# Quickly deploy applications with Lightsail blueprints
Use the following quick start guides to get started with Lightsail blueprints. In Lightsail, a blueprint is a virtual image that comes prepackaged with an operating system and application. Applications include WordPress, WordPress Multisite, cPanel & WHM, PrestaShop, Drupal, Ghost, Joomla\$1, Magento, Redmine, Ruby on Rails, LAMP, Nginx (LEMP), and Node.js
**Topics**
+ [
# Launch and set up an AlmaLinux instance on Lightsail
](amazon-lightsail-quick-start-guide-almalinux.md)
+ [
# Host websites, email, and services with cPanel & WHM on Lightsail
](amazon-lightsail-quick-start-guide-cpanel.md)
+ [
# Set up and customize your Drupal website on Lightsail
](amazon-lightsail-quick-start-guide-drupal.md)
+ [
# Deploy a Ghost website on Lightsail
](amazon-lightsail-quick-start-guide-ghost.md)
+ [
# Set up and configure a GitLab CE instance on Lightsail
](amazon-lightsail-quick-start-guide-gitlab.md)
+ [
# Get started with Joomla\$1 on Lightsail
](amazon-lightsail-quick-start-guide-joomla.md)
+ [
# Deploy and manage a LAMP stack on Lightsail
](amazon-lightsail-quick-start-guide-lamp.md)
+ [
# Set up and configure Magento on Lightsail
](amazon-lightsail-quick-start-guide-magento.md)
+ [
# Deploy and manage an Nginx web server on Lightsail
](amazon-lightsail-quick-start-guide-nginx.md)
+ [
# Deploy and manage a Node.js stack on Lightsail
](amazon-lightsail-quick-start-guide-nodejs.md)
+ [
# Get started with OpenClaw on Lightsail
](amazon-lightsail-quick-start-guide-openclaw.md)
+ [
# Deploy a Plesk hosting stack on Lightsail
](set-up-and-configure-plesk-stack-on-lightsail.md)
+ [
# Set up a PrestaShop website on Lightsail
](amazon-lightsail-quick-start-guide-prestashop.md)
+ [
# Configure and secure a Redmine instance on Lightsail
](amazon-lightsail-quick-start-guide-redmine.md)
+ [
# Set up Ruby on Rails on Lightsail
](amazon-lightsail-quick-start-guide-rubyonrails.md)
+ [
# Deploy and manage WordPress on Lightsail
](amazon-lightsail-quick-start-guide-wordpress.md)
+ [
# Set up WordPress Multisite on Lightsail
](amazon-lightsail-quick-start-guide-wordpress-multisite.md)
# Launch and set up an AlmaLinux instance on Lightsail
**Did you know?**
Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) .
This quick start guide provides step-by-step instructions for creating and configuring an AlmaLinux instance on the Amazon Lightsail platform. This topic covers the key steps, including selecting your instance location and plan, setting up networking and security, and transitioning from CentOS to AlmaLinux. By following these steps, you can quickly get your AlmaLinux instance up and running on Lightsail.
**Topics**
+ [
## Prerequisites
](#amazon-lightsail-quick-start-guide-almalinux-prerequisites)
+ [
## Create an AlmaLinux instance in Lightsail
](#amazon-lightsail-quick-start-guide-almalinux-create-instance)
+ [
## (Optional) Additional setup
](#amazon-lightsail-additional-setup-almalinux)
+ [
# Migrate data from CentOS to AlmaLinux on Lightsail
](amazon-lightsail-migrate-centos-to-almalinux.md)
## Prerequisites
+ If you're a new AWS customer, complete the setup prerequisites before you start using Amazon Lightsail. For more information, see [Set up AWS account and administrative users for Lightsail](setting-up.md).
+ Read the AlmaLinux documentation on the [https://wiki.almalinux.org/](https://wiki.almalinux.org/) site.
## Create an AlmaLinux instance in Lightsail
Complete the following procedure to create an AlmaLinux instance by using the [Lightsail console](https://lightsail.aws.amazon.com/).
1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).
1. On the home page, choose **Create instance**.
1. Select a location for your instance (an AWS Region and Availability Zone). Choose an AWS Region that is closest to your physical location for reduced latency.
Choose **Change your Availability Zone** to create your instance in another location.
1. Choose the Linux platform.
1. Choose **Operating System (OS) only**, then pick the **AlmaLinux** blueprint.
![\[The platform picker in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-almalinux-qs-guide-01.png)
1. Optionally, you can:
1. Add a shell script that will run on your instance the first time it launches by selecting **Add launch script**. For more information, see [Configure Linux/Unix instances with launch scripts in Lightsail](lightsail-how-to-configure-server-additional-data-shell-script.md).
1. To change the SSH key pair for your instance, choose a key from the dropdown list below **SSH key**. For more information, see [Set up SSH keys for Lightsail](lightsail-how-to-set-up-ssh.md).
1. Enable **Automatic Snapshots** for your instance and the attached disks by selecting **Enable Automatic Snapshots**. For more information, see [Configure automatic snapshots for Lightsail instances and disks](amazon-lightsail-configuring-automatic-snapshots.md).
1. Choose your instance plan. You can choose whether your instance uses dual-stack (IPv4 and IPv6), or IPv6-only networking. The AlmaLinux blueprint supports both dual-stack and IPv6-only bundles. To learn more about IPv6-only networking, see [Configure IPv6-only networking for Lightsail instances](amazon-lightsail-ipv6-only-plans.md).
![\[The instance plan picker in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-almalinux-qs-guide-02.png)
1. Enter a name for your instance.
Resource names:
+ Must be unique within each AWS Region in your Lightsail account.
+ Must contain 2 to 255 characters.
+ Must start and end with an alphanumeric character or number.
+ Can include alphanumeric characters, numbers, periods, dashes, and underscores.
![\[The instance plan picker in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-almalinux-qs-guide-03.png)
1. (Optional) Choose **Add new tag** to add a tag to your instance. Repeat this step as needed to add additional tags. For more information on tag usage, see [Tags](amazon-lightsail-tags.md).
1. For **Key**, enter a tag key.
![\[A tag with only the tag key specified in the Lightsail create instance workflow.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-instance-key-name-only-tags.png)
1. (Optional) For **Value**, enter a tag value.
![\[A tag with the tag key and tag value specified in the Lightsail create instance workflow.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-instance-key-name-and-value-tags.png)
1. Choose **Create instance**.
Within minutes, your Lightsail instance is ready and you can connect to it.
## (Optional) Additional setup
Here are a few steps you should take to get started after your AlmaLinux instance is up and running on Lightsail:
+ **Attach a static IP address to your instance** – The default dynamic public IP address attached to your instance changes every time you stop and start the instance. Create a static IP address, and attach it to your instance, to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach one static IP to an instance.
The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance.
On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md).
![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png)
+ **Register a domain in Lightsail** Register and manage domain names in Lightsail. Lightsail uses Amazon Route 53, a highly available and scalable Domain Name System (DNS) web service, to register domains for you. After your domain is registered, you can assign it to your Lightsail resources or manage DNS records for it. For more information, see [Register and manage domains for your website in Lightsail](amazon-lightsail-domain-registration.md).
+ **Map your domain name to your instance** – To map your domain name, such as `example.com`, to your instance, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console.
On the Lightsail console home page, on the **Domains & DNS** section, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Create a DNS zone to manage domain records for Lightsail instances](lightsail-how-to-create-dns-entry.md).
+ **Create a snapshot of your instance** – A snapshot is a copy of the system disk and original configuration of an instance. The snapshot includes such information as memory, CPU, disk size, and data transfer rate. You can use a snapshot as a baseline for new instances, or as a data backup.
Under the **Snapshot** tab of your instance’s management page, enter a name for the snapshot, then choose **Create snapshot**. For more information, see [Back up Linux/Unix Lightsail instances with snapshots](lightsail-how-to-create-a-snapshot-of-your-instance.md).
To learn how to migrate from CentOS to AlmaLinux, continue to the next topic: [Migrate data from CentOS to AlmaLinux on Lightsail](amazon-lightsail-migrate-centos-to-almalinux.md).
# Migrate data from CentOS to AlmaLinux on Lightsail
Migrating from CentOS to AlmaLinux is a straightforward process by which you move data from one instance in Lightsail to another. This topic outlines two options that you can use to migrate your data.
For more information see the AlmaLinux documentation on the [https://wiki.almalinux.org/](https://wiki.almalinux.org/) site.
**Contents**
+ [
## Prerequisites
](#amazon-lightsail-migrate-centos-to-almalinux-prerequisites)
+ [
## (Optional) Use secure copy (scp) to transfer files between instances
](#amazon-lightsail-migrate-centos-to-almalinux-scp)
+ [
## (Optional) Move the block storage disk from the CentOS instance to the AlmaLinux instance
](#amazon-lightsail-migrate-centos-to-almalinux-copy-disk)
## Prerequisites
+ If you haven't already, create an AlmaLinux Lightsail instance. For more information, see [Launch and set up an AlmaLinux instance on Lightsail](amazon-lightsail-quick-start-guide-almalinux.md).
+ Create a snapshot of the disk you plan to move to your AlmaLinux instance. For more information, see [Create Lightsail block storage disk snapshots for backup or baseline](create-block-storage-disk-snapshot.md).
## (Optional) Use secure copy (scp) to transfer files between instances
You can securely transfer files from your CentOS instance to the new AlmaLinux instance by using the secure copy command in Linux. For more information, see [Transfer files between Linux instances on Lightsail using scp](amazon-lightsail-transfer-files-between-linux-instances.md).
## (Optional) Move the block storage disk from the CentOS instance to the AlmaLinux instance
Use the following procedure to move a secondary block storage disk from your CentOS instance bundle to the AlmaLinux bundle. You cannot detach the instance's boot volume disk; the disk that contains the operating system. After you attach the disk to your AlmaLinux instance, you need to connect to that instance and mount the disk. For more information, see [Expand storage and performance with Lightsail block storage disks](elastic-block-storage-and-ssd-disks-in-amazon-lightsail.md).
If your CentOS instance is running, you will need to stop it before you can detach the disk. For more information, see [Stop a running instance](https://docs.aws.amazon.com/lightsail/latest/userguide/lightsail-how-to-start-stop-or-restart-your-instance-virtual-private-server.html#lightsail-instance-stop).
1. From the **Storage** section of the Lightsail console, select the disk that you want to detach from your CentOS instance.
![\[The storage section in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-migrate-alma-01.png)
1. On the **Details** tab, choose **Detach**.
![\[The disk details in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-migrate-alma-02.png)
1. From the disk **Details** page, choose the **Attach to an instance** dropdown menu. Then choose the name of your AlmaLinux instance.
![\[The attach disk dropdown menu in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-migrate-alma-03.png)
1. Choose **Attach**.
1. (Optional) You might need to connect to your AlmaLinux instance and mount the disk before you can access its data. For more information, see [Connect to your instance to format and mount the disk](https://docs.aws.amazon.com/lightsail/latest/userguide/create-and-attach-additional-block-storage-disks-linux-unix.html#connect-to-linux-unix-instance-using-ssh-format-mount-disk).
**Warning**
The above link provides instructions for how to mount and format the attached disk. **Do not format the disk** that you attached to your AlmaLinux instance. Formatting it will permanently erase all information stored on the disk.
# Host websites, email, and services with cPanel & WHM on Lightsail
**Did you know?**
Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) .
Here are a few steps you should take to get started after your cPanel & WHM instance is up and running on Amazon Lightsail.
**Important**
Your cPanel & WHM instance includes a 15-day trial license. After 15 days, you must purchase a license from cPanel to continue using cPanel & WHM. If you plan on purchasing a license, complete steps 1-7 of this guide before purchasing your license.
You must choose an instance plan with at least 2 GB of memory to use this blueprint.
**Contents**
+ [Step 1: Change the root user password](#amazon-lightsail-cpanel-root-user-password)
+ [Step 2: Attach a static IP address to your cPanel & WHM instance](#amazon-lightsail-cpanel-attach-static-ip)
+ [Step 3: Sign in to the Web Host Manager for the first time](#amazon-lightsail-cpanel-sign-in)
+ [Step 4: Change the hostname and IP address of your cPanel & WHM instance](#amazon-lightsail-cpanel-change-hostname)
+ [Step 5: Map your domain name to your cPanel & WHM instance](#amazon-lightsail-cpanel-map-your-domain-to-your-instance)
+ [Step 6: Edit the firewall of your instance](#amazon-lightsail-cpanel-edit-firewall)
+ [Step 7: Remove SMTP restrictions from your Lightsail instance](#amazon-lightsail-cpanel-smtp)
+ [Step 8: Read the cPanel & WHM documentation and get support](#amazon-lightsail-cpanel-read-the-documentation)
+ [Step 9: Purchase a license for cPanel & WHM](#amazon-lightsail-purchase-cpanel-license)
+ [Step 10: Create a snapshot of your cPanel & WHM instance](#amazon-lightsail-cpanel-create-a-snapshot)
## Step 1: Change the root user password
Complete the following procedure to change the root user password on your cPanel instance. You will use the root user and password to sign in to the Web Host Manager (WHM) console later.
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
1. After you're connected, enter the following command to change the password for the root user:
```
sudo passwd
```
1. Enter a strong password and confirm it by entering it a second time.
**Note**
Your password should not include dictionary words and should be greater than 7 characters. If you don't follow these guidelines, you will get a `BAD PASSWORD` warning.
Remember this password because you will use it to sign in to the WHM console later in this guide.
## Step 2: Attach a static IP address to your cPanel & WHM instance
**Important**
You must specify the public IP address of your cPanel & WHM instance when purchasing a license from cPanel. The license that you purchase is associated to that IP address. Because of this, you must attach a static IP to your cPanel & WHM instance if you plan on purchasing a license from cPanel. Specify your static IP when you purchase a license from cPanel, and keep your static IP for as long as you plan to use your cPanel & WHM license with a Lightsail instance. If you need to transfer your license to another IP address later, you can submit a request to cPanel. For more information, see [Transfer a license](https://docs.cpanel.net/manage2/licenses/transfer-a-license/) in the *WHM documentation*.
The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance.
On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md).
![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png)
## Step 3: Sign in to the Web Host Manager for the first time
Complete the following procedure to sign in to the WHM console for the first time.
1. Open a web browser and navigate to the following web address. Replace ** with the static IP address of your instance. Be sure to add `:2087` to the end of the address, which is the port on which you will establish a connection to your instance.
```
https://:2087
```
**Example:**
```
https://192.0.2.0:2087
```
**Important**
You must include `https://` in your browser's address bar when navigating to the IP address and port of your instance. Otherwise, you will get an error stating that the site can't be reached.
If you're unable to establish a connection when browsing to the static IP address of your instance over port 2087, check that your router, VPN, or internet service provider allows HTTP/HTTPS connections through port 2087. If it does not, then try to connect using a different network.
You might also see a browser warning that your connection is not private, not secure, or that there’s a security risk. This happens because your cPanel instance does not yet have an SSL/TLS certificate applied to it. In the browser window, choose **Advanced**, **Details**, or **More information** to view the options that are available. Then choose to proceed to the website even if it’s not private or secure.
1. Enter `root` in the **Username** text box.
1. Enter the root user password in the **Password** text box.
This is the password that you specified earlier in the [Step 1: Change the root user password](#amazon-lightsail-cpanel-root-user-password) section of this guide.
1. Choose **Log in**.
![\[WHM sign in page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/whm-sign-in-page.png)
1. Read the cPanel & WHM terms, then choose **Agree to all** if you would like to proceed.
![\[cPanel & WHM terms\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/cpanel-whm-terms.png)
1. On the **Get started with a Free cPanel Trial** page, choose **Log in** to log in to the cPanel store.
You must sign in to the cPanel store in order to associate your trial license to your account. If you don't have a cPanel store account, you should still choose **Log in**, and you will be given the option to create one.
![\[cPanel get started with a free trial\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/cpanel-free-trial-getting-started.png)
1. In the **Authorization Request** page that appears, enter your email address or username, and the password for your cPanel store account.
If you don't have a cPanel store account, then choose **Create Account** and follow the prompts to create your new cPanel store account. You will be asked to enter your email address, and will be sent an email to set your cPanel store account password. We recommend that you set your cPanel store account password using a new browser tab. When your password is set, you can close that tab and return to your instance to authorize your account, and continue to the next step of this procedure.
1. Choose **Sign in**.
![\[cPanel authorization request\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/cpanel-authorization-request.png)
After you sign in, your cPanel & WHM instance will acquire a 15-day trial license that is associated with your cPanel store account. Go to the [Manage Licenses](https://store.cpanel.net/store/cpanel-licenses) page in the cPanel store to view your issued licenses, including trial licenses.
1. Choose **Server Setup** to continue.
![\[cPanel trial license confirmation\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/cpanel-trial-license-confirmation.png)
1. Choose **Skip** in the email address and name servers page. You can configure these later.
![\[cPanel email address and name server configuration\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/cpanel-email-nameserver-configuration.png)
The WHM console appears, where you can manage the settings and features for cPanel.
## Step 4: Change the hostname and IP address of your cPanel & WHM instance
Complete the following steps to change the hostname of your instance, so that you don't have to use its public IP address to access the WHM console. You should also change the IP address of your instance to the new static IP address that you attached to your instance earlier in the [Step 2: Attach a static IP address to your cPanel & WHM instance](#amazon-lightsail-cpanel-attach-static-ip) section of this guide.
1. Choose the navigation menu icon in the top-left section of the WHM console.
![\[WHM navigation menu icon\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-whm-menu-icon.png)
1. Enter `Change hostname` in the search text box in the WHM console, then choose the **Change hostname** option in the results.
![\[Change the hostname of your cPanel & WHM instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-whm-change-hostname.png)
1. Enter the hostname that you want to use to access the WHM console in the **New hostname** text box. For example, enter `management.example.com` or `administration.example.com`.
**Note**
You can only specify a subdomain as the hostname, and you cannot specify `whm` or `cpanel` as the subdomain.
![\[Change the hostname of your cPanel & WHM instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-whm-new-hostname.png)
1. Choose **Change**.
1. Choose the navigation menu icon in the top-left section of the WHM console.
![\[WHM navigation menu icon\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-whm-menu-icon.png)
1. Choose **Basic WebHost Manager Setup**.
![\[Basic WebHost Manager Setup\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cpanel-whm-basic-setup.png)
1. Under the **All** tab, scroll down and find the **Basic Config** section of the page.
1. In the IPv4 address text box, enter the new static IP address of the instance. For information about IPv6, see [Configuring IPv6 on cPanel instances](amazon-lightsail-configure-ipv6-on-cpanel.md).
![\[IPv4 address text box\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cpanel-whm-ip-address.png)
1. Scroll to the bottom of the page and choose **Save Changes**.
**Note**
If you receive an *Invalid License file* error message, wait and try to change the IP address again after a few minutes.
The hostname and IP address of your instance are now changed, but you must still map your domain name to your cPanel & WHM instance. You do this by adding an address (A) record in the domain name system (DNS) of your registered domain name. The A record resolves the hostname of your instance to the static IP address of your instance. We show you how to do this in the next section of this guide.
## Step 5: Map your domain name to your cPanel & WHM instance
**Note**
You can map a domain to your cPanel & WHM instance, which you can use to access the WHM console. You can also map multiple domains within WHM, which you can use to manage websites within WHM. This section describes how to map your domain to your cPanel & WHM instance. For more information about mapping multiple domains within the WHM console, which you do when you create a new account, see [Create a new account](https://docs.cpanel.net/whm/account-functions/create-a-new-account/) in the *WHM documentation*.
To map your domain name, such as `management.example.com` or `administration.example.com` to your instance, you add an address (A) record to the DNS of your domain. The record maps the hostname of your cPanel & WHM instance to the static IP address of your instance. The subdomain that you specify in the A record must match the hostname that you specified in the [Step 4: Change the hostname and IP address of your cPanel & WHM instance](#amazon-lightsail-cpanel-change-hostname) section earlier in this guide. After the A record is added, you can use the following address to access the WHM console of your instance, instead of using your instance's static IP address. Replace ** with the host name of your instance.
```
https:///whm
```
**Example:**
```
https//management.example.com/whm
```
DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console. To do this, sign in to the Lightsail console. On the Lightsail console home page, choose the **Domains & DNS** tab, and then choose **Create DNS zone**. Follow the instructions on the page to add your domain name to Lightsail. For more information, see [Creating a DNS zone to manage your domain’s DNS records in Lightsail](lightsail-how-to-create-dns-entry.md).
## Step 6: Edit the firewall of your instance
The following firewall ports are open by default on your cPanel & WHM instance:
+ SSH - TCP - 22
+ DNS (UDP) - UDP - 53
+ DNS (TCP) - TCP - 53
+ HTTP - TCP - 80
+ HTTPS - TCP - 443
+ Custom - TCP - 2078
+ Custom - TCP - 2083
+ Custom - TCP - 2087
+ Custom - TCP - 2089
You might need to open additional ports depending on the services and applications that you plan to use on your instance. For example, open ports 25, 143, 465, 587, 993, 995, 2096 for email services, and ports 2080, 2091 for calendar services. Under the **Networking** tab of your instance’s management page, scroll to the Firewall section of the page, and choose **Add rule**. Choose the application, protocol, and port or port range to open. Choose **Create** when you're done.
