.com ``` You should see a response similar to the following example. The WordPress Multisite software should now be aware of the domain name. ![\[Result of the domain configuration tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-configure-domain.png) **Note** If that command fails, you might be using an older version of the WordPress Multisite instance. Try running the following commands instead. Replace ** with the domain name that is routing traffic to your instance. ``` cd /opt/bitnami/apps/wordpress sudo ./bnconfig --machine_hostname ``` After running those commands, enter the following command to keep the bnconfig tool from automatically running every time the server restarts. ``` sudo mv bnconfig bnconfig.disabled ``` If you browse to the domain name that you configured for your instance, you should be redirected to the main blog of your WordPress Multisite website. Next you must decide whether you want to add blogs as domains or as subdomains to your WordPress Multisite website. For more information, continue to the next [Step 6: Add blogs as domains or subdomains to your WordPress Multisite website](#amazon-lightsail-add-blogs-as-domains-or-subdomains-wordpress-multisite) section of this guide. ## Step 6: Add blogs as domains or subdomains to your WordPress Multisite website WordPress Multisite is designed to host multiple blog websites on one instance of WordPress. When you add new blog websites to your WordPress Multisite, you can configure them to use their own domains or a subdomain of your WordPress Multisite's primary domain. + To add blog sites as domains, such as `example1.com` and `example2.com`, see [Add blogs as domains to your WordPress Multisite instance in Lightsail](amazon-lightsail-add-blogs-as-domains-to-your-wordpress-multisite.md). + To add blog sites as subdomains of your WordPress Multisite's primary domain, such as `one.example.com` and `two.example.com`, see [Add blogs as subdomains to your WordPress Multisite instance in Lightsail](amazon-lightsail-add-blogs-as-subdomains-to-your-wordpress-multisite.md). ## Step 7: Read the WordPress Multisite documentation and continue configuring your website Read the WordPress Multisite documentation to learn how to administer and customize your website. For more information, see the [WordPress Multisite Network Administration Documentation](https://developer.wordpress.org/advanced-administration/multisite/). ## Step 8: Create a snapshot of your instance After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken). You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md). ![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png) ------ #### [ Lightsail ] ## Step 1: Get the default application password to access the WordPress administration dashboard Complete the following procedure to get the default application password required to access the administration dashboard for your WordPress Multisite website. 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png) 1. After you're connected, enter the following command to get the default application password: ``` cat ~/application_credentials ``` You should see a response similar to the following example, which contains the default application password. Use this password to sign in to the administration dashboard of your WordPress Multisite website. ![\[Default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-password-retrieval.png) ## Step 2: Attach a static IP address to your instance The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance. On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md). ![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png) After the new static IP address is attached to your instance, you must complete the following procedure to make WordPress aware of the new static IP address. 1. Make a note of the new static IP address of your instance. It's listed in the header section of your instance management page. ![\[Public or static IP address of a Lightsail instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-static-ip.png) 1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-using-ssh.png) 1. After you're connected, enter the following command. Replace ** with the new static IP address of your instance. ``` sudo /opt/aws/wordpress/update_multisite_domain.sh ``` **Example:** ``` sudo /opt/aws/wordpress/update_multisite_domain.sh 203.0.113.0 ``` The WordPress website on your instance should now be aware of the new static IP address. ![\[Result of the domain configuration tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-multisite-lightsail-new-domain.png) ## Step 3: Sign in to the administration dashboard of your WordPress Multisite website Now that you have the default application password, complete the following procedure to navigate to your WordPress Multisite website's home page, and sign in to the administration dashboard. After you're signed in, you can start customizing your website and making administrative changes. For more information about what you can do in WordPress, see the [Step 6: Read the WordPress Multisite documentation and continue configuring your website](#amazon-lightsail-read-documentation-wordpress-multisite-lightsail) section later in this guide. 1. On your instance management page, under the **Connect** tab, make note of the public IP address of your instance. The public IP address is also displayed in the header section of your instance management page. ![\[Public IP address of an instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-ip.png) 1. Browse to the public IP address of your instance, for example by going to `http://203.0.113.0`. The home page of your WordPress website should appear. 1. Choose **Manage** in the bottom right corner of your WordPress website home page. If the **Manage** banner is not shown, you can reach the sign in page by browsing to `http:///wp-login.php`. Replace `` with the public IP address of your instance. 1. Sign in using the default user name (`user`) and the default password retrieved earlier in this guide. The WordPress administration dashboard appears. ![\[The WordPress administration dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-dashboard.png) ## Step 4: Route traffic for your registered domain name to your WordPress Multisite website To route traffic for your registered domain name, such as `example.com`, to your WordPress Multisite website, you add a record to the DNS of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console. On the Lightsail console home page, under the **Domains & DNS** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Creating a DNS zone to manage your domain's DNS records in Lightsail](lightsail-how-to-create-dns-entry.md). After your domain name is routing traffic to your instance, you must complete the following procedure to make WordPress aware of the domain name. 1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-using-ssh.png) 1. After you're connected, enter the following command. Replace ** with the domain name that is routing traffic to your instance. ``` sudo /opt/aws/wordpress/update_multisite_domain.sh ``` **Example:** ``` sudo /opt/aws/wordpress/update_multisite_domain.sh www.example.com ``` The WordPress Multisite software should now be aware of the domain name. ![\[Result of the domain configuration tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-multisite-lightsail-new-domain.png) If you browse to the domain name that you configured for your instance, you should be redirected to the main blog of your WordPress Multisite website. Next you must decide whether you want to add blogs as domains or as subdomains to your WordPress Multisite website. ## Step 5: Add blogs as domains or subdomains to your WordPress Multisite website WordPress Multisite is designed to host multiple blog websites on one instance of WordPress. When you add new blog websites to your WordPress Multisite, you can configure them to use their own domains or a subdomain of your WordPress Multisite's primary domain. + To add blog sites as domains, such as `example1.com` and `example2.com`, see [Add blogs as domains to your WordPress Multisite instance in Lightsail](amazon-lightsail-add-blogs-as-domains-to-your-wordpress-multisite.md). + To add blog sites as subdomains of your WordPress Multisite's primary domain, such as `one.example.com` and `two.example.com`, see [Add blogs as subdomains to your WordPress Multisite instance in Lightsail](amazon-lightsail-add-blogs-as-subdomains-to-your-wordpress-multisite.md). ## Step 6: Read the WordPress Multisite documentation and continue configuring your website Read the WordPress Multisite documentation to learn how to administer and customize your website. For more information, see the [WordPress Multisite Network Administration Documentation](https://developer.wordpress.org/advanced-administration/multisite/). ## Step 7: Create a snapshot of your instance After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken). You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md). ![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png) ------ # Work with Bitnami applications and stacks on Lightsail Bitnami This section covers the following topics related to Bitnami applications on Amazon Lightsail instances: **Topics** + [ # Obtain the default application username and password for Lightsail Bitnami instances ](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md) + [ # Remove the Bitnami banner from Lightsail instances ](amazon-lightsail-remove-bitnami-banner.md) # Obtain the default application username and password for Lightsail Bitnami instances Bitnami user name and password Bitnami provides many of the application instance images, or blueprints, that you can create as Amazon Lightsail instances, which are your virtual private servers. These blueprints are described as “Packaged by Bitnami” in the instance creation page in the Lightsail console. After you create an instance using a Bitnami blueprint, you sign in and administer it. To do this, you must get the default user name and password for the application and/or database running on the instance. This article shows you how to obtain the information necessary to sign in and administer Lightsail instances created from the following blueprints: + WordPress blogging and content management application + WordPress Multisite blogging and content management application with support for multiple websites on the same instance + Django development stack + Ghost blogging and content management application + LAMP development stack (PHP 7) + Node.js development stack + Joomla content management application + Magento e-Commerce application + MEAN development stack + Drupal content management application + GitLab CE repository application + Redmine project management application + Nginx (LEMP) development stack ## Get the default Bitnami application and database user name These are the default application and database user names for Lightsail instances created using the Bitnami blueprints: **Note** Not all Bitnami blueprints include an application or a database. The user name is listed as not applicable (N/A) when these are not included in the blueprint. | Application name | Application user name | Database user name | | --- | --- | --- | | WordPress, including WordPress Multisite | user | root | | PrestaShop | user@example.com | root | | Django | N/A | root | | Ghost | user@example.com | root | | LAMP stack (PHP 5 and PHP 7) | N/A | root | | Node.js | N/A | N/A | | Joomla | user | root | | Magento | user | root | | MEAN | N/A | root | | Drupal | user | root | | GitLab CE | user | postgres | | Redmine | user | root | | Nginx | N/A | root | ## Get the default Bitnami application and database password The default application and database password are stored on your instance. You retrieve it by connecting to it using the browser-based SSH terminal in the Lightsail console and running a special command. **To get the default Bitnami application and database password** 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. If you haven't already, create an instance using a Bitnami blueprint. For more information, see [Create an Amazon Lightsail VPS](how-to-create-amazon-lightsail-instance-virtual-private-server-vps.md) 1. On the Lightsail home page, choose the quick connect icon for the instance you want to connect to. ![\[Open the browser-based SSH client with quick connect.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-quick-connect.png) The browser-based SSH client window opens, as shown in the following example. ![\[Browser-based SSH client in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bitnami-terminal-window.png) 1. Type the following command to retrieve the default application password: ``` cat ~/bitnami_application_password ``` You should see a response similar to this, which contains the application password: ![\[Bitnami default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bitnami-application-password.png) 1. In the terminal screen, highlight the password, then choose the clipboard icon in the bottom right corner of the browser-based SSH client window. 1. In the clipboard text box, highlight the text you want to copy, then press **Ctrl\$1C** or **Cmd\$1C** to copy the text to your local clipboard. ![\[Browser-based SSH client clipboard text box.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bitnami-browser-ssh-terminal-clipboard-password.png) **Important** Make sure to save your password somewhere at this time. You can change it later after you sign in to the Bitnami application on your instance. ## Sign in to the Bitnami application on your instance For instances created from the WordPress, Joomla, Magento, Drupal, GitLab CE, and Redmine blueprints, sign in to the application by browsing to the public IP address of your instance. **To sign in to the Bitnami application** 1. In a browser window, navigate to the public IP address for your instance. The Bitnami application home page opens. The home page displays according to the Bitnami blueprint you chose for your instance. For example, this is the WordPress application home page: ![\[The Bitnami application home page for WordPress.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bitnami-application-home-page.png) 1. Choose the Bitnami logo at the bottom right corner of the application home page to go to the application information page. **Note** The GitLab CE application doesn't display a Bitnami logo. Instead, sign in using the user name and password text fields displayed on the GitLab CE home page. The application information page contains the default user name and a link to the login page for the application on your instance. ![\[Bitnami application information page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bitnami-application-information-page.png) 1. Choose the login link on the page to go to the log in page for the application on your instance. 1. Type the user name and the password you just acquired, then choose **Log In**. ![\[The log in page for WordPress.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bitnami-wordpress-application-login.png) ## Next steps Use the following links to learn more about the Bitnami blueprints and view their tutorials. For example, you can [install plugins](https://docs.bitnami.com/aws/apps/wordpress/#how-to-install-a-plugin-on-wordpress) or [enable HTTPS support with SSL certificates](https://docs.bitnami.com/aws/apps/wordpress/#how-to-enable-https-support-with-ssl-certificates) for your WordPress instance. + [Bitnami WordPress for Amazon Web Services](https://docs.bitnami.com/aws/apps/wordpress/) + [Bitnami LAMP stack for Amazon Web Services](https://docs.bitnami.com/aws/infrastructure/lamp/) + [Bitnami Node.js for Amazon Web Services](https://docs.bitnami.com/aws/infrastructure/nodejs/) + [Bitnami Joomla for Amazon Web Services](https://docs.bitnami.com/aws/apps/joomla/) + [Bitnami Magento for Amazon Web Services](https://docs.bitnami.com/aws/apps/magento/) + [Bitnami MEAN stack for Amazon Web Services](https://docs.bitnami.com/aws/infrastructure/mean/) + [Bitnami Drupal for Amazon Web Services](https://docs.bitnami.com/aws/apps/drupal/) + [Bitnami GitLab for Amazon Web Services](https://docs.bitnami.com/aws/apps/gitlab/) + [Bitnami Redmine for Amazon Web Services](https://docs.bitnami.com/aws/apps/redmine/) + [Bitnami Nginx (LEMP stack) for Amazon Web Services](https://docs.bitnami.com/aws/infrastructure/nginx/) For more information, see [Get Started with Bitnami Applications using Amazon Lightsail](https://docs.bitnami.com/aws/get-started-lightsail/) or [Using Amazon Lightsail FAQ](https://docs.bitnami.com/aws/faq/#using-amazon-lightsail). # Remove the Bitnami banner from Lightsail instances Remove Bitnami banner Some of the Bitnami blueprints that can be selected for Amazon Lightsail instances display a Bitnami banner on the home page of the application. In the following example from a "Certified by Bitnami" WordPress instance, the Bitnami banner is displayed in the bottom-right corner of the home page. In this guide, we show you how to permanently remove the Bitnami icon from the home page of the application on your instance. ![\[Bitnami banner on the WordPress application home page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bitnami-banner.png) Not all Bitnami blueprint applications display the Bitnami banner on the home page of the application. Visit the home page of your Lightsail instance to determine if a Bitnami banner is displayed. In the following example from a "Packaged by Bitnami" Nginx instance, the Bitnami icon is not displayed. Instead, a place-holder information page is displayed, which is eventually replaced by the application that you choose to deploy on your instance. If your instance doesn't display a Bitnami banner, then you don't have to follow the procedures in this guide. ![\[The Nginx application home page without a Bitnami banner\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/no-bitnami-banner.png) ## Remove the Bitnami banner from your instance Complete the following procedure to confirm that your instance has a Bitnami icon displayed in the home page of the application, and to remove it. 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. In the **Instances** section of the Lightsail home page, copy the public IP address of the instance that you want to confirm. ![\[Public IP address of a Lightsail instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-instance-public-ip-address.png) 1. Open a new browser tab, enter the public IP address of your instance into the address bar, and press **Enter**. 1. Confirm one of the following options: 1. If the Bitnami icon is not displayed on the page, then stop following these procedures. You don't need to remove the Bitnami icon from the home page of your application. 1. If the Bitnami icon is displayed in the lower-right corner of the page as shown in the following example, then continue to the following set of steps to remove it. ![\[Bitnami banner on the WordPress application home page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bitnami-banner.png) In the following set of steps, you will connect to your instance using the Lightsail browser-based SSH client. After you're connected, you will run the Bitnami Configuration Tool (bnconfig) tool to remove the Bitnami icon from the home page of your application. The bnconfig tool is a command line tool that allows you to configure you’re the application on your Bitnami blueprint instance. For more information, see [Learn About The Bitnami Configuration Tool](https://docs.bitnami.com/aws/faq/configuration/understand-bnconfig/) in the *Bitnami documentation*. 1. Return to the browser tab that is on the Lightsail home page. 1. Choose the browser-based SSH client icon that is next to the name of the instance that you wish to connect to. ![\[The browser-based SSH client icon for a Lightsail instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/browser-based-ssh-client-icon.png) 1. After the SSH client is connected to your instance, enter one of the following commands: 1. If your instance uses Apache, then enter one of the following commands. If one of the commands fails, try the other. The first part of this command disables the Bitnami banner, and the second part restarts the Apache service. ``` sudo /opt/bitnami/apps/wordpress/bnconfig --disable_banner 1 && sudo /opt/bitnami/ctlscript.sh restart apache ``` ``` sudo /opt/bitnami/wordpress/bnconfig --disable_banner 1 && sudo /opt/bitnami/ctlscript.sh restart apache ``` You can confirm that the process was successful by browsing to the public IP address of your instance and confirming that the Bitnami icon is gone. Follow the step-by-step instructions to learn how to retrieve the default credentials for your Bitnami application and database, sign in to the application's admin panel, and optionally remove the Bitnami branding banner from the application's home page. The guide covers various Bitnami blueprints available in Lightsail, including WordPress, Joomla, Drupal, Ghost, LAMP, LEMP, MEAN, Node.js, and more. It provides the default user names for both the application and the database, as well as the commands to obtain the default passwords securely. By following this guide, you can easily access and manage your Bitnami applications running on Lightsail instances, customizing them according to your requirements and removing any unwanted branding elements. # Configure and manage Lightsail WordPress instances WordPress This guide covers the following topics related to WordPress instances in Lightsail: **Topics** + [ # Launch and configure a WordPress instance on Lightsail ](amazon-lightsail-tutorial-launching-and-configuring-wordpress.md) + [ # Connect a WordPress website on Lightsail to Amazon S3 with WP Offload Media ](amazon-lightsail-connecting-wordpress-to-amazon-s3.md) + [ # Connect a Lightsail WordPress instance to an Amazon Aurora database ](amazon-lightsail-connect-wordpress-instance-to-aurora-database.md) + [ # Transfer WordPress data to a MySQL managed database in Lightsail ](amazon-lightsail-connect-wordpress-to-mysql-managed-database.md) + [ # Connect a WordPress instance to a Lightsail bucket for static content ](amazon-lightsail-connecting-buckets-to-wordpress.md) + [ # Configure WordPress with a Lightsail content delivery network ](amazon-lightsail-editing-wp-config-for-distribution.md) + [ # Enable email for WordPress instances in Lightsail ](amazon-lightsail-enabling-email-on-wordpress.md) + [ # Secure your WordPress site with HTTPS on Lightsail ](amazon-lightsail-enabling-https-on-wordpress.md) + [ # Migrate your WordPress blog to Lightsail ](migrate-your-wordpress-blog-to-amazon-lightsail.md) # Launch and configure a WordPress instance on Lightsail Configure WordPress Amazon Lightsail is the easiest way to get started with Amazon Web Services (AWS). Lightsail includes everything you need to launch your project quickly — instances (virtual private servers), managed databases, SSD-based storage, backups (snapshots), data transfer, domain DNS management, static IPs, and load balancers — for a [low, predictable price](https://aws.amazon.com/lightsail/pricing/). With this tutorial, you will learn how to launch and configure a WordPress instance on Lightsail. It includes steps to configure a custom domain name, secure internet traffic with HTTPS, connect to your instance by using SSH, and sign in to your WordPress website. When you’re done with this tutorial, you have the fundamentals to get your instance up and running on Lightsail. **Note** As part of the AWS Free Tier, you can get started with Amazon Lightsail for free on select instance bundles. For more information, see **AWS Free Tier** on the [Amazon Lightsail Pricing page](https://aws.amazon.com/lightsail/pricing). ## Prerequisites ### Step 1: Sign up for AWS Amazon Lightsail requires an AWS account. [Sign up for AWS](https://console.aws.amazon.com/console/home), or [sign in to AWS](https://console.aws.amazon.com/console/home) if you already have an account. ### Step 2: Create a WordPress instance Complete the following steps to get your WordPress instance up and running. For more information, see [Create a Lightsail instance](how-to-create-amazon-lightsail-instance-virtual-private-server-vps.md). **To create a Lightsail instance for WordPress** 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. On the **Instances** section of the Lightsail home page, choose **Create instance**. ![\[Launching WordPress in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-01.png) 1. Choose the AWS Region and Availability Zone for your instance. ![\[Launching WordPress in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/create-instance-select-region-az.png) 1. Choose the image for your instance as follows: 1. For **Select a platform**, choose **Linux/Unix**. 1. Select a **WordPress** blueprint. You can choose a Amazon Lightsail or Bitnami provider. 1. Choose an instance plan. A plan includes a machine configuration (RAM, SSD, vCPU) at a low, predictable cost, plus a data transfer allowance. 1. Enter a name for your instance. Resource names: + Must be unique within each AWS Region in your Lightsail account. + Must contain 2 to 255 characters. + Must start and end with an alphanumeric character or number. + Can include alphanumeric characters, numbers, periods, dashes, and underscores. 1. Choose **Create instance**. 1. To view the test blog post, go to the instance management page and copy the public IPv4 address shown in the upper-right corner of the page. Paste the address into the address field of an internet-connected web browser. The browser displays the test blog post. After your instance is running, identify your WordPress blueprint vendor on the instance management page, then select the appropriate guide below: ------ #### [ Bitnami ] ## Step 3: Configure your WordPress instance You can configure your WordPress instance by using a guided, step-by-step workflow, or you can complete the individual tasks. Using either option, you will configure the following: + **A registered domain name** – Your WordPress site needs a domain name that is easy to remember. Users will specify this domain name to access your WordPress site. For more information, see [Register and manage domains for your website in Lightsail](amazon-lightsail-domain-registration.md). + **DNS management** – You must decide how to manage the DNS records for your domain. A DNS record tells the DNS server which IP address or hostname a domain or subdomain is associated with. A DNS zone contains the DNS records for your domain. For more information, see [Understanding DNS in Lightsail](understanding-dns-in-amazon-lightsail.md). + **A Static IP address** – The default public IP address for your WordPress instance changes if you stop and start your instance. When you attach a static IP address to your instance, it stays the same even if you stop and start your instance. For more information, see [View and manage IP addresses for Lightsail resources](understanding-public-ip-and-private-ip-addresses-in-amazon-lightsail.md). + **An SSL/TLS certificate** – After you create a validated certificate and install it on your instance, you can enable HTTPS for your WordPress website so that traffic that is routed to the instance through your registered domain is encrypted using HTTPS. For more information, see [Secure your WordPress site with HTTPS on Lightsail](amazon-lightsail-enabling-https-on-wordpress.md). ### Option: Guided workflow **Tip** Review the following tips before you begin. For troubleshooting information, see [Troubleshooting WordPress setup](amazon-lightsail-troubleshooting-wp-setup.md). Setup supports Lightsail instances with WordPress version 6 and newer, that were created after January 1, 2023. The Certbot dependency file, HTTPS rewrite script and certificate renewal script that are run during setup are saved in the `/opt/bitnami/lightsail/scripts/` directory on your instance. Your instance must be in a **Running** state. Allow a few minutes for the SSH connection to become ready if the instance was just started. Ports 22, 80, and 443 on your instance firewall must allow TCP connections from any IP address while setup is running. For more information, see [Instance firewalls](understanding-firewall-and-port-mappings-in-amazon-lightsail.md). When you add or update DNS records that point traffic from your apex domain (`example.com`) and its `www` subdomains (`www.example.com`), they will need to propagate throughout the Internet. You can verify that your DNS changes have taken effect by using tools such as [nslookup](https://aws.amazon.com/blogs//messaging-and-targeting/how-to-check-your-domain-verification-settings/), or [DNS Lookup](https://mxtoolbox.com/DnsLookup.aspx) from *MxToolbox*. Wordpress instances that were created prior to January 1, 2023, might contain a deprecated Certbot Personal Package Archive (PPA) repository that will cause website setup to fail. If this repository is present during setup, it will be removed from the existing path and backed up to the following location on your instance: `~/opt/bitnami/lightsail/repo.backup`. For more information about the deprecated PPA, see [Certbot PPA](https://launchpad.net/~certbot/+archive/ubuntu/certbot) on the *Canonical* website. Let's Encrypt certificates will automatically renew every 60 to 90 days. While setup is in progress, do not stop or make changes to your instance. It can take up to 15 minutes to configure your instance. You can view the progress for each step in the instance connect tab. **To configure your instance using the website setup wizard** 1. On the instance management page, on the **Connect** tab, choose **Set up your website**. ![\[Launching WordPress setup in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-gf-01.png) 1. For **Specify a domain name**, use an existing Lightsail managed domain, register a new domain with Lightsail, or use a domain that you registered by using another domain registrar. Choose **Use this domain** to go to the next step. 1. For **Configure DNS**, do one of the following: + Choose **Lightsail managed domain** to use a Lightsail DNS zone. Choose **Use this DNS zone** to go to the next step. + Choose **Third-party domain** to use the hosting service that manages the DNS records for your domain. Note that we create a matching DNS zone in your Lightsail account in case you decide to use it later on. Choose **Use third-party DNS** to go to the next step. 1. For **Create a static IP address**, enter a name for your static IP address and then choose **Create static IP**. 1. For **Manage domain assignments**, choose **Add assignment**, choose a domain type, and then choose **Add**. Choose **Continue** to go to the next step. 1. For **Create an SSL/TLS certificate**, choose your domains and subdomains, enter an email address, select **I authorize Lightsail to configure a Let's Encrypt certificate on my instance**, and choose **Create certificate**. We start to configure the Lightsail resources. While setup is in progress, do not stop or make changes to your instance. It can take up to 15 minutes to configure your instance. You can view the progress for each step in the instance connect tab. 1. After the website setup is complete, verify that the URLs that you specified in the domain assignments step open your WordPress site. ### Option: Individual tasks **To configure your instance by completing the individual tasks** 1. **Create a static IP address** On the instance management page, on the **Networking** tab, choose **Create static IP**. The static IP location and instance are selected for you. Specify a name for your static IP address and then choose **Create and attach**. 1. **Create a DNS zone** In the navigation pane, choose **Domains & DNS**. Choose **Create DNS zone**, enter your domain, and then choose **Create DNS zone**. If web traffic is currently being routed to your domain, make sure that all of the existing DNS records are present in the Lightsail DNS zone before changing the name servers at your domain's current DNS hosting provider. This way, traffic continually flows uninterrupted after the transfer to the Lightsail DNS zone 1. **Manage domain assignments** On the page for the DNS zone, on the **Assignments** tab, choose **Add assignment**. Choose the domain or subdomain, select your instance, attach the static IP address, and then choose **Assign**. **Tip** Allow time for these changes to propagate to the internet before your domain starts routing traffic to your WordPress instance. 1. **Create and install an SSL/TLS certificate** For step-by-step directions, see [Secure your WordPress site with HTTPS on Lightsail](amazon-lightsail-enabling-https-on-wordpress.md). 1. Verify that the URLs that you specified in the domain assignments step open your WordPress site. ## Step 4: Get the admin password for your WordPress website The default password to sign in to the administration dashboard of your WordPress website is stored on the instance. Complete the following steps to get the password. **To get the default password for the WordPress administrator** 1. Open the instance management page for your WordPress instance. 1. On the **WordPress** panel, choose **Retrieve default password**. This expands **Access default password** at the bottom of the page. ![\[Accessing WordPress admin password in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wordpress/wordpress-bitnami-retrieve-password.png) 1. Choose **Launch CloudShell**. This opens a panel at the bottom of the page. 1. Choose **Copy** and then paste the contents into the CloudShell window. You can either put your cursor at the CloudShell prompt and press Ctrl\$1V, or you can right-click to open the menu and then choose **Paste**. 1. Make a note of the password displayed in the CloudShell window. You need this to sign in to the administration dashboard of your WordPress website. ![\[Viewing WordPress admin password in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-viewing-admin-password-01.png) ## Step 5: Sign in to the administration dashboard of your WordPress website Now that you have the password for the administration dashboard of your WordPress website, you can sign in. In the administration dashboard, you can change your user password, install plugins, change the theme of your website, and more. Complete the following steps to sign in to the administration dashboard of your WordPress website. **To sign in to the administration dashboard** 1. Open the instance management page for your WordPress instance. 1. On the **WordPress** panel, choose **Access WordPress Admin**. 1. On the **Access your WordPress Admin Dashboard** panel, under **Use public IP address**, choose the link with this format: http://*public-ipv4-address*./wp-admin 1. For **Username or Email Address**, enter **user**. 1. For **Password**, enter the password obtained in the previous step. 1. Choose **Log in**. ![\[Launching and configuring WordPress in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-07.png) You are now signed in to the administration dashboard of your WordPress website where you can perform administrative actions. For more information about administering your WordPress website, see the [WordPress Codex](https://codex.wordpress.org/) in the WordPress documentation. ![\[Launching and configuring WordPress in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-08.png) ------ #### [ Lightsail ] ## Step 3: Configure your WordPress instance You can configure your WordPress instance by using a guided, step-by-step workflow, or you can complete the individual tasks. Using either option, you will configure the following: + **A registered domain name** – Your WordPress site needs a domain name that is easy to remember. Users will specify this domain name to access your WordPress site. For more information, see [Register and manage domains for your website in Lightsail](amazon-lightsail-domain-registration.md). + **DNS management** – You must decide how to manage the DNS records for your domain. A DNS record tells the DNS server which IP address or hostname a domain or subdomain is associated with. A DNS zone contains the DNS records for your domain. For more information, see [Understanding DNS in Lightsail](understanding-dns-in-amazon-lightsail.md). + **A Static IP address** – The default public IP address for your WordPress instance changes if you stop and start your instance. When you attach a static IP address to your instance, it stays the same even if you stop and start your instance. For more information, see [View and manage IP addresses for Lightsail resources](understanding-public-ip-and-private-ip-addresses-in-amazon-lightsail.md). + **An SSL/TLS certificate** – After you create a validated certificate and install it on your instance, you can enable HTTPS for your WordPress website so that traffic that is routed to the instance through your registered domain is encrypted using HTTPS. For more information, see [Secure your WordPress site with HTTPS on Lightsail](amazon-lightsail-enabling-https-on-wordpress.md). ### Option: Guided workflow **Tip** Review the following tips before you begin. For troubleshooting information, see [Troubleshooting WordPress setup](amazon-lightsail-troubleshooting-wp-setup.md). Your instance must be in a **Running** state. Allow a few minutes for the SSH connection to become ready if the instance was just started. Ports 22, 80, and 443 on your instance firewall must allow TCP connections from any IP address while setup is running. For more information, see [Instance firewalls](understanding-firewall-and-port-mappings-in-amazon-lightsail.md). When you add or update DNS records that point traffic from your apex domain (`example.com`) and its `www` subdomains (`www.example.com`), they will need to propagate throughout the Internet. You can verify that your DNS changes have taken effect by using tools such as [nslookup](https://aws.amazon.com/blogs//messaging-and-targeting/how-to-check-your-domain-verification-settings/), or [DNS Lookup](https://mxtoolbox.com/DnsLookup.aspx) from *MxToolbox*. Let's Encrypt certificates will automatically renew every 60 to 90 days. While setup is in progress, do not stop or make changes to your instance. It can take up to 15 minutes to configure your instance. You can view the progress for each step in the instance connect tab. **To configure your instance using the website setup wizard** 1. On the instance management page, on the **Connect** tab, choose **Set up your website**. ![\[Launching WordPress setup in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-gf-01.png) 1. For **Specify a domain name**, use an existing Lightsail managed domain, register a new domain with Lightsail, or use a domain that you registered by using another domain registrar. Choose **Use this domain** to go to the next step. 1. For **Configure DNS**, do one of the following: + Choose **Lightsail managed domain** to use a Lightsail DNS zone. Choose **Use this DNS zone** to go to the next step. + Choose **Third-party domain** to use the hosting service that manages the DNS records for your domain. Note that we create a matching DNS zone in your Lightsail account in case you decide to use it later on. Choose **Use third-party DNS** to go to the next step. 1. For **Create a static IP address**, enter a name for your static IP address and then choose **Create static IP**. 1. For **Manage domain assignments**, choose **Add assignment**, choose a domain type, and then choose **Add**. Choose **Continue** to go to the next step. 1. For **Create an SSL/TLS certificate**, choose your domains and subdomains, enter an email address, select **I authorize Lightsail to configure a Let's Encrypt certificate on my instance**, and choose **Create certificate**. We start to configure the Lightsail resources. While setup is in progress, do not stop or make changes to your instance. It can take up to 15 minutes to configure your instance. You can view the progress for each step in the instance connect tab. 1. After the website setup is complete, verify that the URLs that you specified in the domain assignments step open your WordPress site. ### Option: Individual tasks **To configure your instance by completing the individual tasks** 1. **Create a static IP address** On the instance management page, on the **Networking** tab, choose **Create static IP**. The static IP location and instance are selected for you. Specify a name for your static IP address and then choose **Create and attach**. 1. **Create a DNS zone** In the navigation pane, choose **Domains & DNS**. Choose **Create DNS zone**, enter your domain, and then choose **Create DNS zone**. If web traffic is currently being routed to your domain, make sure that all of the existing DNS records are present in the Lightsail DNS zone before changing the name servers at your domain's current DNS hosting provider. This way, traffic continually flows uninterrupted after the transfer to the Lightsail DNS zone 1. **Manage domain assignments** On the page for the DNS zone, on the **Assignments** tab, choose **Add assignment**. Choose the domain or subdomain, select your instance, attach the static IP address, and then choose **Assign**. **Tip** Allow time for these changes to propagate to the internet before your domain starts routing traffic to your WordPress instance. 1. **Create and install an SSL/TLS certificate** For step-by-step directions, see [Secure your WordPress site with HTTPS on Lightsail](amazon-lightsail-enabling-https-on-wordpress.md). 1. Verify that the URLs that you specified in the domain assignments step open your WordPress site. ## Step 4: Get the admin password for your WordPress website The default password to sign in to the administration dashboard of your WordPress website is stored on the instance. Complete the following steps to get the password. **To get the default password for the WordPress administrator** 1. Open the instance management page for your WordPress instance. 1. On the **WordPress** panel, choose **Retrieve default password**. This expands **Access default password** at the bottom of the page. ![\[Accessing WordPress admin password in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wordpress/wordpress-lightsail-retrieve-password.png) 1. Choose **Launch CloudShell**. This opens a panel at the bottom of the page. 1. Choose **Copy** and then paste the contents into the CloudShell window. You can either put your cursor at the CloudShell prompt and press Ctrl\$1V, or you can right-click to open the menu and then choose **Paste**. 1. Make a note of the password displayed in the CloudShell window. You need this to sign in to the administration dashboard of your WordPress website. ![\[Viewing WordPress admin password in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wordpress/amazon-wordpress-lightsail-viewing-admin-password.png) ## Step 5: Sign in to the administration dashboard of your WordPress website Now that you have the password for the administration dashboard of your WordPress website, you can sign in. In the administration dashboard, you can change your user password, install plugins, change the theme of your website, and more. Complete the following steps to sign in to the administration dashboard of your WordPress website. **To sign in to the administration dashboard** 1. Open the instance management page for your WordPress instance. 1. On the **WordPress** panel, choose **Access WordPress Admin**. 1. On the **Access your WordPress Admin Dashboard** panel, under **Use public IP address**, choose the link with this format: http://*public-ipv4-address*./wp-admin 1. For **Username or Email Address**, enter **user**. 1. For **Password**, enter the password obtained in the previous step. 1. Choose **Log in**. ![\[Launching and configuring WordPress in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-07.png) You are now signed in to the administration dashboard of your WordPress website where you can perform administrative actions. For more information about administering your WordPress website, see the [WordPress Codex](https://codex.wordpress.org/) in the WordPress documentation. ![\[Launching and configuring WordPress in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-08.png) ------ ## Additional information Here are some additional steps that you can perform after launching a WordPress instance in Amazon Lightsail: + [Configure WordPress with a Lightsail content delivery network](amazon-lightsail-editing-wp-config-for-distribution.md) + [Create a snapshot of your Linux or Unix instance](lightsail-how-to-create-a-snapshot-of-your-instance.md) + [Enable or disable automatic snapshots for instances or disks](amazon-lightsail-configuring-automatic-snapshots.md) + [Create and attach additional block storage disks to your Linux-based instances](create-and-attach-additional-block-storage-disks-linux-unix.md) # Connect a WordPress website on Lightsail to Amazon S3 with WP Offload Media Connect to Amazon S3 This tutorial describes the steps required to connect your WordPress website running on an Amazon Lightsail instance to an Amazon Simple Storage Service (Amazon S3) bucket to store website images and attachments. To do this, you configure a WordPress plugin with a set of Amazon Web Services (AWS) account credentials. The plugin then creates the Amazon S3 bucket for you and configures your website to use the bucket instead of the instance’s disk for website images and attachments. **Topics** + [ ## Step 1: Complete the prerequisites ](#connect-wordpress-to-s3-prerequisites) + [ ## Step 2: Install the WP Offload Media plugin on your WordPress website ](#install-wp-offload-media-on-wordpress) + [ ## Step 3: Create an IAM policy ](#create-iam-policy-for-wordpress) + [ ## Step 4: Create an IAM user ](#create-iam-user-for-wordpress) + [ ## Step 5: Create an access key for your IAM user ](#create-access-key-for-wordpress) + [ ## Step 6: Edit the WordPress configuration file ](#edit-the-wp-config-file-for-s3-bucket) + [ ## Step 7: Create the Amazon S3 bucket using the WP Offload Media plugin ](#create-the-amazon-s3-bucket) + [ ## Step 8: Next steps ](#connect-wordpress-to-s3-prerequisites-next-steps) ## Step 1: Complete the prerequisites Before you get started, create a WordPress instance in Lightsail, and make sure it’s in a running state. For more information, see [Tutorial: Launch and configure a WordPress instance](amazon-lightsail-tutorial-launching-and-configuring-wordpress.md). ## Step 2: Install the WP Offload Media plugin on your WordPress website You must use a plugin to configure your website to use an Amazon S3 bucket. Many plugins are available to configure this; one such plugin is [WP Offload Media Lite](https://wordpress.org/plugins/amazon-s3-and-cloudfront/). **To install the WP Offload Media plugin on your WordPress website** 1. Sign in to your WordPress dashboard as an administrator. For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md). 