For more information about which ports to open, see [How to configure your firewall for cPanel services](https://documentation.cpanel.net/display/CKB/How+to+Configure+Your+Firewall+for+cPanel+Services) in the *cPanel documentation*. For more information about editing your instance's firewall in Lightsail, see [Adding and editing instance firewall rules in Amazon Lightsail](amazon-lightsail-editing-firewall-rules.md).
## Step 7: Remove SMTP restrictions from your Lightsail instance
AWS blocks outbound traffic on port 25 on all Lightsail instances. To send outbound traffic on port 25, request that this restriction be removed. For more information, see [How do I remove the restriction on port 25 from my Lightsail instance?](https://aws.amazon.com/premiumsupport/knowledge-center/lightsail-port-25-throttle/).
**Important**
If you configure SMTP to use ports 25, 465, or 587, then you must open those ports in the firewall of your instance in the Lightsail console. For more information, see [Adding and editing instance firewall rules in Amazon Lightsail](amazon-lightsail-editing-firewall-rules.md).
## Step 8: Read the cPanel & WHM documentation and get support
Read the cPanel & WHM documentation to learn how to administer web sites using cPanel and WHM. For more information, see [cPanel & WHM documentation](https://docs.cpanel.net/).
If you have questions about cPanel & WHM or need support, you can contact cPanel using the following resources:
+ [cPanel Troubleshoot your installation](https://docs.cpanel.net/installation-guide/troubleshoot-your-installation/)
+ [cPanel Discord channel](https://go.cpanel.net/discord)
## Step 9: Purchase a license for cPanel & WHM
Your cPanel & WHM instance includes a 15-day trial license. After 15 days, you must purchase a license from cPanel to continue using cPanel & WHM. For more information, see [How to purchase a cPanel license](https://docs.cpanel.net/knowledge-base/cpanel-product/how-to-purchase-a-cpanel-license/) in the cPanel documentation.
**Important**
You must specify the public IP address of your cPanel & WHM instance when purchasing a license from cPanel. The license that you purchase is associated to that IP address. Because of this, you must attach a static IP to your cPanel & WHM instance as described in [Step 2: Attach a static IP address to your cPanel & WHM instance](#amazon-lightsail-cpanel-attach-static-ip) section of this guide. Specify your static IP when you purchase a license from cPanel, and keep your static IP for as long as you plan to use your cPanel & WHM license with a Lightsail instance. If you need to transfer your license to another IP address later, you can submit a request to cPanel. For more information, see [Transfer a license](https://docs.cpanel.net/manage2/licenses/transfer-a-license/) in the *WHM documentation*.
## Step 10: Create a snapshot of your cPanel & WHM instance
**Note**
Instance snapshots of the current generation blueprint **cPanel & WHM for AlmaLinux** can be exported to Amazon EC2.
Instance snapshots of the previous generation blueprint **cPanel & WHM for Linux** cannot be exported to Amazon EC2 at this time.
If you create a new instance from the snapshot, give the instance extra time to fully start up before signing into the WHM as described in [Step 3](#amazon-lightsail-cpanel-sign-in).
After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken).
You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot.
You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md).
![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png)
# Set up and customize your Drupal website on Lightsail
**Did you know?**
Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) .
Here are a few steps you should take to get started after your Drupal instance is up and running on Amazon Lightsail:
**Contents**
+ [Step 1: Read the Bitnami documentation](#amazon-lightsail-read-the-bitnami-documentation-drupal)
+ [Step 2: Get the default application password to access the Drupal administration dashboard](#amazon-lightsail-get-the-default-user-password-drupal)
+ [Step 3: Attach a static IP address to your instance](#amazon-lightsail-attach-static-ip-drupal)
+ [Step 4: Sign in to the administration dashboard of your Drupal website](#amazon-lightsail-sign-in-drupal)
+ [Step 5: Route traffic for your registered domain name to your Drupal website](#amazon-lightsail-map-your-domain-to-your-instance-drupal)
+ [Step 6: Configure HTTPS for your Drupal website](#amazon-lightsail-https-drupal)
+ [Step 7: Read the Drupal documentation and continue configuring your website](#amazon-lightsail-read-documentation-drupal)
+ [Step 8: Create a snapshot of your instance](#amazon-lightsail-create-a-snapshot-drupal)
## Step 1: Read the Bitnami documentation
Read the Bitnami documentation to learn how to configure your Drupal application. For more information, see the [Drupal Packaged By Bitnami For AWS Cloud](https://docs.bitnami.com/aws/apps/drupal/).
## Step 2: Get the default application password to access the Drupal administration dashboard
Complete the following procedure to get the default application password required to access the administration dashboard for your Drupal website. For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md).
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png)
1. After you're connected, enter the following command to get the application password:
```
cat $HOME/bitnami_application_password
```
You should see a response similar to the following example, which contains the default application password:
![\[Bitnami default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bitnami-application-password.png)
## Step 3: Attach a static IP address to your instance
The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance.
On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md).
![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png)
## Step 4: Sign in to the administration dashboard of your Drupal website
Now that you have the default user password, navigate to your Drupal website's home page, and sign in to the administration dashboard. After you’re signed in, you can start customizing your website and making administrative changes. For more information about what you can do in Drupal, see the [Step 7: Read the Drupal documentation and continue configuring your website](#amazon-lightsail-read-documentation-drupal) section later in this guide.
1. On your instance management page, under the **Connect** tab, make note of the public IP address of your instance. The public IP address is also displayed in the header section of your instance management page.
![\[Public IP address of an instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-ip.png)
1. Browse to the public IP address of your instance, for example by going to `http://203.0.113.0`.
The home page of your Drupal website should appear.
1. Choose **Manage** in the bottom right corner of your Drupal website home page.
If the **Manage** banner is not shown, you can reach the sign in page by browsing to `http:///user/login`. Replace `` with the public IP address of your instance.
1. Sign in using the default user name (`user`) and the default password retrieved earlier in this guide.
The Drupal administration dashboard appears.
![\[The Drupal administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-drupal-dashboard.png)
## Step 5: Route traffic for your registered domain name to your Drupal website
To route traffic for your registered domain name, such as `example.com`, to your Drupal website, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console.
On the Lightsail console home page, under the **Domains & DNS** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Creating a DNS zone to manage your domain’s DNS records in Lightsail](lightsail-how-to-create-dns-entry.md).
If you browse to the domain name that you configured for your instance, you should be redirected to the home page of your Drupal website. Next, you should generate and configure an SSL/TLS certificate to enable HTTPS connections for your Drupal website. For more information, continue to the next [Step 6: Configure HTTPS for your Drupal website](#amazon-lightsail-https-drupal) section of this guide.
## Step 6: Configure HTTPS for your Drupal website
Complete the following procedure to configure HTTPS on your Drupal website. These steps show you how to use the Bitnami HTTPS Configuration Tool (`bncert-tool`), which is a command line tool for requesting Let's Encrypt SSL/TLS certificates. For more information see [Learn About The Bitnami HTTPS Configuration Tool](https://docs.bitnami.com/aws/how-to/understand-bncert/) in the *Bitnami documentation*.
**Important**
Before starting with this procedure, make sure that you configured your domain to route traffic to your Drupal instance. Otherwise, the SSL/TLS certificate validation process will fail.
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png)
1. After you're connected, enter the following command to confirm the bncert tool is installed on your instance.
```
sudo /opt/bitnami/bncert-tool
```
You should see one of the following responses:
+ If you see command not found in the response, then the bncert tool is not installed on your instance. Continue to the next step in this procedure to install the bncert tool on your instance.
+ If you see **Welcome to the Bitnami HTTPS configuration tool** in the response, then the bncert tool is installed on your instance. Continue to the step 8 of this procedure.
+ If the bncert tool has been installed on your instance for a while, then you might see a message indicating that an updated version of the tool is available. Choose to download it, and then enter the `sudo /opt/bitnami/bncert-tool` command to run the bncert tool again. Continue to the step 8 of this procedure.
1. Enter the following command to download the bncert run file to your instance.
```
wget -O bncert-linux-x64.run https://downloads.bitnami.com/files/bncert/latest/bncert-linux-x64.run
```
1. Enter the following command to create a directory for the bncert tool run file on your instance.
```
sudo mkdir /opt/bitnami/bncert
```
1. Enter the following command to make the bncert run a file that can be executed as a program.
```
sudo chmod +x /opt/bitnami/bncert/bncert-linux-x64.run
```
1. Enter the following command to create a symbolic link that runs the bncert tool when you enter the sudo /opt/bitnami/bncert-tool command.
```
sudo ln -s /opt/bitnami/bncert/bncert-linux-x64.run /opt/bitnami/bncert-tool
```
You are now done installing the bncert tool on your instance.
1. Enter the following command to run the bncert tool.
```
sudo /opt/bitnami/bncert-tool
```
1. Enter your primary domain name and alternate domain names separated by a space as shown in the following example.
If your domain is not configured to route traffic to the public IP address of your instance, the `bncert` tool will ask you to make that configuration before continuing. Your domain must be routing traffic to the public IP address of the instance from which you are using the `bncert` tool to enable HTTPS on the instance. This confirms that you own the domain, and serves as the validation for your certificate.
![\[Entering the primary and alternate domain names\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-domain-names.png)
1. The `bncert` tool will ask you how you want your website's redirection to be configured. These are the options available:
+ **Enable HTTP to HTTPS redirection** - Specifies whether users who browse to the HTTP version of your website (i.e., `http:/example.com`) are automatically redirected to the HTTPS version (i.e., `https://example.com`). We recommend enabling this option because it forces all visitors to use the encrypted connection. Type `Y` and press **Enter** to enable it.
+ **Enable non-www to www redirection** - Specifies whether users who browse to the apex of your domain (i.e., `https://example.com`) are automatically redirected to your domain's `www` subdomain (i.e., `https://www.example.com`). We recommend enabling this option. However, you may want to disable it and enable the alternate option (enable `www` to non-`www` redirection) if you have specified the apex of your domain as your preferred website address in search engine tools like Google's webmaster tools, or if your apex points directly to your IP and your `www` subdomain references your apex via a CNAME record. Type `Y` and press **Enter** to enable it.
+ **Enable www to non-www redirection** - Specifies whether users who browse to your domain's `www` subdomain (i.e., `https://www.example.com`) are automatically redirected to the apex of your domain (i.e., `https://example.com`). We recommend disabling this, if you enabled non-`www` redirection to `www`. Type `N` and press **Enter** to disable it.
Your selections should look like the following example.
![\[Website redirection options\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-enable-disable-redirection.png)
1. The changes that are going to be made are listed. Type `Y` and press **Enter** to confirm and continue.
![\[Confirming the changes\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-confirm-changes.png)
1. Enter your email address to associate with your Let's Encrypt certificate and press **Enter**.
![\[Associating your email address with your Let's Encrypt certificate\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-email-address.png)
1. Review the Let's Encrypt Subscriber Agreement. Type `Y` and press **Enter** to accept the agreement and continue.
![\[Review the Let's Encrypt subscriber agreement\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-lets-ecrypt-agreement.png)
The actions are performed to enable HTTPS on your instance, including requesting the certificate and configuring the redirections you specified.
![\[Actions being performed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-performing-actions.png)
Your certificate is successfully issued and validated, and the redirections are successfully configured on your instance if you see a message similar to the following example.
![\[Actions successfully completed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-success-conf.png)
The `bncert` tool will perform an automatic renewal of your certificate every 80 days before it expires. Repeat the above steps if you wish to use additional domains and subdomains with your instance, and you want to enable HTTPS for those domains.
You are now done enabling HTTPS on your Drupal instance. Next time you browse to your Drupal website using the domain you configured, you should see that it redirects to the HTTPS connection.
## Step 7: Read the Drupal documentation and continue configuring your website
Read the Drupal documentation to learn how to administer and customize your website. For more information, see the [Drupal Documentation](https://www.drupal.org/documentation).
## Step 8: Create a snapshot of your instance
After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken).
You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot.
You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md).
![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png)
# Deploy a Ghost website on Lightsail
**Did you know?**
Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) .
Here are a few steps you should take to get started after your Ghost instance is up and running on Amazon Lightsail:
**Contents**
+ [Step 1: Read the Bitnami documentation](#amazon-lightsail-read-the-bitnami-documentation-ghost)
+ [Step 2: Get the default application password to access the Ghost administration dashboard](#amazon-lightsail-get-the-default-user-password-ghost)
+ [Step 3: Attach a static IP address to your instance](#amazon-lightsail-attach-static-ip-ghost)
+ [Step 4: Sign in to the administration dashboard of your Ghost website](#amazon-lightsail-sign-in-ghost)
+ [Step 5: Route traffic for your registered domain name to your Ghost website](#amazon-lightsail-map-your-domain-to-your-instance-ghost)
+ [Step 6: Configure HTTPS for your Ghost website](#amazon-lightsail-https-ghost)
+ [Step 7: Read the Ghost documentation and continue configuring your website](#amazon-lightsail-read-documentation-ghost)
+ [Step 8: Create a snapshot of your instance](#amazon-lightsail-create-a-snapshot-ghost)
## Step 1: Read the Bitnami documentation
Read the Bitnami documentation to learn how to configure your Ghost application. For more information, see the [https://docs.bitnami.com/aws/apps/ghost/](https://docs.bitnami.com/aws/apps/ghost/).
## Step 2: Get the default application password to access the Ghost administration dashboard
Complete the following procedure to get the default application password required to access the administration dashboard for your Ghost website. For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md).
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png)
1. After you're connected, enter the following command to get the application password:
```
$ cat $HOME/bitnami_application_password
```
You should see a response similar to the following, which contains the default application password:
```
bitnami@ip-192-0-2-0:~$ cat $HOME/bitnami_application_password
wB2Ex@mplEK6
```
## Step 3: Attach a static IP address to your instance
The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance.
On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md).
![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png)
After the new static IP address is attached to your instance, you must complete the following steps to make the application aware of the new static IP address.
1. Make a note of the static IP address of your instance. It's listed in the header section of your instance management page.
![\[Public or static IP address of a Lightsail instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-static-ip.png)
1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-using-ssh.png)
1. After you're connected, enter the following command. Replace ** with the new static IP address of your instance.
```
sudo /opt/bitnami/configure_app_domain --domain
```
**Example:**
```
sudo /opt/bitnami/configure_app_domain --domain 203.0.113.0
```
You should see a response similar to the following. The application on your instance should now be aware of the new static IP address.
```
bitnami@ip-203.0.113.0:~$ sudo /opt/bitnami/configure_app_domain --domain 203.0.113.0
Configuring domain to 203.0.113.0
2024-06-06T21:43:42.393Z - info: Saving configuration info to disk
ghost 21:43:42.78 INFO ==> Configuring Ghost URL to http://203.0.113.0
Disabling automatic domain update for IP address changes
```
## Step 4: Sign in to the administration dashboard of your Ghost website
Now that you have the default application password, complete the following procedure to navigate to your Ghost website's home page, and sign in to the administration dashboard. After you’re signed in, you can start customizing your website and making administrative changes. For more information about what you can do in Ghost, see the [Step 6: Read the Ghost documentation and continue configuring your website](#amazon-lightsail-read-documentation-ghost.title) section later in this guide.
1. On your instance management page, under the **Connect** tab, make note of the public IP address of your instance. If you previously attached a static IP to your instance, this will be the static IP address. The public IP address is also displayed in the header section of your instance management page.
![\[Public IP address of an instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-ip.png)
1. Browse to the public IP address of your instance, for example by going to `http://203.0.113.0`.
The home page of your Ghost website should appear.
1. Choose **Manage** in the bottom right corner of your Ghost website home page.
If the **Manage** banner is not shown, you can reach the sign in page by browsing to `http:///ghost`. Replace `` with the public IP address of your instance.
1. Sign in using the default user name (`user@example.com`) and the default password retrieved earlier in this guide.
The Ghost administration dashboard appears.
![\[The Ghost administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-ghost-dashboard.png)
## Step 5: Route traffic for your registered domain name to your Ghost website
To route traffic for your registered domain name, such as `example.com`, to your Ghost website, you add a record to the DNS of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console.
On the Lightsail console home page, in the **Domains & DNS** section, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Creating a DNS zone to manage your domain’s DNS records in Lightsail](lightsail-how-to-create-dns-entry.md).
After your domain name is routing traffic to your instance, you must complete the following steps to make the Ghost application aware of the new domain.
1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**.
1. After you're connected, enter the following command. Replace ** with the domain name that is directing traffic to your Ghost instance.
```
$ sudo /opt/bitnami/configure_app_domain --domain
```
**Example:**
```
$ sudo /opt/bitnami/configure_app_domain --domain example.com
```
You should see a response similar to the following example. The Ghost application should now be aware of the domain.
```
bitnami@ip-203.0.113.0:~$ sudo /opt/bitnami/configure_app_domain --domain example.com
Configuring domain to example.com
2024-06-06T21:50:00.393Z - info: Saving configuration info to disk
ghost 21:50:25.78 INFO ==> Configuring Ghost URL to http://example.com
Disabling automatic domain update for IP address changes
```
If you browse to the domain name that you configured for your instance, you should be redirected to the home page of your Ghost website. Next, you should generate and configure an SSL/TLS certificate to enable HTTPS connections for your Ghost website. For more information, continue to the next [Step 6: Configure HTTPS for your Ghost website](#amazon-lightsail-https-ghost) section of this guide.
## Step 6: Configure HTTPS for your Ghost website
Complete the following procedure to configure HTTPS on your Ghost website. These steps show you how to use the Bitnami HTTPS Configuration Tool (`bncert-tool`), which is a command line tool for requesting Let's Encrypt SSL/TLS certificates. For more information see [Learn About The Bitnami HTTPS Configuration Tool](https://docs.bitnami.com/aws/how-to/understand-bncert/) in the *Bitnami documentation*.
**Important**
Before starting with this procedure, make sure that you configured your domain to route traffic to your Ghost instance. Otherwise, the SSL/TLS certificate validation process will fail.
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png)
1. After you're connected, enter the following command to confirm the bncert tool is installed on your instance.
```
sudo /opt/bitnami/bncert-tool
```
You should see one of the following responses:
+ If you see command not found in the response, then the bncert tool is not installed on your instance. Continue to the next step in this procedure to install the bncert tool on your instance.
+ If you see **Welcome to the Bitnami HTTPS configuration tool** in the response, then the bncert tool is installed on your instance. Continue to the step 8 of this procedure.
+ If the bncert tool has been installed on your instance for a while, then you might see a message indicating that an updated version of the tool is available. Choose to download it, and then enter the `sudo /opt/bitnami/bncert-tool` command to run the bncert tool again. Continue to the step 8 of this procedure.
1. Enter the following command to download the bncert run file to your instance.
```
wget -O bncert-linux-x64.run https://downloads.bitnami.com/files/bncert/latest/bncert-linux-x64.run
```
1. Enter the following command to create a directory for the bncert tool run file on your instance.
```
sudo mkdir /opt/bitnami/bncert
```
1. Enter the following command to make the bncert run a file that can be executed as a program.
```
sudo chmod +x /opt/bitnami/bncert/bncert-linux-x64.run
```
1. Enter the following command to create a symbolic link that runs the bncert tool when you enter the sudo /opt/bitnami/bncert-tool command.
```
sudo ln -s /opt/bitnami/bncert/bncert-linux-x64.run /opt/bitnami/bncert-tool
```
You are now done installing the bncert tool on your instance.
1. Enter the following command to run the bncert tool.
```
sudo /opt/bitnami/bncert-tool
```
1. Enter your primary domain name and alternate domain names separated by a space as shown in the following example.
If your domain is not configured to route traffic to the public IP address of your instance, the `bncert` tool will ask you to make that configuration before continuing. Your domain must be routing traffic to the public IP address of the instance from which you are using the `bncert` tool to enable HTTPS on the instance. This confirms that you own the domain, and serves as the validation for your certificate.
![\[Entering the primary and alternate domain names\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-domain-names.png)
1. The `bncert` tool will ask you how you want your website's redirection to be configured. These are the options available:
+ **Enable HTTP to HTTPS redirection** - Specifies whether users who browse to the HTTP version of your website (i.e., `http:/example.com`) are automatically redirected to the HTTPS version (i.e., `https://example.com`). We recommend enabling this option because it forces all visitors to use the encrypted connection. Type `Y` and press **Enter** to enable it.
+ **Enable non-www to www redirection** - Specifies whether users who browse to the apex of your domain (i.e., `https://example.com`) are automatically redirected to your domain's `www` subdomain (i.e., `https://www.example.com`). We recommend enabling this option. However, you may want to disable it and enable the alternate option (enable `www` to non-`www` redirection) if you have specified the apex of your domain as your preferred website address in search engine tools like Google's webmaster tools, or if your apex points directly to your IP and your `www` subdomain references your apex via a CNAME record. Type `Y` and press **Enter** to enable it.
+ **Enable www to non-www redirection** - Specifies whether users who browse to your domain's `www` subdomain (i.e., `https://www.example.com`) are automatically redirected to the apex of your domain (i.e., `https://example.com`). We recommend disabling this, if you enabled non-`www` redirection to `www`. Type `N` and press **Enter** to disable it.
Your selections should look like the following example.
![\[Website redirection options\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-enable-disable-redirection.png)
1. The changes that are going to be made are listed. Type `Y` and press **Enter** to confirm and continue.
![\[Confirming the changes\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-confirm-changes.png)
1. Enter your email address to associate with your Let's Encrypt certificate and press **Enter**.
![\[Associating your email address with your Let's Encrypt certificate\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-email-address.png)
1. Review the Let's Encrypt Subscriber Agreement. Type `Y` and press **Enter** to accept the agreement and continue.
![\[Review the Let's Encrypt subscriber agreement\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-lets-ecrypt-agreement.png)
The actions are performed to enable HTTPS on your instance, including requesting the certificate and configuring the redirections you specified.
![\[Actions being performed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-performing-actions.png)
Your certificate is successfully issued and validated, and the redirections are successfully configured on your instance if you see a message similar to the following example.
![\[Actions successfully completed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-success-conf.png)
The `bncert` tool will perform an automatic renewal of your certificate every 80 days before it expires. Repeat the above steps if you wish to use additional domains and subdomains with your instance, and you want to enable HTTPS for those domains.
**Tip**
Enter the following command to restart the services on your instance.
```
sudo /opt/bitnami/ctlscript.sh restart
```
You are now done enabling HTTPS on your Ghost instance. Next time you browse to your Ghost website using the domain you configured, you should see that it redirects to the HTTPS connection.
## Step 7: Read the Ghost documentation and continue configuring your website
Read the Ghost documentation to learn how to administer and customize your website. For more information, see the [Ghost Documentation](https://ghost.org/docs/).
## Step 8: Create a snapshot of your instance
After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken).
You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot.
You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md).
![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png)
# Set up and configure a GitLab CE instance on Lightsail
**Did you know?**
Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) .
Here are a few steps you should take to get started after your GitLab CE instance is up and running on Amazon Lightsail:
**Contents**
+ [Step 1: Read the Bitnami documentation](#amazon-lightsail-read-the-bitnami-documentation-gitlab)
+ [Step 2: Get the default application password to access the GitLab CE admin area](#amazon-lightsail-get-the-default-user-password-gitlab)
+ [Step 3: Attach a static IP address to your instance](#amazon-lightsail-attach-static-ip-gitlab)
+ [Step 4: Sign in to the admin area of your Gitlab CE website](#amazon-lightsail-sign-in-gitlab)
+ [Step 5: Route traffic for your registered domain name to your GitLab CE website](#amazon-lightsail-map-your-domain-to-your-instance-gitlab)
+ [Step 6: Configure HTTPS for your GitLab CE website](#amazon-lightsail-https-gitlab)
+ [Step 7: Read the GitLab CE documentation and continue configuring your website](#amazon-lightsail-read-documentation-gitlab)
+ [Step 8: Create a snapshot of your instance](#amazon-lightsail-create-a-snapshot-gitlab)
## Step 1: Read the Bitnami documentation
Read the Bitnami documentation to learn how to configure your GitLab CE application. For more information, see the [GitLab CE Packaged By Bitnami For AWS Cloud](https://docs.bitnami.com/aws/apps/gitlab/).
## Step 2: Get the default application password to access the GitLab CE admin area
Complete the following procedure to get the default application password required to access the admin area for your GitLab CE website. For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md).
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png)
1. After you're connected, enter the following command to get the application password:
```
cat $HOME/bitnami_application_password
```
You should see a response similar to the following example, which contains the default application password:
![\[Bitnami default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bitnami-application-password.png)
## Step 3: Attach a static IP address to your instance
The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance.
On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md).
![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png)
After the new static IP address is attached to your instance, you must complete the following steps to make the application aware of the new static IP address.
1. Make a note of the static IP address of your instance. It's listed in the header section of your instance management page.
![\[Public or static IP address of a Lightsail instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-static-ip.png)
1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-using-ssh.png)
1. After you're connected, enter the following command. Replace ** with the new static IP address of your instance.
```
sudo /opt/bitnami/configure_app_domain --domain
```
**Example:**
```
sudo /opt/bitnami/configure_app_domain --domain 203.0.113.0
```
You should see a response similar to the following example. The application on your instance should now be aware of the new static IP address.
![\[Result of the domain configuration tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-configure-domain-ip-gitlab.png)
## Step 4: Sign in to the admin area of your Gitlab CE website
Now that you have the default user password, navigate to your GitLab CE website's home page, and sign in to the admin area. After you’re signed in, you can start customizing your website and making administrative changes. For more information about what you can do in GitLab CE, see the [Step 7: Read the GitLab CE documentation and continue configuring your website](#amazon-lightsail-read-documentation-gitlab) section later in this guide.
1. On your instance management page, under the **Connect** tab, make note of the public IP address of your instance. The public IP address is also displayed in the header section of your instance management page.
![\[Public IP address of an instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-ip.png)
1. Browse to the public IP address of your instance, for example by going to `http://203.0.113.0`.
The home page of your Gitlab CE website should appear. You might also see a browser warning that your connection is not private, not secure, or that there’s a security risk. This happens because your GitLab CE instance does not yet have an SSL/TLS certificate applied to it. In the browser window, choose **Advanced**, **Details**, or **More information** to view the options that are available. Then choose to proceed to the website even if it’s not private or secure.
1. Sign in using the default user name (`root`) and the default password retrieved earlier in this guide.
The Gitlab CE administration dashboard appears.
![\[The Gitlab CE administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-gitlab-dashboard.png)
## Step 5: Route traffic for your registered domain name to your GitLab CE website
To route traffic for your registered domain name, such as `example.com`, to your GitLab CE website, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console.
On the Lightsail console home page, under the **Networking** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Create a DNS zone to manage your domain’s DNS records](lightsail-how-to-create-dns-entry.md).
![\[Create a DNS zone in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-create-dns-zone.png)
After your domain name is routing traffic to your instance, you must complete the following procedure to make GitLab CE aware of the domain name.
1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-using-ssh.png)
1. After you're connected, enter the following command. Replace ** with the domain name that is routing traffic to your instance.
```
sudo /opt/bitnami/configure_app_domain --domain
```
**Example:**
```
sudo /opt/bitnami/configure_app_domain --domain example.com
```
You should see a response similar to the following example. Your GitLab CE instance should now be aware of the domain name.
![\[Result of the domain configuration tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-configure-domain-example-gitlab.png)
**Note**
If that command fails, you might be using an older version of the GitLab CE instance. Try running the following command instead. Replace ** with the domain name that is routing traffic to your instance.
```
cd /opt/bitnami/apps/gitlab && \
sudo ./bnconfig --machine_hostname
```
After running the above command, enter the following command to keep the bnconfig tool from automatically running every time the server restarts.
```
sudo mv bnconfig bnconfig.disabled
```
Next, you should generate and configure an SSL/TLS certificate to enable HTTPS connections for your GitLab CE website. For more information, continue to the next [Step 6: Configure HTTPS for your GitLab CE website](#amazon-lightsail-https-gitlab) section of this guide.
## Step 6: Configure HTTPS for your GitLab CE website
Complete the following procedure to configure HTTPS on your GitLab CE website. These steps show you how to use the [Lego client](https://github.com/go-acme/lego), which is a command line tool for requesting Let's Encrypt SSL/TLS certificates.
**Important**
Before starting with this procedure, make sure that you configured your domain to route traffic to your GitLab CE instance. Otherwise, the SSL/TLS certificate validation process will fail. To route traffic for your registered domain name, you add a record to the DNS of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console.
On the Lightsail console home page, under the **Domains & DNS** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Creating a DNS zone to manage your domain’s DNS records in Lightsail](lightsail-how-to-create-dns-entry.md).
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png)
1. After you're connected, enter the following command to change directory to the temporary (/tmp) directory.
```
cd /tmp
```
1. Enter the following command to download the latest version of the Lego client. This command downloads a tape archive (tar) file.
```
curl -Ls https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i -
```
1. Enter the following command to extract the files from the tar file. Replace *X.Y.Z* with the version of the Lego client that you downloaded.
```
tar xf lego_vX.Y.Z_linux_amd64.tar.gz
```
**Example:**
```
tar xf lego_v4.7.0_linux_amd64.tar.gz
```
1. Enter the following command to create the `/opt/bitnami/letsencrypt` directory where you will move the Lego client files into.
```
sudo mkdir -p /opt/bitnami/letsencrypt
```
1. Enter the following command to move the Lego client files into the directory you created.
```
sudo mv lego /opt/bitnami/letsencrypt/lego
```
1. Enter the following command to stop the application services that are running on your instance.
```
sudo service bitnami stop && \
sudo service gitlab-runsvdir stop
```
1. Enter the following command to use the Lego client to request a Let's Encrypt SSL/TLS certificate.
```
sudo /opt/bitnami/letsencrypt/lego --tls --email="EmailAddress" --domains="RootDomain" --domains="WwwSubDomain" --path="/opt/bitnami/letsencrypt" run
```
In the command, replace the following example values with your own:
+ `EmailAddress` — Your email address for registration notifications.
+ `RootDomain` — The primary root domain that is routing traffic to your GitLab CE website (for example, `example.com`).
+ `WwwSubDomain` — The `www` subdomain of the primary root domain that is routing traffic to your GitLab CE website (for example, `www.example.com`).
You can specify multiple domains for your certificate by specifying additional `--domains` parameters in your command. When you specify multiple domains, Lego creates a subject alternate names (SAN) certificate which results in only one certificate being valid for all domains you specified. The first domain in your list is added as the “CommonName” of the certificate and the rest are added as “DNSNames” to the SAN extension within the certificate.
**Example:**
```
sudo /opt/bitnami/letsencrypt/lego --tls --email="user@example.com" --domains="example.com" --domains="www.example.com" --path="/opt/bitnami/letsencrypt" run
```
1. Press **Y** and **Enter** when to accept the terms of service when prompted.
You should see a response similar to the following example.
![\[Successful Lego client response to certificate request\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-configure-domain-cert-response-gitlab.png)
If successful, a set of certificates are saved to the `/opt/bitnami/letsencrypt/certificates` directory. This set includes the server certificate file (for example, `example.com.crt`) and the server certificate key file for (example, `example.com.key`).
1. Enter the following command to rename the existing certificates on your instance. Later, you will replace these existing certificates with your new Let's Encrypt certificates.
```
sudo mv /etc/gitlab/ssl/tls.crt /etc/gitlab/ssl/tls.crt.old && \
sudo mv /etc/gitlab/ssl/tls.key /etc/gitlab/ssl/tls.key.old
```
1. Enter the following command to create symbolic links for your new Let's Encript certificates in the `/etc/gitlab/ssl` directory, which is the default certificates directory on your GitLab CE instance.
```
sudo ln -sf /opt/bitnami/letsencrypt/certificates/Domain.key /etc/gitlab/ssl/tls.key && \
sudo ln -sf /opt/bitnami/letsencrypt/certificates/Domain.crt /etc/gitlab/ssl/tls.crt
```
In the command, replace *Domain* with the primary root domain that you specified when requesting your Let's Encrypt certificates.
**Example:**
```
sudo ln -sf /opt/bitnami/letsencrypt/certificates/example.com.key /etc/gitlab/ssl/tls.key && \
sudo ln -sf /opt/bitnami/letsencrypt/certificates/example.com.crt /etc/gitlab/ssl/tls.crt
```
1. Enter the following command to change the permissions of your new Let's Encrypt certificates in the directory you moved them into.
```
sudo chown root:root /etc/gitlab/ssl/tls* && \
sudo chmod 600 /etc/gitlab/ssl/tls*
```
1. Enter the following command to restart the application services on your GitLab CE instance.
```
sudo service bitnami start && \
sudo service gitlab-runsvdir start
```
Next time you browse to your GitLab CE website using the domain you configured, you should see that it redirects to the HTTPS connection. Note that it can take up to an hour for the GitLab CE instance to recognize the new certificates. If your GitLab CE website refuses your connection, stop and start the instance, and try again.
## Step 7: Read the GitLab CE documentation and continue configuring your website
Read the GitLab CE documentation to learn how to administer and customize your website. For more information, see the [GitLab Documentation](https://docs.gitlab.com/ee/index.html).
## Step 8: Create a snapshot of your instance
After you configure your GitLab CE website the way you want it, create periodic snapshots of your instance to back it up. You can create snapshots manually, or enable automatic snapshots to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. For more information, see [Snapshots](understanding-snapshots-in-amazon-lightsail.md).
On the instance management page, under the **Snapshot** tab, choose **Create a snapshot** or choose to enable automatic snapshots.
![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png)
For more information, see Creating a snapshot of your [Linux or Unix instance in Amazon Lightsail](lightsail-how-to-create-a-snapshot-of-your-instance.md) or [Enabling or disabling automatic snapshots for instances or disks in Amazon Lightsail](amazon-lightsail-configuring-automatic-snapshots.md).
# Get started with Joomla\$1 on Lightsail
**Did you know?**
Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) .
Here are a few steps you should take to get started after your Joomla\$1 instance is up and running on Amazon Lightsail:
**Contents**
+ [Step 1: Read the Bitnami documentation](#amazon-lightsail-read-the-bitnami-documentation-joomla)
+ [Step 2: Get the default application password to access the Joomla\$1 control panel](#amazon-lightsail-get-the-default-user-password-joomla)
+ [Step 3: Attach a static IP address to your instance](#amazon-lightsail-attach-static-ip-joomla)
+ [Step 4: Sign in to the control panel of your Joomla\$1 website](#amazon-lightsail-sign-in-joomla)
+ [Step 5: Route traffic for your registered domain name to your Joomla\$1 website](#amazon-lightsail-map-your-domain-to-your-instance-joomla)
+ [Step 6: Configure HTTPS for your Joomla\$1 website](#amazon-lightsail-https-joomla)
+ [Step 7: Read the Joomla\$1 documentation and continue configuring your website](#amazon-lightsail-read-documentation-joomla)
+ [Step 8: Create a snapshot of your instance](#amazon-lightsail-create-a-snapshot-joomla)
## Step 1: Read the Bitnami documentation
Read the Bitnami documentation to learn how to configure your Joomla\$1 application. For more information, see the [Joomla\$1 Packaged By Bitnami For AWS Cloud](https://docs.bitnami.com/aws/apps/joomla/).
## Step 2: Get the default application password to access the Joomla\$1 control panel
Complete the following procedure to get the default application password required to access the control panel for your Joomla\$1 website. For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md).
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png)
1. After you're connected, enter the following command to get the application password:
```
cat $HOME/bitnami_application_password
```
You should see a response similar to the following example, which contains the default application password:
![\[Bitnami default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bitnami-application-password.png)
## Step 3: Attach a static IP address to your instance
The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance.
On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md).
![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png)
## Step 4: Sign in to the control panel of your Joomla\$1 website
Now that you have the default application password, complete the following procedure to navigate to your Joomla\$1 website's home page, and sign in to the control panel. After you’re signed in, you can start customizing your website and making administrative changes. For more information about what you can do in Joomla\$1, see the [Step 7: Read the Joomla\$1 documentation and continue configuring your website](#amazon-lightsail-read-documentation-joomla) section later in this guide.
1. On your instance management page, under the **Connect** tab, make note of the public IP address of your instance. The public IP address is also displayed in the header section of your instance management page.
![\[Public IP address of an instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-ip.png)
1. Browse to the public IP address of your instance, for example by going to `http://203.0.113.0`.
The home page of your Joomla\$1 website should appear.
1. Choose **Manage** in the bottom right corner of your Joomla\$1 website home page.
If the **Manage** banner is not shown, you can reach the sign in page by browsing to `http:///administrator/`. Replace `` with the public IP address of your instance.
1. Sign in using the default user name (`user`) and the default password retrieved earlier in this guide.
The Joomla\$1 administration control panel appears.
![\[The Joomla! administration control panel\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-joomla-dashboard.png)
## Step 5: Route traffic for your registered domain name to your Joomla\$1 website
To route traffic for your registered domain name, such as `example.com`, to your Joomla\$1 website, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console.
On the Lightsail console home page, under the **Domains & DNS** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Creating a DNS zone to manage your domain’s DNS records in Lightsail](lightsail-how-to-create-dns-entry.md).
After your domain name is routing traffic to your instance, you must complete the following steps to make the Joomla\$1 software aware of the domain name.
1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-using-ssh.png)
1. Bitnami is in the process of modifying the file structure for many of their blueprints. The file paths in this procedure may change depending on whether your Bitnami blueprint uses native Linux system packages (Approach A), or if it is a self-contained installation (Approach B). To identify your Bitnami installation type and which approach to follow, run the following command after you're connected:
```
test ! -f "/opt/bitnami/common/bin/openssl" && echo "Approach A: Using system packages." || echo "Approach B: Self-contained installation."
```
1. Complete the following steps if the result of the previous command indicated that you should use approach A. Otherwise, continue to step 4 if the result of the previous command indicated that you should use approach B.
1. Enter the following command to open the Apache virtual host configuration file using Vim and create a virtual host for your domain name.
```
sudo vim /opt/bitnami/apache2/conf/vhosts/joomla-vhost.conf
```
1. Press `I` to enter insert mode in Vim.
1. Add your domain name to the file as shown in the following example. In this example we are using the `example.com` and `www.example.com` domains.
![\[Apache virtual hosts configuration file\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-apache-vhost-config-approach-a.png)
1. Press the **Esc** key, and enter `:wq!` to save your edit (write) and exit Vim.
1. Enter the following command to restart the Apache server.
```
sudo /opt/bitnami/ctlscript.sh restart apache
```
1. Complete the following steps if the result of the previous command indicated that you should use approach B.
1. Enter the following command to open the Apache virtual host configuration file using Vim and create a virtual host for your domain name.
```
sudo vim /opt/bitnami/apps/joomla/conf/httpd-vhosts.conf
```
1. Press `I` to enter insert mode in Vim.
1. Add your domain name to the file as shown in the following example. In this example we are using the `example.com` and `www.example.com` domains.
![\[Apache virtual hosts configuration file\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-apache-vhost-config-approach-b.png)
1. Press the **Esc** key, and enter `:wq!` to save your edit (write) and exit Vim.
1. Enter the following command to confirm that the `bitnami-apps-vhosts.conf` file includes the `httpd-vhosts.conf` file for Joomla\$1.
```
sudo vim /opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf
```
Look for the following line in the file. Add it if it's missing.
```
Include "/opt/bitnami/apps/joomla/conf/httpd-vhosts.conf"
```
1. Enter the following command to restart the Apache server.
```
sudo /opt/bitnami/ctlscript.sh restart apache
```
If you browse to the domain name that you configured for your instance, you should be redirected to the home page of your Joomla\$1 website. Next, you should generate and configure an SSL/TLS certificate to enable HTTPS connections for your Joomla\$1 website. For more information, continue to the next [Step 6: Configure HTTPS for your Joomla\$1 website](#amazon-lightsail-https-joomla) section of this guide.
## Step 6: Configure HTTPS for your Joomla\$1 website
Complete the following procedure to configure HTTPS on your Joomla\$1 website. These steps show you how to use the Bitnami HTTPS Configuration Tool (`bncert-tool`), which is a command line tool for requesting Let's Encrypt SSL/TLS certificates. For more information see [Learn About The Bitnami HTTPS Configuration Tool](https://docs.bitnami.com/aws/how-to/understand-bncert/) in the *Bitnami documentation*.
**Important**
Before starting with this procedure, make sure that you configured your domain to route traffic to your Joomla\$1 instance. Otherwise, the SSL/TLS certificate validation process will fail.
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png)
1. After you're connected, enter the following command to confirm the bncert tool is installed on your instance.
```
sudo /opt/bitnami/bncert-tool
```
You should see one of the following responses:
+ If you see command not found in the response, then the bncert tool is not installed on your instance. Continue to the next step in this procedure to install the bncert tool on your instance.
+ If you see **Welcome to the Bitnami HTTPS configuration tool** in the response, then the bncert tool is installed on your instance. Continue to the step 8 of this procedure.
+ If the bncert tool has been installed on your instance for a while, then you might see a message indicating that an updated version of the tool is available. Choose to download it, and then enter the `sudo /opt/bitnami/bncert-tool` command to run the bncert tool again. Continue to the step 8 of this procedure.
1. Enter the following command to download the bncert run file to your instance.
```
wget -O bncert-linux-x64.run https://downloads.bitnami.com/files/bncert/latest/bncert-linux-x64.run
```
1. Enter the following command to create a directory for the bncert tool run file on your instance.
```
sudo mkdir /opt/bitnami/bncert
```
1. Enter the following command to make the bncert run a file that can be executed as a program.
```
sudo chmod +x /opt/bitnami/bncert/bncert-linux-x64.run
```
1. Enter the following command to create a symbolic link that runs the bncert tool when you enter the sudo /opt/bitnami/bncert-tool command.
```
sudo ln -s /opt/bitnami/bncert/bncert-linux-x64.run /opt/bitnami/bncert-tool
```
You are now done installing the bncert tool on your instance.
1. Enter the following command to run the bncert tool.
```
sudo /opt/bitnami/bncert-tool
```
1. Enter your primary domain name and alternate domain names separated by a space as shown in the following example.
If your domain is not configured to route traffic to the public IP address of your instance, the `bncert` tool will ask you to make that configuration before continuing. Your domain must be routing traffic to the public IP address of the instance from which you are using the `bncert` tool to enable HTTPS on the instance. This confirms that you own the domain, and serves as the validation for your certificate.