1. Hover over **Plugins** in the left navigation menu, and choose **Add New**. ![\[Add new plugin menu item in the WordPress dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-add-new-plugin-menu.png) 1. Search for **WP Offload Media Lite**. 1. In the search results, choose **Install Now** next to the **WP Offload Media** plugin. ![\[WP Offload Media Lite plugin for WordPress.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wp-offload-media-plugin.png) 1. Choose **Activate** after the plugin is done installing. 1. In the left navigation menu, choose **Settings**, then choose **Offload Media**. ![\[Wordpress dashboard settings.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-offload-media-menu.png) 1. In the **Offload Media** page, choose **Amazon S3** as the storage provider, then choose **Define access keys in wp-config.php**. With this option, you must add your AWS account credentials to the `wp-config.php` on the instance. These steps are covered later in this tutorial. ![\[WP Offload Media page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-offload-media-configuration.png) Leave the **Offload Media** page open; you will return to it later in this tutorial. Continue to the [Step 3: Create an IAM policy](#create-iam-policy-for-wordpress) section of this tutorial. ## Step 3: Create an IAM policy **Warning** This scenario requires IAM users with programmatic access and long-term credentials, which presents a security risk. To help mitigate this risk, we recommend that you provide these users with only the permissions they require to perform the task and that you remove these users when they are no longer needed. Access keys can be updated if necessary. For more information, see [Update access keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/id-credentials-access-keys-update.html) in the *IAM User Guide*. The WP Offload Media plugin requires access to your AWS account to create the Amazon S3 bucket, and to upload your website images and attachments. **To create a new AWS Identity and Access Management (IAM) policy for the WP Offload Media plugin** 1. Open a new browser tab, and sign in to the [IAM console](https://console.aws.amazon.com/iam/). 1. In the left navigation menu, under **Access management**, choose **Policies**. 1. Choose **Create policy**. 1. On the **Create policy** page, choose **JSON**, then remove all of the content within the policy editor. 1. Specify the following content in the policy editor, replacing the example bucket name of *amzn-s3-demo-bucket* with your own: ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": [ "arn:aws:s3:::amzn-s3-demo-bucket/*", "arn:aws:s3:::amzn-s3-demo-bucket" ] } ] } ``` ------ 1. Choose **Next**. 1. For **Policy name**, enter a name for the policy. **Tip** Specify a descriptive name, such as **wp\$1s3\$1user\$1policy** or **wp\$1offload\$1media\$1plugin\$1user\$1policy**, so that you can easily identify it in the future when performing maintenance. 1. Choose **Create policy**. Keep the IAM console open for the next step. ## Step 4: Create an IAM user Create a new IAM user and attach the previously created policy to grant the required permissions to use the WP Offload Media plugin. **To create a new AWS Identity and Access Management (IAM) user for the WP Offload Media plugin** 1. If necessary, open the [IAM console](https://console.aws.amazon.com/iam/). 1. In the left navigation menu, under **Access management**, choose **Users**. 1. Choose **Create user**. 1. For **User name**, enter a name for the new user, then choose **Next**. **Tip** Specify a descriptive name, such as **wp\$1s3\$1user** or **wp\$1offload\$1media\$1plugin\$1user**, so that you can easily identify it in the future when performing maintenance. 1. Choose **Attach policies directly**. 1. Under **Permissions policies**, enter the name of the policy you created previously in the search bar. 1. Select the policy, then choose **Next**. 1. Choose **Create user**. Keep the IAM console open for the next step. ## Step 5: Create an access key for your IAM user Create an access key for the IAM user which will be used by the WP Offload Media plugin. **To create a new AWS Identity and Access Management (IAM) user for the WP Offload Media plugin** 1. If necessary, open the [IAM console](https://console.aws.amazon.com/iam/). 1. In the left navigation menu, under **Access management**, choose **Users**. 1. Choose the user name to go to the user details page. 1. On **Security credentials** tab, in the **Access keys** section, choose **Create access key**. 1. Choose **Other**, then choose **Next**. 1. Choose **Create access key**. 1. Make note of the **access key ID** and **secret access key** for the IAM user. You can also choose **Download .csv** to save a copy of these values to your local drive. You will need these in the next few steps when editing the `wp-config.php` file on the WordPress instance. You can now close the IAM console and continue on the Lightsail console with the next step. ## Step 6: Edit the WordPress configuration file The `wp-config.php` file contains your website’s base configuration details, such as database connection information. **To edit the `wp-config.php` file in your WordPress instance** 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. Choose the browser-based SSH client icon for the WordPress instance. ![\[The browser-based SSH client icon in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-browser-based-ssh-client.png) **Note** You can also connect to your instance using your own SSH client. For more information, see [Download and set up PuTTY to connect using SSH in Lightsail](lightsail-how-to-set-up-putty-to-connect-using-ssh.md). 1. In the SSH client window that appears, enter the following command to create a backup of the `wp-config.php` file in case something goes wrong: ``` sudo cp /opt/bitnami/wordpress/wp-config.php /opt/bitnami/wordpress/wp-config.php.backup ``` 1. Enter the following command to open the `wp-config.php` file using `nano`, a text editor: ``` nano /opt/bitnami/wordpress/wp-config.php ``` 1. Enter the following text above the `/* That's all, stop editing! Happy blogging. */` text. Be sure to replace *AccessKeyID* with the access key ID and *SecretAccessKey* with the secret access key of the IAM user you created earlier in these steps. ``` define( 'AS3CF_SETTINGS', serialize( array( 'provider' => 'aws', 'access-key-id' => 'AccessKeyID', 'secret-access-key' => 'SecretAccessKey', ) ) ); ``` Example: ``` define( 'AS3CF_SETTINGS', serialize( array( 'provider' => 'aws', 'access-key-id' => 'AKIAIOSFODNN7EXAMPLE', 'secret-access-key' => 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY', ) ) ); ``` The result should look like the following example: ![\[AWS account credentials in the wp-config.php file.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-ssh-wp-config-s3-bucket.png) 1. Press **Ctrl\$1X** to exit Nano, then press **Y**, and **Enter** to save your edits to the `wp-config.php` file. 1. Enter the following command to restart the services on the instance: ``` sudo /opt/bitnami/ctlscript.sh restart ``` You will see a result similar to the following when the services have restarted: ![\[Restarting the services on the instance.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-ssh-restart-services-bitnami.png) Close the SSH window and toggle back to the **Offload Media** page that you left open earlier in this tutorial. You are now ready to [create the Amazon S3 bucket using the WP Offload Media plugin](#create-the-amazon-s3-bucket). ## Step 7: Create the Amazon S3 bucket using the WP Offload Media plugin Now that the `wp-config.php` file is configured with the AWS credentials, you can return to the **Offload Media** page to complete the process. **To create the Amazon S3 bucket using the WP Offload Media plugin** 1. Refresh the **Offload Media** page, or choose **Next**. You should now see that the Amazon S3 provider is configured. 1. Choose **Create new bucket**. ![\[Creating a new Amazon S3 bucket using the WP Offload Media plugin.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-offload-media-create-new-bucket.png) 1. In the **Region** drop-down menu, choose the desired AWS Region. We recommend that you choose the same region in which your WordPress instance is located. 1. In the **Bucket** text box, enter a name for the new S3 bucket. ![\[Configuring the new Amazon S3 bucket using the WP Offload Media plugin.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-offload-media-bucket-configuration.png) 1. Choose **Create New Bucket**. The page refreshes to confirm that a new bucket was created. Review the settings that appear and adjust them accordingly to how you want your WordPress website to behave. ![\[WP Offload Media plugin settings.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-offload-media-settings-saved.png) From now on, images and attachments added to blog posts are automatically uploaded to the Amazon S3 bucket that you created. ## Step 8: Next steps After you’re done connecting your WordPress website to an Amazon S3 bucket, you should create a snapshot of your WordPress instance to back up the changes you made. For more information, see [Create a snapshot of your Linux or Unix instance](lightsail-how-to-create-a-snapshot-of-your-instance.md). # Connect a Lightsail WordPress instance to an Amazon Aurora database Connect to Aurora DB Website data for posts, pages, and users is stored on a database that is running on your WordPress instance in Amazon Lightsail. If your instance fails, your data may become unrecoverable. To prevent this scenario, you should transfer your website data to an Amazon Aurora database in the Amazon Relational Database Service (Amazon RDS). Amazon Aurora is a MySQL and PostgreSQL-compatible relational database built for the cloud. It combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open-source databases. Aurora is offered as part of Amazon RDS. Amazon RDS is a managed database service that makes it easier to set up, operate, and scale a relational database in the cloud. For more information, see the [Amazon Relational Database Service User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/) and the [Amazon Aurora User Guide for Aurora](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/). In this tutorial, we show you how to connect your website database from a WordPress instance in Lightsail to an Aurora managed database in Amazon RDS. **Contents** + [Step 1: Complete the prerequisites](#connect-mysql-to-aurora-prerequisites) + [Step 2: Configure the security group for your Aurora database](#configure-aurora-security-group) + [Step 3: Connect to your Aurora database from your Lightsail instance](#connect-to-aurora-database-from-lightsail-instance) + [Step 4: Transfer the MySQL database from your WordPress instance to your Aurora database](#transfer-database-from-wordpres-to-aurora) + [Step 5: Configure WordPress to connect to your Aurora managed database](#connect-wordpress-to-aurora) ## Step 1: Complete the prerequisites Complete the following prerequisites before you begin: 1. Create a WordPress instance in Lightsail, and configure your application on it. The instance should be in a running state before you continue. For more information, see [Tutorial: Launch and configure a WordPress instance in Amazon Lightsail](amazon-lightsail-tutorial-launching-and-configuring-wordpress.md). 1. Turn on VPC peering in your Lightsail account. For more information, see [Set up peering to work with AWS resources outside of Lightsail](lightsail-how-to-set-up-vpc-peering-with-aws-resources.md). 1. Create an Aurora managed database in Amazon RDS. The database must be located in the same AWS Region as your WordPress instance. It should also be in a running state before you continue. For more information, see [Getting started with Amazon Aurora](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_GettingStartedAurora.html) in the Amazon Aurora User Guide. ## Step 2: Configure the security group for your Aurora database An AWS security group acts as a virtual firewall for your AWS resources. It controls the incoming and outgoing traffic that can connect to your Aurora database in Amazon RDS. For more information about security groups, see [Control traffic to resources using security groups](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html) in the Amazon Virtual Private Cloud User Guide. Complete the following procedure to configure the security group so that your WordPress instance can establish a connection to your Aurora database. 1. Sign in to the [Amazon RDS console](https://console.aws.amazon.com/rds/). 1. Choose **Databases** in the navigation pane. 1. Choose the **Writer instance** of the Aurora database that your WordPress instance will connect to. 1. Choose the **Connectivity & security tab**. 1. In the **Endpoint & port** section, make a note of the **Endpoint name** and **Port** of the **Writer instance**. You will need these later when configuring your Lightsail instance to connect to the database. 1. In the **Security** section, choose the active VPC security group link. You will be redirected to your database’s security group. ![\[Connectivity & security tab screenshot of the Amazon RDS console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-aurora-db-select-writer-instance.png) 1. Make sure that the security group for your Aurora database is selected. 1. Choose the **Inbound rules** tab. 1. Choose **Edit inbound rules**. ![\[Inbound rules tab screenshot of the Amazon RDS console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-aurora-select-security-group.png) 1. In the **Edit inbound rules** page, choose **Add rule**. 1. Complete one of the following steps: + If you are using the default MySQL port 3306, select **MySQL/Aurora** in the **Type** dropdown menu. + If you are using a custom port for your database, select **Custom TCP** in the **Type** dropdown menu and enter the port number in the **Port Range** text box. 1. In the **Source** text box, add the private IP address of your WordPress instance. You must enter the IP addresses in CIDR notation, which means that you must append `/32`. For example, to allow `192.0.2.0`, enter `192.0.2.0/32`. 1. Choose **Save rules**. ![\[Inbound rules detail screenshot of the Amazon RDS console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-aurora-add-security-group-rule.png) ## Step 3: Connect to your Aurora database from your Lightsail instance Complete the following procedure to confirm that you can connect to your Aurora database from your Lightsail instance. 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. In the left navigation pane, choose **Instances**. ![\[Lightsail homepage.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-aurora-homepage-select-instances-tab.png) 1. Choose the browser-based SSH client icon for your WordPress instance to connect to it using SSH. ![\[Browser-based SSH client icon.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-aurora-browser-based-ssh-client.png) 1. After you're connected to your instance, enter the following command to connect to your Aurora database. In the command, replace *DatabaseEndpoint* with the endpoint address of your Aurora database and replace *Port* with the port of your database. Replace *MyUserName* with the name of the user that you entered when creating the database. ``` mysql -h DatabaseEndpoint -P Port -u MyUserName -p ``` You should see a response similar to the following example, which confirms that your instance can access and connect to your Aurora database. ![\[Successful MySQL connection response.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-aurora-mysql-connect-message.png) If you don’t see this response, or you get an error message, then you might need to configure the security group of your Aurora database to allow the private IP address of your Lightsail instance to connect to it. For more information, see the [Configure the security group for your Aurora database](#configure-aurora-security-group) section of this guide. ## Step 4: Transfer the database from your WordPress instance to your Aurora database Now that you’ve confirmed you can connect to your database from your instance, you should transfer your WordPress website data to your Aurora database. 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. In the **Instances** tab, choose the browser-based SSH client for your WordPress instance. ![\[Browser-based SSH client icon.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-aurora-browser-based-ssh-client.png) 1. After the browser-based SSH client is connected to your WordPress instance, enter the following command. The command transfers the data from the `bitnami_wordpress` database that is on your instance and moves it to your Aurora database. In the command, replace *DatabaseUserName* with the name of the primary user that you entered when creating the Aurora database. Replace *DatabaseEndpoint* with the endpoint address of your Aurora database. ``` sudo mysqldump -u root --databases bitnami_wordpress --single-transaction --compress --order-by-primary -p$(cat /home/bitnami/bitnami_application_password) | sudo mysql -u DatabaseUserName --host DatabaseEndpoint --password ``` **Example** ``` sudo mysqldump -u root --databases bitnami_wordpress --single-transaction --compress --order-by-primary -p$(cat /home/bitnami/bitnami_application_password) | sudo mysql -u DBuser --host abc123exampleE67890.czowadgeezqi.us-west-2.rds.amazonaws.com --password ``` 1. At the `Enter password` prompt, enter the password for your Aurora database, and press **Enter**. You won't be able to see the password while you type it. ![\[Password prompt screenshot.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-aurora-mysql-dump-1.png) If the data transfer succeeds, a response similar to the following example is displayed: ![\[Successful transfer response.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-aurora-mysql-dump-2.png) If you get an error, confirm that you’re using the correct database user name, password, and endpoint, and try again. ## Step 5: Configure WordPress to connect to your Aurora database After you transfer your application data to your Aurora database, you should configure WordPress to connect to it. Complete the following procedure to edit the WordPress configuration file (`wp-config.php`) so that your website connects to your Aurora database. 1. In the browser-based SSH client that is connected to your WordPress instance, enter the following command to create a backup of the `wp-config.php` file: ``` cp /opt/bitnami/wordpress/wp-config.php /opt/bitnami/wordpress/wp-config.php-backup ``` 1. Enter the following command to make the `wp-config.php` file writable: ``` sudo chmod 664 /opt/bitnami/wordpress/wp-config.php ``` 1. Edit the database user name in the `config` file to the name of the primary user that you entered when creating the Aurora database. ``` sudo wp config set DB_USER DatabaseUserName ``` 1. Edit the database host in the `config` file with the endpoint address and port number of your Aurora database. For example, `abc123exampleE67890.czowadgeezqi.us-west-2.rds.amazonaws.com:3306`. ``` sudo wp config set DB_HOST DatabaseEndpoint:Port ``` 1. Edit the database password in the `config` file with the password for your Aurora database. ``` sudo wp config set DB_PASSWORD DatabasePassword ``` 1. Enter the `wp config list` command to verify that the information you entered in the `wp-config.php` file is correct. ``` sudo wp config list ``` A result similar to the following example appears, displaying your configuration details: ![\[WordPress configuration file.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-aurora-wpconfig.png) 1. Enter the following command to restart the web services on your instance: ``` sudo /opt/bitnami/ctlscript.sh restart ``` When the services restart, a result similar to the following example is displayed: ![\[WordPress instances restart confirmation.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-aurora-service-restart.png) Congratulations\$1 Your WordPress site is now configured to use your Aurora database. **Note** If you need to restore the original `wp-config.php` file, enter the following command to restore it using the backup you created earlier in this tutorial. ``` cp /opt/bitnami/wordpress/wp-config.php-backup /opt/bitnami/wordpress/wp-config.php ``` # Transfer WordPress data to a MySQL managed database in Lightsail Connect to MySQL Crucial WordPress website data for posts, pages, and users, is stored on the MySQL database that is running on your instance in Amazon Lightsail. If your instance fails, your data may become unrecoverable. To prevent this scenario, you should transfer your website data to a MySQL managed database. In this tutorial, we show you how to transfer your WordPress website data to a MySQL managed database in Lightsail. We also show you how to edit the WordPress configuration (`wp-config.php`) file on your instance so that your website connects to the managed database, and stops connecting to the database running on the instance. **Contents** + [Step 1: Complete the prerequisites](#connect-wordpress-to-mysql-managed-database-prerequisites) + [Step 2: Transfer the WordPress database to your MySQL managed database](#transfer-wordpress-database-to-mysql-managed-database) + [Step 3: Configure WordPress to connect to your MySQL managed database](#configure-wordpress-to-connect-to-mysql-managed-database) + [Step 4: Complete the next steps](#connect-wordpress-to-mysql-managed-database-next-steps) ## Step 1: Complete the prerequisites Complete the following prerequisites before getting started: + Create a WordPress instance in Lightsail, and make sure that it’s in a running state. For more information, see [Tutorial: Launch and configure a WordPress instance in Amazon Lightsail](amazon-lightsail-tutorial-launching-and-configuring-wordpress.md). + Create a MySQL managed database in Lightsail in the same AWS Region as your WordPress instance, and make sure it's in a running state. WordPress works with all of the MySQL database options available in Lightsail. For more information, see [Creating a database in Amazon Lightsail](amazon-lightsail-creating-a-database.md). + Enable the public mode and data import mode of your MySQL managed database. You can disable these modes after completing the steps in this tutorial. For more information, see [Configure the public mode for your database](amazon-lightsail-configuring-database-public-mode.md) and [Configure the data import mode for your database](amazon-lightsail-configuring-database-data-import-mode.md). ## Step 2: Transfer the WordPress database to your MySQL managed database Complete the following procedure to transfer your WordPress website data to your MySQL managed database in Lightsail. 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. In the **Instances** tab, choose the browser-based SSH client icon for your WordPress instance. ![\[The browser-based SSH client icon in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-quick-connect.png) 1. After the browser-based SSH client is connected to your WordPress instance, enter the following command to transfer the data in the `bitnami_wordpress` database that is on your instance to your MySQL managed database. Be sure to replace *DbUserName* with the user name of your managed database, and replace *DbEndpoint* with the endpoint address of your managed database. ``` sudo mysqldump -u root --databases bitnami_wordpress --single-transaction --compress --order-by-primary -p$(cat /home/bitnami/bitnami_application_password) | sudo mysql -u DbUserName --host DbEndpoint --password ``` **Example** ``` sudo mysqldump -u root --databases bitnami_wordpress --single-transaction --compress --order-by-primary -p$(cat /home/bitnami/bitnami_application_password) | sudo mysql -u dbmasteruser --host ls-abc123exampleE67890.czowadgeezqi.us-west-2.rds.amazonaws.com --password ``` 1. At the prompt, enter the password for your MySQL managed database, and press **Enter**. You will not be able to see the password as it is being typed. ![\[Password prompt to transfer WordPress database to a MySQL managed database in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-transfer-wordpress-database-to-mysql-managed-database.png) 1. A response similar to the following example is displayed if the data was successfully transferred. If you get an error, confirm that you’re using the correct database user name, password, or endpoint, and try again. ![\[Successfully transferred WordPress database to a MySQL managed database in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-transfer-wordpress-database-to-mysql-managed-database-success.png) ## Step 3: Configure WordPress to connect to your MySQL managed database Complete the following procedure to edit the WordPress configuration file (`wp-config.php`) so that your website connects to your MySQL managed database. 1. In the browser-based SSH client that is connected to your WordPress instance, enter the following command to create a backup of the `wp-config.php` file in case something goes wrong. ``` cp /opt/bitnami/wordpress/wp-config.php /opt/bitnami/wordpress/wp-config.php-backup ``` 1. Enter the following command to open the `wp-config.php` file using the Nano text editor. ``` nano /opt/bitnami/wordpress/wp-config.php ``` 1. Scroll down until you find the values for `DB_USER`, `DB_PASSWORD`, and `DB_HOST` as shown in the following example. ![\[Wordpress configuration file before modifications.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-wpconfig-file-original.png) 1. Modify the following values: + **DB\$1USER** — Edit this to match the user name of your MySQL managed database. The default primary user name for Lightsail managed databases is `dbmasteruser`. + **DB\$1PASSWORD** — Edit this to match the strong password of your MySQL managed database. For more information, see [Manage your database password](amazon-lightsail-managing-database-password.md). + **DB\$1HOST** — Edit this to match the endpoint of your MySQL managed database. Be sure to add the `:3306` port number at the end of the host address. For example `ls-abc123exampleE67890.czowadgeezqi.us-west-2.rds.amazonaws.com:3306`. The result should look like the following example. ![\[Modifications to the WordPress configuration file.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-wpconfig-file-modifications.png) 1. Press **Ctrl\$1X** to exit Nano, then press **Y** and **Enter** to save your edits. 1. Enter the following command to restart the web services on your instance. ``` sudo /opt/bitnami/ctlscript.sh restart ``` A result similar to the following example is displayed when the services have restarted. ![\[Restarting server services on the WordPress instances.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-restart-wordpress-services.png) Congratulations\$1 Your WordPress site is now configured to use the MySQL managed database. **Note** If for any reason you need to restore the original `wp-config.php` file, enter the following command to restore it using the backup you created earlier in this tutorial. ``` cp /opt/bitnami/wordpress/wp-config.php-backup /opt/bitnami/wordpress/wp-config.php ``` ## Step 4: Complete the next steps You should complete these additional steps after you’re done connecting your WordPress website to a MySQL managed database: + Create a snapshot of your WordPress instance. For more information, see [Create a snapshot of your Linux or Unix instance](lightsail-how-to-create-a-snapshot-of-your-instance.md). + Create a snapshot of the MySQL managed database. For more information, see [Create a snapshot of your database ](amazon-lightsail-creating-a-database-snapshot.md). + Disable the public mode and data import mode of your MySQL managed database. For more information, see [Configure the public mode for your database](amazon-lightsail-configuring-database-public-mode.md) and [Configure the data import mode for your database](amazon-lightsail-configuring-database-data-import-mode.md). # Connect a WordPress instance to a Lightsail bucket for static content Connect to a storage bucket This tutorial describes the steps required to connect your WordPress website running on an Amazon Lightsail instance to a Lightsail bucket. You can use the bucket to host static content such as images and attachments. To do this, you must install the WP Offload Media Lite plugin on your WordPress website and configure it to connect to your Lightsail bucket. After the plugin is configured, all media that you upload to your WordPress website is automatically added to your bucket instead of the instance’s disk. **Contents** + [Step 1: Complete the prerequisites](#connecting-buckets-to-wordpress-prerequisites) + [Step 2: Modify your bucket permissions](#connecting-buckets-to-wordpress-modify-bucket-permissions) + [Step 3: Install the WP Offload Media Lite plugin on your WordPress website](#connecting-buckets-to-wordpress-install-wp-offload-media-lite) + [Step 4: Test the connection between your WordPress website and your Lightsail bucket](#connecting-buckets-to-wordpress-test-connection) ## Step 1: Complete the prerequisites Complete the following prerequisites if you haven't already: + Create a WordPress instance in Lightsail. For more information, see [Tutorial: Launch and configure a WordPress instance in Amazon Lightsail](amazon-lightsail-tutorial-launching-and-configuring-wordpress.md). + Create a bucket in the Lightsail object storage service. For more information, see [Create a bucket](amazon-lightsail-creating-buckets.md). ## Step 2: Modify your bucket permissions Complete the following procedure to change the permissions of your bucket to give access to your WordPress instance and the Offload Media Lite plugin. The access permissions of your bucket must be set to **Individual objects can be made public (read-only)**. You must also attach the WordPress instance to the access role of your bucket. For more information about bucket permissions, see [Bucket permissions](amazon-lightsail-understanding-bucket-permissions.md). 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. In the left navigation pane, choose **Storage**. 1. Choose the name of the bucket that you want to use with your WordPress website. ![\[The Lightsail bucket.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bucket-name-storage-tab.png) 1. Choose the **Permissions** tab on the **Bucket management** page. 1. Choose **Change permissions** under the **Bucket access permissions** section of the page. ![\[The Change permissions button.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bucket-access-permissions.png) 1. Choose **Individual objects can be made public and read only**. ![\[The Individual objects can be made public and read only option.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bucket-access-permissions-options.png) 1. Choose **Save**. 1. Choose **Yes, save** in the confirmation prompt that appears. ![\[The Yes, save button.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bucket-access-permissions-confirmation.png) After a few moments, your bucket is configured to allow for individual object access. This ensures that objects uploaded to your bucket from your WordPress website using the Offload Media Lite plugin are readable to your customers. 1. Scroll to the **Resource access** section of the page, and choose **Attach instance**. ![\[The Attach instance option.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bucket-resource-access.png) 1. Choose the name of your WordPress instance in the drop-down list that appears, and then choose **Attach**. ![\[The Attach option.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bucket-attach-resource-access.png) After a few moments, your WordPress instance is attached to your bucket. This gives your WordPress instance access to manage your bucket and its objects. ## Step 3: Install the WP Offload Media Lite plugin on your WordPress website Complete the following procedure to install the WP Offload Media Lite plugin on your WordPress website. This plugin automatically copies images, videos, documents, and any other media added through the WordPress media uploader to your Lightsail bucket. For more information, see [WP Offload Media Lite](https://wordpress.org/plugins/amazon-s3-and-cloudfront/) in the *WordPress website*. 1. Sign in to the dashboard of your WordPress website as an administrator. For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md). 1. Pause on **Plugins** in the left navigation menu, and choose **Add New**. ![\[Add new plugin menu item in the WordPress dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-add-new-plugin-menu.png) 1. Search for **WP Offload Media Lite**. 1. In the search results, choose **Install Now** next to the **WP Offload Media** plugin. ![\[WP Offload Media Lite plugin for WordPress.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wp-offload-media-plugin.png) 1. Choose **Activate** after the plugin is done installing. ![\[Activate the WP Offload Media Lite plugin for WordPress.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wp-offload-media-plugin-activate.png) 1. In the left navigation menu, choose **Settings**, and then choose **Offload Media**. ![\[Wordpress dashboard settings.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-offload-media-menu.png) 1. In the **Offload Media** page, choose **Amazon S3** as the storage provider. ![\[WP Offload Media page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-offload-media-storage-provider.png) 1. Choose **My server is on Amazon Web Services and I'd like to use IAM Roles**. ![\[WP Offload Media page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-offload-media-access-setting.png) 1. Choose **Next**. ![\[WP Offload Media page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-offload-media-next.png) 1. Choose **Browse existing buckets** in the **What bucket would you like to use?** page that appears. ![\[WP Offload Media page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-offload-media-browse-existing-buckets.png) 1. Choose the name of the bucket that you want to use with your WordPress instance. ![\[WP Offload Media page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-offload-media-existing-buckets.png) 1. In the **Offload Media Lite Settings** page that appears, make sure to turn on **Force HTTPS** and **Remove Files From Server**. + The **Force HTTPS** setting must be turned on because Lightsail buckets use HTTPS by default to serve media files. If you don't turn this feature on, media files that are uploaded to your Lightsail bucket from your WordPress website won't be served correctly to your website visitors. + The **Remove Files From Server** setting ensures that media that is uploaded to your Lightsail bucket isn't also stored on your instance's disk. If you don't turn this feature on, media files that are uploaded to your Lightsail bucket are also stored on the local storage of your WordPress instance. ![\[WP Offload Media page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-offload-media-settings.png) 1. Choose **Save Changes**. **Note** To return to the **Offload Media Lite Settings** page later, pause on **Settings** in the left navigation menu, and choose **Offload Media Lite**. Your WordPress website is now configured to use the Media Lite Plugin. The next time you upload a media file through WordPress, that file is automatically uploaded to your Lightsail bucket, and is served by the bucket. To test the configuration, continue to the next section of this tutorial. ## Step 4: Test the connection between your WordPress website and your Lightsail bucket Complete the following procedure to upload a media file to your WordPress instance and confirm that it is uploaded to, and is served from your Lightsail bucket. 1. Pause on **Media** in the left navigation menu of the WordPress dashboard, and choose **Add New**. ![\[The add new media file menu item in the WordPress dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-dashboard-new-media.png) 1. Choose **Select Files** on the Upload New Media page that appears. ![\[The Select files button in the WordPress dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-dashboard-new-media-upload.png) 1. Choose a media file to upload from your local computer, and choose **Open**. ![\[The Open button in the WordPress dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-dashboard-new-media-open.png) 1. When the file is done uploading, choose **Library** under **Media** in the left navigation menu. ![\[The Library menu item in the WordPress dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-dashboard-new-media-library-menu.png) 1. Choose the file that you recently uploaded. ![\[The selected file.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-dashboard-new-media-library.png) 1. In the details panel of the file, you should see the name of your bucket in the **Bucket** and **File URL** fields. ![\[The name of your bucket and it's URL in the Attachment details panel.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-dashboard-new-media-details.png) 1. When you go to the **Objects** tab of the Lightsail bucket management page, you should see a **wp-content** folder. This folder is created by the Offload Media Lite plugin and is used to store your uploaded media files. ![\[The wp-content folder in a bucket\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bucket-objects-wp-content-folder.png) ## Manage buckets and objects These are the general steps to manage your Lightsail object storage bucket: 1. Learn about objects and buckets in the Amazon Lightsail object storage service. For more information, see [Object storage in Amazon Lightsail](buckets-in-amazon-lightsail.md). 1. Learn about the names that you can give your buckets in Amazon Lightsail. For more information, see [Bucket naming rules in Amazon Lightsail](bucket-naming-rules-in-amazon-lightsail.md). 1. Get started with the Lightsail object storage service by creating a bucket. For more information, see [Creating buckets in Amazon Lightsail](amazon-lightsail-creating-buckets.md). 1. Learn about security best practices for buckets and the access permissions that you can configure for your bucket. You can make all objects in your bucket public or private, or you can choose to make individual objects public. You can also grant access to your bucket by creating access keys, attaching instances to your bucket, and granting access to other AWS accounts. For more information, see [Security Best Practices for Amazon Lightsail object storage](amazon-lightsail-bucket-security-best-practices.md) and [Understanding bucket permissions in Amazon Lightsail](amazon-lightsail-understanding-bucket-permissions.md). After learning about bucket access permissions, see the following guides to grant access to your bucket: + [Block public access for buckets in Amazon Lightsail](amazon-lightsail-block-public-access-for-buckets.md) + [Configuring bucket access permissions in Amazon Lightsail](amazon-lightsail-configuring-bucket-permissions.md) + [Configuring access permissions for individual objects in a bucket in Amazon Lightsail](amazon-lightsail-configuring-individual-object-access.md) + [Creating access keys for a bucket in Amazon Lightsail](amazon-lightsail-creating-bucket-access-keys.md) + [Configuring resource access for a bucket in Amazon Lightsail](amazon-lightsail-configuring-bucket-resource-access.md) + [Configuring cross-account access for a bucket in Amazon Lightsail](amazon-lightsail-configuring-bucket-cross-account-access.md) 1. Learn how to enable access logging for your bucket, and how to use access logs to audit the security of your bucket. For more information, see the following guides. + [Access logging for buckets in the Amazon Lightsail object storage service](amazon-lightsail-bucket-access-logs.md) + [Access log format for a bucket in the Amazon Lightsail object storage service](amazon-lightsail-bucket-access-log-format.md) + [Enabling access logging for a bucket in the Amazon Lightsail object storage service](amazon-lightsail-enabling-bucket-access-logs.md) + [Using access logs for a bucket in Amazon Lightsail to identify requests](amazon-lightsail-using-bucket-access-logs.md) 1. Create an IAM policy that grants a user the ability to manage a bucket in Lightsail. For more information, see [IAM policy to manage buckets in Amazon Lightsail](amazon-lightsail-bucket-management-policies.md). 1. Learn about the way that objects in your bucket are labeled and identified. For more information, see [Understanding object key names in Amazon Lightsail](understanding-bucket-object-key-names-in-amazon-lightsail.md). 1. Learn how to upload files and manage objects in your buckets. For more information, see the following guides. + [Uploading files to a bucket in Amazon Lightsail](amazon-lightsail-uploading-files-to-a-bucket.md) + [Uploading files to a bucket in Amazon Lightsail using multipart upload](amazon-lightsail-uploading-files-to-a-bucket-using-multipart-upload.md) + [Viewing objects in a bucket in Amazon Lightsail](amazon-lightsail-viewing-objects-in-a-bucket.md) + [Copying or moving objects in a bucket in Amazon Lightsail](amazon-lightsail-copying-moving-bucket-objects.md) + [Downloading objects from a bucket in Amazon Lightsail](amazon-lightsail-downloading-bucket-objects.md) + [Filtering objects in a bucket in Amazon Lightsail](amazon-lightsail-filtering-bucket-objects.md) + [Tagging objects in a bucket in Amazon Lightsail](amazon-lightsail-tagging-bucket-objects.md) + [Deleting objects in a bucket in Amazon Lightsail](amazon-lightsail-deleting-bucket-objects.md) 1. Enable object versioning to preserve, retrieve, and restore every version of every object stored in your bucket. For more information, see [Enabling and suspending object versioning in a bucket in Amazon Lightsail](amazon-lightsail-managing-bucket-object-versioning.md). 1. After enabling object versioning, you can restore previous versions of objects in your bucket. For more information, see [Restoring previous versions of objects in a bucket in Amazon Lightsail](amazon-lightsail-restoring-bucket-object-versions.md). 1. Monitor the utilization of your bucket. For more information, see [Viewing metrics for your bucket in Amazon Lightsail](amazon-lightsail-viewing-bucket-metrics.md). 1. Configure an alarm for bucket metrics to be notified when the utilization of your bucket crosses a threshold. For more information, see [Creating bucket metric alarms in Amazon Lightsail](amazon-lightsail-adding-bucket-metric-alarms.md). 1. Change the storage plan of your bucket if it's running low on storage and network transfer. For more information, see [Changing the plan of your bucket in Amazon Lightsail](amazon-lightsail-changing-bucket-plans.md). 1. Learn how to connect your bucket to other resources. For more information, see the following tutorials. + [Tutorial: Connecting a WordPress instance to an Amazon Lightsail bucket](#amazon-lightsail-connecting-buckets-to-wordpress) + [Tutorial: Using an Amazon Lightsail bucket with a Lightsail content delivery network distribution](amazon-lightsail-using-distributions-with-buckets.md) 1. Delete your bucket if you're no longer using it. For more information, see [Deleting buckets in Amazon Lightsail](amazon-lightsail-deleting-buckets.md). # Configure WordPress with a Lightsail content delivery network Configure a CDN In this guide, we show you how to configure your WordPress instance to work with a Amazon Lightsail distribution. All Lightsail distributions have HTTPS enabled by default for their default domain (for example, `123456abcdef.cloudfront.net`). The configuration of your distribution determines whether the connection between your distribution and your instance is encrypted. + **Your WordPress website uses HTTP only** – If your website uses HTTP only as the origin of your distribution, and it is not configured to use HTTPS, you can configure your distribution to terminate SSL/TLS and forward all content requests to your instance using an unencrypted connection. + **Your WordPress website uses HTTPS** – If your website uses HTTPS as the origin of your distribution, you can configure your distribution to forward all content requests to your instance using an encrypted connection. This configuration is known as end-to-end encryption. ## Create the distribution Complete the following steps to configure a Lightsail distribution for your WordPress instance. For more information, see [Create a Lightsail content delivery network distribution](amazon-lightsail-creating-content-delivery-network-distribution.md). **Prerequisite** Create and configure a WordPress instance as described in [Deploy and manage WordPress on Lightsail](amazon-lightsail-quick-start-guide-wordpress.md). **To create a distribution for your WordPress instance** 1. In the left navigation pane, choose **Networking**. 1. Choose **Create distribution**. 1. For **Choose your origin**, choose the Region where you're running your WordPress instance and then choose your WordPress instance. We automatically use the static IP address that you attached to the instance. 1. For **Caching behavior**, choose **Best for WordPress**. 1. (Optional) To configure end-to-end encryption, change the origin protocol policy to **HTTPS only**. For more information, see [Origin protocol policy](amazon-lightsail-changing-distribution-origin.md#changing-distribution-origin-protocol-policy). 1. Configure the remaining options and then choose **Create distribution**. 1. On the **Custom domains** tab, choose **Create certificate**. Enter a unique name for the certificate, enter the names of your domain and subdomains, and then choose **Create certificate**. 1. Choose **Attach certificate**. 1. For **Update DNS records**, choose **I understand**. ## Update DNS records Complete the following steps to update the DNS records for your Lightsail DNS zone. **To update the DNS records for your distribution** 1. In the left navigation pane, choose **Domains & DNS**. 1. Choose your DNS zone and then choose the **DNS records** tab. 1. Delete the A and AAAA records for the domain that you specified in your certificate. 1. Choose **Add record** and create a CNAME record that resolves your domain to the domain for your distribution (for example, d2vbec9EXAMPLE.cloudfront.net). 1. Choose **Save**. ## Allow static content to be cached by the distribution Complete the following procedure to edit the `wp-config.php` file in your WordPress instance so that it works with your distribution. **Note** We recommend that you create a snapshot of your WordPress instance before getting started with this procedure. The snapshot can be used as a backup from which you can create another instance in case something goes wrong. For more information, see [Create a snapshot of your Linux or Unix instance](lightsail-how-to-create-a-snapshot-of-your-instance.md). 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. In the left navigation pane, choose the browser-based SSH client icon that is displayed next to your WordPress instance. 1. After you're connected to your instance, enter the following command to create a backup of the `wp-config.php` file. If something goes wrong, you can restore the file using the backup. ``` sudo cp /opt/bitnami/wordpress/wp-config.php /opt/bitnami/wordpress/wp-config.php.backup ``` 1. Enter the following command to open the `wp-config.php` file using Vim. ``` sudo vim /opt/bitnami/wordpress/wp-config.php ``` 1. Press `I` to enter insert mode in Vim. 1. Delete the following lines of code in the file. ``` define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST'] . '/'); define('WP_HOME', 'http://' . $_SERVER['HTTP_HOST'] . '/'); ``` 1. Add one of the following lines of code to the file depending on the version of WordPress that you're using: + If you're using version 3.3 or lower, add the following lines of code where you previously deleted the code. ``` define('WP_SITEURL', 'https://' . $_SERVER['HTTP_HOST'] . '/'); define('WP_HOME', 'https://' . $_SERVER['HTTP_HOST'] . '/'); if (isset($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO']) && $_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'] === 'https') { $_SERVER['HTTPS'] = 'on'; } ``` + If you're using version 3.3.1-5 or higher, add the following lines of code where you previously deleted the code. ``` define('WP_SITEURL', 'http://DOMAIN/'); define('WP_HOME', 'http://DOMAIN/'); if (isset($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO']) && $_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'] === 'https') { $_SERVER['HTTPS'] = 'on'; } ``` 1. Press the **Esc** key to exit insert mode in Vim, then type `:wq!` and press **Enter** to save your edits (write) and quit Vim. 1. Enter the following command to restart the Apache service on your instance. ``` sudo /opt/bitnami/ctlscript.sh restart apache ``` 1. Wait a few moments for your the Apache service to restart, then test that your distribution is caching your content. For more information, see [Test your Amazon Lightsail distribution](amazon-lightsail-testing-distribution.md). 1. If something went wrong, re-connect to your instance using the browser-based SSH client. Run the following command to restore the `wp-config.php` file using the backup you created earlier in this guide. ``` sudo cp /opt/bitnami/wordpress/wp-config.php.backup /opt/bitnami/wordpress/wp-config.php ``` After you restore the file, enter the following command to restart the Apache service: ``` sudo /opt/bitnami/ctlscript.sh restart apache ``` ## Additional information about distributions Here are some articles to help you manage distributions in Lightsail: + [Content delivery network distributions](amazon-lightsail-content-delivery-network-distributions.md) + [Creating distributions](amazon-lightsail-creating-content-delivery-network-distribution.md) + [Understand request and response behaviors of a distribution](amazon-lightsail-distribution-request-and-response.md) + [Test your distribution](amazon-lightsail-testing-distribution.md) + [Change the origin of your distribution](amazon-lightsail-changing-distribution-origin.md) + [Change the caching behavior of your distribution](amazon-lightsail-changing-default-cache-behavior.md) + [Reset the cache of your distribution](amazon-lightsail-resetting-distribution-cache.md) + [Change the plan of your distribution](amazon-lighstail-changing-distribution-plan.md) + [Enable custom domains for your distribution](amazon-lightsail-enabling-distribution-custom-domains.md) + [Point your domains to your distribution](amazon-lightsail-point-domain-to-distribution.md) + [Change custom domains for your distribution](amazon-lightsail-changing-distribution-custom-domains.md) + [Disable custom domains for your distributions](amazon-lightsail-disabling-distribution-custom-domains.md) + [View distribution metrics](amazon-lightsail-viewing-distribution-health-metrics.md) + [Delete your distribution](amazon-lightsail-deleting-distribution.md) # Enable email for WordPress instances in Lightsail Enable email You can enable email on your WordPress instance in Amazon Lightsail. Configure the SMTP service in the Amazon Simple Email Service (Amazon SES). Then activate and configure the WP Mail SMTP plugin on your instance. After email is enabled, your WordPress administrators can request password resets for their user profiles, and will be sent email notifications for blog posts, website updates, and other plugin messages. This guide shows you how to enable email on your WordPress instance in Amazon Lightsail using Amazon SES. **Contents** + [Step 1: Review the restrictions](#enabling-email-on-wordpress-review-the-restrictions) + [Step 2: Complete the prerequisites](#enabling-email-on-wordpress-prerequisites) + [Step 3: Create SMTP credentials in Amazon SES](#enabling-email-on-wordpress-create-smtp-credentials) + [Step 4: Verify your domain in Amazon SES](#enabling-email-on-wordpress-verify-your-domain) + [Step 5: Verify email addresses in Amazon SES](#enabling-email-on-wordpress-verify-email-addresses) + [Step 6: Configure the WP Mail SMTP plugin on your WordPress instance](#enabling-email-on-wordpress-verify-email-addresses) For more information, see [Using the Amazon SES SMTP Interface to Send Email](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-smtp.html) in the Amazon SES documentation. ## Step 1: Review the restrictions New Amazon Web Services (AWS) accounts that are in the Amazon SES sandbox can send email only to verified addresses and domains. If this is the case for your account, then we recommend that you verify your website’s domain, and verify the email addresses of your WordPress administrators. To get their email addresses, sign in to your WordPress website’s dashboard, and choose **Users** in the left-navigation menu. You’ll see the administrator email addresses listed in the **Email** column as shown in the following example: ![\[Administrator email addresses in the WordPress dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-dashboard-administrators.png) **Note** The default `user` profile is configured with the `user@example.com` email address. You should change this to a working email address. For more information, see [Users Profile Screen](https://codex.wordpress.org/Users_Your_Profile_Screen) in the WordPress documentation. To send email to any address and domain, you must request to have your account taken out of the Amazon SES sandbox. For more information, see [Moving Out of the Amazon SES Sandbox](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/request-production-access.html) in the Amazon SES documentation. ## Step 2: Complete the prerequisites You must complete the following tasks before you can enable email on your WordPress instance: + Create a WordPress instance in Lightsail. For more information, see [Tutorial: Launch and configure a WordPress instance in Amazon Lightsail](amazon-lightsail-tutorial-launching-and-configuring-wordpress.md). + Point your registered domain to your WordPress instance using a Lightsail DNS zone. For more information, see [Create a DNS zone to manage your domain’s DNS records](lightsail-how-to-create-dns-entry.md). + Sign up for Amazon SES and learn more about the service. For more information about signing up for Amazon SES, see [Amazon SES Quick Start](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/quick-start.html) in the Amazon SES documentation. For more information about Amazon SES, see the following guides in the Amazon SES documentation: + [Amazon SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/Welcome.html) + [Amazon SES FAQs](https://aws.amazon.com/ses/faqs/) + [Amazon SES Pricing](https://aws.amazon.com/ses/pricing/) + [Amazon SES Service Quotas](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ses_quota) ## Step 3: Create SMTP credentials in Amazon SES Creating SMTP credentials in your Amazon SES account is required to configure the WP Mail SMTP plugin that you configure later in this guide. For more information, see [Obtaining Your Amazon SES SMTP Credentials](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html) in the Amazon SES documentation. **To create SMTP credentials in Amazon SES** 1. Sign in to the [Amazon SES console](https://console.aws.amazon.com/ses/). 1. From the left-navigation menu, choose **SMTP settings**. The **SMTP settings** page displays your SMTP server name, ports, and TLS setting. Note these values because you need them later in this guide when configuring the WP Mail SMTP plugin on your WordPress instance. ![\[The SMTP settings displayed in the Amazon SES console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-amazon-ses-smtp-settings-page.png) 1. Choose **Create SMTP credentials**. 1. In the **IAM User Name** text box, leave the default user name, then choose **Create**. ![\[IAM user name for SMTP credentials in the Amazon SES console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-amazon-ses-iam-user-name.png) 1. Choose **Show User SMTP Security Credentials** to view the SMTP username and password, or choose **Download Credentials** to download a CSV file containing the same information. You need these credentials later when configuring the WP Mail SMTP plugin on your WordPress instance. ![\[SMTP security credentials in the Amazon SES console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-amazon-ses-smtp-security-credentials.png) **Note** The credentials created in the Amazon SES console are automatically added to AWS Identity and Access Management (IAM) for your account. ## Step 4: Verify your domain in Amazon SES Amazon SES requires that you verify your domain to confirm that you own it and to prevent others from using it. When you verify a domain, you are verifying all email addresses from that domain, so you don't need to verify email addresses from that domain individually. For example, if you verify the domain `example.com`, you can send email from `user1@example.com`, `user2@example.com`, or any other user at `example.com`. For more information, see [Verifying Domains in Amazon SES](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-domains.html) in the Amazon SES documentation. **To verify your domain in Amazon SES** 1. In the [Amazon SES console](https://console.aws.amazon.com/ses/), from the left-navigation menu, choose **Verified identities**. 1. Choose **Create identity**. 1. Enter the domain that you want to verify, and choose **Create identity**. The domain that you verify should be the same domain that you’re using with your WordPress instance in Lightsail. **Important** Legacy TXT records Domain verification in Amazon SES is now based on DomainKeys Identified Mail (DKIM), an email authentication standard that receiving mail servers use to validate an email’s authenticity. Configuring DKIM in your domain’s DNS settings confirms to SES that you’re the identity owner, eliminating the need for TXT records. Domain identities that were verified using TXT records do not need to be reverified; however, we still recommend enabling DKIM signatures to enhance the deliverability of your mail with DKIM-compliant email providers. ![\[Verify a new domain in the Amazon SES console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-amazon-ses-verify-a-new-domain.png) 1. After you’ve created your domain identity with Easy DKIM, you must complete the verification process with DKIM authentication by copying the following generated CNAME records to publish to your domain’s DNS provider. Detection of these records can take up to 72 hours. For more information, see [Verifying a domain identity with DKIM](https://docs.aws.amazon.com/console/ses/verified-identities/verify/domain) and [Easy DKIM](https://docs.aws.amazon.com/console/ses/authentication/dkim/easy) 1. Open a new browser tab and navigate to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. In the left navigation pane, choose **Domains & DNS**, then choose your domain’s DNS zone. 1. Add the DNS records from the Amazon SES console. For more information about editing a DNS zone in Lightsail, see the [Edit a DNS zone in Amazon Lightsail](amazon-lightsail-edit-or-delete-a-dns-zone.md). The result should look like the following example. ![\[Lightsail DNS zone records for Amazon SES SMTP.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-amazon-ses-dns-zone-records.png) **Note** Enter an `@` symbol in the **Subdomain** text box to use the apex of your domain for an MX record. Additionally, the MX record value provided by Amazon SES is `10 inbound-smtp.us-west-2.amazonaws.com`. Enter `10` as the **Priority** and `inbound-smtp.us-west-2.amazonaws.com` as the **Maps to** domain. 1. In the [Amazon SES console](https://console.aws.amazon.com/ses/), close the **Verify a New Domain** page. After a few minutes, your domain listed in the Amazon SES console is labeled as verified and enabled for sending, as shown in the following example: ![\[Verified domains in the Amazon SES console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-amazon-ses-verified-domains-list.png) Your SMTP service in Amazon SES is now ready to send emails from your domain. ## Step 5: Verify email addresses in Amazon SES As a new Amazon SES customer, you must verify the email addresses to which you want to send email. You do this by adding the email addresses in the Amazon SES console. For more information, see [Verifying Email Addresses in Amazon SES](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-email-addresses.html) in the Amazon SES documentation. We recommend that you add the email addresses of your WordPress website’s administrators. This lets them request password resets for their user profiles, and receive email notifications for blog posts, website updates, and other plugin messages. **Note** If you want to send email to any address without verification, then you must request to have your Amazon SES account moved out of the sandbox. For more information, see [Moving Out of the Amazon SES Sandbox](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/request-production-access.html) in the Amazon SES documentation. **To create an email address identity** 1. In the [Amazon SES console](https://console.aws.amazon.com/ses/), from the left-navigation menu, choose **Verified identities**. 1. Choose **Create identity**. 1. Choose **Email address**. Then enter the email address that you want to verify. 1. Choose **Create identity**. Repeat the steps 1 through 4 for every email address that you want to verify. A verification email is sent to the email address that you entered. The address is added to the list of verified email identities with a status of "pending verification." It is marked as "verified" when the user opens the email message and completes the verification process. **To verify an email address identity** 1. Check the inbox of the email address used to create your identity and look for an email from **no-reply-aws@amazon.com**. 1. Open the email and click the link to complete the verification process for the email address. After it's complete, the **Identity** status updates to **Verified**. ![\[Verified email identities list in the Amazon SES console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-amazon-ses-verified-email-identities-list.png) ## Step 6: Configure the WP Mail SMTP plugin on your WordPress instance The final step is to configure the WP Mail SMTP plugin on your WordPress instance. Use the SMTP credentials that you created earlier in this guide in the Amazon SES console. **To configure the WP Mail SMTP plugin on your WordPress instance** 1. Sign in to your WordPress website‘s dashboard as an administrator. 1. From the left-navigation menu, choose **Plugins**, then choose **Installed Plugins**. 1. Scroll down to the WP Mail SMTP plugin, then choose **Activate**. If there is a new version of the plugin, make sure to update it before continuing to the next step. ![\[The WP Mail SMTP plugin in the WordPress dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-wp-mail-smtp-plugin-activation.png) 1. After the WP Mail SMTP plugin is activated, choose **Settings**. You may need to scroll back down to find the plugin. ![\[The WP Mail SMTP plugin in the WordPress dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-wp-mail-smtp-plugin-settings.png) 1. In the **From Email Address** text box, enter the email address that you want emails to originate from. The email address that you enter must be confirmed in Amazon SES using the steps earlier in this guide. 1. Choose **Force From Email** to force using the email address that you enter in the **From Email Address** text box, and ignore the “from email address” value set by other plugins. 1. In the **From Name** text box, enter the name that you want emails to originate from, or leave it as is to use the name of the WordPress blog. 1. Choose **Force From Name** to force using the name that you entered in the **From Name** text box. Choosing this option ignores the “from name” value set by other plugins, and forces WordPress to use the name that you enter in the **From Name** text box. 1. In the mailer section of the page, choose **Other SMTP**. 1. Choose **Set the return-path to match the From Email** to have non-delivery receipts sent to the email address that you enter in the **From Email Address** text box. ![\[Configuration settings for the WP Mail SMTP plugin.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-wp-mail-smtp-plugin-configuration.png) 1. In the **SMTP Host** text box, enter the SMTP server name that you got earlier in this guide from the **SMTP Settings** page in the Amazon SES console. 1. Choose **TLS** in the **Encryption** section of the page to specify that the SMTP service in Amazon SES uses TLS encryption. 1. In the **SMTP Port** text box, leave the default value of **587**. 1. Switch the **Authentication** toggle to **ON**, then enter the SMTP username and password that you got earlier in this guide from the Amazon SES console. ![\[SMTP settings for the WP Mail SMTP plugin.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-wp-mail-smtp-plugin-smtp-settings.png) 1. Choose **Save Settings**. A prompt appears confirming that the settings were successfully saved. 1. Choose the **Email Test** tab. In the next step, you send a test email to confirm that the email service is working. 1. Enter an email address in the **Send To** text box, then choose **Send Email**. The email address that you enter must be confirmed in Amazon SES using the steps earlier in this guide. There are two possible results that you should see. + If you see a success confirmation, then your WordPress website is enabled for email. Confirm that the following test email arrives at the specified mailbox: ![\[Test email success confirmation.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-wp-mail-smtp-plugin-success-confirmation.png) You can now choose **Lost your password?** on the sign-in page for your WordPress website’s dashboard. A new password is emailed to you if the email address on your WordPress user profile is confirmed in Amazon SES. + If you see a failure notice, confirm that the SMTP settings that you entered into the WP Mail SMTP plugin match those of the SMTP service in your Amazon SES account. Also confirm that you are using an email address that you verified in Amazon SES. # Secure your WordPress site with HTTPS on Lightsail Enable HTTPS Enabling Hypertext Transfer Protocol Secure (HTTPS) for your WordPress website assures visitors that your website is secure; that it's sending and receiving encrypted data. A non-secure website has an address that starts with `http`, such as `http://example.com`, while a secure website has an address that starts with `https`, such as `https://example.com`. Even if your website is primarily informational, it's still recommended that you enable HTTPS. This is because most web browsers will notify website visitors that your website is not secure if HTTPS is not enabled, and your website will rank lower in search engine results. **Tip** Lightsail offers a guided workflow that automates the installation and configuration of an SSL/TLS Let's Encrypt certificate on your WordPress instance. We highly recommend that you use the workflow instead of following the manual steps in this tutorial. For more information, see [Launch and configure a WordPress instance](amazon-lightsail-tutorial-launching-and-configuring-wordpress.md). This guide shows you how to use the Bitnami HTTPS configuration tool (`bncert`) to enable HTTPS on your *Certified by Bitnami* WordPress instance on Amazon Lightsail. It lets you request certificates only for the domains and subdomains that you specify when making your request. Alternately, you can use the Certbot tool, which lets you request a certificate for domains and a wildcard certificate for subdomains. A wildcard certificate works for *any* subdomains of a domain, which is beneficial if you don't know which subdomains you will use to direct traffic to your instance. However, Certbot does not automatically renew your certificate like the `bncert` tool. If you use Certbot, you have to manually renew your certificates every 90 days. For more information about using Certbot to enable HTTPS, see [Tutorial: Use Let’s Encrypt SSL certificates with your WordPress instance](amazon-lightsail-using-lets-encrypt-certificates-with-wordpress.md). **Contents** + [Step 1: Learn about the process](#https-process-wordpress) + [Step 2: Complete the prerequisites](#https-prerequisites-wordpress) + [Step 3: Connect to your instance](#https-wordpress-connect-to-instance) + [Step 4: Confirm the bncert tool is installed on your instance](#https-wordpress-bncert-install) + [Step 5: Enable HTTPS on your WordPress instance](#https-wordpress-enable) + [Step 6: Test that your website is using HTTPS](#test-https-on-your-website) ## Step 1: Learn about the process **Note** In this section, you get a high-level overview of the process. The specific steps to perform this process are included in the subsequent steps of this guide. To enable HTTPS for your WordPress website, connect to your Lightsail instance using SSH, and use the `bncert` tool to request an SSL/TLS certificate from the [Let's Encrypt](https://letsencrypt.org/about/) certificate authority. When you request the certificate, you specify your website's primary domain (`example.com`) and alternate domains (`www.example.com`, `blog.example.com`, etc.), if any. Let's Encrypt validates that you own the domains either by asking you to create TXT records in the DNS of your domains, or by verifying that those domains are already directing traffic to the public IP address of the instance from which you make the request. After your certificate is validated, you can configure your WordPress website to automatically redirect visitors from HTTP to HTTPS (`http://example.com` redirects to `https://example.com`) so that visitors are forced to use the encrypted connection. You can also configure your website to automatically redirect the `www` subdomain to the apex of your domain (`https://www.example.com` redirects to `https://example.com`) or vice versa (`https://example.com` redirects to `https://www.example.com`). These redirections are also configured using the `bncert` tool. Let's Encrypt requires that you renew your certificate every 90 days to maintain HTTPS on your website. The `bncert` tool automatically renews your certificates for you, so that you can spend more time focusing on your website. **Limitations of the bncert tool** The `bncert` tool has the following limitations: + It's not preinstalled on all *Certified by Bitnami* WordPress instances when they're created. WordPress instances that were created on Lightsail a while back will require that you manually install the `bncert` tool. Step 4 of this guide shows you how to confirm that the tool is installed on your instance, and how to install it if it's not. + You can request certificates only for the domains and subdomains that you specify when making your request. This is different than the Certbot tool, which lets you request a certificate for domains and a wildcard certificate for subdomains. A wildcard certificate works for *any* subdomains of a domain, which is beneficial if you don't know which subdomains you will use to direct traffic to your instance. However, Certbot does not automatically renew your certificate like the `bncert` tool. If you use Certbot, you have to manually renew your certificates every 90 days. For more information about using Certbot to enable HTTPS, see [Tutorial: Using Let’s Encrypt SSL certificates with your WordPress instance in Amazon Lightsail](amazon-lightsail-using-lets-encrypt-certificates-with-wordpress.md). ## Step 2: Complete the prerequisites Complete the following prerequisites if you haven’t already done so: + Create a WordPress instance in Lightsail, and configure your website on your instance. For more information, see [Get started with Linux/Unix-based instances in Amazon Lightsail](getting-started-with-amazon-lightsail.md). + Attach a static IP to your instance. Your instance's public IP address changes if you stop and start your instance. A static IP does not change if you stop and start your instance. For more information, see [Create a static IP and attach it to an instance in Amazon Lightsail](lightsail-create-static-ip.md). + Create a snapshot of your WordPress instance after you're done configuring it, or enable automatic snapshots. The snapshot can be used as a backup from which you can create another instance in case something goes wrong with your original instance. For more information, see [Create a snapshot of your Linux or Unix instance](lightsail-how-to-create-a-snapshot-of-your-instance.md) or [Enabling or disabling automatic snapshots for instances or disks in Amazon Lightsail](amazon-lightsail-configuring-automatic-snapshots.md). + Add DNS records to the DNS of your domain that directs traffic for the apex of your domain (`example.com`) and for its `www` subdomain (`www.example.com`) to the public IP address of your WordPress instance in Lightsail. You can complete these actions at your domain's current DNS hosting provider. Or if you transferred management of your domain's DNS to Lightsail, you can complete these actions using a DNS zone in Lightsail. To learn more, see [DNS](understanding-dns-in-amazon-lightsail.md). **Important** Add DNS records to the DNS of all domains that you want use with your WordPress website. All of those domains should be routing traffic to the public IP address of your WordPress website. The `bncert` tool will issue certificates only for domains that are currently directing traffic to the public IP address of your WordPress instance. ## Step 3: Connect to your instance Complete the following steps to connect to your instance using the browser-based SSH client in the Lightsail console. 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. In the left navigation pane, choose the SSH quick connect icon for your WordPress instance. ![\[SSH quick connect on the Lightsail home page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-ssh-quick-connect.png) The browser-based SSH client terminal window opens. You are successfully connected to your instance via SSH if you see the Bitnami logo as shown in the following example. ![\[Browser-based SSH client terminal window in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-ssh-session-bncert.png) ## Step 4: Confirm the bncert tool is installed on your instance Complete the following steps to ensure the Bitnami HTTPS configuration tool (`bncert`) is installed on your instance. It's not preinstalled on all *Certified by Bitnami* WordPress instances when they're created. WordPress instances that were created on Lightsail a while back will require that you manually install the `bncert` tool. This procedure includes the steps to install the tool if it's is not installed. 1. Enter the following command to run the `bncert` tool. ``` sudo /opt/bitnami/bncert-tool ``` + If you see `command not found` in the response as shown in the following example, then the `bncert` tool is not installed on your instance. Continue to the next step in this procedure to install the `bncert` tool on your instance. **Important** The `bncert` tool can only be used on WordPress instances that are *Certified by Bitnami*. Alternately, you can use the Certbot tool to enable HTTPS on your WordPress instance. For more information, see [Tutorial: Use Let’s Encrypt SSL certificates with your WordPress instance](amazon-lightsail-using-lets-encrypt-certificates-with-wordpress.md). ![\[Message confirming the bncert tool is not installed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/run-bncert-tool-fail.png) + If you see `Welcome to the Bitnami HTTPS configuration tool` in the response as shown in the following example, then the `bncert` tool is installed on your instance. Continue to the [Step 5: Enable HTTPS on your WordPress instance](#https-wordpress-enable) section of this guide. ![\[Message confirming the bncert tool is installed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/run-bncert-tool-success.png) 1. Enter the following command to download the `bncert` run file to your instance. ``` wget -O bncert-linux-x64.run https://downloads.bitnami.com/files/bncert/latest/bncert-linux-x64.run ``` 1. Enter the following command to create a directory for the `bncert` run file on your instance. ``` sudo mkdir /opt/bitnami/bncert ``` 1. Enter the following command to move the downloaded `bncert` run file to the new directory you created. ``` sudo mv bncert-linux-x64.run /opt/bitnami/bncert/ ``` 1. Enter the following command to make the `bncert` run a file that can be executed as a program. ``` sudo chmod +x /opt/bitnami/bncert/bncert-linux-x64.run ``` 1. Enter the following command to create a symbolic link that runs the `bncert` tool when you enter the `sudo /opt/bitnami/bncert-tool` command. ``` sudo ln -s /opt/bitnami/bncert/bncert-linux-x64.run /opt/bitnami/bncert-tool ``` You are now done installing the `bncert` tool on your instance. Continue to the [Step 5: Enable HTTPS on your WordPress instance](#https-wordpress-enable) section of this guide. ## Step 5: Enable HTTPS on your WordPress instance Complete the following procedure to enable HTTPS on your WordPress instance after you have confirmed that the `bncert` tool is installed on your instance. 1. Enter the following command to run the `bncert` tool. ``` sudo /opt/bitnami/bncert-tool ``` You should see a message similar to the following example. ![\[Running the bncert tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/run-bncert-tool-success.png) If the `bncert` tool has been installed on your instance for a while, then you might see a message indicating that an updated version of the tool is available. Choose to download it as shown in the following example, and then enter the `sudo /opt/bitnami/bncert-tool` command to run the `bncert` tool again. ![\[Message indicating a new version of the bncert tool is available\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-update-required.png) 1. Enter your primary domain name and alternate domain names separated by a space as shown in the following example. If your domain is not configured to route traffic to the public IP address of your instance, the `bncert` tool will ask you to make that configuration before continuing. Your domain must be routing traffic to the public IP address of the instance from which you are using the `bncert` tool to enable HTTPS on the instance. This confirms that you own the domain, and serves as the validation for your certificate. ![\[Entering the primary and alternate domain names\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-domain-names.png) 1. The `bncert` tool will ask you how you want your website's redirection to be configured. These are the options available: + **Enable HTTP to HTTPS redirection** - Specifies whether users who browse to the HTTP version of your website (i.e., `http:/example.com`) are automatically redirected to the HTTPS version (i.e., `https://example.com`). We recommend enabling this option because it forces all visitors to use the encrypted connection. Type `Y` and press **Enter** to enable it. + **Enable non-www to www redirection** - Specifies whether users who browse to the apex of your domain (i.e., `https://example.com`) are automatically redirected to your domain's `www` subdomain (i.e., `https://www.example.com`). We recommend enabling this option. However, you may want to disable it and enable the alternate option (enable `www` to non-`www` redirection) if you have specified the apex of your domain as your preferred website address in search engine tools like Google's webmaster tools, or if your apex points directly to your IP and your `www` subdomain references your apex via a CNAME record. Type `Y` and press **Enter** to enable it. + **Enable www to non-www redirection** - Specifies whether users who browse to your domain's `www` subdomain (i.e., `https://www.example.com`) are automatically redirected to the apex of your domain (i.e., `https://example.com`). We recommend disabling this, if you enabled non-`www` redirection to `www`. Type `N` and press **Enter** to disable it. Your selections should look like the following example. ![\[Website redirection options\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-enable-disable-redirection.png) 1. The changes that are going to be made are listed. Type `Y` and press **Enter** to confirm and continue. ![\[Confirming the changes\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-confirm-changes.png) 1. Enter your email address to associate with your Let's Encrypt certificate and press **Enter**. ![\[Associating your email address with your Let's Encrypt certificate\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-email-address.png) 1. Review the Let's Encrypt Subscriber Agreement. Type `Y` and press **Enter** to accept the agreement and continue. ![\[Review the Let's Encrypt subscriber agreement\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-lets-ecrypt-agreement.png) The actions are performed to enable HTTPS on your instance, including requesting the certificate and configuring the redirections you specified. ![\[Actions being performed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-performing-actions.png) Your certificate is successfully issued and validated, and the redirections are successfully configured on your instance if you see a message similar to the following example. ![\[Actions successfully completed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-success-conf.png) The `bncert` tool will perform an automatic renewal of your certificate every 80 days before it expires. Repeat the above steps if you wish to use additional domains and subdomains with your instance, and you want to enable HTTPS for those domains. You are now done enabling HTTPS on your WordPress instance. Continue to the [Step 6: Test that your website is using HTTPS](#test-https-on-your-website) section of this guide. ## Step 6: Test that your website is using HTTPS After you enable HTTPS on your WordPress instance, you should confirm that your website is using HTTPS by browsing to all of the domains that you specified when using the `bncert` tool. When you visit each domain, you should see that they use a secure connection as shown in the following example. **Note** You might have to refresh, and clear your browser's cache to see the change. ![\[Secured website confirmation\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-secured-website.png) You might also notice that the non-`www` address redirects to the `www` subdomain of your domain, or vice versa depending on the option you selected when running the `bncert` tool. # Migrate your WordPress blog to Lightsail Migrate to Lightsail Looking to change your WordPress hosting provider? Amazon Lightsail is the easiest way to run a WordPress site on AWS. You can choose one of our pricing plans (starting at \$15 USD per month) and have full control over your WordPress installation, including plugins, themes, and more. Creating a Lightsail WordPress instance only takes a few minutes. Follow this tutorial to back up your existing WordPress blog and import it to a new instance running in Lightsail. Here's a quick overview of the process: ![\[Overview of the process to convert your existing WordPress blog to Amazon Lightsail\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/steps-for-migrating-your-existing-wordpress-blog-to-amazon-lightsail.png) Continue reading to get started. ## Prerequisites Before you begin, you will need the following: 1. You will need to an AWS account. [Sign up for AWS](https://console.aws.amazon.com/console/home), or [sign in to AWS](https://console.aws.amazon.com/console/home) if you already have an account. 1. Make sure your account is set up to use Lightsail. If it has been a while since you created your account, or if you haven't provided a credit card yet, you may need to log in to the AWS Management Console and update your account first. ## Step 1: Back up your existing WordPress blog You can use WordPress to back up your existing blog. You will just need to be able to log into the WordPress admin console and manage your blog. 1. Navigate to your blog, and then choose **Manage**. If the **Manage** banner is not shown, you can reach the sign in page by browsing to `http:///wp-login.php`. Replace `` with the public IP address of your instance. 1. Enter your user name and password to log into the WordPress admin console. 1. On the WordPress **Dashboard**, choose **Tools**, and then choose **Export**. 1. On the **Export** page, choose **All content** to export everything as an XML file. ![\[Export your WordPress blog using the export tools\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-blog-export-file.png) 1. Choose **Download export file** to download your old blog as an XML file. Save the XML file in a location that's easy to find. You will need it in Step 4. ## Step 2: Create a new WordPress instance in Lightsail You can create a new WordPress instance in Lightsail in just a few minutes. Here's how: 1. Go to the [Lightsail home page](https://lightsail.aws.amazon.com/) and log in. 1. Choose **Create instance**. 1. Select the AWS Region where you'd like to create your blog. You can choose the default Availability Zone or change that once you select an AWS Region. 1. Select a **WordPress** blueprint. You can choose a Amazon Lightsail or Bitnami provider. ![\[Pick WordPress as your Lightsail instance image\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-pick-your-instance-image.png) 1. Choose your instance plan (or *bundle*). You can upgrade your Lightsail plan later if needed. For more information, see [Create an instance from a snapshot in Lightsail](lightsail-how-to-create-instance-from-snapshot.md). 1. Enter a name for your instance. Resource names: + Must be unique within each AWS Region in your Lightsail account. + Must contain 2–255 characters. + Must start and end with an alphanumeric character. + Can include alphanumeric characters, periods, dashes, and underscores. 1. (Optional) Choose **Add new tag** to add a tag to your instance. Repeat this step as needed to add additional tags. For more information on tag usage, see [Tags](amazon-lightsail-tags.md). 1. For **Key**, enter a tag key. ![\[A tag with only the tag key specified in the Lightsail create instance workflow.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-instance-key-name-only-tags.png) 1. (Optional) For **Value**, enter a tag value. ![\[A tag with the tag key and tag value specified in the Lightsail create instance workflow.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-instance-key-name-and-value-tags.png) 1. Choose **Create instance**. ## Step 3: Log into your new Lightsail WordPress blog Now that you have a new blog in Lightsail, you will need to access the WordPress Dashboard to import your old blog data. The default password to sign in to the administration dashboard of your WordPress website is stored on the instance. Complete the following steps to get the password. ------ #### [ Bitnami ] **To get the default password for the WordPress administrator** 1. Open the instance management page for your WordPress instance. 1. On the **WordPress** panel, choose **Retrieve default password**. This expands **Access default password** at the bottom of the page. ![\[Accessing WordPress admin password in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wordpress/wordpress-bitnami-retrieve-password.png) 1. Choose **Launch CloudShell**. This opens a panel at the bottom of the page. 1. Choose **Copy** and then paste the contents into the CloudShell window. You can either put your cursor at the CloudShell prompt and press Ctrl\$1V, or you can right-click to open the menu and then choose **Paste**. 1. Make a note of the password displayed in the CloudShell window. You need this to sign in to the administration dashboard of your WordPress website. ![\[Viewing WordPress admin password in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-viewing-admin-password-01.png) ------ #### [ Lightsail ] **To get the default password for the WordPress administrator** 1. Open the instance management page for your WordPress instance. 1. On the **WordPress** panel, choose **Retrieve default password**. This expands **Access default password** at the bottom of the page. ![\[Accessing WordPress admin password in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wordpress/wordpress-lightsail-retrieve-password.png) 1. Choose **Launch CloudShell**. This opens a panel at the bottom of the page. 1. Choose **Copy** and then paste the contents into the CloudShell window. You can either put your cursor at the CloudShell prompt and press Ctrl\$1V, or you can right-click to open the menu and then choose **Paste**. 1. Make a note of the password displayed in the CloudShell window. You need this to sign in to the administration dashboard of your WordPress website. ![\[Viewing WordPress admin password in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wordpress/amazon-wordpress-lightsail-viewing-admin-password.png) ------ Now that you have the password for the administration dashboard of your WordPress website, you can sign in. In the administration dashboard, you can change your user password, install plugins, change the theme of your website, and more. Complete the following steps to sign in to the administration dashboard of your WordPress website. **To sign in to the administration dashboard** 1. Open the instance management page for your WordPress instance. 