![\[Entering the primary and alternate domain names\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-domain-names.png)
1. The `bncert` tool will ask you how you want your website's redirection to be configured. These are the options available:
+ **Enable HTTP to HTTPS redirection** - Specifies whether users who browse to the HTTP version of your website (i.e., `http:/example.com`) are automatically redirected to the HTTPS version (i.e., `https://example.com`). We recommend enabling this option because it forces all visitors to use the encrypted connection. Type `Y` and press **Enter** to enable it.
+ **Enable non-www to www redirection** - Specifies whether users who browse to the apex of your domain (i.e., `https://example.com`) are automatically redirected to your domain's `www` subdomain (i.e., `https://www.example.com`). We recommend enabling this option. However, you may want to disable it and enable the alternate option (enable `www` to non-`www` redirection) if you have specified the apex of your domain as your preferred website address in search engine tools like Google's webmaster tools, or if your apex points directly to your IP and your `www` subdomain references your apex via a CNAME record. Type `Y` and press **Enter** to enable it.
+ **Enable www to non-www redirection** - Specifies whether users who browse to your domain's `www` subdomain (i.e., `https://www.example.com`) are automatically redirected to the apex of your domain (i.e., `https://example.com`). We recommend disabling this, if you enabled non-`www` redirection to `www`. Type `N` and press **Enter** to disable it.
Your selections should look like the following example.
![\[Website redirection options\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-enable-disable-redirection.png)
1. The changes that are going to be made are listed. Type `Y` and press **Enter** to confirm and continue.
![\[Confirming the changes\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-confirm-changes.png)
1. Enter your email address to associate with your Let's Encrypt certificate and press **Enter**.
![\[Associating your email address with your Let's Encrypt certificate\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-email-address.png)
1. Review the Let's Encrypt Subscriber Agreement. Type `Y` and press **Enter** to accept the agreement and continue.
![\[Review the Let's Encrypt subscriber agreement\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-lets-ecrypt-agreement.png)
The actions are performed to enable HTTPS on your instance, including requesting the certificate and configuring the redirections you specified.
![\[Actions being performed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-performing-actions.png)
Your certificate is successfully issued and validated, and the redirections are successfully configured on your instance if you see a message similar to the following example.
![\[Actions successfully completed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-success-conf.png)
The `bncert` tool will perform an automatic renewal of your certificate every 80 days before it expires. Repeat the above steps if you wish to use additional domains and subdomains with your instance, and you want to enable HTTPS for those domains.
You are now done enabling HTTPS on your Joomla\$1 instance. Next time you browse to your Joomla\$1 website using the domain you configured, you should see that it redirects to the HTTPS connection.
## Step 7: Read the Joomla\$1 documentation and continue configuring your website
Read the Joomla\$1 documentation to learn how to administer and customize your website. For more information, see the [Joomla\$1 Documentation](https://docs.joomla.org/).
## Step 8: Create a snapshot of your instance
After you configure your Joomla\$1 website the way you want it, create periodic snapshots of your instance to back it up. You can create snapshots manually, or enable automatic snapshots to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. For more information, see [Snapshots](understanding-snapshots-in-amazon-lightsail.md).
On the instance management page, under the **Snapshot** tab, choose **Create a snapshot** or choose to enable automatic snapshots.
![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png)
For more information, see Creating a snapshot of your [Linux or Unix instance in Amazon Lightsail](lightsail-how-to-create-a-snapshot-of-your-instance.md) or [Enabling or disabling automatic snapshots for instances or disks in Amazon Lightsail](amazon-lightsail-configuring-automatic-snapshots.md).
# Deploy and manage a LAMP stack on Lightsail
**Did you know?**
Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) .
Here are a few steps you should take to get started after your LAMP instance is up and running on Amazon Lightsail. Before you get started, identify your blueprint vendor on your instance management page:
![\[LAMP blueprint vendor on the instance management page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/headers/lamp-blueprint-vendor.png)
Select the appropriate guide for your LAMP instance:
------
#### [ Bitnami ]
## Step 1: Get the default application password for your LAMP instance
You need the default application password to access pre-installed applications or services on your instance.
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
1. After you're connected, enter the following command to get the application password:
```
cat bitnami_application_password
```
**Note**
If you're in a directory other than the user home directory, then enter `cat $HOME/bitnami_application_password`.
You should see a response similar to this, which contains the default application password:
![\[Bitnami default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bitnami-application-password.png)
For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md).
## Step 2: Attach a static IP address to your LAMP instance
The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance.
On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md).
![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png)
## Step 3: Visit your LAMP instance welcome page
Navigate to the public IP address of your instance to access the application installed on it, access phpMyAdmin, or access the Bitnami documentation.
1. On your instance management page, under the **Connect** tab, make note of the public IP.
1. Browse to the public IP address, for example by going to `http://192.0.2.3`.
For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md).
## Step 4: Map your domain name to your LAMP instance
To map your domain name, such as `example.com`, to your instance, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console.
On the Lightsail console home page, under the **Networking** tab, choose **Create DNS zonelamp**, then follow the instructions on the page.
For more information, see [Create a DNS zone to manage your domain's DNS records](lightsail-how-to-create-dns-entry.md).
## Step 5: Read the Bitnami documentation
Read the Bitnami documentation to learn how to deploy your application, enable HTTPS support with SSL certificates, upload files to the server with SFTP, and more.
For more information, see the [Bitnami LAMP for AWS Cloud](https://docs.bitnami.com/aws/infrastructure/lamp/).
## Step 6: Create a snapshot of your LAMP instance
After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken).
You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot.
You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md).
![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png)
------
#### [ Lightsail ]
## Step 1: Get the default application password for your LAMP instance
You need the default application password to access pre-installed applications or services on your instance.
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
1. After you're connected, enter the following command to get the default application password:
```
cat ~/application_credentials
```
You should see a response similar to this, which contains the default application password:
![\[Default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-application-password.png)
## Step 2: Attach a static IP address to your LAMP instance
The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance.
On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md).
![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png)
## Step 3: Visit your LAMP instance welcome page
Navigate to the static IP address of your instance to access the application installed on your instance.
1. On your instance management page, copy the static IP address:
![\[Copy static IP\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/headers/lamp-copy-static-ip.png)
1. Paste the static IP address into your browser address, for example `http://192.0.0.1`.
## Step 4: Map your domain name to your LAMP instance
To map your domain name, such as `example.com`, to your instance, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console.
On the Lightsail console home page, under the **Networking** tab, choose **Create DNS zone**, then follow the instructions on the page.
For more information, see [Create a DNS zone to manage your domain's DNS records](lightsail-how-to-create-dns-entry.md).
For enabling HTTPS, see [Secure your Lightsail LAMP website with Let's Encrypt SSL/TLS](amazon-lightsail-using-lets-encrypt-certificates-with-lamp.md).
## Step 5: Deploy your application
1. Follow the instructions from [ Transfer files between Linux instances on Lightsail using scp ](amazon-lightsail-transfer-files-between-linux-instances.md) to copy your application to `/var/www/html`
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
1. Run `sudo systemctl restart apache2`
1. Navigate to your instance's static IP address
## Step 6: Create a snapshot of your LAMP instance
After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken).
You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot.
You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md).
![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png)
------
# Set up and configure Magento on Lightsail
**Did you know?**
Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) .
Here are a few steps you should complete to get started after your Magento instance is up and running on Amazon Lightsail.
**Contents**
+ [Step 1: Get the default application password for your Magento website](#amazon-lightsail-magento-get-the-default-user-password)
+ [Step 2: Attach a static IP address to your Magento instance](#amazon-lightsail-magento-attach-static-ip)
+ [Step 3: Sign in to the administration dashboard of your Magento website](#amazon-lightsail-magento-sign-in)
+ [Step 4: Route traffic for your registered domain name to your Magento website](#amazon-lightsail-magento-map-your-domain-to-your-instance)
+ [Step 5: Configure HTTPS for your Magento website](#amazon-lightsail-magento-https)
+ [Step 6: Configure SMTP for email notifications](#amazon-lightsail-magento-smtp)
+ [Step 7: Read the Bitnami and Magento documentation](#amazon-lightsail-magento-read-the-bitnami-documentation)
+ [Step 8: Create a snapshot of your Magento instance](#amazon-lightsail-magento-create-a-snapshot)
## Step 1: Get the default application password for your Magento website
Complete the following steps to get the default application password for your Magento website. For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md).
1. On the instance management page, under the **Connect** tab, choose **Connect using SSH.**
![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png)
1. After you're connected, enter the following command to get the default application password:
```
cat $HOME/bitnami_application_password
```
You should see a response similar to the following example, which contains the default application password. Store this password in a safe place. You will use it in the next section of this tutorial to sign in to the administration dashboard of your Magento website.
![\[Default application password for Bitnami instances\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-ssh-default-application-password.png)
## Step 2: Attach a static IP address to your Magento instance
The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance.
On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md).
![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png)
After the new static IP address is attached to your instance, you must complete the following steps to make the Magento software aware of the new static IP address.
1. Make a note of the static IP address of your instance. It's listed in the header section of your instance management page.
![\[Public or static IP address of a Lightsail instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-static-ip.png)
1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-using-ssh.png)
1. After you're connected, enter the following command. Be sure to replace ** with the new static IP address of your instance.
```
sudo /opt/bitnami/configure_app_domain --domain
```
**Example:**
```
sudo /opt/bitnami/configure_app_domain --domain 203.0.113.0
```
You should see a response similar to the following example. The Magento software should now be aware of the new static IP address.
![\[Result of the domain configuration tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-configure-domain-ip.png)
**Note**
Magento does not currently support IPv6 addresses. You can enable IPv6 for the instance, but the Magento software will not respond to requests over the IPv6 network.
## Step 3: Sign in to the administration dashboard of your Magento website
Complete the following step to access your Magento website and sign in to its administration dashboard. To sign in, you will use the default user name (`user`) and the default application password that you got earlier in this guide.
1. In the Lightsail console, make note of the public or static IP address that is listed in the header area of the instance management page.
![\[Public or static IP address of a Lightsail instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-static-ip.png)
1. Browse to the following address to access the sign in page for the administration dashboard of your Magento website. Be sure to replace ** with the public or static IP address of your instance.
```
http:///admin
```
**Example: **
```
http://203.0.113.0/admin
```
**Note**
You might need to reboot the instance if you can't access the sign in page for the Magento administration dashboard.
1. Enter the default user name (`user`), the default application password you got earlier in this guide, and choose **Sign in**.
![\[The Magento administration dashboard sign in page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-magento-sign-in-page.png)
The Magento administration dashboard appears.
![\[Magento administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-magento-administration-dashboard.png)
To change the default user name or password that you use to sign in to the administration dashboard of your Magento website, choose **System** in the navigation pane, and then choose **All Users**. For more information, see [Adding users](https://docs.magento.com/user-guide/system/permissions-users-all.html) in the *Magento documentation*.
![\[All users option in the Magento navigation pane\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-all-users.png)
For more information about the administration dashboard, see [Magento 2.4 User Guide](https://docs.magento.com/user-guide/) .
## Step 4: Route traffic for your registered domain name to your Magento website
To route traffic for your registered domain name, such as `example.com`, to your Magento website, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console.
On the Lightsail console home page, under the **Domains & DNS** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Creating a DNS zone to manage your domain’s DNS records in Lightsail](lightsail-how-to-create-dns-entry.md).
After your domain name is routing traffic to your instance, you must complete the following steps to make the Magento software aware of the domain name.
1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-using-ssh.png)
1. After you're connected, enter the following command. Be sure to replace ** with the domain name that is routing traffic to your instance.
```
sudo /opt/bitnami/configure_app_domain --domain
```
**Example:**
```
sudo /opt/bitnami/configure_app_domain --domain www.example.com
```
You should see a response similar to the following example. The Magento software should now be aware of the domain name.
![\[Result of the domain configuration tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-configure-domain.png)
## Step 5: Configure HTTPS for your Magento website
Complete the following steps to configure HTTPS on your Magento website. These steps show you how to use the Bitnami HTTPS configuration tool (bncert), which is a command line tool for requesting SSL/TLS certificates, setting up redirections (e.g. HTTP to HTTPS), and renewing certificates.
**Important**
The bncert tool will issue certificates only for domains that are currently routing traffic to the public IP address of your Magento instance. Before starting with these steps, make sure that you add DNS records to the DNS of all domains that you want to use with your Magento website.
1. On the instance management page, under the Connect tab, choose **Connect using SSH**.
![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png)
1. After you're connected, enter the following command to start the bncert-tool.
```
sudo /opt/bitnami/bncert-tool
```
You should see a response similar to the following example:
![\[Running the bncert tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-run-bncert-tool-success.png)
1. Enter your primary domain name and alternate domain names separated by a space as shown in the following example.
![\[Entering the primary and alternate domain names\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-bncert-domain-names.png)
1. The changes that are going to be made are listed. Type `Y` and press **Enter** to confirm and continue.
![\[Confirming the changes\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-bncert-confirm-changes.png)
1. Enter your email address to associate with your Let's Encrypt certificate and press **Enter**.
![\[Associating your email address with your Let's Encrypt certificate\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-bncert-email-address.png)
1. Review the Let's Encrypt Subscriber Agreement. Type `Y` and press **Enter** to accept the agreement and continue.
![\[Review the Let's Encrypt subscriber agreement\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-bncert-lets-ecrypt-agreement.png)
The actions are performed to enable HTTPS on your instance, including requesting the certificate and configuring the redirections you specified.
![\[Actions being performed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-bncert-performing-actions.png)
Your certificate is successfully issued and validated, and the redirections are successfully configured on your instance if you see a message similar to the following example.
![\[Actions successfully completed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-bncert-success-conf.png)
The `bncert` tool will perform an automatic renewal of your certificate every 80 days before it expires. Continue to the next set of steps to finish enabling HTTPS on your Magento website.
1. Browse to the following address to access the sign in page for the administration dashboard of your Magento website. Be sure to replace ** with the registered domain name that is routing traffic to your instance.
```
http:///admin
```
**Example: **
```
http://www.example.com/admin
```
1. Enter the default user name (`user`), the default application password you got earlier in this guide, and choose **Sign in**.
![\[The Magento administration dashboard sign in page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-magento-sign-in-page.png)
The Magento administration dashboard appears.
![\[Magento administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-magento-administration-dashboard.png)
1. Choose **Stores** in the navigation pane, and then choose **Configuration**.
![\[Magento administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-magento-configuration.png)
1. Choose **Web**, and then expand the **Base URLs** node.
1. In the **Base URL** text box, enter the full URL of your website, for example `https://www.example.com/`.
![\[Magento administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-magento-base-urls.png)
1. Expand the Base URLs (Secure) node.
1. In the **Secure Base URL** text box, enter the full URL of your website, for example `https://www.example.com/`.
![\[Magento administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-magento-base-urls-secure.png)
1. Choose **Yes** for the **Use Secure URLs on Storefront**, **Use Secure URLs in Admin**, and **Upgrade Insecure Requests** options.
![\[Magento administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/magento-quick-start-magento-base-urls-secure-options.png)
1. Choose Save Config at the top of the page.
HTTPS is now configured for your Magento website. When customers browse to the HTTP version (e.g., `http://www.example.com`) of your Magento website, they will be automatically redirected to the HTTPS version (e.g., `https://www.example.com`).
## Step 6: Configure SMTP for email notifications
Configure the SMTP settings of your Magento website to enable email notifications for it. For more information, see [Install the Magento Magepal SMTP extension](https://docs.bitnami.com/aws/apps/magento/configuration/install-extension-smtp/) in the *Bitnami documentation*.
**Important**
If you configure SMTP to use ports 25, 465, or 587, then you must open those ports in the firewall of your instance in the Lightsail console. For more information, see [Adding and editing instance firewall rules in Amazon Lightsail](amazon-lightsail-editing-firewall-rules.md).
If you configure your Gmail account to send email on your Magento website, then you must use an app password instead of using the standard password that you use to sign in to Gmail. For more information, see [Sign in with App Passwords](https://support.google.com/accounts/answer/185833?hl=en).
## Step 7: Read the Bitnami and Magento documentation
Read the Bitnami documentation to learn how to perform administrative tasks on your Magento instance and website, such as install plugins and customize the theme. For more information, see [Bitnami Magento Stack for AWS Cloud](https://docs.bitnami.com/aws/apps/magento/) in the *Bitnami documentation*.
You should also read the Magento documentation to learn how to administer your Magento website. For more information, see the [Magento 2.4 User Guide](https://docs.magento.com/user-guide/).
## Step 8: Create a snapshot of your Magento instance
After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken).
You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot.
You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md).
![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png)
# Deploy and manage an Nginx web server on Lightsail
**Did you know?**
Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) .
## Identify your Nginx blueprint vendor
Here are a few steps you should take to get started after your Nginx instance is up and running on Amazon Lightsail. Before you get started, identify your blueprint vendor on your instance management page:
![\[Nginx blueprint vendor on the instance management page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/headers/nginx-blueprint-vendor.png)
Select the appropriate guide for your Nginx instance:
------
#### [ Bitnami ]
## Step 1: Get the default application password for your Nginx instance
You need the default application password to access pre-installed applications or services on your instance.
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
1. After you're connected, enter the following command to get the default application password:
```
cat bitnami_application_password
```
**Note**
If you're in a directory other than the user home directory, then enter `cat $HOME/bitnami_application_password`.
You should see a response similar to this, which contains the default application password:
![\[Bitnami default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bitnami-application-password.png)
For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md).
## Step 2: Attach a static IP address to your Nginx instance
The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance.
On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md).
![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png)
## Step 3: Visit your Nginx instance welcome page
Navigate to the public IP address of your instance to access the application installed on it, access phpMyAdmin, or access the Bitnami documentation.
1. On your instance management page, under the **Connect** tab, make note of the public IP.
1. Browse to the public IP address, for example by going to `http://192.0.2.3`.
For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md).
## Step 4: Map your domain name to your Nginx instance
To map your domain name, such as `example.com`, to your instance, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console.
On the Lightsail console home page, under the **Networking** tab, choose **Create DNS zone**, then follow the instructions on the page.
For more information, see [Create a DNS zone to manage your domain’s DNS records](lightsail-how-to-create-dns-entry.md).
## Step 5: Read the Bitnami documentation
Read the Bitnami documentation to learn how to deploy your Nginx application, enable HTTPS support with SSL certificates, upload files to the server with SFTP, and more.
For more information, see the [Bitnami Nginx for AWS Cloud](https://docs.bitnami.com/aws/infrastructure/nginx/).
## Step 6: Create a snapshot of your Nginx instance
After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken).
You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot.
You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md).
![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png)
------
#### [ Lightsail ]
## Step 1: Get the default application password for your Nginx instance
You need the default application password to access pre-installed applications or services on your instance.
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
1. After you're connected, enter the following command to get the default application password:
```
cat ~/application_credentials
```
You should see a response similar to this, which contains the default application password:
![\[Default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-application-password.png)
## Step 2: Attach a static IP address to your Nginx instance
The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance.
On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md).
![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png)
## Step 3: Visit your Nginx instance welcome page
Navigate to the static IP address of your instance to access the application installed on your instance.
1. On your instance management page, copy the static IP address:
![\[Copy static IP\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/instances/headers/nginx-copy-static-ip.png)
1. Paste the static IP address into your browser address, for example `http://192.0.0.1`.
For more information, see the [Nginx admin guide](https://docs.nginx.com/nginx/admin-guide/).
## Step 4: Map your domain name to your Nginx instance
To map your domain name, such as `example.com`, to your instance, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console.
On the Lightsail console home page, under the **Networking** tab, choose **Create DNS zone**, then follow the instructions on the page.
For more information, see [Create a DNS zone to manage your domain’s DNS records](lightsail-how-to-create-dns-entry.md).
For enabling HTTPS, see [Secure your Lightsail Nginx website with Let's Encrypt SSL/TLS](amazon-lightsail-using-lets-encrypt-certificates-with-nginx.md).
## Step 5: Deploy your application
1. Follow the instructions from [ Transfer files between Linux instances on Lightsail using scp ](amazon-lightsail-transfer-files-between-linux-instances.md) to copy your application to `/usr/share/nginx/html`
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
1. Run `sudo systemctl restart nginx`
1. Navigate to your instance's static IP address
## Step 6: Create a snapshot of your Nginx instance
After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken).
You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot.
You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md).
![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png)
------
# Deploy and manage a Node.js stack on Lightsail
**Did you know?**
Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) .
Here are a few steps you should take to get started after your Node.js instance is up and running on Amazon Lightsail. Before you get started, identify your blueprint vendor on your instance management page:
![\[Node.js blueprint vendor on the instance management page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/nodejs/nodejs-blueprint-vendor.png)
Select the appropriate guide for your Node.js instance:
------
#### [ Bitnami ]
## Step 1: Attach a static IP address to your Node.js instance
The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance.
On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md).
![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png)
## Step 2: Visit your Node.js instance welcome page
Navigate to the public IP address of your instance to access the application installed on it, access phpMyAdmin, or access the Bitnami documentation.
1. On your instance management page, under the **Connect** tab, make note of the public IP.
1. Browse to the public IP address, for example by going to `http://192.0.2.3`.
For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md).
## Step 3: Map your domain name to your Node.js instance
To map your domain name, such as `example.com`, to your instance, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console.
On the Lightsail console home page, under the **Networking** tab, choose **Create DNS zone**, then follow the instructions on the page.
For more information, see [Create a DNS zone to manage your domain’s DNS records](lightsail-how-to-create-dns-entry.md).
## Step 4: Read the Bitnami documentation
Read the Bitnami documentation to learn how to deploy your Node.js application, enable HTTPS support with SSL certificates, upload files to the server with SFTP, and more.
For more information, see the [Bitnami Node.js for AWS Cloud](https://docs.bitnami.com/aws/infrastructure/nodejs/).
## Step 5: Create a snapshot of your Node.js instance
After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken).
You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot.
You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md).
![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png)
------
#### [ Lightsail ]
## Step 1: Get the default application password for your Node.js instance
You need the default application password to access pre-installed applications or services on your instance.
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
1. After you're connected, enter the following command to get the default application password:
```
cat ~/application_credentials
```
You should see a response similar to this, which contains the default application password:
![\[Default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-application-password.png)
## Step 2: Attach a static IP address to your Node.js instance
The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance.
On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md).
![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png)
## Step 3: Visit your Node.js instance welcome page
Navigate to the static IP address of your instance to access the application installed on it or access phpMyAdmin.
1. On your instance management page, copy the static IP address:
![\[Copy static IP\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/nodejs/nodejs-copy-static-ip.png)
1. Paste the static IP address into your browser address, for example `http://192.0.0.1`.
![\[Node.js welcome page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/nodejs/nodejs-welcome-page.png)
For more information, see the [Node.js admin guide](https://nodejs.org/en/learn/getting-started/introduction-to-nodejs/).
## Step 4: Map your domain name to your Node.js instance
To map your domain name, such as `example.com`, to your instance, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console.
On the Lightsail console home page, under the **Networking** tab, choose **Create DNS zone**, then follow the instructions on the page.
For more information, see [Create a DNS zone to manage your domain’s DNS records](lightsail-how-to-create-dns-entry.md).
## Step 5: Deploy your application
1. Follow the instructions from [ Transfer files between Linux instances on Lightsail using scp ](amazon-lightsail-transfer-files-between-linux-instances.md) to copy your application to `/var/www/html/`
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
1. Run `sudo pm2 restart nodeapp`
1. Navigate to your instance's static IP address
## Step 6: Create a snapshot of your Node.js instance
After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken).
You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot.
You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md).
![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png)
------
# Get started with OpenClaw on Lightsail
OpenClaw is an AI-powered chat gateway that runs on Amazon Lightsail, giving you a private, self-hosted AI assistant accessible from your browser, Telegram, WhatsApp, and more. This tutorial walks you through launching an Amazon Lightsail OpenClaw instance, pairing your browser, enabling AI capabilities, and optionally connecting messaging channels.
**Did you know?**
Your Lightsail OpenClaw instance comes pre-configured with Amazon Bedrock as the default AI model provider. Once you complete setup, you can start chatting with your AI assistant immediately — no additional configuration required.
## Step 1: Create an OpenClaw instance
In this step, you create a Lightsail instance running OpenClaw.
**To create a Lightsail instance with OpenClaw**
1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com).
1. On the **Instances** section of the Lightsail home page, choose **Create instance**.
1. Choose the AWS Region and Availability Zone for your instance.
1. Choose the image for your instance as follows:
+ Under **Select a platform**, choose **Linux/Unix**.
+ Under **Select a blueprint**, choose **OpenClaw**.
![\[Select the OpenClaw blueprint.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/blueprint_selection.png)
1. Under **Choose your instance plan**, select an instance plan (4 GB memory plan is recommended for optimal performance).
1. Enter a name for your instance, or use the default name provided.
**Note**
Instance names must be unique within your Lightsail account, 2–255 characters, start and end with an alphanumeric character, and contain only alphanumeric characters, periods, dashes, or underscores.
1. Choose **Create instance**.
Your instance will be in a **Starting** state for a few minutes while it starts up. Wait until the status shows **Running** before proceeding to the next step.
## Step 2: Pair your browser with OpenClaw
Before you can use the OpenClaw dashboard, you need to pair your browser with OpenClaw. This creates a secure connection between your browser session and OpenClaw.
**Tip**
Have your browser ready on the same device you'll use to access the OpenClaw dashboard. You will copy a token from Lightsail, and paste it in the OpenClaw dashboard during this step.
The default public IP address for your OpenClaw instance changes if you stop and start your instance. When you attach a static IP address to your instance, it stays the same even if you stop and start your instance. For more information, see [View and manage IP addresses for Lightsail resources](understanding-public-ip-and-private-ip-addresses-in-amazon-lightsail.md).
**To pair your browser with OpenClaw**
1. On the **Instances** section of the Lightsail console, choose the name of your OpenClaw instance to open the instance management page.
1. In the **Getting started** tab, under **Pair your browser to OpenClaw**, choose **Connect using SSH**. A browser-based SSH terminal opens.
![\[The OpenClaw Getting Started tab.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/getting_started_tab.png)
**Did you know?**
The Message of the Day (MOTD) service running on your OpenClaw instance manages several automated configuration tasks, including origin detection, certificate management, and token rotation. You can check your MOTD version by connecting to your instance via SSH.
Your OpenClaw instance automatically configures the gateway to accept connections from the instance’s IP address. MOTD version 2.0.0 includes an automatic origin detection feature that runs during instance startup and configures the allowed origin to be the instance's current IP address. When you attach a static IP address to your instance, the system automatically updates the allowed origin to use the static IP address instead.
![\[The OpenClaw Getting Started tab.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/motd_welcome_message.png)
1. In the SSH terminal, locate the **Dashboard URL** displayed in the welcome message. Copy this URL and open it in a new browser tab.
![\[Pairing a device with OpenClaw using sample data\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/device_pairing.png)
1. In the OpenClaw dashboard that opens, locate the **Gateway Token** field.
1. Back in the SSH terminal, copy the **Access Token** displayed.
1. Paste the copied access token into the **Gateway Token** field in the OpenClaw dashboard, then click **Connect**.
![\[Entering a token for the OpenClaw Gateway using sample data\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/gateway_access.png)
1. Return to the SSH terminal. When prompted, press **y** to approve the OpenClaw CLI. This will allow the SSH terminal to manage OpenClaw running on your instance.
![\[Approve OpenClaw CLI with a sample data\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/cli_approval.png)
1. Then, press **y** again when prompted, to continue with device pairing.
1. Press **a** to approve the device pairing request.
When pairing is complete, the status in the OpenClaw dashboard will show **OK**. Your browser is now connected to your OpenClaw instance.
![\[Your browser is successfully connected to the OpenClaw Gateway.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/gateway_success.png)
**Tip**
If you need to pair an additional browser later, simply SSH into your instance again and repeat the pairing steps above.
## Step 3: Enable AI capabilities with Amazon Bedrock
Your Lightsail OpenClaw instance is configured to use Amazon Bedrock to power its AI assistant. In this step, you will grant your instance the permissions it needs to call the Bedrock API.
**To enable Bedrock API access**
1. On your OpenClaw instance management page, choose the **Getting started** tab.
1. Under **Enable Amazon Bedrock as your model provider**, click the **Copy the script** button. Then click the **Launch CloudShell** button to open CloudShell.
**What does the setup script do?**
The setup script performs the following actions: creates an IAM role specifically for your OpenClaw instance, attaches a policy granting access to Amazon Bedrock APIs, attaches a policy granting AWS Marketplace permissions (required for third-party models), and configures the instance profile to use this role. You can review the IAM policy details in the [IAM console](https://console.aws.amazon.com/iam/) after running the script. The IAM role will be named `LightsailRoleFor-[your-instance-id]`.
![\[Copy the Bedrock script for IAM role creation using test data.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/bedrock_script.png)
1. Paste the copied command into the CloudShell terminal and press Enter.
1. Wait for the script to complete. When you see **Done** in the output, the permissions have been applied successfully.
Once this step is complete, navigate to **Chat** in the OpenClaw dashboard to start using your AI assistant.
**Note:** Your Lightsail OpenClaw instance uses Anthropic Claude Sonnet 4.6 by default. If this is your first time using Anthropic models in Amazon Bedrock, you'll need to complete the First Time Use (FTU) form to gain access. [Learn more on how to access Anthropic models](https://docs.aws.amazon.com/bedrock/latest/userguide/model-access.html).
## Step 4: Connect a messaging channel (optional)
You can extend OpenClaw to work with messaging apps like Telegram and WhatsApp, so you can interact with your AI assistant directly from your phone or messaging client. Before you can connect OpenClaw to a messaging channel, you need to pair your browser with OpenClaw (see Step 2).
### Connect Telegram
**To add a Telegram channel**
1. Open Telegram and search for `@BotFather`.
1. Send the command `/newbot` and follow the prompts to create a new bot. BotFather will provide a **bot token** and a **deep link** for your bot.
![\[BotFather on Telegram.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/botfather.png)
1. Connect to your OpenClaw instance using SSH. A browser-based SSH terminal opens.
1. In the SSH terminal connected to your OpenClaw instance, run:
```
openclaw channels add
```
1. Select **Telegram** from the list of available channels.
![\[Select Telegram from the channel selection menu.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/channel_selection.png)
1. When prompted, enter the **bot token** you received from BotFather in step 2.
1. In the OpenClaw dashboard, navigate to the **Channels** section, and add your **Telegram user ID** to the allow list.
![\[Allow your bot to receive messages from your Telegram ID.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/telegram_allow_from.png)
1. Test the integration by sending a message to your bot in Telegram in Step 2.
1. You will see a message in Telegram to approve OpenClaw pairing. In the SSH terminal, run:
```
openclaw pairing approve telegram [pairing code]
```
![\[Telegram pairing information using sample data\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/telegram_pairing.png)
1. Test the integration again by sending a message to the bot you created in Telegram in Step 2
![\[Telegram is paired with your OpenClaw instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/telegram_successful_message.png)
### Connect WhatsApp
**To add a WhatsApp channel**
1. Connect to your OpenClaw instance using SSH. A browser-based SSH terminal opens.
1. In the SSH terminal connected to your OpenClaw instance, run:
```
openclaw channels add
```
1. Select **WhatsApp** from the list of available channels.
1. Follow the on-screen instructions. A **QR code** will be displayed in the terminal.
1. On your phone, open WhatsApp, and use the **Linked Devices** feature to scan the QR code.
1. Complete the pairing on your phone.
1. Test the integration by sending a message to your OpenClaw assistant directly through WhatsApp by messaging the contact number you paired in above steps.
![\[WhatsApp is paired with your OpenClaw instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/whatsapp_successful_message.png)
## Step 5: Create a snapshot of your instance (optional)
After completing the setup, we recommend creating a snapshot of your OpenClaw instance. Snapshots are point-in-time backups that let you restore your instance from a good known state, providing a reliable recovery mechanism. You can also create new instances of your desired plan from the snapshots.
**To create a manual snapshot**
1. On the **Instances** section of the Lightsail console, choose the name of your OpenClaw instance.
1. Choose the **Snapshots** tab.
1. Under **Manual snapshots**, choose **Create snapshot**.
1. Enter a name for your snapshot and choose **Create**.
**Did you know?**
Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) .
## Frequently asked questions (FAQ)
**How do I pair an additional browser with my OpenClaw instance?**
You can pair as many browsers as you need. To pair a new browser, SSH into your OpenClaw instance again (from the instance management page in the Lightsail console, choose **Connect using SSH**). Follow the same pairing steps from Step 2: navigate to the Dashboard URL, copy the access token from the terminal, paste it into the Gateway Token field in the OpenClaw dashboard on the new browser, and approve the pairing request.
**Can I customize the IAM permissions granted to my OpenClaw instance?**
Yes. The setup script in Step 3 creates an IAM role with a policy that grants access to Amazon Bedrock. You can view, edit, or restrict this policy at any time:
+ Open the [IAM console](https://console.aws.amazon.com/iam/) and navigate to **Roles**.
+ Find the role created for your OpenClaw instance, e.g. `LightsailRoleFor-i-0d15d5483571b95bb`.
+ Choose the role to view its attached policies.
+ Choose the policy name to edit its permissions.
Be careful when modifying permissions — removing required Bedrock permissions will prevent OpenClaw from generating AI responses. For more information, see [IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) in the AWS documentation.
**Can I ask OpenClaw questions about itself — like what it can do or how to use it?**
Yes, OpenClaw's built-in chat assistant can answer questions about OpenClaw itself. If you're not sure what OpenClaw can do, just ask it directly in the Chat interface. For example, you can type:
+ *"What can you help me with?"*
+ *"What channels can I connect to OpenClaw?"*
+ *"How do I add a new messaging channel?"*
OpenClaw will respond with guidance based on its capabilities. This is a great way to explore features without leaving the OpenClaw dashboard.
**Note:** You will need to either complete the **Enable AI capabilities with Amazon Bedrock** step (Step 3 in the getting started guide) or configure your own model provider for chat to work. The Bedrock setup involves running a one-click script from your instance's Getting started tab to grant the necessary permissions, and — if it's your first time using Anthropic models — submitting a brief First Time Use form in the Amazon Bedrock console. Without this step, the Chat interface will not have an AI model to connect to.
**What does running OpenClaw on Lightsail cost?**
Here is a breakdown of costs:
+ **Lightsail instance** — You pay for the instance plan you selected (e.g. the 4 GB plan). Lightsail plans are billed on an on-demand hourly rate, so you pay only for what you use. For every Lightsail plan you use, we charge you the fixed hourly price, up to the maximum monthly plan cost.
+ **AI model usage (tokens)** — Every message sent to and received from the OpenClaw assistant is processed through Amazon Bedrock using a token-based pricing model. Costs vary by model — some models are more expensive per token than others.
+ **Third-party model subscriptions** — If you select a third-party model distributed through AWS Marketplace (such as Anthropic Claude or Cohere), there may be additional software fees on top of the per-token cost. These appear as separate line items under **AWS Marketplace** in your bill.
+ **Data transfer overages** — [Each Lightsail plan](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-bundles.html#linux-unix-bundles) includes a monthly data transfer allowance. If your OpenClaw instance sends or receives more data than your plan includes, [overage charges apply for data transfer out.](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-faq-data-transfer-allowance.html)
+ **Snapshots** — Manual and automatic snapshots of your Lightsail instance are billed based on the amount of storage used.
**I want to use an Anthropic model. Is there anything extra I need to do?**
Anthropic has one additional requirement beyond the standard permissions: you must complete a [https://docs.aws.amazon.com/bedrock/latest/userguide/model-access.html](https://docs.aws.amazon.com/bedrock/latest/userguide/model-access.html) before invoking an Anthropic model for the first time. This is an Anthropic requirement and applies once per AWS account — or once at the AWS Organization's management account level, which is then inherited by all member accounts in the organization. Your OpenClaw instance uses Anthropic Claude-Sonnet 4.6 by default.
Lightsail takes care of the underlying IAM and Marketplace permissions for you as part of the setup in Step 3. The CloudShell script creates an IAM role that includes the three required AWS Marketplace permissions (`aws-marketplace:Subscribe`, `aws-marketplace:Unsubscribe`, and `aws-marketplace:ViewSubscriptions`). These are needed for Amazon Bedrock to automatically enable third-party models the first time they are invoked. Once a model has been enabled in your account, all users in the account can invoke it without needing Marketplace permissions themselves — the subscription only needs to happen once.
To complete the Anthropic-specific FTU requirement:
+ Open the [Amazon Bedrock console](https://console.aws.amazon.com/bedrock/).
+ Navigate to the **Model catalog** and select an Anthropic model (such as Claude).
+ You will be prompted to submit use case details. Complete and submit the form.
Access to Anthropic models is granted immediately after the form is successfully submitted. Once done, you can select any Anthropic model in the OpenClaw dashboard and start using it right away.
**Note**
Models from Amazon, Meta, Mistral AI, DeepSeek, and Qwen are not sold through AWS Marketplace and do not require this step.
For more information, see [Access Amazon Bedrock foundation models](https://docs.aws.amazon.com/bedrock/latest/userguide/model-access.html) in the Amazon Bedrock User Guide.
**How does HTTPS work with my OpenClaw instance?**
Your OpenClaw instance comes with a built-in HTTPS endpoint secured by a Let's Encrypt certificate. When your instance is created, a Let's Encrypt certificate is automatically issued for your instance's IPv4 address — no manual setup is required.
**What happens to my SSL certificate if my instance's IP address changes?**
Your OpenClaw instance includes a built-in certificate management daemon (`lightsail-manage-certd`) that monitors your instance's IP address. If the IP address changes — for example, when you attach or detach a static IP — the daemon automatically detects the change and issues a new Let's Encrypt certificate for the new IP address. No manual action is required for your SSL certificate.
Note: The gateway access token will remain the same, but you will need to re-pair your browsers again by following the steps in **Step 2: Pair your browser with OpenClaw**
**How often is my SSL certificate renewed?**
Let's Encrypt certificates issued for your OpenClaw instance are valid for 7 days. The certificate management daemon automatically renews your certificate 2 days before it expires, so your instance stays secured without any interruption or manual intervention.
**Can I install plugins on OpenClaw?**
Yes. OpenClaw supports plugin installation, and some plugins or configuration changes may require you to manually restart the OpenClaw gateway service for the changes to take effect.
To manage the gateway after installing a plugin or updating a configuration, SSH into your OpenClaw instance and use the following commands:
+ Stop the OpenClaw gateway service: `openclaw gateway stop`
+ Start the OpenClaw gateway service: `openclaw gateway start`
+ Check the current status of the service: `openclaw gateway status`
**Note:**If you are using MOTD 1.0.0 (OpenClaw 2026.2.17), use the following commands instead:
+ Stop the OpenClaw gateway service: `sudo systemctl stop openclaw-gateway`
+ Start the OpenClaw gateway service: `sudo systemctl start openclaw-gateway`
+ Check the current status of the service: `sudo systemctl status openclaw-gateway`
**What happens if my gateway token is compromised?**
If the token is ever exposed — for example, leaked in logs, accidentally shared, or exposed through a prompt injection attack — anyone who has it can access your OpenClaw gateway until you manually regenerate it.
**Is my gateway token automatically rotated?**
Yes. It is automatically rotated at 3:00 UTC every day. This rotation will require you to re-pair your browser with your OpenClaw instance.
**How do I manually rotate my gateway token?**
To rotate your gateway token:
+ SSH into your OpenClaw instance from the Lightsail console.
+ Run the following command to regenerate the token:
```
openclaw token rotate
```
+ The old token is immediately invalidated. Any browsers or clients currently paired with the old token will be disconnected.
+ Re-pair your browsers again using the new token by following the steps in **Step 2: Pair your browser with OpenClaw.**
**Tip**
After rotating your token, check that all trusted devices have been re-paired before resuming use.
**How does automatic token rotation work?**
MOTD 2.0.0 includes automatic token rotation that enhances security by rotating your gateway access token every day.
**Important implications:**
+ When the token is automatically rotated, all paired browsers and devices will be disconnected.
+ You will need to re-pair your browser again by following the steps in Step 2: Pair your browser with OpenClaw.
If you don't want the token to be rotated, you can disable it in the MOTD by changing the security settings.
![\[Setting to rotate tokens.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/openclaw/token_rotation.png)
**How do I rotate my messaging channel credentials (Telegram, WhatsApp, Slack)?**
If a messaging platform token or credential stored on your OpenClaw instance is compromised — for example, your Telegram bot token, WhatsApp session credentials, or Slack token — you should rotate it immediately to prevent unauthorized access to your messaging channels.
Credentials for connected channels are stored in `~/.openclaw/credentials/` on your instance. To rotate a credential:
+ Revoke the compromised token at the source:
+ Telegram: Open Telegram, message `@BotFather`, and use `/revoke` to invalidate your existing bot token and generate a new one.
+ WhatsApp: Log out the linked device session from WhatsApp on your phone (`Settings` → `Linked Devices` → select your OpenClaw session → `Log out`). Then re-link using the QR code pairing flow.
+ Update the credential on your OpenClaw instance: SSH into your instance and run:
```
openclaw channels update
```
Select the channel you want to update and enter the new token or credential when prompted.
+ Verify the channel is working by sending a test message through the updated channel.
**Note**
Rotating a messaging credential does not affect your gateway token or other connected channels — each credential is managed independently.
**What does the `setup-lightsail-openclaw-bedrock-role.sh` script do?**
It creates an IAM role that permits only your OpenClaw instance to use foundational models available via Amazon Bedrock and the AWS Marketplace.
**How do I restore an OpenClaw instance from a snapshot?**
+ Create a new instance from an existing OpenClaw snapshot. For more information, see [Creating an instance from a snapshot](lightsail-how-to-create-instance-from-snapshot.md).