1. On the **WordPress** panel, choose **Access WordPress Admin**. 1. On the **Access your WordPress Admin Dashboard** panel, under **Use public IP address**, choose the link with this format: http://*public-ipv4-address*./wp-admin 1. For **Username or Email Address**, enter **user**. 1. For **Password**, enter the password obtained in the previous step. 1. Choose **Log in**. ![\[Launching and configuring WordPress in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-07.png) You are now signed in to the administration dashboard of your WordPress website where you can perform administrative actions. For more information about administering your WordPress website, see the [WordPress Codex](https://codex.wordpress.org/) in the WordPress documentation. ![\[Launching and configuring WordPress in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-08.png) ## Step 4: Import your XML file into your new Lightsail blog Once you have successfully logged into the WordPress Dashboard on your new Lightsail instance, follow these steps to import the XML file into your new Lightsail blog. 1. From the WordPress **Dashboard** on your new Lightsail instance, choose **Tools**. 1. Choose **Import**, and then choose **Install Now** to install the WordPress import tool. ![\[Install the Import tool in the WordPress Dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-dashboard-install-import-tool.png) 1. Once the tool is done installing, choose **Run Importer** to run the import tool. 1. On the **Import WordPress** page, choose **Browse**. 1. Find the XML file you saved in *Step 1: Back up your existing WordPress blog*, and then choose **Open**. 1. Choose **Upload file and import**. Accept the rest of the defaults, and then choose **Submit**. ## Next steps You can verify that everything worked by choosing your blog (next to the Home icon), and then choosing **Visit Site** from the WordPress dashboard. You can also type the IP address into a browser and view the blog. Here are some next steps: + Migrate your DNS so that your domain name servers point to the new version of your blog. + Customize your new blog's appearance and/or install some WordPress plugins. + [Launch and configure a WordPress instance on Lightsail](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-tutorial-launching-and-configuring-wordpress.html) Follow the step-by-step instructions to launch and configure a WordPress instance, secure it with HTTPS, connect it to external databases or storage services, and migrate an existing blog to Lightsail. The tutorials cover essential tasks such as obtaining WordPress admin credentials, installing plugins, configuring DNS and domain settings, and integrating with other AWS services like Amazon S3, Amazon Aurora, and Amazon SES. By following this guide, you can easily set up and manage a secure, scalable, and high-performance WordPress website on the Lightsail platform. # Manage multiple WordPress sites with Multisite on Lightsail WordPress Multisite This section covers the following topics related to managing blogs on your WordPress Multisite instance in Amazon Lightsail: **Topics** + [ # Add blogs as domains to your WordPress Multisite on Lightsail ](amazon-lightsail-add-blogs-as-domains-to-your-wordpress-multisite.md) + [ # Add blogs as subdomains to your WordPress Multisite on Lightsail ](amazon-lightsail-add-blogs-as-subdomains-to-your-wordpress-multisite.md) + [ # Define the primary domain for your WordPress Multisite instance on Lightsail ](amazon-lightsail-define-the-primary-domain-for-your-wordpress-multisite.md) # Add blogs as domains to your WordPress Multisite on Lightsail WordPress Multisite: Add blogs as domains A WordPress Multisite instance in Amazon Lightsail is designed to use multiple domains, or subdomains, for each blog site that you create within that instance. In this guide, we’ll show you how to add a blog site using a different domain than your main blog’s primary domain on your WordPress Multisite instance. For example, if your main blog’s primary domain is `example.com`, you can create new blog sites that use the `another-example.com` and `third-example.com` domains on the same instance. **Note** You can also add sites using subdomains to your WordPress Multisite instance. For more information, see [Add blogs as subdomains to your WordPress Multisite instance](amazon-lightsail-add-blogs-as-subdomains-to-your-wordpress-multisite.md). ## Prerequisites Complete the following prerequisites in the order shown: 1. Create a WordPress Multisite instance in Lightsail. For more information, see [Create an instance](how-to-create-amazon-lightsail-instance-virtual-private-server-vps.md). 1. Create a static IP and attach it to your WordPress Multisite instance in Lightsail. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md). 1. Add your domain to Lightsail by creating a DNS zone, then point it to the static IP that you attached to your WordPress Multisite instance. For more information, see [Create a DNS zone to manage your domain’s DNS records](lightsail-how-to-create-dns-entry.md). 1. Define the primary domain for your WordPress Multisite instance. For more information, see [Define the primary domain for your WordPress Multisite instance](amazon-lightsail-define-the-primary-domain-for-your-wordpress-multisite.md). ## Add a blog as a domain to your WordPress Multisite instance Complete these steps to create a blog site on your WordPress Multisite instance that uses a domain which is different than your main blog’s primary domain. **Important** You must complete step 4 listed in the prerequisites section of this guide before following these steps. 1. Sign in to the administration dashboard of your WordPress Multisite instance. **Note** For more information, see [Get the application user name and password for your Bitnami instance](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md). 1. Choose **My Sites**, then **Network Admin**, and **Sites** in the top navigation pane. ![\[Sites menu in the WordPress administration dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-multisite-add-blogs-as-subdomains-sites-menu.png) 1. Choose **Add New** to add a new blog site. 1. Enter a site address into the **Site Address (URL)** text box. This is domain that will be used for the new blog site. For example, if your new blog site will use `example-blog.com` as the domain, then enter `example-blog` into the **Site Address (URL)** text box. Ignore the primary domain suffix displayed on the page. ![\[Ignore the domain suffix in the WordPress administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-multisite-add-blogs-as-domains-ignore-domain-suffix.png) 1. Enter a site title, select a site language, and enter an admin email. 1. Choose **Add Site**. 1. Choose **Edit Site** in the confirmation banner that appears on the page. This will redirect you to edit the details of the site that you recently created. ![\[Edit Site page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-multisite-add-blogs-as-domains-edit-site.png) 1. In the **Edit Site** page, change the subdomain that is listed in the **Site Address (URL)** text box to the apex domain that you want to use. In this example, we specified `http://example-blog.com`. ![\[Edit site address\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-multisite-add-blogs-as-domains-edit-site-address.png) 1. Choose **Save Changes**. At this point, the new blog site has been created in your WordPress Multisite instance, but the domain is not yet configured to route to the new blog site. Continue to the next step to add an address record (A record) to your domain’s DNS zone. ![\[Sites list in the WordPress administration dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-multisite-add-blogs-as-domains-sites-list.png) ## Add an address record (A record) to your domain’s DNS zone Complete these steps to point the domain for your new blog site to your WordPress Multisite instance. You must perform these steps for every blog site that you create on your WordPress Multisite instance. For demonstration purposes, we’ll use the Lightsail DNS zone. However, the steps may be similar for other DNS zones typically hosted by domain registrars. **Important** You can create a maximum of six DNS zones in the Lightsail console. If you need more DNS zones, we recommend using Amazon Route 53 to manage your domain’s DNS records. For more information, see [Make Amazon Route 53 the DNS service for an existing domain](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/MigratingDNS.html). 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. In the left navigation pane, choose **Domains & DNS**. 1. Under the **DNS zones** section of the page, choose the DNS zone for your new blog site’s domain. 1. In the DNS zone editor, choose the **DNS records** tab. Then, choose **Add record**. ![\[The DNS zone editor in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-multisite-add-blogs-as-domains-dns-zone.png) 1. Choose **A record** in the record type drop-down menu. 1. In the **Record name** text box, enter an “at” (@) symbol to create a record for the root of the domain. 1. In the **Resolves to** text box, choose the static IP address attached to your WordPress Multisite instance. ![\[Adding an address record to the DNS zone in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-multisite-add-blogs-as-domains-a-record.png) 1. Choose the Save icon. After the change propagates through the internet’s DNS, the domain will route traffic to the new blog site on your WordPress Multisite instance. ## Enable cookie support to allow sign in for blog sites When you add blog sites as domains to your WordPress Multisite instance, you must also update the WordPress configuration (`wp-config`) file on your instance to enable cookie support. If you don't enable cookie support, then users might experience a "Error: Cookies are blocked or not supported" error when trying to sign in to the WordPress administration dashboard of their blog sites. 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. On the Lightsail home page, choose the SSH quick connect icon for your WordPress Multisite instance. ![\[SSH quick connect on the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-multisite-ssh-quick-connect.png) 1. After your Lightsail browser-based SSH session is connected, enter the following command to open and edit the `wp-config.php` file of your instance using Vim: ``` sudo vim /opt/bitnami/wordpress/wp-config.php ``` **Note** If this command fails, you might be using an older version of the WordPress Multisite instance. Try running the following command instead. ``` sudo vim /opt/bitnami/wordpress/wp-config.php ``` 1. Press **I** to enter insert mode in Vim. 1. Add the following line of text below the `define('WP_ALLOW_MULTISITE', true);` line of text. ``` define('COOKIE_DOMAIN', $_SERVER['HTTP_HOST']); ``` The file will look like the following when done: ![\[Edit to the wp-config file\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-multisite-add-blogs-as-domains-wp-config-edit.png) 1. Press the **Esc** key to exit insert mode in Vim, then type `:wq!` and press **Enter** to save your edits (write) and quit Vim. 1. Enter the following command to restart the underlying services of the WordPress instance. ``` sudo /opt/bitnami/ctlscript.sh restart ``` Cookies should now be enabled on your WordPress multisite instance, and users who are trying to sign in to their blog sites will not encounter the "Error: Cookies are blocked or not supported" error. ## Next steps After you add blogs as domains to your WordPress Multisite instance, we recommend that you get familiar with WordPress Multisite administration. For more information see [Multisite Network Administration](https://developer.wordpress.org/advanced-administration/multisite/) in the WordPress documentation. # Add blogs as subdomains to your WordPress Multisite on Lightsail WordPress Multisite: Add blogs as subdomains A WordPress Multisite instance in Amazon Lightsail is designed to use multiple domains, or subdomains, for each blog site that you create within that instance. In this guide, we’ll show you how to add a blog site as a subdomain of your WordPress Multisite instance. For example, if your main blog’s primary domain is `example.com`, you can create new blog sites that use the `earth.example.com` and `moon.example.com` subdomains on the same instance. **Note** You can also add sites using domains to your WordPress Multisite instance. For more information, see [Add blogs as domains to your WordPress Multisite instance ](amazon-lightsail-add-blogs-as-domains-to-your-wordpress-multisite.md). ## Prerequisites Complete the following prerequisites in the order shown: 1. Create a WordPress Multisite instance. For more information, see [Create an instance](how-to-create-amazon-lightsail-instance-virtual-private-server-vps.md). 1. Create a static IP and attach it to your WordPress Multisite instance. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md). 1. Add your domain to Lightsail by creating a DNS zone, then point it to the static IP that you attached to your WordPress Multisite instance. For more information, see [Create a DNS zone to manage your domain’s DNS records](lightsail-how-to-create-dns-entry.md). 1. Define the primary domain for your WordPress Multisite instance. For more information, see [Define the primary domain for your WordPress Multisite instance](amazon-lightsail-define-the-primary-domain-for-your-wordpress-multisite.md). ## Add a blog as a subdomain to your WordPress Multisite instance Complete these steps to create new blogs on your WordPress Multisite instance that use a subdomain of your main blog’s primary domain. **Important** You must complete step 4 listed in the prerequisites section of this guide before following these steps. 1. Sign in to the administration dashboard of your WordPress Multisite instance. **Note** For more information, see [Get the application user name and password for your Bitnami instance](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md). 1. Choose **My Sites**, then **Network Admin**, and **Sites** in the top navigation pane. ![\[Sites menu in the WordPress administration dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-multisite-add-blogs-as-subdomains-sites-menu.png) 1. Choose **Add New** to add a new blog site. 1. Enter a site address, which is the subdomain that will be used for the new blog site. ![\[Add new site in the WordPress administration dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-multisite-add-blogs-as-subdomains-add-new-site.png) 1. Enter a site title, select a site language, and enter an admin email. 1. Choose **Add Site**. At this point, the new blog site has been created in your WordPress Multisite instance, but the subdomain is not yet configured to route to the new blog site. Continue to the next step to add an address record (A record) to your domain’s DNS zone. ![\[Sites list in the WordPress administration dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-multisite-add-blogs-as-subdomains-sites-list.png) ## Add an address record (A record) to your domain’s DNS zone Complete these steps to point the subdomain for your new blog site to your WordPress Multisite instance. You must perform these steps for every blog site that you create on your WordPress Multisite instance. For demonstration purposes, we’ll use the Lightsail DNS zone. However, the steps may be similar for other DNS zones typically hosted by domain registrars. 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. In the left navigation pane, choose **Domains & DNS**. 1. Under the **DNS zones** section of the page, choose the DNS zone for the domain that you defined as the primary domain for your WordPress Multisite instance. 1. In the DNS zone editor, choose the **DNS records** tab. Then, choose **Add record**. ![\[DNS zone editor in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-multisite-add-blogs-as-subdomains-dns-zone.png) 1. Choose **A record** in the record type drop-down menu. 1. In the **Record name** text box, enter the subdomain specified as the site address when creating the new blog site on your WordPress Multisite instance. 1. In the **Resolves to** text box, choose the static IP address attached to your WordPress Multisite instance. ![\[Adding an address record to the DNS zone in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-multisite-add-blogs-as-subdomains-a-record.png) 1. Choose the Save icon. That is all you need to do. After the change propagates through the internet’s DNS, the domain will redirect to the new blog site on your WordPress Multisite instance. ## Next steps After you add blogs as subdomains to your WordPress Multisite instance, we recommend that you get familiar with WordPress Multisite administration. For more information see [Multisite Network Administration](https://developer.wordpress.org/advanced-administration/multisite/) in the WordPress documentation. # Define the primary domain for your WordPress Multisite instance on Lightsail WordPress Multisite: Define domain A WordPress Multisite instance in Amazon Lightsail is designed to use multiple domains, or subdomains, for each blog site that you create within that instance. Because of this, you must define the primary domain to use for the main blog of your WordPress Multisite instance. ## Prerequisites Complete the following prerequisites in the order shown: 1. Create a WordPress Multisite instance in Lightsail. For more information, see [Create an instance](how-to-create-amazon-lightsail-instance-virtual-private-server-vps.md). 1. Create a static IP and attach it to your WordPress Multisite instance in Lightsail. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md). **Important** You must reboot your WordPress Multisite instance after you attach a static IP to it. This will allow the instance to recognize the new static IP associated to it. 1. Add your domain to Lightsail by creating a DNS zone, then point it to the static IP that you attached to your WordPress Multisite instance. For more information, see [Create a DNS zone to manage your domain’s DNS records](lightsail-how-to-create-dns-entry.md). 1. Allow time for the DNS changes to propagate through the internet's DNS. Then, you can continue to the [Define the primary domain for your WordPress Multisite instance>](#define-the-primary-domain-for-your-wordpress-multisite) section of this guide. ## Define the primary domain for your WordPress Multisite instance Complete these steps to ensure that your domain, such as `example.com`, redirects to the main blog of your WordPress Multisite instance. 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. In the left navigation pane, choose the SSH quick connect icon for your WordPress Multisite instance. ![\[SSH quick connect on the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-multisite-ssh-quick-connect.png) 1. Enter the following command to define the primary domain name for your WordPress Multisite instance. Be sure to replace `` with the correct domain name for your WordPress Multisite. ``` sudo /opt/bitnami/configure_app_domain --domain ``` Example: ``` sudo /opt/bitnami/configure_app_domain --domain example.com ``` **Note** If this command fails, you might be using an older version of the WordPress Multisite instance. Try running the following commands instead, and be sure to replace `` with the correct domain name for your WordPress Multisite. ``` cd /opt/bitnami/apps/wordpress sudo ./bnconfig --machine_hostname ``` After running that command, enter the following command to keep the bnconfig tool from automatically running every time the server restarts. ``` sudo mv bnconfig bnconfig.disabled ``` At this point, browsing to the domain that you defined should redirect you to the main blog of your WordPress Multisite instance. ## Next steps Complete the next steps after you have defined the primary domain for your WordPress Multisite instance: + [Add blogs as subdomains to your WordPress Multisite instance](amazon-lightsail-add-blogs-as-subdomains-to-your-wordpress-multisite.md) + [Add blogs as domains to your WordPress Multisite instance](amazon-lightsail-add-blogs-as-domains-to-your-wordpress-multisite.md) Follow the step-by-step instructions to learn how to add new blog sites using separate domains or subdomains, and how to define the primary domain for your main blog on the WordPress Multisite instance. The guide covers prerequisites such as creating a WordPress Multisite instance, attaching a static IP, creating a DNS zone, and configuring the primary domain. It then provides detailed steps for adding blogs as domains or subdomains, updating DNS records, enabling cookie support, and performing other necessary configurations. By following this guide, you can effectively manage and organize multiple blogs within your WordPress Multisite instance, leveraging the flexibility of using separate domains or subdomains for each blog site. # Enable encrypted communication for Lightsail resources with Let's Encrypt Let's Encrypt This guide covers the following topics related to Let's Encrypt in Amazon Lightsail. Before getting started, ensure you have completed the following prerequisites: **Prerequisites** + [Create a Lightsail instance running LAMP, Nginx, or WordPress](getting-started-with-amazon-lightsail.md) + [Register a domain name and have access to edit its DNS records](amazon-lightsail-domain-registration.md) + [Use the Lightsail browser-based SSH terminal or your own SSH client.](understanding-ssh-in-amazon-lightsail.md) **Topics** + [ # Secure your Lightsail LAMP instance with Let's Encrypt SSL certificates ](amazon-lightsail-using-lets-encrypt-certificates-with-lamp.md) + [ # Secure your Lightsail NGINX website with Let's Encrypt SSL/TLS ](amazon-lightsail-using-lets-encrypt-certificates-with-nginx.md) + [ # Secure your Lightsail WordPress instance with free Let's Encrypt SSL certificates ](amazon-lightsail-using-lets-encrypt-certificates-with-wordpress.md) # Secure your Lightsail LAMP instance with Let's Encrypt SSL certificates LAMP Let's Encrypt certificate Amazon Lightsail makes it easy to secure your websites and applications with SSL/TLS using Lightsail load balancers. However, using a Lightsail load balancer might not generally be the right choice. Perhaps your site doesn't need the scalability or fault tolerance load balancers provide, or maybe you're optimizing for cost. In the latter case, you might consider using Let's Encrypt to obtain a free SSL certificate. If so, that's no problem. You can integrate those certificates with Lightsail instances. This tutorial shows you how to request a Let’s Encrypt wildcard certificate using Certbot, and integrate it with your LAMP instance. **Important** The Linux distribution used by Bitnami instances changed from Ubuntu to Debian in July, 2020. Because of this change, some of the steps in this tutorial will differ depending on the Linux distribution of your instance. All Bitnami blueprint instances created after the change use the Debian Linux distribution. Instances created before the change will continue to use the Ubuntu Linux distribution. To check the distribution of your instance, run the `uname -a `command. The response will show either Ubuntu or Debian as your instance's Linux distribution. Bitnami is in the process of modifying the file structure for many of their stacks. The file paths in this tutorial may change depending on whether your Bitnami stack uses native Linux system packages (Approach A), or if it is a self-contained installation (Approach B). To identify your Bitnami installation type and which approach to follow, run the following command: `test ! -f "/opt/bitnami/common/bin/openssl" && echo "Approach A: Using system packages." || echo "Approach B: Self-contained installation."` **Contents** + [Step 1: Complete the prerequisites](#complete-the-prerequisites-lets-encrypt-lamp) + [Step 2: Install Certbot on your instance](#install-certbot-on-your-instance-lamp) + [Step 3: Request a Let’s Encrypt SSL wildcard certificate](#request-a-lets-encrypt-certificate-lamp) + [Step 4: Add TXT records to your domain’s DNS zone](#add-a-text-record-to-your-domains-dns-zone-lets-encrypt-lamp) + [Step 5: Confirm that the TXT records have propagated](#confirm-the-text-records-have-propagated-lets-encrypt-lamp) + [Step 6: Complete the Let’s Encrypt SSL certificate request](#complete-the-lets-encrypt-certificate-request-lamp) + [Step 7: Create links to the Let’s Encrypt certificate files in the Apache server directory](#link-the-lets-encrypt-certificate-files-in-the-apache-directory-lamp) + [Step 8: Configure HTTP to HTTPS redirection for your web application](#configure-http-to-https-redirection-lamp) + [Step 9: Renew the Let's Encrypt certificates every 90 days](#renew-a-lets-encrypt-certificate-lamp) ## Step 1: Complete the prerequisites Complete the following prerequisites if you haven’t already done so: + Create a LAMP instance in Lightsail. To learn more, see [Create an instance](how-to-create-amazon-lightsail-instance-virtual-private-server-vps.md). + Register a domain name, and get administrative access to edit its DNS records. To learn more, see [Amazon Lightsail DNS ](understanding-dns-in-amazon-lightsail.md). **Note** We recommend that you manage your domain’s DNS records using a Lightsail DNS zone. To learn more, see [Creating a DNS zone to manage your domain’s DNS records](lightsail-how-to-create-dns-entry.md). + Use the browser-based SSH terminal in the Lightsail console to perform the steps in this tutorial. However, you can also use your own SSH client, such as PuTTY. To learn more about configuring PuTTY, see [Download and set up PuTTY to connect using SSH](lightsail-how-to-set-up-putty-to-connect-using-ssh.md). After you've completed the prerequisites, continue to the [next section](#install-certbot-on-your-instance-lamp) of this tutorial. ## Step 2: Install Certbot on your instance Certbot is a client used to request a certificate from Let’s Encrypt and deploy it to a web server. Let's Encrypt uses the ACME protocol to issue certificates, and Certbot is an ACME-enabled client that interacts with Let's Encrypt. **To install Certbot on your Lightsail instance** 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. In the left navigation pane, choose the SSH quick connect icon for the instance that you want to connect to. ![\[SSH quick connect on the Lightsail home page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-lamp-ssh-quick-connect.png) 1. After your Lightsail browser-based SSH session is connected, enter the following command to update the packages on your instance: ``` sudo apt-get update ``` ![\[Update the packages on your instance.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-lamp-ssh-lets-encrypt-update-packages.png) 1. Enter the following command to install the software properties package. Certbot’s developers use a Personal Package Archive (PPA) to distribute Certbot. The software properties package makes it more efficient to work with PPAs. ``` sudo apt-get install software-properties-common ``` **Note** If you encounter a `Could not get lock` error when running the `sudo apt-get install` command, please wait approximately 15 minutes and try again. This error may be caused by a cron job that is using the Apt package management tool to install unattended upgrades. 1. Enter the following command to add Certbot to the local apt repository: **Note** Step 5 applies only to instances that use the Ubuntu Linux distribution. Skip this step if your instance uses the Debian Linux distribution. ``` sudo apt-add-repository ppa:certbot/certbot -y ``` 1. Enter the following command to update apt to include the new repository: ``` sudo apt-get update -y ``` 1. Enter the following command to install Certbot: ``` sudo apt-get install certbot -y ``` Certbot is now installed on your Lightsail instance. 1. Keep the browser-based SSH terminal window open—you return to it later in this tutorial. Continue to the [next section](#request-a-lets-encrypt-certificate-lamp) of this tutorial. ## Step 3: Request a Let’s Encrypt SSL wildcard certificate Begin the process of requesting a certificate from Let’s Encrypt. Using Certbot, request a wildcard certificate, which lets you use a single certificate for a domain and its subdomains. For example, a single wildcard certificate works for the `example.com` top-level domain, and the `blog.example.com`, and `stuff.example.com` subdomains. **To request a Let’s Encrypt SSL wildcard certificate** 1. In the same browser-based SSH terminal window used in [step 2](#install-certbot-on-your-instance-lamp) of this tutorial, enter the following commands to set an environment variable for your domain. You can now more efficiently copy and paste commands to obtain the certificate. ``` DOMAIN=Domain ``` ``` WILDCARD=*.$DOMAIN ``` In the command, replace *Domain* with your registered domain name. Example: ``` DOMAIN=example.com ``` ``` WILDCARD=*.$DOMAIN ``` 1. Enter the following command to confirm the variables return the correct values: ``` echo $DOMAIN && echo $WILDCARD ``` You should see a result similar to the following: ![\[Confirm the domain environment variables.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/bitnami-confirm-variables.png) 1. Enter the following command to start Certbot in interactive mode. This command tells Certbot to use a manual authorization method with DNS challenges to verify domain ownership. It requests a wildcard certificate for your top-level domain, as well as its subdomains. ``` sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly ``` 1. Enter your email address when prompted, because it’s used for renewal and security notices. 1. Read the Let’s Encrypt terms of service. When done, press A if you agree. If you disagree, you cannot obtain a Let’s Encrypt certificate. 1. Respond accordingly to the prompt to share your email address and to the warning about your IP address being logged. 1. Let’s Encrypt now prompts you to verify that you own the domain specified. You do this by adding TXT records to the DNS records for your domain. A set of TXT record values are provided as shown in the following example: **Note** Let's Encrypt may provide a single or multiple TXT records that you must use for verification. In this example, we were provided with two TXT records to use for verification. ![\[TXT records for Let's Encrypt certificates.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/ssh/lets-encrypt-text-records.png) 1. Keep the Lightsail browser-based SSH session open—you return to it later in this tutorial. Continue to the [next section](#add-a-text-record-to-your-domains-dns-zone-lets-encrypt-lamp) of this tutorial. ## Step 4: Add TXT records to your domain’s DNS zone Adding a TXT record to your domain’s DNS zone verifies that you own the domain. For demonstration purposes, we use the Lightsail DNS zone. However, the steps might be similar for other DNS zones typically hosted by domain registrars. **Note** To learn more about how to create a Lightsail DNS zone for your domain, see [Creating a DNS zone to manage your domain’s DNS records in Lightsail](lightsail-how-to-create-dns-entry.md). **To add TXT records to your domain’s DNS zone in Lightsail** 1. In the left navigation pane, choose **Domains & DNS**. 1. Under the **DNS zones** section of the page, choose the DNS Zone for the domain that you specified in the Certbot certificate request. 1. In the DNS zone editor, choose **DNS records**. 1. Choose **Add record**. 1. In the **Record type** drop-down menu, choose **TXT record**. 1. Enter the values specified by the Let’s Encrypt certificate request into the **Record name** and **Responds with** fields. **Note** The Lightsail console pre-populates the apex portion of your domain. For example, if you want to add the `_acme-challenge.example.com` subdomain, then you only have to enter `_acme-challenge` into the text box, and Lightsail adds the `.example.com` portion for you when you save the record. 1. Choose **Save**. 1. Repeat steps 4 through 7 to add the second set of TXT records specified by the Let’s Encrypt certificate request. 1. Keep the Lightsail console browser window open—you return to it later in this tutorial. Continue to the [next section](#confirm-the-text-records-have-propagated-lets-encrypt-lamp) of this tutorial. ## Step 5: Confirm that the TXT records have propagated Use the MxToolbox utility to confirm that the TXT records have propagated to the internet’s DNS. DNS record propagation might take a while depending on your DNS hosting provider, and the configured time to live (TTL) for your DNS records. It is important that you complete this step, and confirm that your TXT records have propagated, before continuing your Certbot certificate request. Otherwise, your certificate request fails. **To confirm the TXT records have propagated to the internet’s DNS** 1. Open a new browser window and go to [https://mxtoolbox.com/TXTLookup.aspx](https://mxtoolbox.com/TXTLookup.aspx). 1. Enter the following text into the text box. ``` _acme-challenge.Domain ``` Replace *Domain* with your registered domain name. Example: ``` _acme-challenge.example.com ``` ![\[MXToolbox TXT record lookup.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/mxtoolbox-text-record-lookup.png) 1. Choose **TXT Lookup** to run the check. 1. One of the following responses occurs: + If your TXT records have propagated to the internet’s DNS, you see a response similar to the one shown in the following screenshot. Close the browser window and continue to the [next section](#complete-the-lets-encrypt-certificate-request-lamp) of this tutorial. ![\[Confirmation that TXT records propagated.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/mxtoolbox-propagated-text-record-lookup.png) + If your TXT records have not propagated to the internet’s DNS, you see a **DNS Record not found** response. Confirm that you added the correct DNS records to your domains’ DNS zone. If you added the correct records, wait a while longer to let your domain’s DNS records propagate, and run the TXT lookup again. ## Step 6: Complete the Let’s Encrypt SSL certificate request Go back to the Lightsail browser-based SSH session for your LAMP instance and complete the Let’s Encrypt certificate request. Certbot saves your SSL certificate, chain, and key files to a specific directory on your LAMP instance. **To complete the Let’s Encrypt SSL certificate request** 1. In the Lightsail browser-based SSH session for your LAMP instance, press **Enter** to continue your Let’s Encrypt SSL certificate request. If successful, a response similar to the one shown in the following screenshot appears: ![\[Successful Let's Encrypt certificate request.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/bitnami-certificate-request-success.png) The message confirms that your certificate, chain, and key files are stored in the `/etc/letsencrypt/live/Domain/` directory. *Domain* will be your registered domain name, such as `/etc/letsencrypt/live/example.com/`. 1. Make note of the expiration date specified in the message. You use it to renew your certificate by that date. ![\[Let's Encrypt certificate renewal date.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/certificate-renewal-date.png) 1. Now that you have the Let’s Encrypt SSL certificate, continue to the [next section](#link-the-lets-encrypt-certificate-files-in-the-apache-directory-lamp) of this tutorial. ## Step 7: Create links to the Let’s Encrypt certificate files in the Apache server directory Create links to the Let’s Encrypt SSL certificate files in the Apache server directory on your LAMP instance. Also, back up your existing certificates, in case you need them later. **To create links to the Let’s Encrypt certificate files in the Apache server directory** 1. In the Lightsail browser-based SSH session for your LAMP instance, enter the following command to stop the underlying LAMP stack services: ``` sudo /opt/bitnami/ctlscript.sh stop ``` You should see a response similar to the following: ![\[Instance services stopped.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-ssh-stop-services.png) 1. Enter the following command to set an environment variable for your domain. ``` DOMAIN=Domain ``` In the command, replace *Domain* with your registered domain name. Example: ``` DOMAIN=example.com ``` 1. Enter the following command to confirm the variables return the correct values: ``` echo $DOMAIN ``` You should see a result similar to the following: ![\[Confirm the domain environment variable.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/bitnami-confirm-domain-variable.png) 1. Enter the following commands individually to rename your existing certificate files as backups. Refer to the **Important** block at the beginning of this tutorial for information about the different distributions and file structures. + For Debian Linux distributions Approach A (Bitnami installations using system packages): ``` sudo mv /opt/bitnami/apache2/conf/bitnami/certs/server.crt /opt/bitnami/apache2/conf/bitnami/certs/server.crt.old ``` ``` sudo mv /opt/bitnami/apache2/conf/bitnami/certs/server.key /opt/bitnami/apache2/conf/bitnami/certs/server.key.old ``` Approach B (Self-contained Bitnami installations): ``` sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old ``` ``` sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old ``` + For older instances that use the Ubuntu Linux distribution: ``` sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.crt /opt/bitnami/apache/conf/bitnami/certs/server.crt.old ``` ``` sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.key /opt/bitnami/apache/conf/bitnami/certs/server.key.old ``` 1. Enter the following commands individually to create links to your Let’s Encrypt certificate files in the apache2 server directory. Refer to the **Important** block at the beginning of this tutorial for information about the different distributions and file structures. + For Debian Linux distributions Approach A (Bitnami installations using system packages): ``` sudo ln -sf /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache2/conf/bitnami/certs/server.key ``` ``` sudo ln -sf /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/bitnami/certs/server.crt ``` Approach B (Self-contained Bitnami installations): ``` sudo ln -sf /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache2/conf/server.key ``` ``` sudo ln -sf /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/server.crt ``` + For older instances that use the Ubuntu Linux distribution: ``` sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache/conf/bitnami/certs/server.key ``` ``` sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache/conf/bitnami/certs/server.crt ``` 1. Enter the following command to start the underlying LAMP stack services that you had stopped earlier: ``` sudo /opt/bitnami/ctlscript.sh start ``` You should see a result similar to the following: ![\[Instance services started.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-ssh-start-services.png) Your LAMP instance is now configured to use SSL encryption. However, traffic is not automatically redirected from HTTP to HTTPS. 1. Continue to the [next section](#configure-http-to-https-redirection-lamp) of this tutorial. ## Step 8: Configure HTTP to HTTPS redirection for your web application You can configure an HTTP to HTTPS redirect for your LAMP instance. Automatically redirecting from HTTP to HTTPS makes your site accessible only by your customers using SSL, even when they connect using HTTP. **To configure HTTP to HTTPS redirection for your web application** 1. In the Lightsail browser-based SSH session for your LAMP instance, enter the following command to edit the Apache web server configuration file using the Vim text editor: ``` sudo vim /opt/bitnami/apache2/conf/bitnami/bitnami.conf ``` **Note** This tutorial uses Vim for demonstration purposes; however, you can use any text editor of your choice for this step. 1. Press `i` to enter insert mode in the Vim editor. 1. In the file, enter the following text between `DocumentRoot "/opt/bitnami/apache2/htdocs"` and ``: ``` RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L] ``` The result should look like the following: ![\[Apache configuration file edited for HTTP to HTTPS redirection.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-lamp-ssh-lets-encrypt-apache-config-file.png) 1. Press the **ESC** key, and then enter `:wq` to write (save) your edits, and quit Vim. 1. Enter the following command to restart the underlying LAMP stack services and make your edits effective: ``` sudo /opt/bitnami/ctlscript.sh restart ``` Your LAMP instance is now configured to automatically redirect connections from HTTP to HTTPS. When a visitor goes to `http://www.example.com`, they are automatically redirected to the encrypted `https://www.example.com` address. ## Step 9: Renew the Let's Encrypt certificates every 90 days Let’s Encrypt certificates are valid for 90 days. Certificates can be renewed 30 days before they expire. To renew the Let's Encrypt certificates, run the original command used to obtain them. Repeat the steps in the [Request a Let’s Encrypt SSL wildcard certificate](#request-a-lets-encrypt-certificate-lamp) section of this tutorial. # Secure your Lightsail NGINX website with Let's Encrypt SSL/TLS NGINX Let's Encrypt certificate Amazon Lightsail makes it easy to secure your websites and applications with SSL/TLS using Lightsail load balancers. However, using a Lightsail load balancer might not generally be the right choice. Perhaps your site doesn't need the scalability or fault tolerance load balancers provide, or maybe you're optimizing for cost. In the latter case, you might consider using Let's Encrypt to obtain a free SSL certificate. If so, that's no problem. You can integrate those certificates with Lightsail instances. This tutorial shows you how to request a Let’s Encrypt wildcard certificate using Certbot, and integrate it with your Nginx instance. ## Identify your Nginx blueprint vendor Here are a few steps you should take to get started after your Nginx instance is up and running on Amazon Lightsail. Before you get started, identify your blueprint vendor on your instance management page: ![\[Nginx blueprint vendor on the instance management page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/headers/nginx-blueprint-vendor.png) Select the appropriate guide for your Nginx instance: ------ #### [ Bitnami ] **Important** The Linux distribution used by Bitnami instances changed from Ubuntu to Debian in July, 2020. Because of this change, some of the steps in this tutorial will differ depending on the Linux distribution of your instance. All Bitnami blueprint instances created after the change use the Debian Linux distribution. Instances created before the change will continue to use the Ubuntu Linux distribution. To check the distribution of your instance, run the `uname -a `command. The response will show either Ubuntu or Debian as your instance's Linux distribution. Bitnami is in the process of modifying the file structure for many of their stacks. The file paths in this tutorial may change depending on whether your Bitnami stack uses native Linux system packages (Approach A), or if it is a self-contained installation (Approach B). To identify your Bitnami installation type and which approach to follow, run the following command: `test ! -f "/opt/bitnami/common/bin/openssl" && echo "Approach A: Using system packages." || echo "Approach B: Self-contained installation."` **Contents** + [Step 1: Complete the prerequisites](#complete-the-prerequisites-lets-encrypt-nginx) + [Step 2: Install Certbot on your Lightsail instance](#install-certbot-on-your-instance-nginx) + [Step 3: Request a Let’s Encrypt SSL wildcard certificate](#request-a-lets-encrypt-certificate-nginx) + [Step 4: Add TXT records to your domain’s DNS zone](#add-a-text-record-to-your-domains-dns-zone-lets-encrypt-nginx) + [Step 5: Confirm that the TXT records have propagated](#confirm-the-text-records-have-propagated-lets-encrypt-nginx) + [Step 6: Complete the Let’s Encrypt SSL certificate request](#complete-the-lets-encrypt-certificate-request-nginx) + [ Step 7: Create links to the Let’s Encrypt certificate files in the NGINX server directory ](#link-the-lets-encrypt-certificate-files-in-the-nginx-directory-nginx) + [Step 8: Configure HTTP to HTTPS redirection for your web application](#configure-http-to-https-redirection-nginx) + [Step 9: Renew the Let's Encrypt certificates every 90 days](#renew-a-lets-encrypt-certificate-nginx) ## Step 1: Complete the prerequisites Complete the following prerequisites if you haven’t already done so: + Create a Nginx instance in Lightsail. To learn more, see [Create an instance](how-to-create-amazon-lightsail-instance-virtual-private-server-vps.md). + Register a domain name, and get administrative access to edit its DNS records. To learn more, see [DNS](understanding-dns-in-amazon-lightsail.md). **Note** We recommend that you manage your domain’s DNS records using a Lightsail DNS zone. To learn more, see [Create a DNS zone to manage your domain’s DNS records](lightsail-how-to-create-dns-entry.md). + Use the browser-based SSH terminal in the Lightsail console to perform the steps in this tutorial. However, you can also use your own SSH client, such as PuTTY. To learn more about configuring PuTTY, see [Download and set up PuTTY to connect using SSH in Amazon Lightsail](lightsail-how-to-set-up-putty-to-connect-using-ssh.md). After you've completed the prerequisites, continue to the [next section](#install-certbot-on-your-instance-nginx) of this tutorial. ## Step 2: Install Certbot on your Lightsail instance Certbot is a client used to request a certificate from Let’s Encrypt and deploy it to a web server. Let's Encrypt uses the ACME protocol to issue certificates, and Certbot is an ACME-enabled client that interacts with Let's Encrypt. **To install Certbot on your Lightsail instance** 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. In the left navigation pane, choose the SSH quick connect icon for the instance that you want to connect to. ![\[SSH quick connect on the Lightsail home page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/resource_cards/nginx-ssh-quick-connect.png) 1. After your Lightsail browser-based SSH session is connected, enter the following command to update the packages on your instance: ``` sudo apt-get update ``` ![\[Update the packages on your instance.