+ SSH into your new OpenClaw instance from the Lightsail console
+ Run the following command to get the instance ID for your Lightsail instance, e.g. *i-1234567890abcdef1*:
```
TOKEN=`curl -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` && curl -w "\n" -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/instance-id
```
+ Run the following command to get the IAM role associated with the instance:
```
grep 'role_arn' /home/ubuntu/.aws/config | head -1 | awk '{print $3}'
```
+ Find the role you retrieved in the previous step on the [IAM console](https://console.aws.amazon.com/iam/), e.g. `LightsailRoleFor-i-0d15d5483571b95bb`
+ Select `Trust relationships`
+ Select `Edit trust policy`
+ Update the trust policy with the ARN of the instance ID retrieved earlier, e.g. *"arn:aws:sts::0123456789012:assumed-role/AmazonLightsailInstance/i-1234567890abcdef1"*.
+ Select `Update policy`
**How do I configure AllowedOrigin for my OpenClaw instance?**
AllowedOrigin is a security setting that controls which web addresses (origins) are permitted to connect to your OpenClaw gateway. This prevents unauthorized websites from accessing your instance and protects against cross-origin security issues.
**MOTD 2.0.0 (OpenClaw 2026.3.2 and later):** AllowedOrigin is automatically managed by the MOTD service. When your instance starts or when the IP address changes, the service automatically detects the correct origin, and updates the configuration. No manual action is required.
**MOTD 1.0.0 (OpenClaw 2026.2.17):** You need to manually configure AllowedOrigin if you are accessing OpenClaw from a specific domain. SSH into your instance and edit the OpenClaw configuration file by following below instructions to add your allowed origins.
+ SSH into your OpenClaw instance from the Lightsail console
+ Open the configuration file: `~/.openclaw/openclaw.json`
+ Add or modify the AllowedOrigin setting:
```
{
"gateway": {
"controlUi": {
"allowedOrigins": [
"https://"
]
}
}
}
```
+ Restart the OpenClaw gateway service: `sudo systemctl restart openclaw-gateway`
**How do I update OpenClaw to the latest version?**
To update your OpenClaw gateway to the latest version:
+ SSH into your OpenClaw instance
+ Run the update command: `sudo openclaw update --no-restart && openclaw gateway restart`
**Important notes:**
+ The OpenClaw blueprint installs the gateway globally on the instance, which is why sudo privileges are required
+ The "Update" button in the OpenClaw control UI dashboard will not work because it doesn't have `sudo` privileges
**What happens to device pairing when I attach a static IP address?**
When you attach a static IP address to your OpenClaw instance, the instance's IP address changes. This has important implications for device pairing:
+ All previously paired browsers and devices will be disconnected
+ The gateway token remains valid, but the connection endpoint has changed
+ You must explicitly pair all browsers and devices again after attaching the static IP
**To re-pair your devices:**
+ SSH into your instance (the SSH connection will work with the new static IP)
+ Follow the pairing steps in Step 2 to reconnect each browser
+ For messaging channels (Telegram, WhatsApp), you may also need to re-approve pairing
**How do I grant sandbox permissions for enabling tools?**
By default, OpenClaw runs tools and plugins in isolated Docker container environments (sandboxes) to protect your instance from potentially harmful operations. This isolation restricts what tools can access, including system commands, file system access, network connections, and host system resources.
While this provides strong security, some tools may require less restrictive settings to function properly. For example, web scraping tools need network access, and file management tools need broader filesystem access. Without these permissions, the sandbox functions primarily as a basic chatbot with limited capabilities.
To make the sandbox less restrictive:
+ SSH into your OpenClaw instance from the Lightsail console
+ Run the following commands to configure tool execution settings:
```
openclaw config set tools.exec.host gateway
openclaw config set tools.exec.ask off
openclaw config set tools.exec.security full
```
+ Restart the OpenClaw gateway service for the changes to take effect:
```
openclaw gateway restart
```
What these settings do:
+ `tools.exec.host gateway` - Allows tools to execute directly on the gateway host instead of in an isolated Docker container, giving them access to system commands and resources
+ `tools.exec.ask off` - Disables permission prompts before tool execution, allowing tools to run automatically without manual approval
+ `tools.exec.security full` - Sets the security level for tool execution
**Security consideration: **These settings significantly reduce the isolation between tools and your system. Only configure these settings if you trust the tools you're using. Running tools with less restrictive sandbox settings may expose your instance to security risks if a tool is compromised or malicious.
**What are the differences between MOTD versions?**
OpenClaw instances use different MOTD (Message of the Day) versions depending on when they were created. Here's what you need to know:
**MOTD 1.0.0 (OpenClaw 2026.2.17):**
+ Gateway management: Use `sudo systemctl start/stop/status openclaw-gateway`
+ Token rotation: Manual only (use `openclaw token rotate`)
**MOTD 2.0.0 (OpenClaw 2026.3.2 and later):**
+ Gateway management: Use simplified commands `openclaw gateway start/stop/status`
+ Token rotation: Automatic daily rotation
**How to check your MOTD version:** SSH into your instance and look at the welcome message displayed. The MOTD version will be shown at the top.
# Deploy a Plesk hosting stack on Lightsail
**Did you know?**
Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) .
Learn how to create a Plesk instance in Amazon Lightsail, and how to sign in to the Plesk User Interface for the first time by creating a username and password. You will also learn how to connect to and configure your Plesk instance after it is up and running.
**Important**
Instances launched with the **Plesk Hosting Stack on Ubuntu (BYOL)** blueprint have a 30-day trial license. After 30 days, you must purchase and install a license from Plesk to continue using the Plesk application. For more information, see [Step 8: Purchase a Plesk license](#purchase-plesk-license).
With Plesk hosting stacks in Lightsail, you can accomplish tasks such as:
+ Automate WordPress site management using WP Toolkit's graphical interface
+ Secure your site with free SSL certificates and configure HTTPS traffic using Let's Encrypt
+ Transfer files to and from your instance using FTP
+ Monitor and secure your server using web-based tools, including Plesk Firewall, Logs, and ModSecurity
+ Route inbound traffic from specific domains to designated container ports using Docker Proxy Rules
## Considerations for deploying a Plesk hosting stack
Before you begin deploying your Plesk instance, determine if you need to register a domain for your website and how you want to manage it. You need a registered domain to access your website by a logical name (such as `http://example.com`) rather than by IP address. You also need a DNS name created within your domain to secure connections to your website with a certificate (required for HTTPS traffic).
Review the following options for domain configuration and management:
+ If you already have a registered domain in Lightsail that you want to use, you can begin the steps in this tutorial.
+ If you have a domain with a different registrar that you prefer to manage your DNS records with, you can begin the steps in this tutorial. Otherwise, you can [transfer management of your domain's DNS records](https://docs.aws.amazon.com/lightsail/latest/userguide/lightsail-how-to-create-dns-entry.html#lightail-change-the-name-servers). This can help you to more efficiently manage all of your compute and DNS resources within Lightsail.
+ If you don't have a domain that you want to use, you can find and register one for your website. For more information on registering a domain with Lightsail, see [Register and manage domains for your website in Lightsail](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-domain-registration.html).
## Step 1: Create a Plesk instance
Complete the following steps to create a Plesk instance on Lightsail.
1. Sign in to the Lightsail console at [https://lightsail.aws.amazon.com/](https://lightsail.aws.amazon.com/).
1. On the **Instances** home page, choose **Create instance**.
1. Select a location for your instance (an AWS Region and Availability Zone).
Choose **Change AWS Region and Availability Zone** to create your instance in another location.
1. Optionally, you can change the Availability Zone.
Choose **Change your Availability Zone**.
1. Under **Apps \$1 OS**, choose **Plesk Hosting Stack on Ubuntu (BYOL)**.
1. Choose an available instance plan.
**Tip**
For optimal website performance, select an instance plan that can accommodate the resource demands of the plugins and extensions that you plan to install. If you later require more compute power, you can [upsize your instance from a snapshot](https://docs.aws.amazon.com/lightsail/latest/userguide/how-to-create-larger-instance-from-snapshot-using-console.html). For more information about the requirements for plugins and extensions, consult the respective vendor's documentation.
1. Enter a name for your instance.
Resource names:
+ Must be unique within each AWS Region in your Lightsail account.
+ Must contain 2 to 255 characters.
+ Must start and end with an alphanumeric character or number.
+ Can include alphanumeric characters, numbers, periods, dashes, and underscores.
1. (Optional) Choose **Add new tag** to add a tag to your instance. Repeat this step as needed to add additional tags. For more information on tag usage, such as for billing and resource organization, see [Tags](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-tags.html).
+ For **Key**, enter a tag key.
+ (Optional) For **Value**, enter a tag value.
1. Choose **Create instance**.
Your instance takes a few minutes to provision and become available after you create it.
**Tip**
To streamline the initial setup process for Plesk, don't assign a static IP to your instance for now—you'll do this in a later step. If you attach a static IP to your Plesk instance now, you might get a one-time login URL that uses an outdated public IP address. This can occur because your instance might use the public IP address that was assigned initially rather than the static IP address.
## Step 2: Sign in to the Plesk user interface for the first time
**Tip**
Keep your Lightsail console and Plesk user interface browser tabs open until you complete this tutorial as you'll be working through multiple steps in each.
Use the following procedure to obtain a one-time login URL to access the Plesk user interface as an administrator. This interface is where you'll create and manage your websites.
**To obtain a one-time login URL**
1. In the left navigation pane, choose Instances.
1. Choose the name of the Plesk instance that you created.
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
**Note**
If you attempt to connect too quickly after launching the instance, you might experience a connection or SSH key error. If you see these issues while connecting, wait a few minutes and try again.
1. After you're connected, enter the following command to get the one-time login URL.
```
sudo plesk login | grep plesk.page
```
You should see a response similar to the following example, which contains the one-time login URL.
```
https://heuristic-bassi.192-0-2-0.plesk.page/login?secret=ce-EXAMPLE298fc1c149afbf4c8996fb92427
```
**Note**
If your public IP address has changed (for example, you assigned a static IP since it was launched), you'll need to modify the returned URL to match your new address to access the login page.
1. Select the one-time login URL in the browser-based connection window and copy it.
1. Paste the URL in your web browser to access the Plesk login page.
1. Follow the instructions on the page to create your sign in credentials for Plesk. You should see an option to add your domain to Plesk when you sign in for the first time.
## Step 3: Attach a static IP address to your Plesk instance
The default dynamic public IP address attached to your instance changes every time you stop and start the instance. To keep the public IP address from changing, create a static IP address and attach it to your instance. In a later step, you'll map your static IP address to your domain name. With this mapping configured, you don't have to update your domain's DNS records each time you stop and start the instance.
**Note**
You can only attach one static IP to a Lightsail instance. Static IP addresses are only free when they are attached to an instance.
**To attach a static IP and update your public IP address in Plesk**
1. Sign in to the Lightsail console at [https://lightsail.aws.amazon.com/](https://lightsail.aws.amazon.com/).
1. On the **Instances** home page of the Lightsail console, choose the name of your Plesk instance.
1. Under the **Networking** tab, choose **Attach static IP**.
1. Create and attach a static IP address.
+ To create and attach a static IP when none exists in the Region:
1. Enter a name to identify the static IP.
1. Choose **Create and attach**.
1. Choose **Continue**.
+ To create and attach a new static IP when you already have one in the Region:
1. Choose the **Select a static IP** menu to display the available options.
1. Choose **Create a new static IP** in the dropdown menu.
1. Enter a name to identify the static IP.
1. Choose **Create and attach**.
1. Choose **Continue**.
+ To use an existing static IP in the Region:
1. Choose the **Select a static IP** menu to display the available options.
1. Choose an already available static IP in the dropdown menu.
1. Choose **Attach**.
With the public IP address changed, you access the Plesk user interface using a URL that resembles `https://StaticIPAddress:8443`. Replace `StaticIPAddress` with the static IP address attached to your instance. For example, `https://192.0.2.0:8443`. On the login page, enter the username and password that you created previously to sign in to the Plesk user interface.
**Note**
When you connect with an IP address in the URL, you might see a browser warning that your connection is not private, not secure, or that there's a security risk. This happens because your Plesk instance's SSL/TLS certificate applied to it doesn't match the new public IP being used. In the browser window, choose **Advanced**, **Details**, or **More information** to view the options that are available. Then choose to proceed to the website even if it's not private or secure.
## Step 4: Update your public IP address in Plesk
Now that you have the static IP address assigned to your instance, update the public IP address used by Plesk. This ensures that Plesk uses your updated public IP address rather than the dynamic address which is no longer associated with your instance. If you don't perform this step, the Plesk user interface might present warnings about the mismatch.
**To update your public IP address in Plesk**
1. Access the Plesk user interface using the new public IP address that is assigned. For example, `https://192.0.2.0:8443`.
1. Authenticate using the sign in credentials that you created previously in [Step 2: Sign in to the Plesk user interface for the first time](#sign-in-to-plesk-ui).
1. In the bottom-left corner of the Plesk user interface, choose **Change View**, then choose **Switch to Power User view**.
1. In the left navigation pane of the Plesk user interface, choose **Tools & Settings**.
1. Under **Tools & Resources**, choose **IP Addresses**.
1. Choose **Update public IPs**.
In the **Public IP Address** column, you should now see the value match with the static IP attached to your instance.
## Step 5: Add a website to your Plesk instance
You can map one or more domain names (websites) within the Plesk user interface. Adding a domain in your Plesk instance enables you to [upload content](https://docs.plesk.com/en-US/obsidian/reseller-guide/website-management/quick-start-with-plesk/set-up-your-first-website/1-create-your-site/uploading-content.70312/), use [Presence Builder](https://www.plesk.com/extensions/offer-web-presence-builder/), and to install a [content management system](https://www.plesk.com/blog/various/top-10-php-cms-platforms-for-developers-in-2024/) (CMS).
**To add a new domain in Plesk**
1. In the left navigation pane of the Plesk user interface, choose **Websites & Domains**.
1. Choose **Add Domain**.
1. Select an option for how you want to create your website.
1. Enter a domain name and fill out any additional required information fields.
1. Choose **Add Domain**.
For more information, see [Adding and Removing Domains](https://docs.plesk.com/en-US/obsidian/administrator-guide/website-management/websites-and-domains/domains-and-dns/adding-and-removing-domains.65150/) in the *Plesk Administrator's Guide*.
## Step 6: Map your domain name to your Plesk instance
You can map a domain to your Plesk instance to access your Plesk user interface using the domain name that you create. You can also map multiple domains within the Plesk user interface, which you can use to manage websites. For more information about mapping multiple domains within the Plesk user interface, see [Adding a Domain in Plesk](https://docs.plesk.com/en-US/obsidian/quick-start-guide/plesk-tutorial/step-6-change-your-password-and-log-out.74376/#adding-a-domain-in-plesk) in the *Plesk Documentation and Help Portal*.
To map your domain name, such as `example.com`, to your instance, you add an A record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer them using the Lightsail console. For more information, see [Transfer DNS management for your Lightsail domain](amazon-lightsail-domain-register-other-dns-service-procedure.md).
**To map your domain name to your Plesk instance in Lightsail**
1. Open the Amazon Lightsail console at [https://console.aws.amazon.com/lightsail/](https://console.aws.amazon.com/lightsail/).
1. In the left-navigation pane of the Plesk user interface, choose **Domains & DNS**.
1. Choose the name of your DNS zone.
1. Choose the **DNS records** tab.
1. Choose **Add record**.
1. For **Record name**, enter a value, such as `www`.
1. For **Resolves to**, enter the static IP address attached to your Plesk instance.
1. Choose **Save**.
You should now be able to access your Plesk website using the domain name that you configured.
## Step 7: Read the Plesk documentation
Read the Plesk documentation to learn how to administer websites, customize the Plesk user interface, and more.
For more information, see the [Getting Started with Managing Websites in Plesk](https://docs.plesk.com/en-US/obsidian/quick-start-guide/read-me-first.74371/) in the *Plesk Documentation and Help Portal*.
## Step 8: Purchase a Plesk license
Your Plesk instance includes a 30-day trial license. After 30 days, you must purchase a license from Plesk to continue using it. For more information, see [Pricing](https://www.plesk.com/pricing/) on the *Plesk* website.
You must install the license after you purchase it from Plesk. To install your Plesk license, see [How to install the Plesk license](https://support.plesk.com/hc/en-us/articles/12378028764951-How-to-install-the-Plesk-license) on the *Plesk support* website.
## Step 9: Create a snapshot of your Plesk instance
After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken).
You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot.
You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md).
![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png)
# Set up a PrestaShop website on Lightsail
**Did you know?**
Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) .
Here are a few steps you should complete to get started after your PrestaShop instance is up and running on Amazon Lightsail.
**Contents**
+ [Step 1: Get the default application password for your PrestaShop website](#amazon-lightsail-prestashop-get-the-default-user-password)
+ [Step 2: Attach a static IP address to your PrestaShop instance](#amazon-lightsail-prestashop-attach-static-ip)
+ [Step 3: Sign in to the administration dashboard of your PrestaShop website](#amazon-lightsail-prestashop-sign-in)
+ [Step 4: Route traffic for your registered domain name to your PrestaShop website](#amazon-lightsail-prestashop-map-your-domain-to-your-instance)
+ [Step 5: Configure HTTPS for your PrestaShop website](#amazon-lightsail-prestashop-https)
+ [Step 6: Configure SMTP for email notifications](#amazon-lightsail-prestashop-smtp)
+ [Step 7: Read the Bitnami and PrestaShop documentation](#amazon-lightsail-prestashop-read-the-bitnami-documentation)
+ [Step 8: Create a snapshot of your PrestaShop instance](#amazon-lightsail-prestashop-create-a-snapshot)
## Step 1: Get the default application password for your PrestaShop website
Complete the following steps to get the default application password for your PrestaShop website.
1. On the instance management page, under the **Connect** tab, choose **Connect using SSH.**
![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-connect-to-your-instance.png)
1. After you're connected, enter the following command to get the default application password:
```
cat $HOME/bitnami_application_password
```
You should see a response similar to the following example, which contains the default application password. Store this password in a safe place. You will use it in the next section of this tutorial to sign in to the administration dashboard of your PrestaShop website.
![\[Default application password for Bitnami instances\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-ssh-default-application-password.png)
For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md).
## Step 2: Attach a static IP address to your PrestaShop instance
The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance.
On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md).
![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png)
After the new static IP address is attached to your instance, you must complete the following steps to make the PrestaShop software aware of the new static IP address.
1. Make a note of the static IP address of your instance. It's listed in the header section of your instance management page.
![\[Public or static IP address of a Lightsail instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-public-static-ip.png)
1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-connect-using-ssh.png)
1. After you're connected, enter the following command. Be sure to replace ** with the new static IP address of your instance.
```
sudo /opt/bitnami/configure_app_domain --domain
```
**Example:**
```
sudo /opt/bitnami/configure_app_domain --domain 203.0.113.0
```
You should see a response similar to the following example. The PrestaShop software should now be aware of the new static IP address.
![\[Result of the domain configuration tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-configure-domain-ip.png)
**Note**
PrestaShop does not currently support IPv6 addresses. You can enable IPv6 for the instance, but the PrestaShop software will not respond to requests over the IPv6 network.
## Step 3: Sign in to the administration dashboard of your PrestaShop website
Complete the following step to access your PrestaShop website and sign in to its administration dashboard. To sign in, you will use the default user name (`user@example.com`) and the default application password that you got earlier in this guide.
1. In the Lightsail console, make note of the public or static IP address that is listed in the header area of the instance management page.
![\[Public or static IP address of a Lightsail instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-public-static-ip.png)
1. Browse to the following address to access the sign in page for the administration dashboard of your PrestaShop website. Be sure to replace ** with the public or static IP address of your instance.
```
http:///administration
```
**Example: **
```
http://203.0.113.0/administration
```
1. Enter the default user name (`user@example.com`), the default application password you got earlier in this guide, and choose **Log in**.
![\[The PrestaShop administration dashboard sign in page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-prestashop-sign-in-page.png)
The PrestaShop administration dashboard appears.
![\[PrestaShop administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-prestashop-administration-dashboard.png)
To change the default user name or password that you use to sign in to the administration dashboard of your PrestaShop website, choose **Advanced Parameters** in the navigation pane, and then choose **Team**. For more information, see [User Guide PrestaShop](https://docs.prestashop-project.org/1.7-documentation/user-guide) in the *PrestaShop documentation*.
![\[Advanced parameters in the PrestaShop navigation pane\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-advanced-parameters.png)
For more information about the administration dashboard, see For more information, see [User Guide PrestaShop](https://docs.prestashop-project.org/1.7-documentation/user-guide) in the *PrestaShop documentation*.
## Step 4: Route traffic for your registered domain name to your PrestaShop website
To route traffic for your registered domain name, such as `example.com`, to your PrestaShop website, you add a record to the domain name system (DNS) of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console.
On the Lightsail console home page, under the **Domains & DNS** tab, choose **Create DNS zone**, then follow the instructions on the page.
For more information, see [Creating a DNS zone to manage your domain’s DNS records in Lightsail](lightsail-how-to-create-dns-entry.md).
After your domain name is routing traffic to your instance, you must complete the following steps to make the PrestaShop software aware of the domain name.
1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-connect-using-ssh.png)
1. After you're connected, enter the following command. Be sure to replace ** with the domain name that is routing traffic to your instance.
```
sudo /opt/bitnami/configure_app_domain --domain
```
**Example:**
```
sudo /opt/bitnami/configure_app_domain --domain www.example.com
```
You should see a response similar to the following example. The PrestaShop software should now be aware of the domain name.
![\[Result of the domain configuration tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-configure-domain.png)
## Step 5: Configure HTTPS for your PrestaShop website
Complete the following steps to configure HTTPS on your PrestaShop website. These steps show you how to use the Bitnami HTTPS configuration tool (bncert), which is a command line tool for requesting SSL/TLS certificates, setting up redirections (e.g. HTTP to HTTPS), and renewing certificates.
**Important**
The bncert tool will issue certificates only for domains that are currently routing traffic to the public IP address of your PrestaShop instance. Before starting with these steps, make sure that you add DNS records to the DNS of all domains that you want to use with your PrestaShop website.
1. On the instance management page, under the Connect tab, choose **Connect using SSH**.
![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-connect-to-your-instance.png)
1. After you're connected, enter the following command to start the bncert-tool.
```
sudo /opt/bitnami/bncert-tool
```
You should see a response similar to the following example:
![\[Running the bncert tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/run-bncert-tool-success.png)
1. Enter your primary domain name and alternate domain names separated by a space as shown in the following example.
![\[Entering the primary and alternate domain names\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-domain-names.png)
1. The bncert tool will ask how you want your website's redirection to be configured. These are the options available:
+ **Enable HTTP to HTTPS redirection** - Specifies whether users who browse to the HTTP version of your website (i.e., `http:/example.com`) are automatically redirected to the HTTPS version (i.e., `https://example.com`). We recommend enabling this option because it forces all visitors to use the encrypted connection. Type `Y` and press **Enter** to enable it.
+ **Enable non-www to www redirection** - Specifies whether users who browse to the apex of your domain (i.e., `https://example.com`) are automatically redirected to your domain's `www` subdomain (i.e., `https://www.example.com`). We recommend enabling this option. However, you may want to disable it and enable the alternate option (enable `www` to non-`www` redirection) if you have specified the apex of your domain as your preferred website address in search engine tools like Google's webmaster tools, or if your apex points directly to your IP and your `www` subdomain references your apex via a CNAME record. Type `Y` and press **Enter** to enable it.
+ **Enable www to non-www redirection** - Specifies whether users who browse to your domain's `www` subdomain (i.e., `https://www.example.com`) are automatically redirected to the apex of your domain (i.e., `https://example.com`). We recommend disabling this, if you enabled non-`www` redirection to `www`. Type `N` and press **Enter** to disable it.
Your selections should look like the following example.
![\[Website redirection options\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-enable-disable-redirection.png)
1. The changes that are going to be made are listed. Type `Y` and press **Enter** to confirm and continue.
![\[Confirming the changes\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-confirm-changes.png)
1. Enter your email address to associate with your Let's Encrypt certificate and press **Enter**.
![\[Associating your email address with your Let's Encrypt certificate\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-email-address.png)
1. Review the Let's Encrypt Subscriber Agreement. Type `Y` and press **Enter** to accept the agreement and continue.
![\[Review the Let's Encrypt subscriber agreement\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-lets-ecrypt-agreement.png)
The actions are performed to enable HTTPS on your instance, including requesting the certificate and configuring the redirections you specified.
![\[Actions being performed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-performing-actions.png)
Your certificate is successfully issued and validated, and the redirections are successfully configured on your instance if you see a message similar to the following example.
![\[Actions successfully completed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-success-conf.png)
The `bncert` tool will perform an automatic renewal of your certificate every 80 days before it expires. Continue to the next set of steps to finish enabling HTTPS on your PrestaShop website.
1. Browse to the following address to access the sign in page for the administration dashboard of your PrestaShop website. Be sure to replace ** with the registered domain name that is routing traffic to your instance.
```
http:///administration
```
**Example: **
```
http://www.example.com/administration
```
1. Enter the default user name (`user@example.com`), the default application password you got earlier in this guide, and choose **Log in**.
![\[The PrestaShop administration dashboard sign in page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-prestashop-sign-in-page.png)
The PrestaShop administration dashboard appears.
![\[PrestaShop administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-prestashop-administration-dashboard.png)
1. Choose **Shop Parameters** in the navigation pane, and then choose **General**.
![\[General parameters in the PrestaShop navigation pane\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-general-parameters.png)
1. Choose **Yes** next to **Enable SSL**.
![\[Enable SSL in the PrestaShop administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-enable-ssl.png)
1. Scroll to the bottom of the page and choose **Save**.
1. When the **General** page reloads, choose **Yes** next to **Enable SSL on all pages**.
![\[Enable SSL for all pages in the PrestaShop administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-enable-ssl-all-pages.png)
1. Scroll to the bottom of the page and choose **Save**.
HTTPS is now configured for your PrestaShop website. When customers browse to the HTTP version (e.g., `http://www.example.com`) of your PrestaShop website, they will be automatically redirected to the HTTPS version (e.g., `https://www.example.com`).
## Step 6: Configure SMTP for email notifications
Configure the SMTP settings of your PrestaShop website to enable email notifications for it. To do so, sign in to the administration dashboard of your PrestaShop website. Choose **Advanced Parameters** in the navigation pane, and then choose **E-mail**. You should also adjust your email contacts accordingly. To do so, choose **Shop Parameters** in the navigation pane, and then choose **Contact**.
![\[Email option in the navigation pane\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/prestashop-quick-start-advanced-parameters-email.png)
For more information, For more information, see [User Guide PrestaShop](https://docs.prestashop-project.org/1.7-documentation/user-guide) in the *PrestaShop documentation* and [Configure SMTP for outbound emails](https://docs.bitnami.com/aws/apps/prestashop/configuration/configure-smtp/) in the Bitnami documentation.
**Important**
If you configure SMTP to use ports 25, 465, or 587, then you must open those ports in the firewall of your instance in the Lightsail console. For more information, see [Adding and editing instance firewall rules in Amazon Lightsail](amazon-lightsail-editing-firewall-rules.md).
If you configure your Gmail account to send email on your PrestaShop website, then you must use an app password instead of using the standard password that you use to sign in to Gmail. For more information, see [Sign in with App Passwords](https://support.google.com/accounts/answer/185833?hl=en).
## Step 7: Read the Bitnami and PrestaShop documentation
Read the Bitnami documentation to learn how to perform administrative tasks on your PrestaShop instance and website, such as install plugins and customize the theme. For more information, see [Bitnami PrestaShop Stack for AWS Cloud](https://docs.bitnami.com/aws/apps/prestashop/) in the *Bitnami documentation*.
You should also read the PrestaShop documentation to learn how to administer your PrestaShop website. For more information, see the [User Guide PrestaShop](https://docs.prestashop-project.org/1.7-documentation/user-guide) in the *PrestaShop documentation*.
## Step 8: Create a snapshot of your PrestaShop instance
After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken).
You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot.
You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md).
![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png)
# Configure and secure a Redmine instance on Lightsail
**Did you know?**
Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) .
Here are a few steps you should take to get started after your Redmine instance is up and running on Amazon Lightsail:
**Contents**
+ [Step 1: Read the Bitnami documentation](#amazon-lightsail-read-the-bitnami-documentation-redmine)
+ [Step 2: Get the default application password to access the Redmine administration dashboard](#amazon-lightsail-get-the-default-user-password-redmine)
+ [Step 3: Attach a static IP address to your instance](#amazon-lightsail-attach-static-ip-redmine)
+ [Step 4: Sign in to the administration dashboard of your Redmine website](#amazon-lightsail-sign-in-redmine)
+ [Step 5: Route traffic for your registered domain name to your Redmine website](#amazon-lightsail-map-your-domain-to-your-instance-redmine)
+ [Step 6: Configure HTTPS for your Redmine website](#amazon-lightsail-https-redmine)
+ [Step 7: Read the Redmine documentation and continue configuring your website](#amazon-lightsail-read-documentation-redmine)
+ [Step 8: Create a snapshot of your instance](#amazon-lightsail-create-a-snapshot-redmine)
## Step 1: Read the Bitnami documentation
Read the Bitnami documentation to learn how to configure your Redmine application. For more information, see the [Redmine Packaged By Bitnami For AWS Cloud](https://docs.bitnami.com/aws/apps/redmine/).
## Step 2: Get the default application password to access the Redmine administration dashboard
Complete the following procedure to get the default application password required to access the administration dashboard for your Redmine website. For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md).
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png)
1. After you're connected, enter the following command to get the application password:
```
cat $HOME/bitnami_application_password
```
You should see a response similar to the following example, which contains the default application password:
![\[Bitnami default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bitnami-application-password.png)
## Step 3: Attach a static IP address to your instance
The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance.
On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md).
![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png)
## Step 4: Sign in to the administration dashboard of your Redmine website
Now that you have the default application password, complete the following procedure to navigate to your Redmine website's home page, and sign in to the administration dashboard. After you’re signed in, you can start customizing your website and making administrative changes. For more information about what you can do in Joomla\$1, see the [Step 7: Read the Redmine documentation and continue configuring your website](#amazon-lightsail-read-documentation-redmine) section later in this guide.
1. On your instance management page, under the **Connect** tab, make note of the public IP address of your instance. The public IP address is also displayed in the header section of your instance management page.
![\[Public IP address of an instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-ip.png)
1. Browse to the public IP address of your instance, for example by going to `http://203.0.113.0`.
The home page of your Redmine website should appear.
1. Choose **Manage** in the bottom right corner of your Redmine website home page.
If the **Manage** banner is not shown, you can reach the sign in page by browsing to `http:///admin`. Replace `` with the public IP address of your instance.
1. Sign in using the default user name (`user`) and the default password retrieved earlier in this guide.
The Redmine administration dashboard appears.
![\[The Redmine administration dashboard\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-redmine-dashboard.png)
## Step 5: Route traffic for your registered domain name to your Redmine website
To route traffic for your registered domain name, such as `example.com`, to your Redmine website, you add a record to the DNS of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console.
On the Lightsail console home page, under the **Domains & DNS** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Creating a DNS zone to manage your domain’s DNS records in Lightsail](lightsail-how-to-create-dns-entry.md).
If you browse to the domain name that you configured for your instance, you should be redirected to the home page of your Redmine website. Next, you should generate and configure an SSL/TLS certificate to enable HTTPS connections for your Redmine website. For more information, continue to the next [Step 6: Configure HTTPS for your Redmine website](#amazon-lightsail-https-redmine) section of this guide.
## Step 6: Configure HTTPS for your Redmine website
Complete the following procedure to configure HTTPS on your Redmine website. These steps show you how to use the Bitnami HTTPS Configuration Tool (`bncert-tool`), which is a command line tool for requesting Let's Encrypt SSL/TLS certificates. For more information see [Learn About The Bitnami HTTPS Configuration Tool](https://docs.bitnami.com/aws/how-to/understand-bncert/) in the *Bitnami documentation*.
**Important**
Before starting with this procedure, make sure that you configured your domain to route traffic to your Redmine instance. Otherwise, the SSL/TLS certificate validation process will fail.
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png)
1. After you're connected, enter the following command to confirm the bncert tool is installed on your instance.
```
sudo /opt/bitnami/bncert-tool
```
You should see one of the following responses:
+ If you see command not found in the response, then the bncert tool is not installed on your instance. Continue to the next step in this procedure to install the bncert tool on your instance.
+ If you see **Welcome to the Bitnami HTTPS configuration tool** in the response, then the bncert tool is installed on your instance. Continue to the step 8 of this procedure.
+ If the bncert tool has been installed on your instance for a while, then you might see a message indicating that an updated version of the tool is available. Choose to download it, and then enter the `sudo /opt/bitnami/bncert-tool` command to run the bncert tool again. Continue to the step 8 of this procedure.
1. Enter the following command to download the bncert run file to your instance.
```
wget -O bncert-linux-x64.run https://downloads.bitnami.com/files/bncert/latest/bncert-linux-x64.run
```
1. Enter the following command to create a directory for the bncert tool run file on your instance.
```
sudo mkdir /opt/bitnami/bncert
```
1. Enter the following command to make the bncert run a file that can be executed as a program.
```
sudo chmod +x /opt/bitnami/bncert/bncert-linux-x64.run
```
1. Enter the following command to create a symbolic link that runs the bncert tool when you enter the sudo /opt/bitnami/bncert-tool command.
```
sudo ln -s /opt/bitnami/bncert/bncert-linux-x64.run /opt/bitnami/bncert-tool
```
You are now done installing the bncert tool on your instance.
1. Enter the following command to run the bncert tool.
```
sudo /opt/bitnami/bncert-tool
```
1. Enter your primary domain name and alternate domain names separated by a space as shown in the following example.
If your domain is not configured to route traffic to the public IP address of your instance, the `bncert` tool will ask you to make that configuration before continuing. Your domain must be routing traffic to the public IP address of the instance from which you are using the `bncert` tool to enable HTTPS on the instance. This confirms that you own the domain, and serves as the validation for your certificate.
![\[Entering the primary and alternate domain names\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-domain-names.png)
1. The `bncert` tool will ask you how you want your website's redirection to be configured. These are the options available:
+ **Enable HTTP to HTTPS redirection** - Specifies whether users who browse to the HTTP version of your website (i.e., `http:/example.com`) are automatically redirected to the HTTPS version (i.e., `https://example.com`). We recommend enabling this option because it forces all visitors to use the encrypted connection. Type `Y` and press **Enter** to enable it.
+ **Enable non-www to www redirection** - Specifies whether users who browse to the apex of your domain (i.e., `https://example.com`) are automatically redirected to your domain's `www` subdomain (i.e., `https://www.example.com`). We recommend enabling this option. However, you may want to disable it and enable the alternate option (enable `www` to non-`www` redirection) if you have specified the apex of your domain as your preferred website address in search engine tools like Google's webmaster tools, or if your apex points directly to your IP and your `www` subdomain references your apex via a CNAME record. Type `Y` and press **Enter** to enable it.
+ **Enable www to non-www redirection** - Specifies whether users who browse to your domain's `www` subdomain (i.e., `https://www.example.com`) are automatically redirected to the apex of your domain (i.e., `https://example.com`). We recommend disabling this, if you enabled non-`www` redirection to `www`. Type `N` and press **Enter** to disable it.
Your selections should look like the following example.
![\[Website redirection options\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-enable-disable-redirection.png)
1. The changes that are going to be made are listed. Type `Y` and press **Enter** to confirm and continue.
![\[Confirming the changes\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-confirm-changes.png)
1. Enter your email address to associate with your Let's Encrypt certificate and press **Enter**.
![\[Associating your email address with your Let's Encrypt certificate\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-email-address.png)
1. Review the Let's Encrypt Subscriber Agreement. Type `Y` and press **Enter** to accept the agreement and continue.
![\[Review the Let's Encrypt subscriber agreement\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-lets-ecrypt-agreement.png)
The actions are performed to enable HTTPS on your instance, including requesting the certificate and configuring the redirections you specified.
![\[Actions being performed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-performing-actions.png)
Your certificate is successfully issued and validated, and the redirections are successfully configured on your instance if you see a message similar to the following example.
![\[Actions successfully completed\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/bncert-success-conf.png)
The `bncert` tool will perform an automatic renewal of your certificate every 80 days before it expires. Repeat the above steps if you wish to use additional domains and subdomains with your instance, and you want to enable HTTPS for those domains.
You are now done enabling HTTPS on your Redmine instance. Next time you browse to your Redmine website using the domain you configured, you should see that it redirects to the HTTPS connection.
## Step 7: Read the Redmine documentation and continue configuring your website
Read the Redmine documentation to learn how to administer and customize your website. For more information, see the [Redmine guide](https://www.redmine.org/guide).
## Step 8: Create a snapshot of your instance
After you configure your Redmine website the way you want it, create periodic snapshots of your instance to back it up. You can create snapshots manually, or enable automatic snapshots to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot. For more information, see [Snapshots](understanding-snapshots-in-amazon-lightsail.md).
On the instance management page, under the **Snapshot** tab, choose **Create a snapshot** or choose to enable automatic snapshots.
![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png)
For more information, see Creating a snapshot of your [Linux or Unix instance in Amazon Lightsail](lightsail-how-to-create-a-snapshot-of-your-instance.md) or [Enabling or disabling automatic snapshots for instances or disks in Amazon Lightsail](amazon-lightsail-configuring-automatic-snapshots.md).
# Set up Ruby on Rails on Lightsail
**Did you know?**
Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) .
Here are a few steps you should take to get started after your Ruby on Rails instance is up and running on Amazon Lightsail:
## Step 1: Attach a static IP address to your Ruby on Rails instance
The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance.
On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md).
![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png)
## Step 2: Visit your Ruby on Rails instance welcome page
Navigate to the static IP address of your instance to access the application installed on it.
1. On your instance management page, under the **Connect** tab, make note of the static IP.
1. Browse to the static IP address, for example `http://192.0.0.1:3000`.
For more information, see [Ruby on Rails Guides](https://guides.rubyonrails.org/).
## Step 3: Deploy your application
1. Follow the instructions from [Transfer files securely to Lightsail Linux instances with SFTP](amazon-lightsail-connecting-to-linux-unix-instance-using-sftp.md) to copy your application to `/home/ec2-user/my_app`
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
1. Run `sudo systemctl restart rails-server`
1. Navigate to your instance's static IP address
## Step 4: Create a snapshot of your Ruby on Rails instance
After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken).
You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot.
You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md).
![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png)
# Deploy and manage WordPress on Lightsail
**Did you know?**
Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) .
With this quick start guide, you will learn how to launch and configure a WordPress instance on Amazon Lightsail.
Here are a few steps you should take to get started after your WordPress instance is up and running on Amazon Lightsail. Before you get started, identify your blueprint vendor on your instance management page:
![\[WordPress blueprint vendor on the instance management page\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wordpress/wordpress-blueprint-vendor.png)
Select the appropriate guide for your WordPress instance:
------
#### [ Bitnami ]
## Step 1: Configure your WordPress instance
You can configure your WordPress instance using a guided, step-by-step workflow that configures the following:
+ **A registered domain name** – Your WordPress site needs a domain name that is easy to remember. Users will specify this domain name to access your WordPress site. For more information, see [Register and manage domains for your website in Lightsail](amazon-lightsail-domain-registration.md).
+ **DNS management** – You must decide how to manage the DNS records for your domain. A DNS record tells the DNS server which IP address or hostname a domain or subdomain is associated with. A DNS zone contains the DNS records for your domain. For more information, see [Understanding DNS in Lightsail](understanding-dns-in-amazon-lightsail.md).
+ **A Static IP address** – The default public IP address for your WordPress instance changes if you stop and start your instance. When you attach a static IP address to your instance, it stays the same even if you stop and start your instance. For more information, see [View and manage IP addresses for Lightsail resources](understanding-public-ip-and-private-ip-addresses-in-amazon-lightsail.md).
+ **An SSL/TLS certificate** – After you create a validated certificate and install it on your instance, you can enable HTTPS for your WordPress website so that traffic that is routed to the instance through your registered domain is encrypted using HTTPS. For more information, see [Secure your WordPress site with HTTPS on Lightsail](amazon-lightsail-enabling-https-on-wordpress.md).
**Tip**
Review the following tips before you begin. For troubleshooting information, see [Troubleshooting WordPress setup](amazon-lightsail-troubleshooting-wp-setup.md).
Setup supports Lightsail instances with WordPress version 6 and newer, that were created after January 1, 2023.
The Certbot dependency file, HTTPS rewrite script and certificate renewal script that are run during setup are saved in the `/opt/bitnami/lightsail/scripts/` directory on your instance.
Your instance must be in a **Running** state. Allow a few minutes for the SSH connection to become ready if the instance was just started.
Ports 22, 80, and 443 on your instance firewall must allow TCP connections from any IP address while setup is running. For more information, see [Instance firewalls](understanding-firewall-and-port-mappings-in-amazon-lightsail.md).
When you add or update DNS records that point traffic from your apex domain (`example.com`) and its `www` subdomains (`www.example.com`), they will need to propagate throughout the Internet. You can verify that your DNS changes have taken effect by using tools such as [nslookup](https://aws.amazon.com/blogs//messaging-and-targeting/how-to-check-your-domain-verification-settings/), or [DNS Lookup](https://mxtoolbox.com/DnsLookup.aspx) from *MxToolbox*.
Wordpress instances that were created prior to January 1, 2023, might contain a deprecated Certbot Personal Package Archive (PPA) repository that will cause website setup to fail. If this repository is present during setup, it will be removed from the existing path and backed up to the following location on your instance: `~/opt/bitnami/lightsail/repo.backup`. For more information about the deprecated PPA, see [Certbot PPA](https://launchpad.net/~certbot/+archive/ubuntu/certbot) on the *Canonical* website.
Let's Encrypt certificates will automatically renew every 60 to 90 days.
While setup is in progress, do not stop or make changes to your instance. It can take up to 15 minutes to configure your instance. You can view the progress for each step in the instance connect tab.
**To configure your instance using the website setup wizard**
1. On the instance management page, on the **Connect** tab, choose **Set up your website**.
![\[Launching WordPress setup in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-gf-01.png)
1. For **Specify a domain name**, use an existing Lightsail managed domain, register a new domain with Lightsail, or use a domain that you registered by using another domain registrar. Choose **Use this domain** to go to the next step.
1. For **Configure DNS**, do one of the following:
+ Choose **Lightsail managed domain** to use a Lightsail DNS zone. Choose **Use this DNS zone** to go to the next step.