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/bitnami-nginx-update-packages.png) 1. Enter the following command to install the software properties package. Certbot’s developers use a Personal Package Archive (PPA) to distribute Certbot. The software properties package makes it more efficient to work with PPAs. ``` sudo apt-get install software-properties-common ``` **Note** If you encounter a `Could not get lock` error when running the `sudo apt-get install` command, please wait approximately 15 minutes and try again. This error may be caused by a cron job that is using the Apt package management tool to install unattended upgrades. 1. Enter the following command to add Certbot to the local apt repository: **Note** Step 5 applies only to instances that use the Ubuntu Linux distribution. Skip this step if your instance uses the Debian Linux distribution. ``` sudo apt-add-repository ppa:certbot/certbot -y ``` 1. Enter the following command to update apt to include the new repository: ``` sudo apt-get update -y ``` 1. Enter the following command to install Certbot: ``` sudo apt-get install certbot -y ``` Certbot is now installed on your Lightsail instance. 1. Keep the browser-based SSH terminal window open—you return to it later in this tutorial. Continue to the [next section](#request-a-lets-encrypt-certificate-nginx) of this tutorial. ## Step 3: Request a Let’s Encrypt SSL wildcard certificate Begin the process of requesting a certificate from Let’s Encrypt. Using Certbot, request a wildcard certificate, which lets you use a single certificate for a domain and its subdomains. For example, a single wildcard certificate works for the `example.com` top-level domain, and the `blog.example.com`, and `stuff.example.com` subdomains. **To request a Let’s Encrypt SSL wildcard certificate** 1. In the same browser-based SSH terminal window used in [step 2](#install-certbot-on-your-instance-nginx) of this tutorial, enter the following commands to set an environment variable for your domain. You can now more efficiently copy and paste commands to obtain the certificate. Be sure to replace `domain` with the name of your registered domain name. ``` DOMAIN=domain ``` ``` WILDCARD=*.$DOMAIN ``` Example: ``` DOMAIN=example.com ``` ``` WILDCARD=*.$DOMAIN ``` 1. Enter the following command to confirm the variables return the correct values: ``` echo $DOMAIN && echo $WILDCARD ``` You should see a result similar to the following: ![\[Confirm the domain environment variables.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/bitnami-confirm-variables.png) 1. Enter the following command to start Certbot in interactive mode. This command tells Certbot to use a manual authorization method with DNS challenges to verify domain ownership. It requests a wildcard certificate for your top-level domain, as well as its subdomains. ``` sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly ``` 1. Enter your email address when prompted, because it’s used for renewal and security notices. 1. Read the Let’s Encrypt terms of service. When done, press A if you agree. If you disagree, you cannot obtain a Let’s Encrypt certificate. 1. Respond accordingly to the prompt to share your email address and to the warning about your IP address being logged. 1. Let’s Encrypt now prompts you to verify that you own the domain specified. You do this by adding TXT records to the DNS records for your domain. A set of TXT record values are provided as shown in the following example: **Note** Let's Encrypt may provide a single or multiple TXT records that you must use for verification. In this example, we were provided with two TXT records to use for verification. ![\[TXT records for Let's Encrypt certificates.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/ssh/lets-encrypt-text-records.png) 1. Keep the Lightsail browser-based SSH session open—you return to it later in this tutorial. Continue to the [next section](#add-a-text-record-to-your-domains-dns-zone-lets-encrypt-nginx) of this tutorial. ## Step 4: Add TXT records to your domain’s DNS zone Adding a TXT record to your domain’s DNS zone verifies that you own the domain. For demonstration purposes, we use the Lightsail DNS zone. However, the steps might be similar for other DNS zones typically hosted by domain registrars. **Note** To learn more about how to create a Lightsail DNS zone for your domain, see [Creating a DNS zone to manage your domain’s DNS records in Lightsail](lightsail-how-to-create-dns-entry.md). **To add TXT records to your domain’s DNS zone in Lightsail** 1. In the left navigation pane, choose the **Domains & DNS**. 1. Under the **DNS zones** section of the page, choose the DNS Zone for the domain that you specified in the Certbot certificate request. 1. In the DNS zone editor, choose **DNS records**. 1. Choose **Add record**. 1. In the **Record type** drop-down menu, choose **TXT record**. 1. Enter the values specified by the Let’s Encrypt certificate request into the **Record name** and **Responds with** fields. **Note** The Lightsail console pre-populates the apex portion of your domain. For example, if you want to add the `_acme-challenge.example.com` subdomain, then you only have to enter `_acme-challenge` into the text box, and Lightsail adds the `.example.com` portion for you when you save the record. 1. Choose **Save**. 1. Repeat steps 4 through 7 to add the second set of TXT records specified by the Let’s Encrypt certificate request. 1. Keep the Lightsail console browser window open—you return to it later in this tutorial. Continue to the [next section](#confirm-the-text-records-have-propagated-lets-encrypt-nginx) of this tutorial. ## Step 5: Confirm that the TXT records have propagated Use the MxToolbox utility to confirm that the TXT records have propagated to the Internet’s DNS. DNS record propagation might take a while depending on your DNS hosting provider, and the configured time to live (TTL) for your DNS records. It is important that you complete this step, and confirm that your TXT records have propagated, before continuing your Certbot certificate request. Otherwise, your certificate request fails. **To confirm the TXT records have propagated to the Internet’s DNS** 1. Open a new browser window and go to [https://mxtoolbox.com/TXTLookup.aspx](https://mxtoolbox.com/TXTLookup.aspx). 1. Enter the following text into the text box. Be sure to replace `domain` with your domain. ``` _acme-challenge.domain ``` Example: ``` _acme-challenge.example.com ``` ![\[MxToolbox TXT record lookup.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/mxtoolbox-text-record-lookup.png) 1. Choose **TXT Lookup** to run the check. 1. One of the following responses occurs: + If your TXT records have propagated to the Internet’s DNS, you see a response similar to the one shown in the following screenshot. Close the browser window and continue to the [next section](#complete-the-lets-encrypt-certificate-request-nginx) of this tutorial. ![\[Confirmation that TXT records propagated.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/mxtoolbox-propagated-text-record-lookup.png) + If your TXT records have not propagated to the Internet’s DNS, you see a **DNS Record not found** response. Confirm that you added the correct DNS records to your domains’ DNS zone. If you added the correct records, wait a while longer to let your domain’s DNS records propagate, and run the TXT lookup again. ## Step 6: Complete the Let’s Encrypt SSL certificate request Go back to the Lightsail browser-based SSH session for your Nginx instance and complete the Let’s Encrypt certificate request. Certbot saves your SSL certificate, chain, and key files to a specific directory on your Nginx instance. **To complete the Let’s Encrypt SSL certificate request** 1. In the Lightsail browser-based SSH session for your Nginx instance, press **Enter** to continue your Let’s Encrypt SSL certificate request. If successful, a response similar to the one shown in the following screenshot appears: ![\[Successful Let's Encrypt certificate request.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/bitnami-certificate-request-success.png) The message confirms that your certificate, chain, and key files are stored in the `/etc/letsencrypt/live/domain/` directory. Make sure to replace `domain` with your domain, such as `/etc/letsencrypt/live/example.com/`. 1. Make note of the expiration date specified in the message. You use it to renew your certificate by that date. ![\[Let's Encrypt certificate renewal date.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/certificate-renewal-date.png) 1. Now that you have the Let’s Encrypt SSL certificate, continue to the [next section](#link-the-lets-encrypt-certificate-files-in-the-nginx-directory-nginx) of this tutorial. ## Step 7: Create links to the Let’s Encrypt certificate files in the NGINX server directory Create links to the Let’s Encrypt SSL certificate files in the NGINX server directory on your Nginx instance. Also, back up your existing certificates, in case you need them later. **To create links to the Let’s Encrypt certificate files in the NGINX server directory** 1. In the Lightsail browser-based SSH session for your Nginx instance, enter the following command to stop the underlying services: ``` sudo /opt/bitnami/ctlscript.sh stop ``` You should see a response similar to the following: ![\[Instance services stopped.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/bitnami-nginx-stop-services.png) 1. Enter the following command to set an environment variable for your domain. You can more efficiently copy and paste commands to link the certificate files. Be sure to replace `domain` with the name of your registered domain. ``` DOMAIN=domain ``` Example: ``` DOMAIN=example.com ``` 1. Enter the following command to confirm the variables return the correct values: ``` echo $DOMAIN ``` You should see a result similar to the following: ![\[Confirm the domain environment variable.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/bitnami-confirm-domain-variable.png) 1. Enter the following commands individually to rename your existing certificate files as backups. Refer to the **Important** block at the beginning of this tutorial for information about the different distributions and file structures. + For Debian Linux distributions Approach A (Bitnami installations using system packages): ``` sudo mv /opt/bitnami/nginx/conf/bitnami/certs/server.crt /opt/bitnami/nginx/conf/bitnami/certs/server.crt.old ``` ``` sudo mv /opt/bitnami/nginx/conf/bitnami/certs/server.key /opt/bitnami/nginx/conf/bitnami/certs/server.key.old ``` Approach B (Self-contained Bitnami installations): ``` sudo mv /opt/bitnami/nginx/conf/server.crt /opt/bitnami/nginx/conf/server.crt.old ``` ``` sudo mv /opt/bitnami/nginx/conf/server.key /opt/bitnami/nginx/conf/server.key.old ``` + For older instances that use the Ubuntu Linux distribution: ``` sudo mv /opt/bitnami/nginx/conf/bitnami/certs/server.crt /opt/bitnami/nginx/conf/bitnami/certs/server.crt.old ``` ``` sudo mv /opt/bitnami/nginx/conf/bitnami/certs/server.key /opt/bitnami/nginx/conf/bitnami/certs/server.key.old ``` 1. Enter the following commands individually to create links to your Let’s Encrypt certificate files in the NGINX server directory. Refer to the **Important** block at the beginning of this tutorial for information about the different distributions and file structures. + For Debian Linux distributions Approach A (Bitnami installations using system packages): ``` sudo ln -sf /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/nginx/conf/bitnami/certs/server.key ``` ``` sudo ln -sf /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/nginx/conf/bitnami/certs/server.crt ``` Approach B (Self-contained Bitnami installations): ``` sudo ln -sf /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/nginx/conf/server.key ``` ``` sudo ln -sf /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/nginx/conf/server.crt ``` + For older instances that use the Ubuntu Linux distribution: ``` sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/nginx/conf/bitnami/certs/server.key ``` ``` sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/nginx/conf/bitnami/certs/server.crt ``` 1. Enter the following command to start the underlying services that you stopped earlier: ``` sudo /opt/bitnami/ctlscript.sh start ``` You should see a result similar to the following: ![\[Instance services started.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/bitnami-nginx-start-services.png) Your Nginx instance is now configured to use SSL encryption. However, traffic is not automatically redirected from HTTP to HTTPS. 1. Continue to the [next section](#configure-http-to-https-redirection-nginx) of this tutorial. ## Step 8: Configure HTTP to HTTPS redirection for your web application You can configure an HTTP to HTTPS redirect for your Nginx instance. Automatically redirecting from HTTP to HTTPS makes your site accessible only by your customers using SSL, even when they connect using HTTP. Refer to the Important block at the beginning of this tutorial for information about the different distributions and file structures. This tutorial uses Vim for demonstration purposes; however, you can use any text editor of your choice. **For Debian Linux distributions – Configure HTTP to HTTPS redirection for your web application** **Approach A (Bitnami installations using system packages):** 1. In the Lightsail browser-based SSH session for your Nginx instance, enter the following command to modify the server-block configuration file. Replace `` with the name of your application. ``` sudo vim /opt/bitnami/nginx/conf/server_blocks/-server-block.conf ``` 1. Press `i` to enter insert mode in the Vim editor. 1. Edit the file with the information from the following example: ![\[Application server block configuration file.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/using-le-certs-1.png) 1. Press the **ESC** key, and then enter `:wq` to write (save) your edits, and quit Vim. 1. Enter the following command to modify the server section of the NGINX configuration file: ``` sudo vim /opt/bitnami/nginx/conf/nginx.conf ``` 1. Press `i` to enter insert mode in the Vim editor. 1. Edit the file with the information from the following example: ![\[NGINX configuration file.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/using-le-certs-2.png) 1. Press the **ESC** key, and then enter `:wq` to write (save) your edits, and quit Vim. 1. Enter the following command to restart the underlying services and make your edits effective: ``` sudo /opt/bitnami/ctlscript.sh restart ``` **Approach B (Self-contained Bitnami installations):** 1. In the Lightsail browser-based SSH session for your Nginx instance, enter the following command to modify the server section of the NGINX configuration file: ``` sudo vim /opt/bitnami/nginx/conf/nginx.conf ``` 1. Press `i` to enter insert mode in the Vim editor. 1. Edit the file with the information from the following example: ![\[NGINX configuration file.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/using-le-certs-2.png) 1. Press the **ESC** key, and then enter `:wq` to write (save) your edits, and quit Vim. 1. Enter the following command to restart the underlying services and make your edits effective: ``` sudo /opt/bitnami/ctlscript.sh restart ``` **For older instances that use the Ubuntu Linux distribution – Configure HTTP to HTTPS redirection for your web application** 1. In the Lightsail browser-based SSH session for your Nginx instance, enter the following command to edit the NGINX web server configuration file using the Vim text editor: ``` sudo vim /opt/bitnami/nginx/conf/bitnami/bitnami.conf ``` 1. Press `i` to enter insert mode in the Vim editor. 1. In the file, enter the following text between `server_name localhost;` and `include "/opt/bitnami/nginx/conf/bitnami/bitnami-apps-prefix.conf";`: ``` return 301 https://$host$request_uri; ``` The result should look like the following: ![\[NGINX configuration file edited for HTTP to HTTPS redirection.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/bitnami-nginx-config-file.png) 1. Press the **ESC** key, and then enter `:wq` to write (save) your edits, and quit Vim. 1. Enter the following command to restart the underlying services and make your edits effective: ``` sudo /opt/bitnami/ctlscript.sh restart ``` Your Nginx instance is now configured to automatically redirect connections from HTTP to HTTPS. When a visitor goes to `http://www.example.com`, they are automatically redirected to the encrypted `https://www.example.com` address. ## Step 9: Renew the Let's Encrypt certificates every 90 days Let’s Encrypt certificates are valid for 90 days. Certificates can be renewed 30 days before they expire. To renew the Let's Encrypt certificates, run the original command used to obtain them. Repeat the steps in the [Request a Let’s Encrypt SSL wildcard certificate](#request-a-lets-encrypt-certificate-nginx) section of this tutorial. ------ #### [ Lightsail ] **Contents** + [ Step 1: Complete the prerequisites ](#complete-the-prerequisites) + [ Step 2: Install Certbot on your Lightsail instance ](#install-certbot-on-your-instance) + [ Step 3: Request a Let’s Encrypt SSL wildcard certificate ](#request-a-lets-encrypt-certificate) + [ Step 4: Add TXT records to your domain’s DNS zone ](#add-a-text-record-to-your-domains-dns-zone-lets-encrypt) + [ Step 5: Confirm that the TXT records have propagated ](#confirm-the-text-records-have-propagated-lets-encrypt) + [ Step 6: Complete the Let’s Encrypt SSL certificate request ](#complete-the-lets-encrypt-certificate-request) + [ Step 7: Update SSL configuration in NGINX and redirect traffic from HTTP to HTTPS ](#update-ssl-configuration) + [ Step 8: Renew the Let’s Encrypt certificates every 90 days ](#renew-a-lets-encrypt-certificate) ## Step 1: Complete the prerequisites Complete the following prerequisites if you haven’t already done so: + Create a Nginx instance in Lightsail. To learn more, see [ Create an instance ](how-to-create-amazon-lightsail-instance-virtual-private-server-vps.md). + Register a domain name, and get administrative access to edit its DNS records. To learn more, see [DNS](understanding-dns-in-amazon-lightsail.md). **Note** We recommend that you manage your domain’s DNS records using a Lightsail DNS zone. To learn more, see [ Create a DNS zone to manage your domain’s DNS records ](lightsail-how-to-create-dns-entry.md) . + Use the browser-based SSH terminal in the Lightsail console to perform the steps in this tutorial: ![\[SSH quick connect on the Lightsail home page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/resource_cards/nginx-ssh-quick-connect.png) **Note** You can also use your own SSH client, such as PuTTY. To learn more about configuring PuTTY, see [ Download and set up PuTTY to connect using SSH in Amazon Lightsail ](lightsail-how-to-set-up-putty-to-connect-using-ssh.md) . ## Step 2: Install Certbot on your Lightsail instance Certbot is a client used to request a certificate from Let’s Encrypt and deploy it to a web server. Let’s Encrypt uses the ACME protocol to issue certificates, and Certbot is an ACME-enabled client that interacts with Let’s Encrypt. **To install Certbot on your Lightsail instance** 1. Connect to your instance using an SSH client, for example, the Lightsail browser-based SSH terminal. Enter the following command to update the packages on your instance: ``` sudo apt-get update ``` 1. Enter the following command to install the software properties package. Certbot’s developers use a Personal Package Archive (PPA) to distribute Certbot. The software properties package makes it more efficient to work with PPAs. ``` sudo apt-get install software-properties-common -y ``` 1. Enter the following command to update apt to include the new repository: ``` sudo apt-get update -y ``` 1. Enter the following command to install Certbot: ``` sudo apt-get install certbot -y ``` Certbot is now installed on your Lightsail instance. ## Step 3: Request a Let’s Encrypt SSL wildcard certificate Begin the process of requesting a certificate from Let’s Encrypt. Using Certbot, request a wildcard certificate, which lets you use a single certificate for a domain and its subdomains. For example, a single wildcard certificate works for the `example.com` top-level domain, and the `blog.example.com`, and `stuff.example.com`subdomains. **To request a Let’s Encrypt SSL wildcard certificate** 1. In the same browser-based SSH terminal window used in [step 2](#install-certbot-on-your-instance) of this tutorial, enter the following commands to set an environment variable for your domain. You can now more efficiently copy and paste commands to obtain the certificate. Be sure to replace `domain` with the name of your registered domain name. ``` DOMAIN=domain WILDCARD=*.$DOMAIN ``` Example: ``` DOMAIN=example.com WILDCARD=*.$DOMAIN ``` 1. Enter the following command to confirm the variables return the correct values: ``` echo $DOMAIN && echo $WILDCARD ``` You should see a result similar to the following: ![\[Confirm the domain environment variables.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/confirm-variables.png) 1. Enter the following command to start Certbot in interactive mode. This command tells Certbot to use a manual authorization method with DNS challenges to verify domain ownership. It requests a wildcard certificate for your top-level domain, as well as its subdomains. ``` sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly ``` 1. Enter your email address when prompted, because it’s used for renewal and security notices. 1. Read the Let’s Encrypt terms of service. When done, press Y if you agree. If you disagree, you cannot obtain a Let’s Encrypt certificate. 1. Respond accordingly to the prompt to share your email address and to the warning about your IP address being logged. 1. Let’s Encrypt now prompts you to verify that you own the domain specified. You do this by adding TXT records to the DNS records for your domain. A set of TXT record values are provided as shown in the following example: **Note** Let’s Encrypt may provide a single or multiple TXT records that you must use for verification. In this example, we were provided with two TXT records to use for verification. ![\[TXT records for Let’s Encrypt certificates.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/get-TXT-records.png) 1. Keep the Lightsail browser-based SSH session open—you return to it later in this tutorial. Continue to the [ next section ](#add-a-text-record-to-your-domains-dns-zone-lets-encrypt) of this tutorial. ## Step 4: Add TXT records to your domain’s DNS zone Adding a TXT record to your domain’s DNS zone verifies that you own the domain. For demonstration purposes, we use the Lightsail DNS zone. However, the steps might be similar for other DNS zones typically hosted by domain registrars. **Note** To learn more about how to create a Lightsail DNS zone for your domain, see [ Creating a DNS zone to manage your domain’s DNS records in Lightsail ](lightsail-how-to-create-dns-entry.md) . **To add TXT records to your domain’s DNS zone in Lightsail** 1. In the left navigation pane, choose the **Domains & DNS**. 1. Under the **DNS zones** section of the page, choose the DNS Zone for the domain that you specified in the Certbot certificate request. 1. In the DNS zone editor, choose **DNS records**. 1. Choose **Add record**. 1. In the **Record type** drop-down menu, choose **TXT record**. 1. Enter the values specified by the Let’s Encrypt certificate request into the **Record name** and **Responds with** fields. **Note** The Lightsail console pre-populates the apex portion of your domain. For example, if you want to add the `_acme-challenge.example.com` subdomain, then you only have to enter `_acme-challenge` into the text box, and Lightsail adds the `.example.com` portion for you when you save the record. 1. Choose **Save**. 1. Repeat steps 4 through 7 to add the second set of TXT records specified by the Let’s Encrypt certificate request. 1. Keep the Lightsail console browser window open—you return to it later in this tutorial. Continue to the [ next section ](#confirm-the-text-records-have-propagated-lets-encrypt) of this tutorial. ## Step 5: Confirm that the TXT records have propagated Use the MxToolbox utility to confirm that the TXT records have propagated to the Internet’s DNS. DNS record propagation might take a while depending on your DNS hosting provider, and the configured time to live (TTL) for your DNS records. It is important that you complete this step, and confirm that your TXT records have propagated, before continuing your Certbot certificate request. Otherwise, your certificate request fails. **To confirm the TXT records have propagated to the Internet’s DNS** 1. Open a new browser window and go to [https://mxtoolbox.com/TXTLookup.aspx](https://mxtoolbox.com/TXTLookup.aspx) . 1. Enter the following text into the text box. Be sure to replace `domain` with your domain. ``` _acme-challenge.domain ``` Example: ``` _acme-challenge.example.com ``` ![\[MxToolbox TXT record lookup.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/mxtoolbox-text-record-lookup.png) 1. Choose **TXT Lookup** to run the check. 1. One of the following responses occurs: + If your TXT records have propagated to the Internet’s DNS, you see a response similar to the one shown in the following screenshot. Close the browser window and continue to the [next section](#complete-the-lets-encrypt-certificate-request-nginx) of this tutorial. ![\[Confirmation that TXT records propagated.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/mxtoolbox-propagated-text-record-lookup.png) + If your TXT records have not propagated to the Internet’s DNS, you see a **DNS Record not found** response. Confirm that you added the correct DNS records to your domains’ DNS zone. If you added the correct records, wait a while longer to let your domain’s DNS records propagate, and run the TXT lookup again. ## Step 6: Complete the Let’s Encrypt SSL certificate request Go back to the Lightsail browser-based SSH session for your instance and complete the Let’s Encrypt certificate request. Certbot saves your SSL certificate, chain, and key files to a specific directory on your instance. **To complete the Let’s Encrypt SSL certificate request** 1. In the Lightsail browser-based SSH session for your instance, press **Enter** to continue your Let’s Encrypt SSL certificate request. If successful, a response similar to the one shown in the following screenshot appears: ![\[Successful Let’s Encrypt certificate request.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/certificate-request-success.png) The message confirms that your certificate, chain, and key files are stored in the `/etc/letsencrypt/live/domain/` directory. Make sure to replace `domain` with your domain, such as `/etc/letsencrypt/live/example.com/`. 1. Make note of the expiration date specified in the message. You use it to renew your certificate by that date. ![\[Let’s Encrypt certificate renewal date.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/certificate-renewal-date.png) ## Step 7: Update SSL configuration in NGINX and redirect traffic from HTTP to HTTPS **To update the SSL configuration in NGINX's default.conf** 1. In the SSH session for your Nginx instance, enter the following command to stop the underlying services: ``` sudo systemctl stop nginx sudo systemctl stop mariadb sudo systemctl stop php8.2-fpm ``` You should see a response similar to the following: ![\[Nginx instance services stopped.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/nginx-stop-services.png) 1. Enter the following command to set an environment variable for your domain. You can more efficiently copy and paste commands to link the certificate files. Be sure to replace `domain` with the name of your registered domain. ``` DOMAIN=domain ``` Example: ``` DOMAIN=example.com ``` 1. Enter the following command to confirm the variables return the correct values: ``` echo $DOMAIN ``` You should see a result similar to the following: ![\[Confirm the domain environment variable.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/confirm-domain-variable.png) 1. Run the command below to change the SSL configuration: ``` sudo sed \ -i -e "s|ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem|ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem|g" \ -i -e "s|ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key|ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem|g" \ /etc/nginx/conf.d/default.conf ``` 1. After overwriting the `default.conf` file, run the commands below to check the configuration and restart NGINX ``` sudo nginx -t sudo systemctl restart nginx sudo systemctl restart mariadb sudo systemctl restart php8.2-fpm ``` You should see a result similar to the following: ![\[Nginx instance services started.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/nginx-start-services.png) Your Nginx instance is now configured to use SSL encryption and traffic is redirected from HTTP to HTTPS ## Step 8: Renew the Let’s Encrypt certificates every 90 days Let’s Encrypt certificates are valid for 90 days. Certificates can be renewed 30 days before they expire. To renew the Let’s Encrypt certificate, repeat [ Step 3: Request a Let’s Encrypt SSL wildcard certificate ](#request-a-lets-encrypt-certificate-nginx) . ------ # Secure your Lightsail WordPress instance with free Let's Encrypt SSL certificates WordPress Let's Encrypt certificate **Tip** Amazon Lightsail offers a guided workflow that automates the installation and configuration of a Let's Encrypt certificate on your WordPress instance. We highly recommend that you use the workflow instead of following the manual steps in this tutorial. For more information, see [Launch and configure a WordPress instance](amazon-lightsail-tutorial-launching-and-configuring-wordpress.md). Lightsail makes it easy to secure your websites and applications with SSL/TLS using Lightsail load balancers. However, using a Lightsail load balancer might not generally be the right choice. Perhaps your site doesn't need the scalability or fault tolerance that load balancers provide, or maybe you're optimizing for cost. In the latter case, you might consider using Let's Encrypt to obtain a free SSL certificate. If so, that's no problem. You can integrate those certificates with Lightsail instances. With this guide, you will learn how to request a Let’s Encrypt wildcard certificate using Certbot, and integrate it with your WordPress instance using the Really Simple SSL plugin. + The Linux distribution used by Bitnami instances changed from Ubuntu to Debian in July, 2020. Because of this change, some of the steps in this tutorial will differ depending on the Linux distribution of your instance. All Bitnami blueprint instances created after the change use the Debian Linux distribution. Instances created before the change will continue to use the Ubuntu Linux distribution. To check the distribution of your instance, run the `uname -a `command. The response will show either Ubuntu or Debian as your instance's Linux distribution. + Bitnami has modified the file structure for many of their stacks. The file paths in this tutorial may change depending on whether your Bitnami stack uses native Linux system packages (Approach A), or if it is a self-contained installation (Approach B). To identify your Bitnami installation type and which approach to follow, run the following command: `test ! -f "/opt/bitnami/common/bin/openssl" && echo "Approach A: Using system packages." || echo "Approach B: Self-contained installation."` **Contents** + [Before getting started](#lets-encrypt-certificates-wordpress-before-getting-started) + [Step 1: Complete the prerequisites](#complete-the-prerequisites-lets-encrypt-wordpress) + [Step 2: Install Certbot on your Lightsail instance](#install-certbot-on-your-instance-wordpress) + [Step 3: Request a Let’s Encrypt SSL wildcard certificate](#request-a-lets-encrypt-certificate-wordpress) + [Step 4: Add TXT records to your domain’s DNS zone](#add-a-text-record-to-your-domains-dns-zone-lets-encrypt-wordpress) + [Step 5: Confirm that the TXT records have propagated](#confirm-the-text-records-have-propagated-lets-encrypt-wordpress) + [Step 6: Complete the Let’s Encrypt SSL certificate request](#complete-the-lets-encrypt-certificate-request-wordpress) + [Step 7: Create links to the Let’s Encrypt certificate files in the Apache server directory](#link-the-lets-encrypt-certificate-files-in-the-apache-directory-wordpress) + [Step 8: Integrate the SSL certificate with your WordPress site using the Really Simple SSL plug-in](#integrate-certificates-with-wordpress-using-really-simple-ssl-plugin) + [Step 9: Renew the Let's Encrypt certificates every 90 days](#renew-a-lets-encrypt-certificate-wordpress) ## Before getting started You should consider the following before getting started with this tutorial: **Use the Bitnami HTTPS configuration (`bncert`) tool instead** The steps outlined in this tutorial show you how to implement an SSL/TLS certificate using a manual process. However, Bitnami offers a more automated process that uses the Bitnami HTTPS configuration (`bncert`) tool that is typically pre-installed on WordPress instances in Lightsail. We highly recommend that you use that tool instead of following the manual steps in this tutorial. This tutorial was written before the `bncert` tool became available. For more information about using the `bncert` tool, see [Enabling HTTPS on your WordPress instance in Amazon Lightsail](amazon-lightsail-enabling-https-on-wordpress.md). **Identify the Linux distribution of your WordPress instance** The Linux distribution used by Bitnami instances changed from Ubuntu to Debian in July, 2020. All Bitnami blueprint instances created after the change use the Debian Linux distribution. Instances created before the change will continue to use the Ubuntu Linux distribution. Because of this change, some of the steps in this tutorial will differ depending on the Linux distribution of your instance. You must identify the Linux distribution of your instance so that you know which steps in this tutorial to use. To identify the Linux distribution of your instance, run the `uname -a `command. The response will show either Ubuntu or Debian as your instance's Linux distribution. **Identify the tutorial approach that applies to your instance** Bitnami is in the process of modifying the file structure for many of their stacks. The file paths in this tutorial may change depending on whether your Bitnami stack uses native Linux system packages (Approach A), or if it is a self-contained installation (Approach B). To identify your Bitnami installation type and which approach to follow, run the following command: `test ! -f "/opt/bitnami/common/bin/openssl" && echo "Approach A: Using system packages." || echo "Approach B: Self-contained installation."` ## Step 1: Complete the prerequisites Complete the following prerequisites if you haven’t already done so: + Create a WordPress instance in Lightsail. To learn more, see [Create an instance](how-to-create-amazon-lightsail-instance-virtual-private-server-vps.md). + Register a domain name, and get administrative access to edit its DNS records. To learn more, see [DNS](understanding-dns-in-amazon-lightsail.md). We recommend that you manage your domain’s DNS records using a Lightsail DNS zone. To learn more, see [Create a DNS zone to manage your domain’s DNS records](lightsail-how-to-create-dns-entry.md). + Use the browser-based SSH terminal in the Lightsail console to perform the steps in this tutorial. However, you can also use your own SSH client, such as PuTTY. To learn more about configuring PuTTY, see [Download and set up PuTTY to connect using SSH in Amazon Lightsail](lightsail-how-to-set-up-putty-to-connect-using-ssh.md). After you've completed the prerequisites, continue to the [next section](#install-certbot-on-your-instance-wordpress) of this tutorial. ## Step 2: Install Certbot on your Lightsail instance Certbot is a client used to request a certificate from Let’s Encrypt and deploy it to a web server. Let's Encrypt uses the ACME protocol to issue certificates, and Certbot is an ACME-enabled client that interacts with Let's Encrypt. **To install Certbot on your Lightsail instance** 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. In the left navigation pane, choose the SSH quick connect icon for the instance that you want to connect to. ![\[SSH quick connect on the Lightsail home page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-ssh-quick-connect.png) 1. After your Lightsail browser-based SSH session is connected, enter the following command to update the packages on your instance: ``` sudo apt-get update ``` ![\[Update the packages on your instance.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-ssh-lets-encrypt-update-packages.png) 1. Enter the following command to install the software properties package. Certbot’s developers use a Personal Package Archive (PPA) to distribute Certbot. The software properties package makes it more efficient to work with PPAs. ``` sudo apt-get install software-properties-common ``` **Note** If you encounter a `Could not get lock` error when running the `sudo apt-get install` command, please wait approximately 15 minutes and try again. This error may be caused by a cron job that is using the Apt package management tool to install unattended upgrades. 1. Enter the following commands to install the GPG package, and add Certbot to the local apt repository: **Note** Step 5 applies only to instances that use the Ubuntu Linux distribution. Skip this step if your instance uses the Debian Linux distribution. ``` sudo apt-get install gpg -y ``` ``` sudo apt-add-repository ppa:certbot/certbot -y ``` 1. Enter the following command to update apt to include the new repository: ``` sudo apt-get update -y ``` 1. Enter the following command to install Certbot: ``` sudo apt-get install certbot -y ``` Certbot is now installed on your Lightsail instance. 1. Keep the browser-based SSH terminal window open—you return to it later in this tutorial. Continue to the [next section](#request-a-lets-encrypt-certificate-wordpress) of this tutorial. ## Step 3: Request a Let’s Encrypt SSL wildcard certificate Begin the process of requesting a certificate from Let’s Encrypt. Using Certbot, request a wildcard certificate, which lets you use a single certificate for a domain and its subdomains. For example, a single wildcard certificate works for the `example.com` top-level domain, and the `blog.example.com`, and `stuff.example.com` subdomains. **To request a Let’s Encrypt SSL wildcard certificate** 1. In the same browser-based SSH terminal window used in [step 2](#install-certbot-on-your-instance-wordpress) of this tutorial, enter the following commands to set an environment variable for your domain. You can now more efficiently copy and paste commands to obtain the certificate. Be sure to replace `domain` with the name of your registered domain. ``` DOMAIN=domain ``` ``` WILDCARD=*.$DOMAIN ``` Example: ``` DOMAIN=example.com ``` ``` WILDCARD=*.$DOMAIN ``` 1. Enter the following command to confirm the variables return the correct values: ``` echo $DOMAIN && echo $WILDCARD ``` You should see a result similar to the following: ![\[Confirm the domain environment variables.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/bitnami-confirm-variables.png) 1. Enter the following command to start Certbot in interactive mode. This command tells Certbot to use a manual authorization method with DNS challenges to verify domain ownership. It requests a wildcard certificate for your top-level domain, as well as its subdomains. ``` sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly ``` 1. Enter your email address when prompted, because it’s used for renewal and security notices. 1. Read the Let’s Encrypt terms of service. When done, press A if you agree. If you disagree, you cannot obtain a Let’s Encrypt certificate. 1. Respond accordingly to the prompt to share your email address and to the warning about your IP address being logged. 1. Let’s Encrypt now prompts you to verify that you own the domain specified. You do this by adding TXT records to the DNS records for your domain. A set of TXT record values are provided as shown in the following example: **Note** Let's Encrypt may provide a single or multiple TXT records that you must use for verification. In this example, we were provided with two TXT records to use for verification. ![\[TXT records for Let's Encrypt certificates.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/ssh/lets-encrypt-text-records.png) 1. Keep the Lightsail browser-based SSH session open—you return to it later in this tutorial. Continue to the [next section](#add-a-text-record-to-your-domains-dns-zone-lets-encrypt-wordpress) of this tutorial. ## Step 4: Add TXT records to your domain’s DNS zone Adding a TXT record to your domain’s DNS zone verifies that you own the domain. For demonstration purposes, we use the Lightsail DNS zone. However, the steps might be similar for other DNS zones typically hosted by domain registrars. **Note** To learn more about how to create a Lightsail DNS zone for your domain, see [Creating a DNS zone to manage your domain’s DNS records in Lightsail](lightsail-how-to-create-dns-entry.md). **To add TXT records to your domain’s DNS zone in Lightsail** 1. In the left navigation pane, choose **Domains & DNS**. 1. Under the **DNS zones** section of the page, choose the DNS Zone for the domain that you specified in the Certbot certificate request. 1. In the DNS zone editor, choose **DNS records**. 1. Choose **Add record**. 1. In the **Record type** drop-down menu, choose **TXT record**. 1. Enter the values specified by the Let’s Encrypt certificate request into the **Record name** and **Responds with** fields. **Note** The Lightsail console pre-populates the apex portion of your domain. For example, if you want to add the `_acme-challenge.example.com` subdomain, then you only have to enter `_acme-challenge` into the text box, and Lightsail adds the `.example.com` portion for you when you save the record. 1. Choose **Save**. 1. Repeat steps 4 through 7 to add the second set of TXT records specified by the Let’s Encrypt certificate request. 1. Keep the Lightsail console browser window open—you return to it later in this tutorial. Continue to the [next section](amazon-lightsail-using-lets-encrypt-certificates-with-lamp.md#confirm-the-text-records-have-propagated-lets-encrypt-lamp) of this tutorial. ## Step 5: Confirm that the TXT records have propagated Use the MxToolbox utility to confirm that the TXT records have propagated to the Internet’s DNS. DNS record propagation might take a while depending on your DNS hosting provider, and the configured time to live (TTL) for your DNS records. It is important that you complete this step, and confirm that your TXT records have propagated, before continuing your Certbot certificate request. Otherwise, your certificate request fails. **To confirm the TXT records have propagated to the Internet’s DNS** 1. Open a new browser window and go to [https://mxtoolbox.com/TXTLookup.aspx](https://mxtoolbox.com/TXTLookup.aspx). 1. Enter the following text into the text box. Be sure to replace `domain` with your domain. ``` _acme-challenge.domain ``` Example: ``` _acme-challenge.example.com ``` ![\[MXToolbox TXT record lookup.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/mxtoolbox-text-record-lookup.png) 1. Choose **TXT Lookup** to run the check. 1. One of the following responses occurs: + If your TXT records have propagated to the Internet’s DNS, you see a response similar to the one shown in the following screenshot. Close the browser window and continue to the [next section](#complete-the-lets-encrypt-certificate-request-wordpress) of this tutorial. ![\[Confirmation that TXT records propagated.