+ Choose **Third-party domain** to use the hosting service that manages the DNS records for your domain. Note that we create a matching DNS zone in your Lightsail account in case you decide to use it later on. Choose **Use third-party DNS** to go to the next step.
1. For **Create a static IP address**, enter a name for your static IP address and then choose **Create static IP**.
1. For **Manage domain assignments**, choose **Add assignment**, choose a domain type, and then choose **Add**. Choose **Continue** to go to the next step.
1. For **Create an SSL/TLS certificate**, choose your domains and subdomains, enter an email address, select **I authorize Lightsail to configure a Let's Encrypt certificate on my instance**, and choose **Create certificate**. We start to configure the Lightsail resources.
While setup is in progress, do not stop or make changes to your instance. It can take up to 15 minutes to configure your instance. You can view the progress for each step in the instance connect tab.
1. After the website setup is complete, verify that the URLs that you specified in the domain assignments step open your WordPress site.
## Step 2: Get the default application password for your WordPress website
You need the default application password to sign in to the administration dashboard for your WordPress website.
**To get the default password for the WordPress administrator**
1. Open the instance management page for your WordPress instance.
1. On the **WordPress** panel, choose **Retrieve default password**. This expands **Access default password** at the bottom of the page.
![\[Accessing WordPress admin password in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wordpress/wordpress-bitnami-retrieve-password.png)
1. Choose **Launch CloudShell**. This opens a panel at the bottom of the page.
1. Choose **Copy** and then paste the contents into the CloudShell window. You can either put your cursor at the CloudShell prompt and press Ctrl\$1V, or you can right-click to open the menu and then choose **Paste**.
1. Make a note of the password displayed in the CloudShell window. You need this to sign in to the administration dashboard of your WordPress website.
![\[Viewing WordPress admin password in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-viewing-admin-password-01.png)
## Step 3: Sign in to your WordPress website
Now that you have the default user password, navigate to your WordPress website's home page, and sign in to the administration dashboard. After you're signed in, you can change the default password.
**To sign in to the administration dashboard**
1. Open the instance management page for your WordPress instance.
1. On the **WordPress** panel, choose **Access WordPress Admin**.
1. On the **Access your WordPress Admin Dashboard** panel, under **Use public IP address**, choose the link with this format:
http://*public-ipv4-address*./wp-admin
1. For **Username or Email Address**, enter **user**.
1. For **Password**, enter the password obtained in the previous step.
1. Choose **Log in**.
![\[Launching and configuring WordPress in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-07.png)
You are now signed in to the administration dashboard of your WordPress website where you can perform administrative actions. For more information about administering your WordPress website, see the [WordPress Codex](https://codex.wordpress.org/) in the WordPress documentation.
![\[Launching and configuring WordPress in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-08.png)
## Step 4: Read the Bitnami documentation
Read the Bitnami documentation to learn how to perform administrative tasks on your WordPress website, such as install plugins, customize the theme, and upgrade your version of WordPress.
For more information, see the [Bitnami WordPress for AWS Cloud](https://docs.bitnami.com/aws/apps/wordpress/).
## Step 5: Create a snapshot of your instance
After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken).
You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot.
You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md).
![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png)
------
#### [ Lightsail ]
## Step 1: Configure your WordPress instance
You can configure your WordPress instance using a guided, step-by-step workflow that configures the following:
+ **A registered domain name** – Your WordPress site needs a domain name that is easy to remember. Users will specify this domain name to access your WordPress site. For more information, see [Register and manage domains for your website in Lightsail](amazon-lightsail-domain-registration.md).
+ **DNS management** – You must decide how to manage the DNS records for your domain. A DNS record tells the DNS server which IP address or hostname a domain or subdomain is associated with. A DNS zone contains the DNS records for your domain. For more information, see [Understanding DNS in Lightsail](understanding-dns-in-amazon-lightsail.md).
+ **A Static IP address** – The default public IP address for your WordPress instance changes if you stop and start your instance. When you attach a static IP address to your instance, it stays the same even if you stop and start your instance. For more information, see [View and manage IP addresses for Lightsail resources](understanding-public-ip-and-private-ip-addresses-in-amazon-lightsail.md).
+ **An SSL/TLS certificate** – After you create a validated certificate and install it on your instance, you can enable HTTPS for your WordPress website so that traffic that is routed to the instance through your registered domain is encrypted using HTTPS. For more information, see [Secure your WordPress site with HTTPS on Lightsail](amazon-lightsail-enabling-https-on-wordpress.md).
**Tip**
Review the following tips before you begin. For troubleshooting information, see [Troubleshooting WordPress setup](amazon-lightsail-troubleshooting-wp-setup.md).
Your instance must be in a **Running** state. Allow a few minutes for the SSH connection to become ready if the instance was just started.
Ports 22, 80, and 443 on your instance firewall must allow TCP connections from any IP address while setup is running. For more information, see [Instance firewalls](understanding-firewall-and-port-mappings-in-amazon-lightsail.md).
When you add or update DNS records that point traffic from your apex domain (`example.com`) and its `www` subdomains (`www.example.com`), they will need to propagate throughout the Internet. You can verify that your DNS changes have taken effect by using tools such as [nslookup](https://aws.amazon.com/blogs//messaging-and-targeting/how-to-check-your-domain-verification-settings/), or [DNS Lookup](https://mxtoolbox.com/DnsLookup.aspx) from *MxToolbox*.
Let's Encrypt certificates will automatically renew every 60 to 90 days.
While setup is in progress, do not stop or make changes to your instance. It can take up to 15 minutes to configure your instance. You can view the progress for each step in the instance connect tab.
**To configure your instance using the website setup wizard**
1. On the instance management page, on the **Connect** tab, choose **Set up your website**.
![\[Launching WordPress setup in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-gf-01.png)
1. For **Specify a domain name**, use an existing Lightsail managed domain, register a new domain with Lightsail, or use a domain that you registered by using another domain registrar. Choose **Use this domain** to go to the next step.
1. For **Configure DNS**, do one of the following:
+ Choose **Lightsail managed domain** to use a Lightsail DNS zone. Choose **Use this DNS zone** to go to the next step.
+ Choose **Third-party domain** to use the hosting service that manages the DNS records for your domain. Note that we create a matching DNS zone in your Lightsail account in case you decide to use it later on. Choose **Use third-party DNS** to go to the next step.
1. For **Create a static IP address**, enter a name for your static IP address and then choose **Create static IP**.
1. For **Manage domain assignments**, choose **Add assignment**, choose a domain type, and then choose **Add**. Choose **Continue** to go to the next step.
1. For **Create an SSL/TLS certificate**, choose your domains and subdomains, enter an email address, select **I authorize Lightsail to configure a Let's Encrypt certificate on my instance**, and choose **Create certificate**. We start to configure the Lightsail resources.
While setup is in progress, do not stop or make changes to your instance. It can take up to 15 minutes to configure your instance. You can view the progress for each step in the instance connect tab.
1. After the website setup is complete, verify that the URLs that you specified in the domain assignments step open your WordPress site.
## Step 2: Get the default application password for your WordPress website
You need the default application password to sign in to the administration dashboard for your WordPress website.
**To get the default password for the WordPress administrator**
1. Open the instance management page for your WordPress instance.
1. On the **WordPress** panel, choose **Retrieve default password**. This expands **Access default password** at the bottom of the page.
![\[Accessing WordPress admin password in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wordpress/wordpress-lightsail-retrieve-password.png)
1. Choose **Launch CloudShell**. This opens a panel at the bottom of the page.
1. Choose **Copy** and then paste the contents into the CloudShell window. You can either put your cursor at the CloudShell prompt and press Ctrl\$1V, or you can right-click to open the menu and then choose **Paste**.
1. Make a note of the password displayed in the CloudShell window. You need this to sign in to the administration dashboard of your WordPress website.
![\[Viewing WordPress admin password in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wordpress/amazon-wordpress-lightsail-viewing-admin-password.png)
## Step 3: Sign in to your WordPress website
Now that you have the default user password, navigate to your WordPress website's home page, and sign in to the administration dashboard. After you're signed in, you can change the default password.
**To sign in to the administration dashboard**
1. Open the instance management page for your WordPress instance.
1. On the **WordPress** panel, choose **Access WordPress Admin**.
1. On the **Access your WordPress Admin Dashboard** panel, under **Use public IP address**, choose the link with this format:
http://*public-ipv4-address*./wp-admin
1. For **Username or Email Address**, enter **user**.
1. For **Password**, enter the password obtained in the previous step.
1. Choose **Log in**.
![\[Launching and configuring WordPress in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-07.png)
You are now signed in to the administration dashboard of your WordPress website where you can perform administrative actions. For more information about administering your WordPress website, see the [WordPress Codex](https://codex.wordpress.org/) in the WordPress documentation.
![\[Launching and configuring WordPress in Lightsail.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-wordpress-tutorial-08.png)
## Step 4: Create a snapshot of your instance
After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken).
You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot.
You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md).
![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png)
------
# Set up WordPress Multisite on Lightsail
**Did you know?**
Lightsail stores seven daily snapshots and automatically replaces the oldest with the newest when you enable automatic snapshots for your instance. For more information, see [ Configure automatic snapshots for Lightsail instances and disks ](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configuring-automatic-snapshots.html) .
Here are a few steps you should take to get started after your WordPress Multisite instance is up and running on Amazon Lightsail:
------
#### [ Bitnami ]
## Step 1: Read the Bitnami documentation
Read the Bitnami documentation to learn how to configure your WordPress Multisite instance. For more information, see the [WordPress Multisite Packaged By Bitnami For AWS Cloud](https://docs.bitnami.com/aws/apps/wordpress-multisite/).
## Step 2: Get the default application password to access the WordPress administration dashboard
Complete the following procedure to get the default application password required to access the administration dashboard for your WordPress Multisite website. For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md).
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png)
1. After you're connected, enter the following command to get the default application password:
```
cat $HOME/bitnami_application_password
```
You should see a response similar to the following example, which contains the default application password. Use this password to sign in to the administration dashboard of your WordPress Multisite website.
![\[Bitnami default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bitnami-application-password.png)
## Step 3: Attach a static IP address to your instance
The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance.
On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md).
![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png)
After the new static IP address is attached to your instance, you must complete the following procedure to make WordPress aware of the new static IP address.
1. Make a note of the new static IP address of your instance. It's listed in the header section of your instance management page.
![\[Public or static IP address of a Lightsail instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-static-ip.png)
1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-using-ssh.png)
1. After you're connected, enter the following command. Replace ** with the new static IP address of your instance.
```
sudo /opt/bitnami/configure_app_domain --domain
```
**Example:**
```
sudo /opt/bitnami/configure_app_domain --domain 203.0.113.0
```
You should see a response similar to the following example. The WordPress website on your instance should now be aware of the new static IP address.
![\[Result of the domain configuration tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-configure-domain-ip.png)
**Note**
If that command fails, you might be using an older version of the WordPress Multisite instance. Try running the following commands instead. Replace ** with the new static IP address of your instance.
```
cd /opt/bitnami/apps/wordpress
sudo ./bnconfig --machine_hostname
```
After running those commands, enter the following command to keep the bnconfig tool from automatically running every time the server restarts.
```
sudo mv bnconfig bnconfig.disabled
```
## Step 4: Sign in to the administration dashboard of your WordPress Multisite website
Now that you have the default application password, complete the following procedure to navigate to your WordPress Multisite website's home page, and sign in to the administration dashboard. After you're signed in, you can start customizing your website and making administrative changes. For more information about what you can do in WordPress, see the [Step 7: Read the WordPress Multisite documentation and continue configuring your website](#amazon-lightsail-read-documentation-wordpress-multisite) section later in this guide.
1. On your instance management page, under the **Connect** tab, make note of the public IP address of your instance. The public IP address is also displayed in the header section of your instance management page.
![\[Public IP address of an instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-ip.png)
1. Browse to the public IP address of your instance, for example by going to `http://203.0.113.0`.
The home page of your WordPress website should appear.
1. Choose **Manage** in the bottom right corner of your WordPress website home page.
If the **Manage** banner is not shown, you can reach the sign in page by browsing to `http:///wp-login.php`. Replace `` with the public IP address of your instance.
1. Sign in using the default user name (`user`) and the default password retrieved earlier in this guide.
The WordPress administration dashboard appears.
![\[The WordPress administration dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-dashboard.png)
## Step 5: Route traffic for your registered domain name to your WordPress Multisite website
To route traffic for your registered domain name, such as `example.com`, to your WordPress Multisite website, you add a record to the DNS of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console.
On the Lightsail console home page, under the **Domains & DNS** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Creating a DNS zone to manage your domain's DNS records in Lightsail](lightsail-how-to-create-dns-entry.md).
After your domain name is routing traffic to your instance, you must complete the following procedure to make WordPress aware of the domain name.
1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-using-ssh.png)
1. After you're connected, enter the following command. Replace ** with the domain name that is routing traffic to your instance.
```
sudo /opt/bitnami/configure_app_domain --domain
```
**Example:**
```
sudo /opt/bitnami/configure_app_domain --domain www.example.com
```
You should see a response similar to the following example. The WordPress Multisite software should now be aware of the domain name.
![\[Result of the domain configuration tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-configure-domain.png)
**Note**
If that command fails, you might be using an older version of the WordPress Multisite instance. Try running the following commands instead. Replace ** with the domain name that is routing traffic to your instance.
```
cd /opt/bitnami/apps/wordpress
sudo ./bnconfig --machine_hostname
```
After running those commands, enter the following command to keep the bnconfig tool from automatically running every time the server restarts.
```
sudo mv bnconfig bnconfig.disabled
```
If you browse to the domain name that you configured for your instance, you should be redirected to the main blog of your WordPress Multisite website. Next you must decide whether you want to add blogs as domains or as subdomains to your WordPress Multisite website. For more information, continue to the next [Step 6: Add blogs as domains or subdomains to your WordPress Multisite website](#amazon-lightsail-add-blogs-as-domains-or-subdomains-wordpress-multisite) section of this guide.
## Step 6: Add blogs as domains or subdomains to your WordPress Multisite website
WordPress Multisite is designed to host multiple blog websites on one instance of WordPress. When you add new blog websites to your WordPress Multisite, you can configure them to use their own domains or a subdomain of your WordPress Multisite's primary domain.
+ To add blog sites as domains, such as `example1.com` and `example2.com`, see [Add blogs as domains to your WordPress Multisite instance in Lightsail](amazon-lightsail-add-blogs-as-domains-to-your-wordpress-multisite.md).
+ To add blog sites as subdomains of your WordPress Multisite's primary domain, such as `one.example.com` and `two.example.com`, see [Add blogs as subdomains to your WordPress Multisite instance in Lightsail](amazon-lightsail-add-blogs-as-subdomains-to-your-wordpress-multisite.md).
## Step 7: Read the WordPress Multisite documentation and continue configuring your website
Read the WordPress Multisite documentation to learn how to administer and customize your website. For more information, see the [WordPress Multisite Network Administration Documentation](https://developer.wordpress.org/advanced-administration/multisite/).
## Step 8: Create a snapshot of your instance
After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken).
You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot.
You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md).
![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png)
------
#### [ Lightsail ]
## Step 1: Get the default application password to access the WordPress administration dashboard
Complete the following procedure to get the default application password required to access the administration dashboard for your WordPress Multisite website.
1. On your instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect using SSH in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-to-your-instance.png)
1. After you're connected, enter the following command to get the default application password:
```
cat ~/application_credentials
```
You should see a response similar to the following example, which contains the default application password. Use this password to sign in to the administration dashboard of your WordPress Multisite website.
![\[Default application password.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-password-retrieval.png)
## Step 2: Attach a static IP address to your instance
The default dynamic public IP address attached to your instance changes every time you stop and start the instance. You can create a static IP address and attach it to your instance to keep the public IP address from changing. Later, when you use your domain name with your instance, you don’t have to update your domain’s DNS records each time you stop and start the instance. You can attach only one static IP address to each instance.
On the instance management page, under the **Networking** tab, choose **Create a static IP** or **Attach static IP** (if you previously created a static IP that you can attach to your instance), then follow the instructions on the page. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md).
![\[Attach static IP address in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-static-ip-address.png)
After the new static IP address is attached to your instance, you must complete the following procedure to make WordPress aware of the new static IP address.
1. Make a note of the new static IP address of your instance. It's listed in the header section of your instance management page.
![\[Public or static IP address of a Lightsail instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-static-ip.png)
1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-using-ssh.png)
1. After you're connected, enter the following command. Replace ** with the new static IP address of your instance.
```
sudo /opt/aws/wordpress/update_multisite_domain.sh
```
**Example:**
```
sudo /opt/aws/wordpress/update_multisite_domain.sh 203.0.113.0
```
The WordPress website on your instance should now be aware of the new static IP address.
![\[Result of the domain configuration tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-multisite-lightsail-new-domain.png)
## Step 3: Sign in to the administration dashboard of your WordPress Multisite website
Now that you have the default application password, complete the following procedure to navigate to your WordPress Multisite website's home page, and sign in to the administration dashboard. After you're signed in, you can start customizing your website and making administrative changes. For more information about what you can do in WordPress, see the [Step 6: Read the WordPress Multisite documentation and continue configuring your website](#amazon-lightsail-read-documentation-wordpress-multisite-lightsail) section later in this guide.
1. On your instance management page, under the **Connect** tab, make note of the public IP address of your instance. The public IP address is also displayed in the header section of your instance management page.
![\[Public IP address of an instance\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-public-ip.png)
1. Browse to the public IP address of your instance, for example by going to `http://203.0.113.0`.
The home page of your WordPress website should appear.
1. Choose **Manage** in the bottom right corner of your WordPress website home page.
If the **Manage** banner is not shown, you can reach the sign in page by browsing to `http:///wp-login.php`. Replace `` with the public IP address of your instance.
1. Sign in using the default user name (`user`) and the default password retrieved earlier in this guide.
The WordPress administration dashboard appears.
![\[The WordPress administration dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-dashboard.png)
## Step 4: Route traffic for your registered domain name to your WordPress Multisite website
To route traffic for your registered domain name, such as `example.com`, to your WordPress Multisite website, you add a record to the DNS of your domain. DNS records are typically managed and hosted at the registrar where you registered your domain. However, we recommend that you transfer management of your domain's DNS records to Lightsail so that you can administer it using the Lightsail console.
On the Lightsail console home page, under the **Domains & DNS** tab, choose **Create DNS zone**, then follow the instructions on the page. For more information, see [Creating a DNS zone to manage your domain's DNS records in Lightsail](lightsail-how-to-create-dns-entry.md).
After your domain name is routing traffic to your instance, you must complete the following procedure to make WordPress aware of the domain name.
1. On the instance management page, under the **Connect** tab, choose **Connect using SSH**.
![\[Connect to your instance using SSH\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-connect-using-ssh.png)
1. After you're connected, enter the following command. Replace ** with the domain name that is routing traffic to your instance.
```
sudo /opt/aws/wordpress/update_multisite_domain.sh
```
**Example:**
```
sudo /opt/aws/wordpress/update_multisite_domain.sh www.example.com
```
The WordPress Multisite software should now be aware of the domain name.
![\[Result of the domain configuration tool\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/wp-multisite-lightsail-new-domain.png)
If you browse to the domain name that you configured for your instance, you should be redirected to the main blog of your WordPress Multisite website. Next you must decide whether you want to add blogs as domains or as subdomains to your WordPress Multisite website.
## Step 5: Add blogs as domains or subdomains to your WordPress Multisite website
WordPress Multisite is designed to host multiple blog websites on one instance of WordPress. When you add new blog websites to your WordPress Multisite, you can configure them to use their own domains or a subdomain of your WordPress Multisite's primary domain.
+ To add blog sites as domains, such as `example1.com` and `example2.com`, see [Add blogs as domains to your WordPress Multisite instance in Lightsail](amazon-lightsail-add-blogs-as-domains-to-your-wordpress-multisite.md).
+ To add blog sites as subdomains of your WordPress Multisite's primary domain, such as `one.example.com` and `two.example.com`, see [Add blogs as subdomains to your WordPress Multisite instance in Lightsail](amazon-lightsail-add-blogs-as-subdomains-to-your-wordpress-multisite.md).
## Step 6: Read the WordPress Multisite documentation and continue configuring your website
Read the WordPress Multisite documentation to learn how to administer and customize your website. For more information, see the [WordPress Multisite Network Administration Documentation](https://developer.wordpress.org/advanced-administration/multisite/).
## Step 7: Create a snapshot of your instance
After you configure your website the way you want it, create periodic snapshots of your instance to back it up. A snapshot is a copy of the system disk and original configuration of an instance. A snapshot contains all of the data that is needed to restore your instance (from the moment when the snapshot was taken).
You can create [snapshots manually](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#manual-snapshots), or [enable automatic snapshots](https://docs.aws.amazon.com/lightsail/latest/userguide/understanding-snapshots-in-amazon-lightsail.html#automatic-snapshots) to have Lightsail create daily snapshots for you. If something goes wrong with your instance, you can create a new replacement instance using the snapshot.
You can work with snapshots on your instance's management page on the **Snapshots** tab. For more information, see [Snapshots in Amazon Lightsail](understanding-snapshots-in-amazon-lightsail.md).
![\[Create an instance snapshot in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/quick-start-instance-snapshots.png)
------