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/mxtoolbox-propagated-text-record-lookup.png) + If your TXT records have not propagated to the Internet’s DNS, you see a **DNS Record not found** response. Confirm that you added the correct DNS records to your domains’ DNS zone. If you added the correct records, wait a while longer to let your domain’s DNS records propagate, and run the TXT lookup again. ## Step 6: Complete the Let’s Encrypt SSL certificate request Go back to the Lightsail browser-based SSH session for your WordPress instance and complete the Let’s Encrypt certificate request. Certbot saves your SSL certificate, chain, and key files to a specific directory on your WordPress instance. **To complete the Let’s Encrypt SSL certificate request** 1. In the Lightsail browser-based SSH session for your WordPress instance, press **Enter** to continue your Let’s Encrypt SSL certificate request. If successful, a response similar to the one shown in the following screenshot appears: ![\[Successful Let's Encrypt certificate request.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/bitnami-certificate-request-success.png) The message confirms that your certificate, chain, and key files are stored in the `/etc/letsencrypt/live/domain/` directory. Make sure to replace `domain` with your domain, such as `/etc/letsencrypt/live/example.com/`. 1. Make note of the expiration date specified in the message. You use it to renew your certificate by that date. ![\[Let's Encrypt certificate renewal date.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/certificate-renewal-date.png) 1. Now that you have the Let’s Encrypt SSL certificate, continue to the [next section](#link-the-lets-encrypt-certificate-files-in-the-apache-directory-wordpress) of this tutorial. ## Step 7: Create links to the Let’s Encrypt certificate files in the Apache server directory Create links to the Let’s Encrypt SSL certificate files in the Apache server directory on your WordPress instance. Also, back up your existing certificates, in case you need them later. **To create links to the Let’s Encrypt certificate files in the Apache server directory** 1. In the Lightsail browser-based SSH session for your WordPress instance, enter the following command to stop the underlying services: ``` sudo /opt/bitnami/ctlscript.sh stop ``` You should see a response similar to the following: ![\[Instance services stopped.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-ssh-stop-services.png) 1. Enter the following command to set an environment variable for your domain. You can more efficiently copy and paste commands to link the certificate files. Be sure to replace `domain` with the name of your registered domain name. ``` DOMAIN=domain ``` Example: ``` DOMAIN=example.com ``` 1. Enter the following command to confirm the variables return the correct values: ``` echo $DOMAIN ``` You should see a result similar to the following: ![\[Confirm the domain environment variable.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/lets-encrypt/bitnami-confirm-domain-variable.png) 1. Enter the following commands individually to rename your existing certificate files as backups. Refer to the **Important** block at the beginning of this tutorial for information about the different distributions and file structures. + For Debian Linux distributions Approach A (Bitnami installations using system packages): ``` sudo mv /opt/bitnami/apache2/conf/bitnami/certs/server.crt /opt/bitnami/apache2/conf/bitnami/certs/server.crt.old ``` ``` sudo mv /opt/bitnami/apache2/conf/bitnami/certs/server.key /opt/bitnami/apache2/conf/bitnami/certs/server.key.old ``` Approach B (Self-contained Bitnami installations): ``` sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old ``` ``` sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old ``` + For older instances that use the Ubuntu Linux distribution: ``` sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.crt /opt/bitnami/apache/conf/bitnami/certs/server.crt.old ``` ``` sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.key /opt/bitnami/apache/conf/bitnami/certs/server.key.old ``` ``` sudo mv /opt/bitnami/apache/conf/bitnami/certs/server.csr /opt/bitnami/apache/conf/bitnami/certs/server.csr.old ``` 1. Enter the following commands individually to create links to your Let’s Encrypt certificate files in the Apache directory. Refer to the **Important** block at the beginning of this tutorial for information about the different distributions and file structures. + For Debian Linux distributions Approach A (Bitnami installations using system packages): ``` sudo ln -sf /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache2/conf/bitnami/certs/server.key ``` ``` sudo ln -sf /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/bitnami/certs/server.crt ``` Approach B (Self-contained Bitnami installations): ``` sudo ln -sf /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache2/conf/server.key ``` ``` sudo ln -sf /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/server.crt ``` + For older instances that use the Ubuntu Linux distribution: ``` sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache/conf/bitnami/certs/server.key ``` ``` sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache/conf/bitnami/certs/server.crt ``` 1. Enter the following command to start the underlying services that you had stopped earlier: ``` sudo /opt/bitnami/ctlscript.sh start ``` You should see a result similar to the following: ![\[Instance services started.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-ssh-start-services.png) The SSL certificate files for your WordPress instance are now in the correct directory. 1. Continue to the [next section](#integrate-certificates-with-wordpress-using-really-simple-ssl-plugin) of this tutorial. ## Step 8: Integrate the SSL certificate with your WordPress site using the Really Simple SSL plug-in Install the Really Simple SSL plug-in to your WordPress site, and use it to integrate the SSL certificate. Really Simple SSL also configures HTTP to HTTPS redirection to ensure that users who visit your site are always on the HTTPS connection. **To integrate the SSL certificate with your WordPress site using the Really Simple SSL plug-in** 1. In the Lightsail browser-based SSH session for your WordPress instance, enter the following command to set your `wp-config.php` and `htaccess.conf` files to be writeable. The Really Simple SSL plug-in will write to the wp-config.php file to configure your certificates. + For newer instances that use the Debian Linux distribution: ``` sudo chmod 666 /opt/bitnami/wordpress/wp-config.php && sudo chmod 666 /opt/bitnami/apache/conf/vhosts/htaccess/wordpress-htaccess.conf ``` + For older instances that use the Ubuntu Linux distribution: ``` sudo chmod 666 /opt/bitnami/apps/wordpress/htdocs/wp-config.php && sudo chmod 666 /opt/bitnami/apps/wordpress/conf/htaccess.conf ``` 1. Open a new browser window and sign in to the administration dashboard of your WordPress instance. **Note** For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md). 1. Choose **Plugins** from the left navigation pane. 1. Choose **Add New** from the top of the Plugins page. ![\[Add a new plug-in in WordPress.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-add-new-plugin.png) 1. Search for **Really Simple SSL**. 1. Choose **Install Now** next to the Really Simple SSL plug-in in the search results. ![\[The Really Simple SSL plug-in for WordPress.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-really-simple-ssl-plugin.png) 1. After it’s done installing, choose **Activate**. 1. In the prompt that appears, choose **Go ahead, activate SSL\$1** You may be redirected to the sign in page for the administration dashboard of your WordPress instance. Your WordPress instance is now configured to use SSL encryption. Additionally, your WordPress instance is now configured to automatically redirect connections from HTTP to HTTPS. When a visitor goes to `http://example.com`, they are automatically redirected to the encrypted HTTPS connection (i.e., `https://example.com`). ## Step 9: Renew the Let's Encrypt certificates every 90 days Let’s Encrypt certificates are valid for 90 days. Certificates can be renewed 30 days before they expire. To renew the Let's Encrypt certificates, run the original command used to obtain them. Repeat the steps in the [Request a Let’s Encrypt SSL wildcard certificate](#request-a-lets-encrypt-certificate-wordpress) section of this tutorial. Follow the step-by-step instructions for your specific instance type. Each topic provides detailed commands and configuration steps tailored to the Linux distribution (Ubuntu or Debian) and Bitnami installation type (system packages or self-contained) of your instance. By following this topic, you can secure your Lightsail websites and applications with free SSL/TLS certificates from Let's Encrypt, ensuring encrypted communication and improved security for your visitors. # Configure IPv6 networking for Lightsail instances IPv6 networking This section covers the following topics related to configuring IPv6 on Lightsail instance blueprints: **Topics** + [ # Configure IPv6 connectivity for cPanel instances in Lightsail ](amazon-lightsail-configure-ipv6-on-cpanel.md) + [ # Configure IPv6 connectivity for GitLab instances in Lightsail ](amazon-lightsail-configure-ipv6-on-gitlab.md) + [ # Configure IPv6 connectivity for Nginx instances in Lightsail ](amazon-lightsail-configure-ipv6-on-nginx.md) + [ # Configure IPv6 connectivity for Plesk instances in Lightsail ](amazon-lightsail-configure-ipv6-on-plesk.md) # Configure IPv6 connectivity for cPanel instances in Lightsail IPv6 for cPanel and WHM All instances in Amazon Lightsail have a public and a private IPv4 address assigned to them by default. You can optionally enable IPv6 for your instances to have a public IPv6 address assigned to them. For more information, see [Amazon Lightsail IP addresses ](understanding-public-ip-and-private-ip-addresses-in-amazon-lightsail.md) and [Enable or disable IPv6](amazon-lightsail-enable-disable-ipv6.md). After you enable IPv6 for an instance that uses the cPanel & WHM blueprint, you must perform an additional set of steps to make the instance aware of its IPv6 address. In this guide, we show you the additional steps that you must perform for cPanel & WHM instances. ## Prerequisites Complete the following prerequisites if you haven't already: + Create an cPanel & WHM instance in Lightsail. For more information, see [Create an instance](how-to-create-amazon-lightsail-instance-virtual-private-server-vps.md). + Configure your cPanel & WHM instance. For more information, see [Quick start guide: cPanel & WHM on Amazon Lightsail](amazon-lightsail-quick-start-guide-cpanel.md). **Important** Make sure that all software updates and required system reboots are performed before continuing with the steps in this guide. + Enable IPv6 for your cPanel & WHM instance. For more information, see [Enable or disable IPv6](amazon-lightsail-enable-disable-ipv6.md). **Note** New cPanel & WHM instances created on or after January 12, 2021, have IPv6 enabled by default when they are created in the Lightsail console. You must complete the following steps in this guide to configure IPv6 on your instance even if IPv6 was enabled by default when you created your instance. ## Configure IPv6 on a cPanel & WHM instance Complete the following procedure to configure IPv6 on a cPanel & WHM instance in Lightsail. 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. In the **Instances** section of the Lightsail home page, locate the cPanel & WHM instance that you wish to configure, and choose the browser-based SSH client icon to connect to it using SSH. ![\[Browser-based SSH client icon in the Lightsail home page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-cpanel-ssh-quick-connect.png) 1. After you're connected to your instance, enter the following command to open the `ifcfg-eth0` network interface configuration file using Nano. ``` sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0 ``` 1. Add the following lines of text to the file if they are not already there. ``` IPV6INIT=yes IPV6_AUTOCONF=yes DHCPV6C=yes ``` The result should look like the following example. ![\[Network interfaces configuration file on the instance.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-cpanel-network-interface-configuration-file.png) 1. Press **CTRL\$1C** on your keyboard to exit the file. 1. Press **Y** when prompted to save the modified buffer, then press **Enter** to save to the existing file. This saves the edits you made to the `ifcfg-eth0` network interface configuration file. 1. Close the browser-based SSH window and toggle back to the Lightsail console. 1. In the **Instances** section of the Lightsail home page, choose the actions menu (⋮) for the cPanel & WHM instance, and choose **Reboot**. ![\[Instance reboot option on the Lightsail home page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-cpanel-instance-reboot.png) Wait a few minutes for your instance to be done rebooting before continuing to the next step. 1. In the **Instances** section of the Lightsail home page, make note of the IPv6 address assigned to your cPanel & WHM instance. ![\[Instance IPv6 address on the Lightsail home page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-cpanel-ipv6-address.png) 1. Open a new browser tab, and sign in to the Web Host Manager (WHM) of your cPanel & WHM instance. 1. In the left navigation pane of the WHM console, choose **Basic WebHost Manager Setup**. ![\[Basic WebHost Manager Setup option in the navigation pane.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-cpanel-basic-webhost-manager-menu-option.png) 1. In the **All** tab, find the text for the **IPv6 address to use**, then enter the IPv6 address assigned to your instance. You should have made note of the IPv6 address assigned to your instance from step 9 of this procedure. ![\[IPv6 address of the instance.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-cpanel-ipv6-address-entry.png) 1. Scroll to the bottom for the page and choose **Save Changes**. 1. In the left navigation pane of the WHM console, choose **Tweak Settings**. ![\[Tweak settings option in the navigation pane.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-cpanel-tweak-settings.png) 1. In the **All** tab, scroll down to find the **Listen on IPv6 Addresses** setting, and set it to **On**. ![\[Listen to IPv6 address option.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-cpanel-listen-to-ipv6-addresses.png) 1. Scroll to the bottom for the page and choose **Save**. 1. Toggle back to the Lightsail console. 1. In the **Instances** section of the Lightsail home page, choose the actions menu (⋮) for the cPanel & WHM instance, and choose **Reboot**. ![\[Instance reboot option on the Lightsail home page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-cpanel-instance-reboot.png) Wait a few minutes for your instance to be done rebooting before continuing to the next step. 1. Choose the browser-based SSH client icon for the cPanel & WHM instance to connect to it using SSH. ![\[Browser-based SSH client icon in the Lightsail home page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-cpanel-ssh-quick-connect.png) 1. After you're connected to your instance, enter the following command to view the IP addresses configured on your instance, and confirm that it is now recognizing its assigned IPv6 address. ``` ip addr ``` You will see a response similar to the following example. If your instance does recognize its IPv6 address, then you will see it listed in the response with a label of **scope global** as shown in this example. ![\[IPv6 configured on the instance.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-cpanel-ssh-ip-addr-ipv6-configured.png) 1. Enter the following command to confirm that your instance is able to ping an IPv6 address. ``` ping6 ipv6.google.com -c 6 ``` The result should look like the following example, which confirms that your instance is able to ping IPv6 addresses. ![\[Ping6 result.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-cpanel-ssh-ping6-result.png) # Configure IPv6 connectivity for GitLab instances in Lightsail IPv6 for GitLab All instances in Amazon Lightsail have a public and a private IPv4 address assigned to them by default. You can optionally enable IPv6 for your instances to have a public IPv6 address assigned to them. For more information, see [Amazon Lightsail IP addresses ](understanding-public-ip-and-private-ip-addresses-in-amazon-lightsail.md) and [Enable or disable IPv6](amazon-lightsail-enable-disable-ipv6.md). After you enable IPv6 for an instance that uses the GitLab blueprint, you must perform an additional set of steps to make the instance aware of its IPv6 address. In this guide, we show you the additional steps that you must perform for GitLab instances. ## Prerequisites Complete the following prerequisites if you haven't already: + Create a GitLab instance in Lightsail. For more information, see [Create an instance](how-to-create-amazon-lightsail-instance-virtual-private-server-vps.md). + Enable IPv6 for your GitLab instance. For more information, see [Enable or disable IPv6](amazon-lightsail-enable-disable-ipv6.md). **Note** New GitLab instances created on or after January 12, 2021, have IPv6 enabled by default when they are created in the Lightsail console. You must complete the following steps in this guide to configure IPv6 on your instance even if IPv6 was enabled by default when you created your instance. ## Configure IPv6 on a GitLab instance Complete the following procedure to configure IPv6 on a GitLab instance in Lightsail. 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. In the **Instances** section of the Lightsail home page, locate the GitLab instance that you wish to configure, and choose the browser-based SSH client icon to connect to it using SSH. ![\[Browser-based SSH client in the Lightsail home page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-gitlab-ssh-quick-connect.png) 1. After you're connected to your instance, enter the following command to view the IP addresses configured on your instance. ``` ip addr ``` You will see a response similar to one of the following examples: + If your instance does not recognize its IPv6 address, then you will not see it listed in the response. You should continue to complete steps 4 through 9 of this procedure. ![\[IPv6 not configured on the instance.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-gitlab-ssh-ip-addr-ipv6-not-configured.png) + If your instance does recognize its IPv6 address, then you will see it listed in the response with a `scope global` as shown in this example. You should stop here; you do not need to complete steps 4 through 9 of this procedure because your instance is already configure to recognize its IPv6 address. ![\[IPv6 configured on the instance.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-gitlab-ssh-ip-addr-ipv6-configured.png) 1. Toggle back to the Lightsail console. 1. In the **Instances** section of the Lightsail home page, choose the actions menu (⋮) for the GitLab instance, and choose **Reboot**. ![\[Instance reboot option on the Lightsail home page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-gitlab-instance-reboot.png) Wait a few minutes for your instance to be done rebooting before continuing to the next step. 1. Toggle back to the SSH session of your GitLab instance. 1. Enter the following command to view the IP addresses configured on your instance, and confirm that it is now recognizing its assigned IPv6 address. ``` ip addr ``` You will see a response similar to the following example. If your instance does recognize its IPv6 address, then you will see it listed in the response with a label of `scope global` as shown in this example. ![\[IPv6 configured on the instance.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-gitlab-ssh-ip-addr-ipv6-configured.png) # Configure IPv6 connectivity for Nginx instances in Lightsail IPv6 for Nginx All instances in Amazon Lightsail have a public and a private IPv4 address assigned to them by default. You can optionally enable IPv6 for your instances to have a public IPv6 address assigned to them. For more information, see [Amazon Lightsail IP addresses](understanding-public-ip-and-private-ip-addresses-in-amazon-lightsail.md) and [Enable or disable IPv6](amazon-lightsail-enable-disable-ipv6.md). After you enable IPv6 for an instance that uses the Nginx blueprint, you must perform an additional set of steps to make the instance aware of its IPv6 address. In this guide, we show you the additional steps that you must perform for Nginx instances. ## Prerequisites Complete the following prerequisites if you haven't already: + Create an Nginx instance in Lightsail. For more information, see [Create an instance](how-to-create-amazon-lightsail-instance-virtual-private-server-vps.md). + Enable IPv6 for your Nginx instance. For more information, see [Enable or disable IPv6](amazon-lightsail-enable-disable-ipv6.md). **Note** New Nginx instances created on or after January 12, 2021, have IPv6 enabled by default when they are created in the Lightsail console. You must complete the following steps in this guide to configure IPv6 on your instance even if IPv6 was enabled by default when you created your instance. ## Configure IPv6 on a Nginx instance Complete the following procedure to configure IPv6 on a Nginx instance in Lightsail. 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. In the **Instances** section of the Lightsail home page, locate the Ubuntu instance that you wish to configure, and choose the browser-based SSH client icon to connect to it using SSH. ![\[Browser-based SSH client icon in the Lightsail home page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/resource_cards/nginx-ssh-quick-connect.png) 1. After you're connected to your instance, enter the following command to determine if your instance is listening to IPv6 requests over port 80. Be sure to replace ** with the IPv6 address assigned to your instance. ``` curl -g -6 'http://[]' ``` Example: ``` curl -g -6 'http://[2001:0db8:85a3:0000:0000:8a2e:0370:7334]' ``` You will see a response similar to one of the following examples: + If your instance is not listening to IPv6 requests over port 80, then you will see a response with a **Failed to connect** error message. You should continue to complete steps 4 through 9 of this procedure. ![\[IPv6 not configured on the instance.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-nginx-ssh-curl-result-not-configured.png) + If your instance is listening to IPv6 requests over port 80, then you will see a response with the HTML code of the home page of your instance as shown in the following example. You should stop here; you do not need to complete steps 4 through 9 of this procedure because your instance is already configure to for IPv6. ![\[IPv6 configured on the instance.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-nginx-ssh-curl-result-configured.png) 1. Enter the following command to open the nginx.conf configuration file using Vim. ``` sudo vim /opt/bitnami/nginx/conf/nginx.conf ``` 1. Press `I` to enter insert mode in Vim. 1. Add the following text below the `listen 80;` text that is already in the file. You might need to scroll down in Vim to see the section where you need to add the text. ``` listen [::]:80; ``` The file will look like the following when done: ![\[Nginx configuration file on the instance.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-nginx-ssh-nginx-conf-file.png) 1. Press the **Esc** key to exit insert mode in Vim, then type `:wq!` and press **Enter** to save your edits (write) and quit Vim. 1. Enter the following command to restart the services of your instance. ``` sudo /opt/bitnami/ctlscript.sh restart ``` 1. Enter the following command to determine if your instance is listening to IPv6 requests over port 80. Be sure to replace ** with the IPv6 address assigned to your instance. ``` curl -g -6 'http://[]' ``` Example: ``` curl -g -6 'http://[2001:0db8:85a3:0000:0000:8a2e:0370:7334]' ``` You will see a response similar to the following example. If your instance is listening to IPv6 requests over port 80, then you will see a response with the HTML code of the home page of your instance. ![\[IPv6 configured on the instance.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-nginx-ssh-curl-result-configured.png) # Configure IPv6 connectivity for Plesk instances in Lightsail IPv6 for Plesk You must perform an additional set of steps to make an instance that uses the Plesk blueprint aware of its IPv6 address. In this guide, we show you the additional steps that you must perform for Plesk instances. ## Prerequisites Complete the following prerequisites if you haven't already: + Create an Plesk instance in Lightsail. For more information, see [Create an instance](how-to-create-amazon-lightsail-instance-virtual-private-server-vps.md). + Enable IPv6 for your Plesk instance. For more information, see [Enable or disable IPv6](amazon-lightsail-enable-disable-ipv6.md). **Note** Lightsail Plesk instances created on or after January 12, 2021, have IPv6 enabled by default. You must complete the following steps in this guide to configure IPv6 on your instance even if IPv6 was enabled by default when you created your instance. ## Configure IPv6 on a Plesk instance Complete the following procedure to configure IPv6 on a Plesk instance in Lightsail. 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. In the **Instances** section of the Lightsail home page, locate the Plesk instance that you wish to configure, and choose the browser-based SSH client icon to connect to it using SSH. ![\[Browser-based SSH client icon in the Lightsail home page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-plesk-ssh-quick-connect.png) 1. After you're connected to your instance, enter the following command to view the IP addresses configured on your instance. ``` ip addr ``` You will see a response similar to one of the following examples: + If your instance does not recognize its IPv6 address, then you will not see it listed in the response. You should continue to complete steps 4 through 7 of this procedure. ![\[IPv6 not configured on the instance.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-plesk-ssh-ip-addr-ipv6-not-configured.png) + If your instance does recognize its IPv6 address, then you will see it listed in the response with a `scope global` as shown in this example. You should stop here; you do not need to complete steps 4 through 7 of this procedure because your instance is already configured to recognize its IPv6 address. ![\[IPv6 configured on the instance.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-plesk-ssh-ip-addr-ipv6-configured.png) 1. Toggle back to the Lightsail console. 1. In the **Instances** section of the Lightsail home page, choose the actions menu (⋮) for the Plesk instance, and choose **Reboot**. ![\[Instance reboot option on the Lightsail home page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-plesk-instance-reboot.png) Wait a few minutes for your instance to be done rebooting before continuing to the next step. 1. Toggle back to the SSH session of your Plesk instance. 1. Enter the following command to view the IP addresses configured on your instance, and confirm that it is now recognizing its assigned IPv6 address. ``` ip addr ``` You will see a response similar to the following example. If your instance does recognize its IPv6 address, then you will see it listed in the response with a label of `scope global` as shown in this example. ![\[IPv6 configured on the instance.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-plesk-ssh-ip-addr-ipv6-configured.png) Follow the step-by-step instructions to learn how to configure IPv6 on your Lightsail instance blueprints. The guide covers various instance blueprints, including cPanel, GitLab, Nginx, and Plesk. The procedures involve connecting to your instance via SSH, modifying network configuration files, restarting services, and verifying that the instance recognizes its assigned IPv6 address. By following this guide, you can ensure that your Lightsail instances are properly configured to utilize both IPv4 and IPv6 addresses, enabling better connectivity and preparing your applications for the future of the internet. # Set up and configure the AWS CLI for Lightsail operations AWS CLI for Lightsail The AWS Command Line Interface (AWS CLI) is a tool that allows advanced users and developers to control the Amazon Lightsail service by typing commands in the terminal (on Linux and Unix) or Command Prompt (on Windows). You can also control Lightsail using the Lightsail console, a graphical user interface, and the Lightsail application program interface (API). **Tip** You can also use AWS CloudShell to manage your Lightsail resources by running AWS CLI commands without downloading or installing command line tools. CloudShell is a browser-based, pre-authenticated shell that you can launch directly from the Lightsail console. For more information, see [Manage Lightsail resources with AWS CloudShell](amazon-lightsail-cloudshell.md). **Topics** + [ ## Step 1: Install the AWS CLI ](#lightsail-install-the-cli) + [ ## Step 2: Create a new access key ](#set-up-access-keys-create-new-access-key) + [ ## Step 3: Configure the AWS CLI ](#set-up-access-keys-) + [ ## Next steps ](#set-up-access-keys-next-steps) ## Step 1: Install the AWS CLI You can install the AWS CLI on your local desktop or install it on your Lightsail instance. For more information about the AWS CLI, see [AWS Command Line Interface User Guide](https://docs.aws.amazon.com/cli/latest/userguide/). + To install the AWS CLI on your local desktop, see [Installing the AWS CLI](http://docs.aws.amazon.com/cli/latest/userguide/installing.html) in the AWS Command Line Interface documentation. + To install the AWS CLI on your Ubuntu-based Lightsail instance, connect to your instance, and type `sudo apt-get -y install awscli`. **Note** The AWS CLI should already be installed on the Amazon Linux Lightsail instance. If you need to reinstall it, connect to your instance, and type `sudo yum install aws-cli`. After you install the AWS CLI, you need to generate access keys and then configure the AWS CLI to use them. ## Step 2: Create a new access key To use the Lightsail API or the AWS Command Line Interface (AWS CLI), you need to create a new access key. The access key consists of an **Access Key ID** and a **Secret Access Key**. Use the following procedure to create the key. 1. Sign in to the [the IAM console](https://console.aws.amazon.com/iam/home#/users). 1. Choose the name of the user for which you want to create an access key. The user you choose should have full access or specific access to Lightsail actions. 1. Choose the **Security credentials** tabs. 1. Choose **Create access key** under the **Access keys** section of the page. **Note** You can have a maximum of two access keys (active or inactive) at a time per user. If you already have two access keys, then you must delete one of them before creating a new one. Make sure that an access key is not actively in use before deleting it. 1. Make note of the **Access key ID** and **Secret access key** listed. Choose **Show** under the **Secret access key** column to see your **Secret access key**. You can copy them from this screen or choose **Download Key File** to download a `.csv` file containing the access key ID and secret access key. **Important** Keep your access keys in a safe place. You should name the file something like `MyLightsailKeys.csv` so that you don't struggle to find them later. If you've downloaded the CSV file from the IAM console, you should delete it after you've completed the next step. You can create a new access keys later if you need to. ## Step 3: Configure the AWS CLI You need to configure the AWS CLI to use your access keys so that you can use it. 1. Open a terminal window or command prompt. 1. Type `aws configure`. 1. Paste your **AWS Access Key ID** from the `.csv` file you created in the previous step. 1. Paste your **AWS Secret Access Key** when prompted. 1. Enter the AWS Region where your resources are located. For example, if your resources are primarily in Ohio, choose `us-east-2` when prompted for the **Default region name**. For more information about using the AWS CLI `--region` option, see [General Options](http://docs.aws.amazon.com/cli/latest/topic/config-vars.html#general-options) in the *AWS CLI Reference*. 1. Choose a **Default output format**, such as `json`. You can now interact with Lightsail programmatically using the AWS CLI. You can find the Amazon Lightsail commands in the [AWS CLI Command Reference](https://docs.aws.amazon.com/cli/latest/reference/lightsail/index.html). ## Next steps The following resources can help you get started with installing language-specific AWS SDKs and becoming familiar with the Lightsail API. + [Install language-specific AWS SDKs](https://aws.amazon.com/tools/#sdk) + [Review the Lightsail API Reference](https://docs.aws.amazon.com/lightsail/2016-11-28/api-reference/Welcome.html) # Manage Lightsail resources with AWS CloudShell AWS CloudShell AWS CloudShell is a browser-based, pre-authenticated shell that you can launch directly from the Amazon Lightsail console. You can use CloudShell to manage your Lightsail resources from the command line interface. You can run AWS Command Line Interface (AWS CLI) commands using your preferred shell, such as Bash, PowerShell, or Z shell. You can do this without downloading or installing command line tools. For more information, see [What is AWS CloudShell](https://docs.aws.amazon.com/cloudshell/latest/userguide/welcome.html). When you launch CloudShell, a [compute environment](https://docs.aws.amazon.com/cloudshell/latest/userguide/vm-specs.html#vm-configuration) that's based on Amazon Linux 2 is created. Within this environment, you can access an extensive range of pre-installed development tools, such as the AWS CLI. For a complete list of pre-installed tools, see [Pre-installed software](https://docs.aws.amazon.com/cloudshell/latest/userguide/vm-specs.html#pre-installed-software) in the *CloudShell User Guide*. ## Persistent storage With AWS CloudShell, you can use up to 1 GB of persistent storage in each AWS Region at no additional cost. Persistent storage is located in your home directory (`$HOME`) and is private to you. Unlike ephemeral environment resources that are deleted after each shell session ends, data in your home directory persists between sessions. If you stop using AWS CloudShell in an AWS Region, data is retained in the persistent storage of that Region for **120 days** after the end of your last session. After 120 days, unless you take action, your data is automatically deleted from the persistent storage of that Region. You can prevent removal by launching AWS CloudShell again in that AWS Region. For more information about the retention of data in persistent storage, see [Persistent storage](https://docs.aws.amazon.com/cloudshell/latest/userguide/limits.html#persistent-storage-limitations) in the *CloudShell User Guide*. ## AWS Regions In Lightsail, a CloudShell session will open in the AWS Region that provides the least latency to your physical location. This means that AWS Regions can change between sessions. Take note of which AWS Region--> your CloudShell session is located in so that you can use the 1 GB persistent storage. To change the session’s AWS Region, choose the **Open in new browser tab** icon. This provides the option to access your CloudShell session in a new browser window. ![\[CloudShell open in new browser tab\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-cloudshell-new-browser-tab.png) In the navigation bar of the new browser tab, choose the name of the AWS Region that's currently displayed. Then choose the AWS Region that you want to switch to. ![\[Change the AWS Region in CloudShell.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-cloudshell-region-select.png) For more information about CloudShell, see the *[CloudShell User Guide](https://docs.aws.amazon.com/cloudshell/latest/userguide/welcome.html)*. ## Launch and use AWS CloudShell Learn how to launch and use an AWS CloudShell session within Lightsail. If you don’t have permission to run CloudShell, you must add the `arn:aws:iam::aws:policy/AWSCloudShellFullAccess` policy to the AWS Identity and Access Management (IAM) identity that you’re using. If you already have the `arn:aws:iam::aws:policy/AdministratorAccess` policy attached, you should be able to access CloudShell. For more information, see [Identity and access management for Amazon Lightsail](security_iam.md). **Launch AWS CloudShell** You can launch CloudShell from the Amazon Lightsail console. After the session begins, you can switch to your preferred shell, such as `Bash`, `PowerShell`, or `Z shell`. Complete the following steps to launch a new AWS CloudShell session in Lightsail: 1. Sign in to the Lightsail console at [https://lightsail.aws.amazon.com/](https://lightsail.aws.amazon.com/). 1. Choose **CloudShell** on the Console Toolbar, in the lower left of the console. When the command prompt displays, the shell is ready for interaction. ![\[AWS CloudShell on the Lightsail console toolbar.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-cloudshell-console-toolbar.png) 1. (Optional) To choose a pre-installed shell to work with, enter one of the following program names at the command line prompt: **Bash: `bash`** If you switch to Bash, the symbol at the command prompt updates to `$`. Bash is the default shell in AWS CloudShell. **PowerShell: `pwsh`** If you switch to PowerShell, the symbol at the command prompt updates to `PS>`. **Z shell: `zsh`** If you switch to Z shell, the symbol at the command prompt updates to `%`. **Example Lightsail API command in AWS CloudShell** There are multiple command line tools that are pre-installed on the CloudShell session for you to use. In this example, you use the Lightsail `GetInstances` API operation to view the instances that are in your Lightsail account. To learn more about the `GetInstances` API operation, see [GetInstances](https://docs.aws.amazon.com/lightsail/2016-11-28/api-reference/API_GetInstances.html) in the *Amazon Lightsail API Reference*. 1. Sign in to the Lightsail console at [https://lightsail.aws.amazon.com/](https://lightsail.aws.amazon.com/). 1. Choose **CloudShell** on the Console Toolbar, in the lower left of the console. 1. Enter the following command after the AWS CloudShell prompt: ``` aws lightsail get-instances ``` You should now see a complete list of instances that are in your Lightsail account. ![\[Amazon Lightsail get instances API command output.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-cloudshell-getinstances-api.png) ## Additional information See the following documentation for more information about AWS CloudShell: + [Amazon Lightsail API Reference](https://docs.aws.amazon.com/lightsail/2016-11-28/api-reference/Welcome.html) + [Frequently asked questions in AWS CloudShell](https://docs.aws.amazon.com/cloudshell/latest/userguide/faq-list.html) + [Supported browsers in AWS CloudShell](https://docs.aws.amazon.com/cloudshell/latest/userguide/browsers.html) + [Troubleshooting in AWS CloudShell](https://docs.aws.amazon.com/cloudshell/latest/userguide/troubleshooting.html) + [Working with AWS services in AWS CloudShell](https://docs.aws.amazon.com/cloudshell/latest/userguide/working-with-aws-cli.html) # Deploy PHP applications on a Lightsail LAMP instance Launch and configure LAMP Amazon Lightsail is the easiest way to get started with Amazon Web Services (AWS) if you just need virtual private servers. Lightsail includes everything you need to launch your project quickly – a virtual machine, SSD-based storage, data transfer, DNS management, and a static IP – for a low, predictable price. This tutorial shows you how to launch and configure a LAMP instance on Lightsail. It includes steps to connect to your instance via SSH, get the application password for your instance, create a static IP and attach it to your instance, and create a DNS zone and map your domain. When you’re done with this tutorial, you have the fundamentals to get your instance up and running on Lightsail. **Contents** + [Step 1: Sign up for AWS](#tutorial-launching-and-configuring-lamp-sign-up-for-aws) + [Step 2: Create a LAMP instance](#create-a-lamp-instance) + [Step 3: Connect to your instance via SSH and get the application password for your LAMP instance](#tutorial-launching-and-configuring-lamp-connecting-to-your-instance-via-ssh) + [Step 4: Install an application on top of your LAMP instance](#install-an-application-on-lamp) + [Step 5: Create a static IP address and attach it to your LAMP instance](#tutorial-launching-and-configuring-lamp-creating-a-lightsail-static-ip) + [Step 6: Create a DNS zone and map a domain to your LAMP instance](#creating-a-dns-zone) + [Next steps](#tutorial-launching-and-configuring-lamp-next-steps) ## Step 1: Sign up for AWS This tutorial requires an AWS account. [Sign up for AWS](https://console.aws.amazon.com/console/home), or [sign in to AWS](https://console.aws.amazon.com/console/home) if you already have an account. ## Step 2: Create a LAMP instance Get your LAMP instance up and running in Lightsail. For more information about creating an instance in Lightsail, see [Creating an Amazon Lightsail instance in the Lightsail](how-to-create-amazon-lightsail-instance-virtual-private-server-vps.md) documentation. 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. On the **Instances** section of the Lightsail home page, choose **Create instance**. ![\[Launching and configuring a LAMP instance in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lamp-tutorial-01.png) 1. Choose the AWS Region and Availability Zone for your instance. ![\[Launching and configuring a LAMP instance in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/create-instance-select-region-az.png) 1. Choose your instance image. 1. Choose **Linux/Unix** as the platform. 1. Choose **LAMP (PHP 8)** as the blueprint. ![\[Launching and configuring a LAMP instance in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lamp-tutorial-03.png) 1. Choose an instance plan. A plan includes a low, predictable cost, machine configuration (RAM, SSD, vCPU), and data transfer allowance. You can try the \$15 USD Lightsail plan without charge for one month (up to 750 hours). AWS credits one free month to your account. **Note** As part of the AWS Free Tier, you can get started with Amazon Lightsail for free on select instance bundles. For more information, see **AWS Free Tier** on the [Amazon Lightsail Pricing page](https://aws.amazon.com/lightsail/pricing). 1. Enter a name for your instance. Resource names: + Must be unique within each AWS Region in your Lightsail account. + Must contain 2 to 255 characters. + Must start and end with an alphanumeric character or number. + Can include alphanumeric characters, numbers, periods, dashes, and underscores. ![\[Launching and configuring a LAMP instance in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lamp-tutorial-04.png) 1. (Optional) Choose **Add new tag** to add a tag to your instance. Repeat this step as needed to add additional tags. For more information on tag usage, see [Tags](amazon-lightsail-tags.md). 1. For **Key**, enter a tag key. ![\[A tag with only the tag key specified in the Lightsail create instance workflow.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-instance-key-name-only-tags.png) 1. (Optional) For **Value**, enter a tag value. ![\[A tag with the tag key and tag value specified in the Lightsail create instance workflow.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-instance-key-name-and-value-tags.png) 1. Choose **Create instance**. ## Step 3: Connect to your instance via SSH and get the application password for your LAMP instance The default password to sign in to your database in LAMP is stored on your instance. Retrieve it by connecting to your instance using the browser-based SSH terminal in the Lightsail console and running a special command. For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md). 1. On the **Instances** section of the Lightsail home page, choose the SSH quick-connect icon for your LAMP instance. ![\[Launching and configuring a LAMP instance in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lamp-tutorial-05.png) 1. After the browser-based SSH client window opens, enter the following command to retrieve the default application password: ``` cat bitnami_application_password ``` **Note** If you're in a directory other than the user home directory, then enter `cat $HOME/bitnami_application_password`. 1. Make note of the password displayed on the screen. You use this password later to install Bitnami applications on your instance, or to access the MySQL database with the user name of `root`. ![\[Launching and configuring a LAMP instance in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lamp-tutorial-06.png) ## Step 4: Install an application on top of your LAMP instance Deploy your PHP application on top of your LAMP instance, or install a Bitnami application. The main directory to deploy your PHP application is `/opt/bitnami/apache2/htdocs`. Copy your PHP application files to that directory and access the application by browsing to your instance’s public IP address. You can also install a Bitnami application using module installers. Download WordPress, Drupal, Magento, Moodle among other applications from the [Bitnami website](https://bitnami.com/stack/lamp/modules) and extend the functionality of your server. For more information about installing Bitnami applications, see [Getting Started](https://docs.bitnami.com/aws/infrastructure/lamp/get-started) in the Bitnami documentation. ## Step 5: Create a static IP address and attach it to your LAMP instance The default public IP for your LAMP instance changes if you stop and start the instance. A static IP address, attached to an instance, stays the same even if you stop and start your instance. Create a static IP address and attach it to your LAMP instance. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md) in the Lightsail documentation. 1. On the **Instances** section of the Lightsail home page, choose your running LAMP instance. ![\[Launch and configure a LAMP instance.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lamp-tutorial-09.png) 1. Choose the **Networking** tab, then choose **Attach static IP**. ![\[Launch and configure a LAMP instance.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-10.png) 1. Name your static IP, then choose **Create and attach**. ![\[Launch and configure a LAMP instance.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-12.png) ## Step 6: Create a DNS zone and map a domain to your LAMP instance Transfer management of your domain's DNS records to Lightsail. This allows you to more easily map a domain to your LAMP instance, and manage all of your website’s resources using the Lightsail console. For more information, see [Creating a DNS zone to manage your domain’s DNS records](lightsail-how-to-create-dns-entry.md). 1. On the **Domains & DNS** section of the Lightsail home page, choose **Create DNS zone**. 1. Enter your domain, then choose **Create DNS zone**. 1. Make note of the name server addresses listed on the page. You add these name server addresses to your domain name’s registrar to transfer management of your domain’s DNS records to Lightsail. ![\[Launch and configure a LAMP instance.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-15.png) 1. After management of your domain’s DNS records are transferred to Lightsail, add an A record to point the apex of your domain to your LAMP instance, as follows: 1. In the **Assignments** tab of the DNS zone, choose **Add assignment**. 1. In the **Select a domain** field, choose the domain or subdomain. 1. In the **Select a resource** drop down, select the LAMP instance you created earlier in this tutorial. 1. Choose the **Assign**. Allow time for the change to propagate through the internet's DNS before your domain begins routing traffic to your LAMP instance. ## Next steps Here are a few additional steps you can perform after launching a LAMP instance in Amazon Lightsail: + [Create a snapshot of your Linux or Unix instance](lightsail-how-to-create-a-snapshot-of-your-instance.md) + [Create and attach additional block storage disks to your Linux-based instances](create-and-attach-additional-block-storage-disks-linux-unix.md) # Connect a Lightsail LAMP instance to an Aurora database Connect a LAMP instance to an Aurora database Application data for posts, pages, and users is stored on a MariaDB database that is running on your LAMP instance in Amazon Lightsail. If your instance fails, your data may become unrecoverable. To prevent this scenario, you should transfer your application data to a MySQL managed database. Amazon Aurora is a MySQL and PostgreSQL-compatible relational database built for the cloud. It combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open-source databases. Aurora is offered as part of the Amazon Relational Database Service (Amazon RDS). Amazon RDS is a managed database service that makes it easier to set up, operate, and scale a relational database in the cloud. For more information, see the [Amazon Relational Database Service User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/) and the [Amazon Aurora User Guide for Aurora](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/). In this tutorial, we show you how to connect your application database from a LAMP instance in Lightsail to an Aurora managed database in Amazon RDS. **Contents** + [Step 1: Complete the prerequisites](#connect-lamp-to-aurora-prerequisites) + [Step 2: Configure the security group for your Aurora database](#configure-security-group) + [Step 3: Connect to your Aurora database from your Lightsail instance](#connect-to-aurora-database-from-lamp-instance) + [Step 4: Transfer the MariaDB database from your LAMP instance to your Aurora database](#transfer-database-from-lamp-to-aurora) + [Step 5: Configure your application to connect to your Aurora managed database](#connect-application-to-database) ## Step 1: Complete the prerequisites Complete the following prerequisites before you begin: 1. Create a LAMP instance in Lightsail, and configure your application on it. The instance should be in a running state before you continue. For more information, see [Tutorial: Launch and configure a LAMP instance in Lightsail](amazon-lightsail-tutorial-launching-and-configuring-lamp.md). 1. Turn on VPC peering in your Lightsail account. For more information, see [Set up Amazon VPC peering to work with AWS resources outside of Lightsail](lightsail-how-to-set-up-vpc-peering-with-aws-resources.md). 1. Create an Aurora managed database in Amazon RDS. The database should be located in the same AWS Region as your LAMP instance. It should also be in a running state before you continue. For more information, see [Getting started with Amazon Aurora](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_GettingStartedAurora.html) in the *Amazon Aurora User Guide for Aurora*. ## Step 2: Configure the security group for your Aurora database An AWS security group acts as a virtual firewall for your AWS resources. It controls the incoming and outgoing traffic that can connect to your Aurora database in Amazon RDS. For more information about security groups, see [Control traffic to resources using security groups in the Amazon Virtual Private Cloud User Guide](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html). Complete the following procedure to configure the security group to so that your LAMP instance can establish a connection to your Aurora database. 1. Sign in to the [Amazon RDS console](https://console.aws.amazon.com/rds/). 1. Choose **Databases** in the navigation pane. 1. Choose the **Writer instance** of the Aurora database that your LAMP instance will connect to. 1. Choose the **Connectivity & security tab**. 1. In the **Endpoint & port** section, make a note of the **Endpoint name** and **Port** of the **Writer instance**. You will need these later when configuring your Lightsail instance to connect to the database. 1. In the **Security** section, choose the active VPC security group link. You will be redirected to your database’s security group. ![\[Connectivity & security tab screenshot of the Amazon RDS console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lamp-aurora-db-select-writer-instance.png) 1. Make sure that the security group for your Aurora database is selected. 1. Choose the **Inbound rules** tab. 1. Choose **Edit inbound rules**. ![\[Inbound rules tab screenshot of the Amazon RDS console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lamp-aurora-select-security-group.png) 1. In the **Edit inbound rules** page, choose **Add rule**. 1. Complete one of the following steps: + If you are using the default MySQL port 3306, select **MySQL/Aurora** in the **Type** dropdown menu. + If you are using a custom port for your database, select **Custom TCP** in the **Type** dropdown menu and enter the port number in the **Port Range** text box. 1. In the **Source** text box, add the private IP address of your LAMP instance. You must enter the IP addresses in CIDR notation, which means that you must append `/32`. For example, to allow `192.0.2.0`, enter `192.0.2.0/32`. 1. Choose **Save rules**. ![\[Inbound rules detail screenshot of the Amazon RDS console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lamp-aurora-add-security-group-rule.png) ## Step 3: Connect to your Aurora database from your Lightsail instance Complete the following procedure to confirm that you can connect to your Aurora database from your Lightsail instance. 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. In the left navigation pane, choose **Instances**. 1. Choose the browser-based SSH client icon for your LAMP instance to connect to it using SSH. ![\[Browser-based SSH client icon.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lamp-tutorial-05.png) 1. After you're connected to your instance, enter the following command to connect to your Aurora database. In the command, replace *DatabaseEndpoint* with the endpoint address of your Aurora database, and replace *Port* with the port of your database. Replace *MyUserName* with the name of the user that you entered when creating the database. ``` mysql -h DatabaseEndpoint -P Port -u MyUserName -p ``` You should see a response similar to the following example, which confirms that your instance can access and connect to your Aurora database. ![\[Successful MySQL connection response.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lamp-aurora-mysql-connect-message.png) If you don’t see this response, or you get an error message, then you might need to configure the security group of your database to allow the private IP address of your Lightsail instance to connect to it. For more information, see the [Configure the security group for your Aurora database](#configure-security-group) section of this guide. ## Step 4: Transfer the MariaDB database from your LAMP instance to your Aurora database Now that you’ve confirmed you can connect to your database from your instance, you should migrate the data from your LAMP instance database to your Aurora database. For more information, see [Migrating data to an Amazon Aurora MySQL DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Migrating.html) in the *Amazon Aurora User Guide for Aurora*. ## Step 5: Configure your application to connect to your Aurora managed database After transferring your application data to your Aurora database, you should configure the application running on your LAMP instance to connect to your Aurora database. Connect to your LAMP instance using SSH, and access the application’s database configuration file. In the configuration file, define the endpoint address of your Aurora database, the database user name, and password. Following is an example configuration file. ![\[Application configuration file.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lamp-aurora-application-config-file.png) # Launch and configure a Windows Server 2016 instance on Lightsail Launch and configure Windows Server 2016 Amazon Lightsail is the easiest way to get started with Amazon Web Services (AWS) if you just need virtual private servers. Lightsail includes everything you need to launch your project quickly – a virtual machine, SSD-based storage, data transfer, DNS management, and a static IP – for a low, predictable price. This tutorial shows you how to launch and configure a Windows Server 2016 instance on Lightsail. It includes steps to connect to your instance via RDP, create a static IP and attach it to your instance, and create a DNS zone and map your domain. When you’re done with this tutorial, you have the fundamentals to get your instance up and running on Lightsail. **Contents** + [Step 1: Sign up for AWS](#tutorial-launching-and-configuring-windows-server-2016-sign-up-for-aws) + [Step 2: Create a Windows Server 2016 instance](#create-a-windows-server-instance) + [Step 3: Connect to your Windows Server 2016 instance with RDP](#connecting-to-your-instance-via-rdp) + [Step 4: Create a static IP address and attach it to your Windows Server 2016 instance](#tutorial-launching-and-configuring-windows-server-2016-creating-a-lightsail-static-ip) + [Step 5: Create a DNS zone and map a domain to your Windows Server 2016 instance](#tutorial-launching-and-configuring-windows-server-2016-creating-a-lightsail-static-ip) + [Next steps](#tutorial-launching-and-configuring-windows-server-2016-next-steps) ## Step 1: Sign up for AWS This tutorial requires an AWS account. [Sign up for AWS](https://console.aws.amazon.com/console/home), or [sign in to AWS](https://console.aws.amazon.com/console/home) if you already have an account. ## Step 2: Create a Windows Server 2016 instance in Lightsail Get your Windows Server 2016 instance up and running in Lightsail. For more information, see [Get started with Windows Server-based instances](get-started-with-windows-based-instances-in-lightsail.md). 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. On the **Instances** section of the Lightsail home page, choose **Create instance**. ![\[Launching and configuring a Windows Server 2016 instance in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lamp-tutorial-01.png) 1. Choose the AWS Region and Availability Zone for your instance. ![\[Launching and configuring a Windows Server 2016 instance in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/create-instance-select-region-az.png) 1. Choose your instance image. 1. Choose **Microsoft Windows** as the platform. 1. Choose **OS Only**, then choose **Windows Server 2016** as the blueprint. ![\[Launching and configuring a Windows Server 2016 instance in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-ws-tutorial-03.png) 1. Choose an instance plan. A plan includes a low, predictable cost, machine configuration (RAM, SSD, vCPU), and data transfer allowance. You can try the \$19.50 USD Lightsail plan without charge for one month (up to 750 hours). AWS credits one free month to your account. **Note** As part of the AWS Free Tier, you can get started with Amazon Lightsail for free on select instance bundles. For more information, see **AWS Free Tier** on the [Amazon Lightsail Pricing page](https://aws.amazon.com/lightsail/pricing). 1. Enter a name for your instance. Resource names: + Must be unique within each AWS Region in your Lightsail account. + Must contain 2 to 255 characters. + Must start and end with an alphanumeric character or number. + Can include alphanumeric characters, numbers, periods, dashes, and underscores. ![\[Launching and configuring a Windows Server 2016 instance in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-ws-tutorial-04.png) 1. (Optional) Choose **Add new tag** to add a tag to your instance. Repeat this step as needed to add additional tags. For more information on tag usage, see [Tags](amazon-lightsail-tags.md). 1. For **Key**, enter a tag key. ![\[A tag with only the tag key specified in the Lightsail create instance workflow.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-instance-key-name-only-tags.png) 1. (Optional) For **Value**, enter a tag value. ![\[A tag with the tag key and tag value specified in the Lightsail create instance workflow.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-instance-key-name-and-value-tags.png) 1. Choose **Create instance**. ## Step 3: Connect to your Windows Server 2016 instance with RDP Connect to your Windows Server 2016 instance using the browser-based RDP client in the Lightsail console. For more information, see [Connect to your Windows instance](connect-to-your-windows-based-instance-using-amazon-lightsail.md). 1. On the **Instances** section of the Lightsail home page, choose the RDP quick-connect icon for your Windows Server 2016 instance. ![\[Launching and configuring a Windows Server 2016 instance in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-ws-tutorial-05.png) 1. After the browser-based RDP client window opens, you can begin configuring your Windows Server 2016 instance: ![\[Launching and configuring a Windows Server 2016 instance in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-ws-tutorial-06.png) ## Step 4: Create a static IP address and attach it to your Windows Server 2016 instance The default public IP for your Windows Server 2016 instance changes if you stop and start the instance. A static IP address, attached to an instance, stays the same even if you stop and start your instance. Create a static IP address and attach it to your Windows Server 2016 instance. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md) in the Lightsail documentation. 1. On the **Instances** section of the Lightsail home page, choose your running Windows Server 2016 instance. ![\[Launching and configuring a Windows Server 2016 instance in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-ws-tutorial-09.png) 1. Choose the **Networking** tab, then choose **Create static IP**. ![\[Launching and configuring a Windows Server 2016 instance in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-10.png) 1. The static IP location, and attached instance are pre-selected based on the instance that you chose earlier in this tutorial. ![\[Launching and configuring a Windows Server 2016 instance in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-ws-tutorial-11.png) 1. Enter a name for your static IP. Resource names: + Must be unique within each AWS Region in your Lightsail account. + Must contain 2 to 255 characters. + Must start and end with an alphanumeric character or number. + Can include alphanumeric characters, numbers, periods, dashes, and underscores. 1. Choose **Create**. ![\[Launching and configuring a Windows Server 2016 instance in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-12.png) ## Step 5: Create a DNS zone and map a domain to your Windows Server 2016 instance Transfer management of your domain's DNS records to Lightsail. This allows you to more easily map a domain to your Windows Server 2016 instance, and manage all of your website’s resources using the Lightsail console. For more information, see [Create a DNS zone to manage your domain’s DNS records](lightsail-how-to-create-dns-entry.md) in the Lightsail documentation. 1. On the **Domains & DNS** section of the Lightsail home page, choose **Create DNS zone**. 1. Enter your domain, then choose **Create DNS zone**. 1. Make note of the name server addresses listed on the page. You add these name server addresses to your domain name’s registrar to transfer management of your domain’s DNS records to Lightsail. ![\[Launching and configuring a LAMP instance in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-15.png) 1. After management of your domain’s DNS records are transferred to Lightsail, add an A record to point the apex of your domain to your LAMP instance, as follows: 1. In the **Assignments** tab of the DNS zone, choose **Add assignment**. 1. In the **Select a domain** field, choose the domain or subdomain. 1. In the **Select a resource** drop down, select the LAMP instance you created earlier in this tutorial. 1. Choose the **Assign**. Allow time for the change to propagate through the internet's DNS before your domain begins routing traffic to your LAMP instance. ## Next steps Here are a few additional steps you can perform after launching a Windows Server 2016 instance in Amazon Lightsail: + [Creating a snapshot of your Windows Server instance](prepare-windows-based-instance-and-create-snapshot.md) + [Best practices for securing Windows Server-based Lightsail instances](best-practices-for-securing-windows-based-lightsail-instances.md) + [Creating and attaching a block storage disk to your Windows Server instance](create-and-attach-additional-block-storage-disks-windows.md) + [Extending the storage space of your Windows Server instance](extending-windows-server-storage-space-in-amazon-lightsail.md) # Monitor Lightsail API activity with AWS CloudTrail CloudTrail logging Amazon Lightsail is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in Lightsail. CloudTrail captures all API calls for Lightsail as events. The calls captured include calls from the Lightsail console and code calls to the Lightsail API operations. If you create a trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for Lightsail. If you don't configure a trail, you can still view the most recent events in the CloudTrail console in **Event history**. Using the information collected by CloudTrail, you can determine the request that was made to Lightsail, the IP address from which the request was made, who made the request, when it was made, and additional details. To learn more about CloudTrail, see the [AWS CloudTrail User Guide](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/). ## Lightsail Information in CloudTrail CloudTrail is enabled on your AWS account when you create the account. When activity occurs in Lightsail, that activity is recorded in a CloudTrail event along with other AWS service events in **Event history**. You can view, search, and download recent events in your AWS account. For more information, see [Viewing Events with CloudTrail Event History](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html). For an ongoing record of events in your AWS account, including events for Lightsail, create a trail. A *trail* enables CloudTrail to deliver log files to an Amazon S3 bucket. By default, when you create a trail in the console, the trail applies to all AWS Regions. The trail logs events from all Regions in the AWS partition and delivers the log files to the Amazon S3 bucket that you specify. Additionally, you can configure other AWS services to further analyze and act upon the event data collected in CloudTrail logs. For more information, see the following: + [Overview for Creating a Trail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html) + [CloudTrail Supported Services and Integrations](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html#cloudtrail-aws-service-specific-topics-integrations) + [Configuring Amazon SNS Notifications for CloudTrail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/getting_notifications_top_level.html) + [Receiving CloudTrail Log Files from Multiple Regions](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/receive-cloudtrail-log-files-from-multiple-regions.html) and [Receiving CloudTrail Log Files from Multiple Accounts](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html) All Lightsail actions are logged by CloudTrail and documented in the [Amazon Lightsail API Reference](http://docs.aws.amazon.com/lightsail/2016-11-28/api-reference/Welcome.html). For example, calls to the **GetInstance**, **AttachStaticIp** and **RebootInstance** sections generate entries in the CloudTrail log files. Every event or log entry contains information about who generated the request. The identity information helps you determine the following: + Whether the request was made with root or AWS Identity and Access Management (IAM) user credentials. + Whether the request was made with temporary security credentials for a role or federated user. + Whether the request was made by another AWS service. For more information, see the [CloudTrail userIdentity Element](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html). ## Understanding Lightsail Log File Entries A trail is a configuration that enables delivery of events as log files to an Amazon S3 bucket that you specify. CloudTrail log files contain one or more log entries. An event represents a single request from any source and includes information about the requested action, the date and time of the action, request parameters, and so on. CloudTrail log files aren't an ordered stack trace of the public API calls, so they don't appear in any specific order. # Create HAR files to troubleshoot Lightsail issues Create a HAR file If you're experiencing difficulties with the Amazon Lightsail console or a Lightsail virtual private server (VPS), Support might ask you to submit a HAR file from your web browser. A HAR file contains critical information that can help troubleshoot common, and hard to diagnose issues. The HAR file also allows Support to investigate or replicate these issues. **Important** HAR files can capture sensitive information, such as user names, passwords, and keys. Be sure to remove any sensitive information from a HAR file before you share it. In this guide, you will learn how to create a HAR file from your web browser. An HTTP Archive (HAR) file is a JSON file that contains the latest network activity recorded by your browser. Follow this step-by-step procedure to create a HAR file. **Contents** + [Step 1: Create a HAR file in your browser](#create-a-har-file-in-browser) + [Step 2: Edit the HAR file to remove sensitive information](#edit-har-file) + [Step 3: Submit the HAR file for review](#submit-har-file) ## Step 1: Create a HAR file in your browser **Note** These instructions were last tested on Google Chrome version 101.0.4951.64, Microsoft Edge (Chromium) version 101.0.1210.47, and Mozilla Firefox version 91.9. Because these browsers are third-party products, these instructions might not match the experience in the latest versions or in the version that you use. In another browser, such as legacy Microsoft Edge (EdgeHTML) or Apple Safari for macOS, the process to generate a HAR file might be similar, but the steps will be different. **Google Chrome** 1. In the browser, at the top right, choose **Customize and control Google Chrome**. ![\[Google Chrome customize and control menu.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-har-tutorial-chrome.png) 1. Pause on **More tools**, and then choose **Developer tools**. 1. With DevTools open in the browser, choose the **Network** panel. 1. Select the **Preserve log** check box. 1. Choose **Clear** to clear all current network requests. 1. Reproduce the issue you are facing 1. In DevTools, open the context (right-click) menu on any network request. 1. Choose **Save all as HAR with content**, and then save the file. For more information, see [Open Chrome DevTools](https://developers.google.com/web/tools/chrome-devtools/open) and [Save all network requests to a HAR file](https://developers.google.com/web/tools/chrome-devtools/network/reference#save-as-har) on the Google Developers website. **Microsoft Edge (Chromium)** 1. In the browser, at the top right, choose **Settings and more**. ![\[Microsoft Edge settings and more menu.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-har-tutorial-edge.png) 1. Pause on **More tools**, and then choose **Developer tools**. 1. With DevTools open in the browser, choose the **Network** panel. 1. Select the **Preserve log** check box. 1. Choose **Clear** to clear all current network requests. 1. Reproduce the issue you are facing 1. In DevTools, open the context (right-click) menu on any network request. 1. Choose **Save all as HAR with content**, and then save the file. **Mozilla Firefox** 1. In the browser, at the top right, choose **Open Application Menu**. ![\[Mozilla Firefox open application menu.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-har-tutorial-firefox.png) 1. Choose **More tools**, and then choose **Web Developer tools**. 1. In the **Web Developer** menu, choose **Network**. (In some versions of Firefox, the **Web Developer** menu is in the **Tools** menu.) 1. Choose the gear icon, and then select **Persist Logs**. 1. Choose the trash can icon (**Clear**) to clear all current network requests. 1. Reproduce the issue you are facing. 1. In the Network Monitor, open the context menu (right-click) on any network request in the request list. 1. Choose **Save All As HAR**, and then save the file. ## Step 2: Edit the HAR file to remove sensitive information 1. Open the HAR file in a text editor application. 1. Use the text editor's Find and Replace tools to identify and replace all sensitive information captured in the HAR file. This includes any user names, passwords, and keys that you entered in your browser while creating the file. 1. Save the edited HAR file with the sensitive information removed. ## Step 3: Submit the HAR file for review 1. In the [AWS Support Center Console](https://aws.amazon.com/support), under **Open support cases**, choose your support case. 1. In your support case, choose your preferred contact option, attach the edited HAR file, and then submit. # Monitor system resources and apps with Prometheus on Lightsail Install Prometheus Prometheus is an open source time series monitoring tool for managing a variety of system resources and applications. It provides a multidimensional data model, the ability to query the collected data, and detailed reporting and data visualization through Grafana. By default, Prometheus is enabled to collect metrics on the server where it is installed. With the help of node exporters, metrics can be collected from other resources like web servers, containers, databases, custom applications, and other third-party systems. In this tutorial, we will show you how to install and configure Prometheus with node exporters on a Lightsail instance. For a full list of available exporters, see [Exporters and integrations](https://prometheus.io/docs/instrumenting/exporters/) in the *Prometheus documentation*. **Contents** + [Step 1: Complete the prerequisites](#prometheus-prerequisites) + [Step 2: Add users and local system directories to your Lightsail instance](#prometheus-add-users-and-directories) + [Step 3: Download the Prometheus binary packages](#prometheus-download-binary-packages) + [Step 4: Configure Prometheus](#prometheus-configure) + [Step 5: Start Prometheus](#start-prometheus) + [Step 6: Start Node Exporter](#prometheus-start-node-exporter) + [Step 7: Configure Prometheus with the Node Exporter data collector](#configure-prometheus-with-node-exporter) ## Step 1: Complete the prerequisites Before you can install Prometheus on an Amazon Lightsail instance, you must do the following: + Create an instance in Lightsail. We recommend using the Ubuntu 20.04 LTS blueprint for your instance. For more information, see [Create an instance in Amazon Lightsail](getting-started-with-amazon-lightsail.md). + Create and attach a static IP address to your new instance. For more information, see [Create a static IP address in Amazon Lightsail](lightsail-create-static-ip.md). + Open ports 9090 and 9100 on the firewall of your new instance. Prometheus requires ports 9090 and 9100 to be open. For more information, see [Adding and editing instance firewall rules in Amazon Lightsail](amazon-lightsail-editing-firewall-rules.md). ## Step 2: Add users and local system directories to your Lightsail instance Complete the following procedure to connect to your Lightsail instance using SSH and add users and system directories. This procedure creates the following Linux user accounts: + `prometheus` – This account is used for installing and configuring the server environment. + `exporter` – This account is used to configure the `node_exporter` extension. These user accounts are created for the sole purpose of management and therefore do not require additional user services or permissions beyond the scope of this setup. In this procedure, you also create directories for storing and managing the files, service settings, and data that Prometheus uses to monitor resources. 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**. ![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png) 1. After you're connected, enter the following commands one by one to create two Linux user accounts, `prometheus` and `exporter`. ``` sudo useradd --no-create-home --shell /bin/false prometheus ``` ``` sudo useradd --no-create-home --shell /bin/false exporter ``` 1. Enter the following commands one by one to create local system directories. ``` sudo mkdir /etc/prometheus /var/lib/prometheus ``` ``` sudo chown prometheus:prometheus /etc/prometheus ``` ``` sudo chown prometheus:prometheus /var/lib/prometheus ``` ## Step 3: Download the Prometheus binary packages Complete the following procedure to download the Prometheus binary packages to your Lightsail instance. 1. Open a web browser on your local computer and browse to the [Prometheus downloads page](https://prometheus.io/download/). 1. At the top of the page, for the **Operating system** dropdown, select **linux**. For **Architecture**, select **amd64**. ![\[Select download filters for Prometheus\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-prometheus-download-filters.png) 1. Choose or right-click the **Prometheus** download link that appears, and copy the link address to a text file on your computer. Do the same for the **node\$1exporter** download link that appears. You will use both copied addresses later in this procedure. ![\[Copy download link for Prometheus\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-prometheus-copy-download-link.png) 1. Connect to your Lightsail instance using SSH. 1. Enter the following command to change directories to your home directory. ``` cd ~ ``` 1. Enter the following command to download the Prometheus binary packages to your instance. ``` curl -LO prometheus-download-address ``` Replace *prometheus-download-address* with the address that you copied earlier in this procedure. The command should look like the following example when you add the address. ``` curl -LO https://github.com/prometheus/prometheus/releases/download/v2.37.0/prometheus-2.37.0.linux-amd64.tar.gz ``` 1. Enter the following command to download the `node_exporter` binary packages to your instance. ``` curl -LO node_exporter-download-address ``` Replace *node\$1exporter-download-address* with the address that you copied in the previous step of this procedure. The command should look like the following example when you add the address. ``` curl -LO https://github.com/prometheus/node_exporter/releases/download/v1.3.1/node_exporter-1.3.1.linux-amd64.tar.gz ``` 1. Run the following commands one by one to extract the contents of the downloaded Prometheus and Node Exporter files. ``` tar -xvf prometheus-2.37.0.linux-amd64.tar.gz ``` ``` tar -xvf node_exporter-1.3.1.linux-amd64.tar.gz ``` Several subdirectories are created after the contents of the downloaded files are extracted. 1. Enter the following commands one by one to copy the `prometheus` and `promtool` extracted files to the `/usr/local/bin` programs directory. ``` sudo cp -p ./prometheus-2.37.0.linux-amd64/prometheus /usr/local/bin ``` ``` sudo cp -p ./prometheus-2.37.0.linux-amd64/promtool /usr/local/bin ``` 1. Enter the following command to change the ownership of the `prometheus` and `promtool` files to the `prometheus` user that you created earlier in this tutorial. ``` sudo chown prometheus:prometheus /usr/local/bin/prom* ``` 1. Enter the following commands one by one to copy the `consoles` and `console_libraries` subdirectories to `/etc/prometheus`. The `-r` option performs a recursive copy of all directories within the hierarchy. ``` sudo cp -r ./prometheus-2.37.0.linux-amd64/consoles /etc/prometheus ``` ``` sudo cp -r ./prometheus-2.37.0.linux-amd64/console_libraries /etc/prometheus ``` 1. Enter the following commands one by one to change the ownership of the copied files to the `prometheus` user that you created earlier in this tutorial. The `-R` option performs a recursive ownership change for all of the files and directories within the hierarchy. ``` sudo chown -R prometheus:prometheus /etc/prometheus/consoles ``` ``` sudo chown -R prometheus:prometheus /etc/prometheus/console_libraries ``` 1. Enter the following commands one by one to copy the configuration file `prometheus.yml` to the `/etc/prometheus` directory and change the ownership of the copied file to the `prometheus` user that you created earlier in this tutorial. ``` sudo cp -p ./prometheus-2.37.0.linux-amd64/prometheus.yml /etc/prometheus ``` ``` sudo chown prometheus:prometheus /etc/prometheus/prometheus.yml ``` 1. Enter the following command to copy the `node_exporter` file from the `./node_exporter*` subdirectory to the `/usr/local/bin` programs directory. ``` sudo cp -p ./node_exporter-1.3.1.linux-amd64/node_exporter /usr/local/bin ``` 1. Enter the following command to change the ownership of the file to the `exporter` user that you created earlier in this tutorial. ``` sudo chown exporter:exporter /usr/local/bin/node_exporter ``` ## Step 4: Configure Prometheus Complete the following procedure to configure Prometheus. In this procedure, you open and edit the `prometheus.yml` file, which contains various settings for the Prometheus tool. Prometheus establishes a monitoring environment based on the settings that you configure in the file. 1. Connect to your Lightsail instance using SSH. 1. Enter the following command to create a backup copy of the `prometheus.yml` file before you open and edit it. ``` sudo cp /etc/prometheus/prometheus.yml /etc/prometheus/prometheus.yml.backup ``` 1. Enter the following command to open the `prometheus.yml` file using Vim. ``` sudo vim /etc/prometheus/prometheus.yml ``` Following are a few important parameters that you might want to configure in the `prometheus.yml` file: + `scrape_interval` — Located under the `global` header, this parameter defines the time interval (in seconds) for how often Prometheus will collect or *scrape* metric data for a given target. As indicated by the `global` tag, this setting is universal for all resources that Prometheus monitors. This setting also applies for exporters, unless an individual exporter provides a different value that overrides the global value. You can keep this parameter set to its current value of 15 seconds. + `job_name` — Located under the `scrape_configs` header, this parameter is a label that identifies exporters in the result set of a data query or visual display. You can specify the value of a job name to best reflect the resources that are being monitored in your environment. For example, you can label a job for managing a website as `business-web-app`, or you can label a database as `mysql-db-1`. In this initial setup, you are only monitoring the Prometheus server, so you can keep the current `prometheus` value. + `targets` — Located under the `static_configs` header, the `targets` setting uses an `ip_addr:port` key-value pair to identify the location where a given exporter is running. You will change the default setting in steps 4–7 of this procedure. ![\[Prometheus YAML file\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-prometheus-yaml-file.png) **Note** For this initial setup, you don't need to configure the `alerting` and `rule_files` parameters. 1. In the `prometheus.yml` file that you have open in Vim, press the **I** key to enter insert mode in Vim. 1. Scroll and find the `targets` parameter located under the `static_configs` header. 1. Change the default setting to `:9090`. Replace `` with the static IP address of the instance. The modified parameter should look like the following example. ![\[Prometheus YAML file modified static_configs parameter\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-prometheus-static-configs.png) 1. Press the **Esc** key to exit insert mode, and type **:wq\$1** to save your changes and quit Vim. 1. (Optional) If something went wrong, enter the following command to replace the `prometheus.yml` file with the backup that you created earlier in this procedure. ``` sudo cp /etc/prometheus/prometheus.yml.backup /etc/prometheus/prometheus.yml ``` ## Step 5: Start Prometheus Complete the following procedure to start the Prometheus service on your instance. 1. Connect to your Lightsail instance using SSH. 1. Enter the following command to start the Prometheus service. ``` sudo -u prometheus /usr/local/bin/prometheus --config.file /etc/prometheus/prometheus.yml --storage.tsdb.path /var/lib/prometheus --web.console.templates=/etc/prometheus/consoles --web.console.libraries=/etc/prometheus/console_libraries ``` The command line outputs details on the startup process and other services. It should also indicate that the service is listening on port 9090. ![\[Prometheus start output\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-prometheus-start-output.png) If the service doesn't start, see the [Step 1: Complete the prerequisites](#prometheus-prerequisites) section of this tutorial for information about creating instance firewall rules to allow traffic on this port. For other errors, review the `prometheus.yml` file to confirm that there are no syntax errors. 1. After the running service is validated, press **Ctrl\$1C** to stop it. 1. Enter the following command to open the `systemd` configuration file in Vim. This file is used to start Prometheus. ``` sudo vim /etc/systemd/system/prometheus.service ``` 1. Insert the following lines into the file. ``` [Unit] Description=PromServer Wants=network-online.target After=network-online.target [Service] User=prometheus Group=prometheus Type=simple ExecStart=/usr/local/bin/prometheus \ --config.file /etc/prometheus/prometheus.yml \ --storage.tsdb.path /var/lib/prometheus/ \ --web.console.templates=/etc/prometheus/consoles \ --web.console.libraries=/etc/prometheus/console_libraries [Install] WantedBy=multi-user.target ``` The preceding instructions are used by the Linux `systemd` service manager to start Prometheus on the server. When invoked, Prometheus runs as the `prometheus` user and references the `prometheus.yml` file for loading the configuration settings and storing the time series data in the `/var/lib/prometheus` directory. You can run `man systemd` from the command line to see more information about the service. 1. Press the **Esc** key to exit insert mode, and type **:wq\$1** to save your changes and quit Vim. 1. Enter the following command to load the information into the `systemd` service manager. ``` sudo systemctl daemon-reload ``` 1. Enter the following command to restart Prometheus. ``` sudo systemctl start prometheus ``` 1. Enter the following command to check the status of the Prometheus service. ``` sudo systemctl status prometheus ``` If the service launched properly, you receive an output similar to the following example. ![\[Prometheus status output\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-prometheus-status-output.png) 1. Press **Q** to exit the status command. 1. Enter the following command to enable Prometheus to start when the instance is booted. ``` sudo systemctl enable prometheus ``` 1. Open a web browser on your local computer and go to the following web address to view the Prometheus management interface. ``` http::9090 ``` Replace ** with the static IP address of your Lightsail instance. You should see a dashboard similar to the following example. ![\[The Prometheus dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-prometheus-dashboard.png) ## Step 6: Start Node Exporter Complete the following procedure to start the Node Exporter service. 1. Connect to your Lightsail instance using SSH. 1. Enter the following command to create a `systemd` service file for `node_exporter` using Vim. ``` sudo vim /etc/systemd/system/node_exporter.service ``` 1. Press the **I** key to enter insert mode in Vim. 1. Add the following lines of text into the file. This will configure `node_exporter` with monitoring collectors for CPU load, file system usage, and memory resources. ``` [Unit] Description=NodeExporter Wants=network-online.target After=network-online.target [Service] User=exporter Group=exporter Type=simple ExecStart=/usr/local/bin/node_exporter --collector.disable-defaults \ --collector.meminfo \ --collector.loadavg \ --collector.filesystem [Install] WantedBy=multi-user.target ``` **Note** These instructions disable default machine metrics for Node Exporter. For a complete list of metrics available for Ubuntu, see the [Prometheus node\$1exporter man page](http://manpages.ubuntu.com/manpages/focal/man1/prometheus-node-exporter.1.html) in the *Ubuntu documentation*. 1. Press the **Esc** key to exit insert mode, and type **:wq\$1** to save your changes and quit Vim. 1. Enter the following command to reload the `systemd` process. ``` sudo systemctl daemon-reload ``` 1. Enter the following command to start the `node_exporter` service. ``` sudo systemctl start node_exporter ``` 1. Enter the following command to check the status of the `node_exporter` service. ``` sudo systemctl status node_exporter ``` If the service launched successfully, you receive an output similar to the following example. ![\[Node exporter status output\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-prometheus-status-node-exporter.png) 1. Press **Q** to exit the status command. 1. Enter the following command to enable Node Exporter to start when the instance is booted. ``` sudo systemctl enable node_exporter ``` ## Step 7: Configure Prometheus with the Node Exporter data collector Complete the following procedure to configure Prometheus with the Node Exporter data collector. You do this by adding a new `job_name` parameter for `node_exporter` in the `prometheus.yml` file. 1. Connect to your Lightsail instance using SSH. 1. Enter the following command to open the `prometheus.yml` file using Vim. ``` sudo vim /etc/prometheus/prometheus.yml ``` 1. Press the **I** key to enter insert mode in Vim. 1. Add the following lines of text into the file, below the existing `- targets: [":9090"]` parameter. ``` - job_name: "node_exporter" static_configs: - targets: [":9100"] ``` The modified parameter in the `prometheus.yml` file should look like the following example. ![\[Static configuration for Node Exporter\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-prometheus-node_exporter-static-configs.png) Note the following: + Node Exporter listens to port 9100 for the `prometheus` server to scrape the data. Confirm that you followed the steps for creating instance firewall rules as outlined in the [Step 1: Complete the prerequisites](#prometheus-prerequisites) section of this tutorial. + As with the configuration of the `prometheus` `job_name`, replace ** with the static IP address that's attached to your Lightsail instance. 1. Press the **Esc** key to exit insert mode, and type **:wq\$1** to save your changes and quit Vim. 1. Enter the following command to restart the Prometheus service so that the changes to the configuration file can take effect. ``` sudo systemctl restart prometheus ``` 1. Enter the following command to check the status of the Prometheus service. ``` sudo systemctl status prometheus ``` If the service restarted properly, you receive output similar to the following. ![\[Prometheus status output\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-prometheus-status-output2.png) 1. Press **Q** to exit the status command. 1. Open a web browser on your local computer and go to the following web address to view the Prometheus management interface. ``` http::9090 ``` Replace ** with the static IP address of your Lightsail instance. You should see a dashboard similar to the following example. ![\[The Prometheus dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-prometheus-dashboard2.png) 1. In the main menu, choose the **Status** dropdown and select **Targets**. ![\[Targets menu option on the Prometheus dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-prometheus-dashboard-targets.png) On the next screen, you should see two targets. The first target is for the **node\$1exporter** metrics collector job, and the second target is for the **prometheus** job. ![\[Targets on the Prometheus dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-prometheus-dashboard-targets2.png) The environment is now properly set up for collecting metrics and monitoring the server. # Transfer files between Linux instances on Lightsail using scp Transfer files with scp Use the secure copy (scp) command in Linux to transfer files from your local computer to your Linux or Unix instance, and from one instance to another in Amazon Lightsail. To learn more about the scp command, see [scp(1) — Linux manual page](https://man7.org/linux/man-pages/man1/scp.1.html) on the *man7* website. This tutorial walks you through the steps to copy files from one Lightsail instance to another. **Topics** + [ ## Prerequisites ](#amazon-lightsail-copy-files-to-linux-instance-prerequisites) + [ ## Step 1: Save the private key (.pem) file to your local computer ](#get-and-transfer-instance-ssh-key) + [ ## Step 2: Change the permissions of the private key ](#copy-private-key-change-permissions) + [ ## Step 3: Transfer the private key to your instance ](#copy-private-key-to-instance) + [ ## Step 4: Securely transfer files between Lightsail Linux and Unix instances ](#transfer-files-between-instances-scp) ## Prerequisites + You have two Lightsail instances running, with the public IP addresses of both instances. To get the public IP address of your instance. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/), and then copy the public IP address that is displayed next to your instance. + You can access both instances using an SSH key pair. For more information, see [Connect to Linux instances](lightsail-how-to-connect-to-your-instance-virtual-private-server.md). ## Step 1: Save the private key (.pem) file to your local computer Complete the following steps to save the private key (.pem) file to your local computer. The private key file for the target instance will be used to securely transfer files from one instance to another. To copy files between instances in the same AWS Region, you will use the default key for that Region. To copy files between instances in different Regions, you will use the default key for the Region that the target instance is in. To learn more about key pairs, see [SSH and connecting to instances](understanding-ssh-in-amazon-lightsail.md). **Note** If you’re using your own key pair, or you created a key pair using the Lightsail console, locate your own private key and use it to connect to your instance. Lightsail does not store your private key when you upload your own key or create a key pair using the Lightsail console. You cannot transfer files to your instance using scp without your private key. **To save the private key (.pem) to your local computer** 1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/). 1. Choose your **User Name** on the top navigation bar, and then choose **Account** from the drop-down. 1. Choose the **SSH Keys** tab. 1. Scroll down to the **Default keys** section of the page. 1. Choose **Download** next to the default private key for the AWS Region where the instance that you want to transfer the files to is located. ![\[SSH key pairs in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/managing-key-pairs-download-default-key.png) 1. Save your private key in a secured location on your local drive. You might want to move the downloaded key to a directory in which you store all of your SSH keys, such as a "Keys" folder in your user's home directory. You will need to refer to the directory where the private key is saved in the next section of this guide. If the private key attempts to save as a format other than `.pem`, you should manually change the format to `.pem` before saving. ## Step 2: Change the permissions of the private key In the following procedure you will change the permissions of your private key file to be readable and writable only by you. **To change the permissions of your private key file** 1. Open a terminal window on your local machine. 1. Enter the following command to make the private key of the key pair readable and writable only by you. This is a security best practice required by some operating systems. ``` sudo chmod 400 /path/to/private-key.pem ``` In the command, replace `/path/to/private-key` with the directory path to where you saved the private key of the key pair that is being used by your instance. **Example:** ``` sudo chmod 400 /Users/user/Keys/LightsailDefaultKey-us-west-2.pem ``` ## Step 3: Transfer the private key to your instance In the following procedure you will transfer the private key to your source instance by running the scp command from your local computer. **To use scp to transfer the private key from your computer to your source instance** 1. Determine the location of the private key file on your computer and the destination path on the instance. In the following examples, the name of the private key file is *private-key.pem*, the user name for the source instance is *ec2-user*, the IPv4 address of the source instance is *public-ipv4-address*, and the IPv6 address of the source instance is *public-ipv6-address*. The *destination-path/* is the location on source instance where you are transferring the private key to. **Note** You can specify one of the following user names depending on the blueprint that is used by your instance: AlmaLinux OS 9, Amazon Linux 2, Amazon Linux 2023, CentOS Stream 9, FreeBSD, and openSUSE instances: `ec2-user` Debian instances: `admin` Ubuntu instances: `ubuntu` Bitnami instances: `bitnami` Plesk instances: `ubuntu` cPanel & WHM instances: `centos` + (**IPv4**) To transfer the private key file to the instance, enter the following command from your computer. ``` scp -i /path/private-key.pem /path/private-key.pem ec2-user@public-ipv4-address:path/ ``` + (**IPv6**) To transfer the private key file to the instance if the instance only has an IPv6 address, enter the following command from your computer. The IPv6 address must be enclosed in square brackets (`[ ]`), which must be escaped (`\`). ``` scp -i /path/private-key.pem /path/private-key.pem ec2-user@\[public-ipv6-address\]:path/ ``` 1. If you haven't already connected to the instance using SSH, you see a response like the following: ``` The authenticity of host 'ec2-198-51-100-1.compute-1.amazonaws.com (10.254.142.33)' can't be established. RSA key fingerprint is 1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f. Are you sure you want to continue connecting (yes/no)? ``` Enter **yes**. 1. If the transfer is successful, the response is similar to the following: ``` Warning: Permanently added 'ec2-198-51-100-1.compute-1.amazonaws.com' (RSA) to the list of known hosts. private-key.pem 100% 480 24.4KB/s 00:00 ``` Now that you have transferred the private key to your source instance, you can securely connect to and transfer files to your target instance. Continue to the next step to learn how. ## Step 4: Securely transfer files between Lightsail Linux and Unix instances In the following procedure you will run the scp command from one instance (**source instance**), to transfer files to another instance (**target instance**). **To use scp to transfer files between instances** 1. Connect to the **source instance** using SSH. You can connect by using the terminal program on your local computer, or by using the browser-based SSH client in Lightsail. For more information, see [Connect to Linux instances](lightsail-how-to-connect-to-your-instance-virtual-private-server.md). 1. Determine the location of the files on the **source instance** and the destination path on the **target instance**. In the following examples, the name of the private key file is *private-key.pem*, the user name for the instance is *ec2-user*, the IPv4 address of the instance is *public-ipv4-address*, and the IPv6 address of the instance is *public-ipv6-address*. The *destination-path/* is the location on the **target instance** where you are transferring the files to. + (**IPv4**) To transfer files from the **source instance** to the **target instance**, enter the following command from the **source instance**. ``` scp -i /path/private-key.pem /path/my-file.txt ec2-user@public-ipv4-address:destination-path/ ``` + (**IPv6**) To transfer files from the **source instance** to the **target instance**, enter the following command from the **source instance**. The IPv6 address must be enclosed in square brackets (`[ ]`), which must be escaped (`\`). ``` scp -i /path/private-key.pem /path/my-file.txt ec2-user@\[public-ipv6-address\]:destination-path/ ``` 1. If you haven't already connected to the **target instance** using SSH, you see a response like the following: ``` The authenticity of host 'ec2-198-51-100-1.compute-1.amazonaws.com (10.254.142.33)' can't be established. RSA key fingerprint is 1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f. Are you sure you want to continue connecting (yes/no)? ``` Enter **yes**. 1. If the transfer is successful, the response is similar to the following: ``` Warning: Permanently added 'ec2-198-51-100-1.compute-1.amazonaws.com' (RSA) to the list of known hosts. my-file.txt 100% 480 24.4KB/s 00:00 ``` # Integrate Lightsail with other AWS services with VPC peering Work with other AWS services Amazon Lightsail uses a focused set of AWS services like Amazon EC2 and AWS Identity and Access Management to make it easier to get started. But that doesn't mean you're limited to those services\$1 You can integrate Lightsail resources with other AWS services through VPC peering. After you enable VPC peering, you must ensure that the resources you want to connect to over the peering connection accept the required inbound traffic. For more information, see [Connect Lightsail resources to AWS services using VPC peering](lightsail-how-to-set-up-vpc-peering-with-aws-resources.md). Some AWS resources, such as Amazon Simple Storage Service, Amazon CloudFront, and Amazon DynamoDB don't require that you enable VPC peering. Follow the links below to learn more about other AWS services. ## Virtual machines (virtual private servers) **Amazon EC2** Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizeable compute capacity in the cloud. It's designed to make web-scale cloud computing easier for developers. With Amazon EC2 you can obtain and configure capacity with minimal friction. It provides you with complete control of your computing resources and lets you run on Amazon’s proven computing environment. Amazon EC2 reduces the time required to obtain and boot new server instances to minutes, so you can quickly scale capacity, both up and down, as your computing requirements change. Amazon EC2 changes the economics of computing by enabling you to pay only for capacity that you actually use. Amazon EC2 provides developers with tools to build failure resilient applications and isolate themselves from common failure scenarios. [Learn more about Amazon EC2](https://aws.amazon.com/ec2/). **Amazon VPC** Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud, where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can easily customize the network configuration for your Amazon VPC. For example, you can create a public-facing subnet for your web servers that has access to the Internet, and place your backend systems such as databases or application servers in a private-facing subnet with no Internet access. You can leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet. Additionally, you can create a Hardware Virtual Private Network (VPN) connection between your corporate datacenter and your VPC and leverage the AWS Cloud as an extension of your corporate datacenter. [Learn more about Amazon VPC](https://aws.amazon.com/vpc/). ## Serverless computing **AWS Lambda** AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume - there is no charge when your code isn't running. With Lambda, you can run code for virtually any type of application or backend service - all with zero administration. Just upload your code and Lambda takes care of everything required to run and scale your code with high availability. You can set up your code to automatically trigger from other AWS services or call it directly from any web or mobile app. [Learn more about AWS Lambda](https://aws.amazon.com/lambda/). **Amazon API Gateway** Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. With a few clicks in the AWS Management Console, you can create an API that acts as a "front door" for applications to access data, business logic, or functionality from your backend services. These include workloads running on Amazon EC2, code running on Lambda, or any Web application. Amazon API Gateway handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls. These include traffic management, authorization and access control, monitoring, and API version management. Amazon API Gateway has no minimum fees or startup costs. You pay only for the API calls you receive and the amount of data transferred out. [Learn more about Amazon API Gateway](https://aws.amazon.com/api-gateway/). ## Databases **Amazon DynamoDB** Amazon DynamoDB is a fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale. It's a fully managed cloud database and supports both document and key-value store models. Its flexible data model and reliable performance make it a great fit for mobile, web, gaming, ad tech, IoT, and many other applications. [Learn more about DynamoDB](https://aws.amazon.com/dynamodb/). **Amazon RDS** Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizeable capacity while managing time-consuming database administration tasks, freeing you to focus on your applications and business. Amazon RDS provides you six familiar database engines to choose from, including Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle, and Microsoft SQL Server. [Learn more about Amazon RDS](https://aws.amazon.com/rds/). **Amazon Aurora** Amazon Aurora is a MySQL-compatible relational database engine that combines the speed and availability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases. Aurora provides up to five times better performance than MySQL with the security, availability, and reliability of a commercial database at one tenth the cost. [Learn more about Amazon Aurora](https://aws.amazon.com/rds/aurora/). ## Load balancers **Elastic Load Balancing** Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances. It enables you to achieve fault tolerance in your applications, seamlessly providing the required amount of load balancing capacity needed to route application traffic. Elastic Load Balancing offers two types of load balancers. Both feature high availability, automatic scaling, and robust security. These include the Classic Load Balancer that routes traffic based on either application or network-level information, and the Application Load Balancer that routes traffic based on advanced application-level information that includes the content of the request. The Classic Load Balancer is ideal for simple load balancing of traffic across multiple Amazon EC2 instances. The Application Load Balancer is ideal for applications needing advanced routing capabilities, microservices, and container-based architectures. Application Load Balancer offers the ability to route traffic to multiple services or to load balance across multiple ports on the same Amazon EC2 instance. [Learn more about Elastic Load Balancing](https://aws.amazon.com/elasticloadbalancing/). **Application Load Balancer** An Application Load Balancer is a load balancing option for the Elastic Load Balancing service that operates at the application layer and allows you to define routing rules based on content across multiple services or containers running on one or more Amazon EC2 instances. [Learn more about Application Load Balancer](https://aws.amazon.com/elasticloadbalancing/applicationloadbalancer/). ## Big data **Amazon Kinesis services** Amazon Kinesis services make it easy to work with real-time streaming data in the AWS cloud. Amazon Kinesis services include the following: [Amazon Data Firehose](https://aws.amazon.com/kinesis/firehose/) to easily load massive volumes of streaming data into AWS, [Amazon Managed Service for Apache Flink](https://aws.amazon.com/kinesis/analytics/) to analyze streaming data with standard SQL, and [Amazon Kinesis Data Streams](https://aws.amazon.com/kinesis/streams/) to build your own custom applications that process or analyze streaming data. [Learn more about Amazon Kinesis services](https://aws.amazon.com/kinesis/). **Amazon EMR** Amazon EMR provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances. You can also run other popular distributed frameworks such as Apache Spark, HBase, Presto, and Flink in Amazon EMR, and interact with data in other AWS data stores such as Amazon S3 and DynamoDB. Amazon EMR securely and reliably handles a broad set of big data use cases, including log analysis, web indexing, data transformations (ETL), machine learning, financial analysis, scientific simulation, and bioinformatics. [Learn more about Amazon EMR](https://aws.amazon.com/emr/). **Amazon Redshift** Amazon Redshift is a fast, fully managed, petabyte-scale data warehouse that makes it simple and cost-effective to analyze all your data using your existing business intelligence tools. [Learn more about Amazon Redshift](https://aws.amazon.com/redshift/). ## Storage **Amazon Simple Storage Service (Amazon S3)** Amazon S3, provides developers and IT teams with secure, durable, highly scalable cloud storage. Amazon S3 is easy-to-use object storage, with a simple web service interface to store and retrieve any amount of data from anywhere on the web. With Amazon S3, you pay only for the storage you actually use. There's no minimum fee and no setup cost. Amazon S3 offers a range of storage classes designed for different use cases including Amazon S3 Standard for general-purpose storage of frequently accessed data, Amazon S3 Standard - Infrequent Access (Standard - IA) for long-lived, but less frequently accessed data, and Amazon Glacier for long-term archive. Amazon S3 also offers configurable lifecycle policies for managing your data throughout its lifecycle. Once a policy is set, your data automatically migrates to the most appropriate storage class without any changes to your applications. Amazon S3 can be used alone or together with other AWS services such as Amazon EC2 and IAM, as well as cloud data migration services and gateways for initial or ongoing data ingestion. Amazon S3 provides cost-effective object storage for a wide variety of use cases including backup and recovery, nearline archive, big data analytics, disaster recovery, cloud applications, and content distribution. [Learn more about Amazon S3](https://aws.amazon.com/s3/). **Amazon Elastic Block Store (Amazon EBS)** Amazon EBS provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability. Amazon EBS volumes offer the consistent and low-latency performance needed to run your workloads. With Amazon EBS, you can scale your usage up or down within minutes – all while paying a low price for only what you provision. [Learn more about Amazon EBS](https://aws.amazon.com/ebs/). ## Monitoring and alarms **Amazon CloudWatch** Amazon CloudWatch is a monitoring service for AWS Cloud resources and the applications you run on AWS. You can use CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources. CloudWatch can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics generated by your applications and services, and any log files your applications generate. You can use CloudWatch to gain system-wide visibility into resource utilization, application performance, and operational health. You can use these insights to react and keep your application running smoothly. [Learn more about Amazon CloudWatch](https://aws.amazon.com/cloudwatch/). ## Application deployment **AWS Elastic Beanstalk** AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. You can simply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, and auto-scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time. [Learn more about Elastic Beanstalk](https://aws.amazon.com/elasticbeanstalk/). ## Application containers **Amazon Elastic Container Service (Amazon ECS)** Amazon ECS is a highly scalable, high-performance container management service that supports Docker containers and enables you to easily run applications on a managed cluster of Amazon EC2 instances. Amazon ECS eliminates the need for you to install, operate, and scale your own cluster management infrastructure. With simple API calls, you can launch and stop Docker-enabled applications, query the complete state of your cluster, and access many familiar features like security groups, Elastic Load Balancing, Amazon EBS volumes, and IAM roles. You can use Amazon ECS to schedule the placement of containers across your cluster based on your resource needs and availability requirements. You can also integrate your own scheduler or third-party schedulers to meet business or application-specific requirements. [Learn more about Amazon ECS](https://aws.amazon.com/ecs/). ## Security and User Sign-in **AWS Identity and Access Management (IAM)** IAM lets you securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources. [Learn more about IAM](https://aws.amazon.com/iam/). **Amazon Cognito User Pools** Amazon Cognito lets you easily add user sign-up and sign-in to your mobile and web apps. With Amazon Cognito, you also have the options to authenticate users through social identity providers such as Facebook, Twitter, or Amazon, with SAML identity solutions, or by using your own identity system. In addition, Amazon Cognito enables you to save data locally on users' devices, allowing your applications to work even when the devices are offline. You can then synchronize data across users' devices so that their app experience remains consistent, regardless of the device they use. With Amazon Cognito, you can focus on creating great app experiences instead of worrying about building, securing, and scaling a solution to handle user management, authentication, and sync across devices. [Learn more about Amazon Cognito](https://aws.amazon.com/cognito/). ## Source Control and Application Lifecycle Management **AWS CodeCommit** AWS CodeCommit is a fully managed source control service that makes it easy for companies to host secure and highly scalable private Git repositories. AWS CodeCommit eliminates the need to operate your own source control system or worry about scaling its infrastructure. You can use AWS CodeCommit to securely store anything from source code to binaries, and it works seamlessly with your existing Git tools. [Learn more about AWS CodeCommit](https://aws.amazon.com/codecommit/). ## Queues and Messaging **Amazon SQS** Amazon Simple Queue Service (Amazon SQS) is a fast, reliable, scalable, fully managed message queuing service. Amazon SQS makes it simple and cost-effective to decouple the components of a cloud application. You can use Amazon SQS to transmit any volume of data, without losing messages or requiring other services to be always available. Amazon SQS includes *standard queues* with high throughput and at-least-once processing, and *FIFO queues* that provide FIFO (first-in, first-out) delivery and exactly-once processing. With Amazon SQS, you can offload the administrative burden of operating and scaling a highly available messaging cluster, while paying a low price for only what you use. [Learn more about Amazon SQS](https://aws.amazon.com/sqs/). **Amazon SNS** Amazon Simple Notification Service (Amazon SNS) is a fast, flexible, fully managed push notification service that lets you send individual messages or to fan out messages to large numbers of recipients. Amazon SNS makes it simple and cost-effective to send push notifications to mobile device users or email recipients, or even to send messages to other distributed services. With Amazon SNS, you can send notifications to Apple Push Notification Service (APNS), Google Cloud Messaging (GCM), Fire OS, and Windows devices, as well as to Android devices in China with Baidu Cloud Push. You can use Amazon SNS to send SMS messages to mobile device users worldwide. Beyond these endpoints, Amazon SNS can also deliver messages to Amazon SQS, AWS Lambda functions, or to any HTTP endpoint. [Learn more about Amazon SNS](https://aws.amazon.com/sns/). **Amazon SES** Amazon Simple Email Service (Amazon SES) is a cost-effective email service built on the reliable and scalable infrastructure that Amazon.com developed to serve its own customer base. With Amazon SES, you can send and receive email with no required minimum commitments. You pay as you go, and you only pay for what you use. [Learn more about Amazon SES](https://aws.amazon.com/ses/). ## Workflow **Amazon Simple Workflow Service (Amazon SWF)** Amazon SWF helps developers build, run, and scale background jobs that have parallel or sequential steps. You can think of Amazon SWF as a fully managed state tracker and task coordinator in the cloud. If your app's steps take more than 500 milliseconds to complete, you need to track the state of processing, and you need to recover or retry if a task fails. Amazon SWF can help you. [Learn more about Amazon SWF](https://aws.amazon.com/swf/). ## Streaming applications **Amazon AppStream** Amazon AppStream lets you deliver your Windows applications to any device. Amazon AppStream enables you to stream your existing Windows applications from the cloud, reaching more users on more devices, without code modifications. With Amazon AppStream, your application is deployed and rendered on AWS infrastructure and the output is streamed to mass-market devices, such as personal computers, tablets, and mobile phones. Because your application is running in the cloud, it can scale to handle vast computational and storage needs, regardless of the devices your customers are using. Amazon AppStream provides an SDK for streaming your application from the cloud. You can integrate your own custom clients, subscriptions, identity, and storage solution with Amazon AppStream to build a custom streaming solution that meets the needs of your business. [Learn more about Amazon AppStream](https://aws.amazon.com/appstream/). # Create Lightsail resources with AWS CloudFormation AWS CloudFormation resources Amazon Lightsail is integrated with AWS CloudFormation, a service that helps you to model and set up your AWS resources so that you can spend less time creating and managing your resources and infrastructure. You create a template that describes all the AWS resources that you want (such as instances and disks), and CloudFormation provisions and configures those resources for you. When you use CloudFormation, you can reuse your template to set up your Lightsail resources consistently and repeatedly. Describe your resources once, and then provision the same resources over and over in multiple AWS accounts and Regions. ## Lightsail and CloudFormation templates To provision and configure resources for Lightsail and related services, you must understand [CloudFormation templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-guide.html). Templates are formatted text files in JSON or YAML. These templates describe the resources that you want to provision in your CloudFormation stacks. If you're unfamiliar with JSON or YAML, you can use CloudFormation Designer to help you get started with CloudFormation templates. For more information, see [What is CloudFormation Designer?](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/working-with-templates-cfn-designer.html) in the *AWS CloudFormation User Guide*. Lightsail supports creating instances and disks in AWS CloudFormation. For more information, see the [Lightsail resource type reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Lightsail.html) in the *AWS CloudFormation User Guide*. ## Learn more about CloudFormation To learn more about CloudFormation, see the following resources: + [AWS CloudFormation](https://aws.amazon.com/cloudformation/) + [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html) + [CloudFormation API Reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/Welcome.html) + [AWS CloudFormation Command Line Interface User Guide](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/what-is-cloudformation-cli.html) # Explore Lightsail resources for app deployment Additional information about Lightsail The following list includes links to additional information for Amazon Lightsail that is not published in the Lightsail User Guide. **Contents** + [Blogs](#blogs) + [Tutorials](#tutorials) + [Videos](#videos) ## Blogs + [Monitoring the health of Amazon Lightsail instances with Datadog](https://aws.amazon.com/blogs/apn/monitoring-the-health-of-amazon-lightsail-instances-with-datadog/) *March 30, 2022* – Explore how monitoring Lightsail workloads with Datadog can help you ensure application performance and control costs. + [How to set up Galaxy for research on AWS using Amazon Lightsail](https://aws.amazon.com/blogs/publicsector/how-to-set-up-galaxy-for-research-on-aws-using-amazon-lightsail/) *January 13, 2022* – Deploy Galaxy, a scientific workflow, data integration, and digital preservation platform on Lightsail. + [What happens when you type a URL into your browser](https://aws.amazon.com/blogs/mobile/what-happens-when-you-type-a-url-into-your-browser/) *August 26, 2021* – What happens when you type a URL into your browser and press enter? + [Monitoring memory usage in Amazon Lightsail instance](https://aws.amazon.com/blogs/compute/14364-2/) *June 14, 2021* – Configure a Lightsail instance to send memory usage to Amazon CloudWatch for monitoring, alarming, and notifications. + [Frictionless hosting of containerized ASP.NET web apps using Amazon Lightsail](https://aws.amazon.com/blogs/compute/frictionless-hosting-of-containerized-asp-net-web-apps-using-amazon-lightsail/) *June 10, 2021* – How to take a containerized ASP.NET web application that connects to a PostgreSQL database and deploy it to Lightsail. + [Launching a WordPress website using Amazon Lightsail containers](https://aws.amazon.com/blogs/compute/launching-a-wordpress-website-using-amazon-lightsail-containers/) *April 5, 2021* – Launch a WordPress website using Lightsail containers and a Lightsail database. + [Lightsail containers: an easy way to run your containers in the cloud](https://aws.amazon.com/blogs/aws/lightsail-containers-an-easy-way-to-run-your-containers-in-the-cloud/) *November 13, 2020* – Deploy your container‐based workloads on Lightsail. + [Migrating web services from Amazon Lightsail to Amazon EC2](https://aws.amazon.com/blogs/startups/migrating-web-services-from-amazon-lightsail-to-ec2/) *October 16, 2020* – Set up a production environment in Amazon EC2 and migrate a web service into that environment from Lightsail. + [Building a Graylog server to run on an Amazon Lightsail instance](https://aws.amazon.com/blogs/compute/building-a-graylog-server-to-run-on-an-amazon-lightsail-instance/) *July 28, 2020* – How to build a Graylog server on Lightsail. + [Improving website performance with Lightsail content delivery network](https://aws.amazon.com/blogs/compute/improving-website-performance-with-lightsail-content-delivery-network/) *July 23, 2020* – Configure Lightsail distribution to work with both a standard web server in addition to WordPress. + [Proactively monitoring system performance on Amazon Lightsail instances](https://aws.amazon.com/blogs/compute/proactively-monitoring-system-performance-on-amazon-lightsail-instances/) *June 4, 2020* – Configure a burstable capacity alert so you can prevent system performance issues before they impact your users. + [Enhancing site security with new Lightsail firewall features](https://aws.amazon.com/blogs/compute/enhancing-site-security-with-new-lightsail-firewall-features/) *May 7, 2020* – Restrict remote access with SSH to a single source IP address. + [Using CodeDeploy and CodePipeline to deploy applications to Amazon Lightsail](https://aws.amazon.com/blogs/compute/using-aws-codedeploy-and-aws-codepipeline-to-deploy-applications-to-amazon-lightsail/) *April 23, 2020* – Configure Lightsail to work with CodeDeploy and CodePipeline to automatically deploy (or update) an application every time you push a change to GitHub. + [Using load balancers on Amazon Lightsail](https://aws.amazon.com/blogs/compute/using-load-balancers-on-amazon-lightsail/) *April 21, 2020* – How to load balance a simple Node.js web application using an Amazon Lightsail load balancer. + [Building a photo diary on Amazon Lightsail with Ghost](https://aws.amazon.com/blogs/compute/building-a-photo-diary-ghost-on-amazon-lightsail/) *March 23, 2020* – Start a photo diary using Ghost on Lightsail. + [Amazon Lightsail database tips and tricks](https://aws.amazon.com/blogs/compute/amazon-lightsail-database-tips-and-tricks/) *March 23, 2020* – Use advanced features found in Amazon Relational Database Service (Amazon RDS). + [Configuring and using monitoring and Notifications](https://aws.amazon.com/blogs/compute/configuring-and-using-monitoring-and-notifications-in-amazon-lightsail/) *February 27, 2020* – Creating notification contacts, creating a new alarm, and testing out notifications with resource monitoring. + [Deploying a highly‐available WordPress site on Amazon Lightsail, Part 1: Implementing a highly‐available Lightsail database with WordPress](https://aws.amazon.com/blogs/compute/deploying-a-highly-available-wordpress-site-on-amazon-lightsail-part-1-implementing-a-highly-available-lightsail-database-with-wordpress/) *October 22, 2019* – Build a highly‐available WordPress site on Lightsail, part 1. + [Deploying a highly‐available WordPress site on Amazon Lightsail, Part 2: Using Amazon S3 with WordPress to securely deliver media files](https://aws.amazon.com/blogs/compute/deploying-a-highly-available-wordpress-site-on-amazon-lightsail-part-2-using-amazon-s3-with-wordpress-to-securely-deliver-media-files/) *October 31, 2019* – Build a highly‐available WordPress site on Lightsail, part 2. + [Deploying a highly‐available WordPress site on Amazon Lightsail, Part 3: Increasing security and performance using Amazon CloudFront](https://aws.amazon.com/blogs/compute/deploying-a-highly-available-wordpress-site-on-amazon-lightsail-part-3-increasing-security-and-performance-using-amazon-cloudfront/) *November 7, 2019* – Build a highly‐available WordPress site on Lightsail, part 3. + [Deploying a highly‐available WordPress site on Amazon Lightsail, Part 4: Increasing performance and scalability with a Lightsail load balancer](https://aws.amazon.com/blogs/compute/deploying-a-highly-available-wordpress-site-on-amazon-lightsail-part-4-increasing-performance-and-scalability-with-a-lightsail-load-balancer/) *November 14, 2019* – Build a highly‐available WordPress site on Lightsail, part 4. + [Building a pocket platform‐as‐a‐service with Amazon Lightsail](https://aws.amazon.com/blogs/compute/building-a-pocket-platform-as-a-service-with-amazon-lightsail/) *October 8, 2019* – Assemble a pocket platform on Lightsail. + [Deploying a Nginx‐based HTTP/HTTPS load balancer with Amazon Lightsail](https://aws.amazon.com/blogs/compute/deploying-an-nginx-based-http-https-load-balancer-with-amazon-lightsail/) *July 8, 2019* – Set up a NGINX‐based load balancer inside of a Lightsail instance. + [New to the AWS Cloud? Amazon Lightsail can help](https://aws.amazon.com/blogs/apn/new-to-the-aws-cloud-amazon-lightsail-can-help/) *March 27, 2019* – Getting started on Amazon Lightsail. + [New – Managed databases for Amazon Lightsail](https://aws.amazon.com/blogs/aws/new-managed-databases-for-amazon-lightsail/) *October 16, 2018* – Create a managed database with a couple of clicks. + [Amazon Lightsail update: More instance sizes and price reductions](https://aws.amazon.com/blogs/aws/amazon-lightsail-update-more-instance-sizes-and-price-reductions/) *August 23, 2018* – Lightsail instance overview. + [Amazon Lightsail: The power of AWS, the simplicity of a VPS](https://aws.amazon.com/blogs/aws/amazon-lightsail-the-power-of-aws-the-simplicity-of-a-vps/) *November 30, 2016* – Lightsail launch announcement. ## Tutorials Top 5 hands‐on tutorials: 1. [Create a load balanced WordPress website](https://aws.amazon.com/getting-started/hands-on/launch-load-balanced-wordpress-website/) *September 8, 2021* – Launch a highly available WordPress website with Lightsail. 1. [Migrating and managing a WordPress website with Amazon Lightsail](https://aws.amazon.com/getting-started/hands-on/migrating-a-wp-website/) *February 22, 2021* – Launch a clone of your WordPress website onto Lightsail using the Seahorse software. 1. [Launch a Linux virtual machine](https://aws.amazon.com/getting-started/tutorials/launch-a-virtual-machine/) *September 11, 2020* – Launch, configure, and connect to a Linux instance with Lightsail. 1. [Launch a Windows virtual machine](https://aws.amazon.com/getting-started/tutorials/launch-windows-vm/) *September 11, 2020* – Launch, configure, and connect to a Windows instance with Lightsail. 1. [Launch a cPanel and WHM instance on Amazon Lightsail](https://aws.amazon.com/getting-started/hands-on/launch-cpanel-whm-instance/) *July 27, 2020* – This tutorial walks through a few steps that you can take after your cPanel and WHM instance is up and running on Lightsail. + [How to setup and configure Magento on Amazon Lightsail](https://aws.amazon.com/getting-started/hands-on/magento-on-aws/) *August 11, 2021* – Get an e‐commerce site up and running. + [How to connect your WordPress site to an object storage bucket](https://aws.amazon.com/getting-started/hands-on/wordpress-object-storage/) *July 14, 2021* – Set up your WordPress site on Lightsail and connect the website to a Lightsail bucket. + [Create object storage buckets](https://aws.amazon.com/getting-started/hands-on/lightsail-object-storage/) *July 14, 2021* – Create an object storage bucket in Amazon Lightsail. + [Connecting a WordPress website to an Amazon Lightsail bucket and distribution](https://aws.amazon.com/getting-started/hands-on/object-storage-cdn/) *July 14, 2021* – Configure your Lightsail bucket as the origin of a Lightsail content delivery network (CDN) distribution. + [How to setup and configure Plesk](https://aws.amazon.com/getting-started/hands-on/plesk-on-aws/) *April 22, 2021* – Get a Plesk hosting stack up and running on Lightsail. + [How to Setup a Prestashop e–commerce site](https://aws.amazon.com/getting-started/hands-on/prestashop-on-lightsail/) *April 1, 2021* – Launch and configure a Lightsail instance using the PrestaShop Certified by Bitnami blueprint. + [How to Use Amazon EFS with Amazon Lightsail](https://aws.amazon.com/getting-started/hands-on/efs-and-lightsail/) *March 15, 2021* – Create and connect to an Amazon EFS file system from Lightsail instances using VPC peering. + [How to setup a Nginx reverse proxy](https://aws.amazon.com/getting-started/hands-on/setup-an-nginx-reverse-proxy/) *February 10, 2021* – Set up a Nginx reverse proxy using Lightsail containers. + [How to Serve a Flask pp](https://aws.amazon.com/getting-started/hands-on/serve-a-flask-app/) *February 3, 2021* – Learn how to serve a Flask application with Lightsail containers. + [Creating, pushing, and deploying container images with Amazon Lightsail](https://aws.amazon.com/getting-started/hands-on/lightsail-containers/) *November 11, 2020* – Create a container image on your local machine using a Dockerfile. + [Build a Drupal website](https://aws.amazon.com/getting-started/projects/build-drupal-website/) *September 11, 2020* – Deploy and host a production‐ready Drupal website on Lightsail. + [Build a LAMP stack web App](https://aws.amazon.com/getting-started/hands-on/launch-lamp-web-app/) *September 9, 2020* – Launch and run a highly available PHP web application on Lightsail. + [Configure your WordPress instance to work with your distribution](https://aws.amazon.com/getting-started/hands-on/configuring-wp-instance-with-cdn/) *July 16, 2020* – Configure your WordPress instance to work with your Lightsail distribution. + [Launch a WordPress website](https://aws.amazon.com/getting-started/hands-on/launch-a-wordpress-website/) *March 23, 2020* – Get a website up and running with WordPress installed on a Lightsail virtual machine. + [Host a .NET application](https://aws.amazon.com/getting-started/projects/host-net-web-app/) *March 20, 2020* – Build and deploy a .NET application using Lightsail. + [Map your domain at Amazon Route 53 to your Lightsail resources](https://aws.amazon.com/getting-started/hands-on/map-your-domain-at-route53-to-lightsail/) Route traffic for your domain, such as example.com, to your Lightsail resources. ## Videos + [Amazon Lightsail Tutorial: Deploy a Django app](https://www.youtube.com/watch?v=maEvGfJKWdU) *July 14, 2021* – In this tutorial, you create a Django application. + [Amazon Lightsail Tutorial: Deploy a Flask app](https://www.youtube.com/watch?v=eOqlLa6paCI) *July 14, 2021* – In this tutorial, you create a Flask application. + [Amazon Lightsail Tutorial: Deploy a NGINX reverse proxy](https://www.youtube.com/watch?v=uokHUbglpwo) *July 14, 2021* – Create a Flask application, build a Docker container, create a container service on Lightsail, and then deploy the application. + [Amazon Lightsail Tutorial: Deploy an e-commerce site](https://www.youtube.com/watch?v=gWh548fO97Q) *July14, 2021* – Launch a Lightsail instance using the PrestaShop Certified by Bitnami blueprint, and configure it. + [Deploy a containerized application on Amazon Lightsail](https://www.youtube.com/watch?v=7Tn8icO-dOk) *December 29, 2020* – Learn how to deploy a containerized application in Lightsail. + [Amazon Lightsail Tutorial: Build a Drupal website](https://www.youtube.com/watch?v=4b15zJNxe-U) *August 31, 2020* – Launch and configure a Drupal instance. + [Amazon Lightsail Tutorial: Deploy a LAMP Stack app](https://www.youtube.com/watch?v=mM88-bZgWTc) *August 31, 2020* – Deploy a LAMP (Linux Apache MySQL PHP) stack application onto a single Lightsail instance. + [Amazon Lightsail Tutorial: Launch a Linux instance](https://www.youtube.com/watch?v=e_AmFP1jhNo) *August 31, 2020* – Learn how to launch a Linux instance. + [Amazon Lightsail Tutorial: Launch a Windows instance](https://www.youtube.com/watch?v=BTEvn7HLMGU) *August 31, 2020* – Learn how to launch a Windows instance. + [Amazon Lightsail Tutorial: Run your own Minecraft server](https://www.youtube.com/watch?v=Iv13FrZCdko) *August 31, 2020* – Learn how to set up a dedicated Minecraft server. + [Introduction to Amazon Lightsail tutorials](https://www.youtube.com/watch?v=AESGb6Juulw) *August 31, 2020* – Get started on your cloud journey today with Lightsail. + [Amazon Lightsail: The easiest way to get started on AWS](https://www.youtube.com/watch?v=taMlabDBO58) *March 20, 2020* – Lightsail is the easiest way to get started on AWS. It offers virtual servers, storage, databases and networking, plus a cost‐effective, monthly plan. + [Configuring a Plesk instance in Amazon Lightsail](https://www.youtube.com/watch?v=SkVVZi-g2HM) *March 27, 2019* – Learn how to configure a Plesk instance in Lightsail. + [Configuring WordPress Multisite in Amazon Lightsail](https://www.youtube.com/watch?v=J5thWR_C_0c/) *January 15, 2019* – Learn how to configure a WordPress Multisite instance in Lightsail. + [Managing Lightsail](https://www.youtube.com/watch?v=q4cbMwZrvAc) *October 9, 2018* – Take a quick look at Lightsail key features. + [Deploy a MEAN stack app on Amazon Lightsail](https://www.youtube.com/watch?v=iohBEVf4uIQ) *June 5, 2018* – Use Lightsail's MEAN blueprint to deploy a custom application to the cloud. + [Deploy a WordPress instance on Amazon Lightsail](https://www.youtube.com/watch?v=upZOhKhefAs) *June 5, 2018* – Deploy a WordPress instance on Lightsail.