I recently migrated a LAMP server from Amazon Linux to an Amazon Linux 2 image.\u00a0 Several reasons for why I needed this including it has systemd.<\/p>\n
More here: https:\/\/aws.amazon.com\/amazon-linux-2\/<\/p>\n
High level steps around mysql database, wordpress and static html migration was pretty smooth as I have done this multiple times. The only notable things to report on were:
\n1. You are probably going from a php5.x world to php7.x world and that could cause a few problems. In my case some older php gallery software threw multiple DEPRECATED problem so I had to work through them case by case.
\n2. I had a problem with php and mpm.
\n3. Certbot\/Let's Encrypt does not recognize Amazon Linux 2 from \/etc\/issue and fails.<\/p>\n
LAMP Install:<\/p>\n
Pretty much followed this without issues.<\/p>\n
\r\n# yum update -y\r\n# amazon-linux-extras install lamp-mariadb10.2-php7.2\r\n# yum install -y httpd php mariadb-server php-mysqlnd\r\n# systemctl enable httpd\r\n# usermod -a -G apache ec2-user\r\n# chown -R ec2-user:apache \/var\/www\r\n# chmod 2775 \/var\/www && find \/var\/www -type d -exec sudo chmod 2775 {} \\;\r\n# find \/var\/www -type f -exec sudo chmod 0664 {} \\;\r\n# echo "<?php phpinfo(); ?>" > \/var\/www\/html\/phpinfo.php\r\n<\/pre>\nMPM Issue:<\/p>\n
There may be other or better ways to solve this I have not had time to investigate further.<\/p>\n
\r\n# systemctl start httpd\r\nJob for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.\r\n\r\n# systemctl status httpd.service -l\r\n\u25cf httpd.service - The Apache HTTP Server\r\n Loaded: loaded (\/usr\/lib\/systemd\/system\/httpd.service; enabled; vendor preset: disabled)\r\n Drop-In: \/usr\/lib\/systemd\/system\/httpd.service.d\r\n \u2514\u2500php-fpm.conf\r\n Active: failed (Result: exit-code) since Tue 2018-05-29 13:35:34 UTC; 1min 21s ago\r\n Docs: man:httpd.service(8)\r\n Process: 12701 ExecStart=\/usr\/sbin\/httpd $OPTIONS -DFOREGROUND (code=exited, status=1\/FAILURE)\r\n Main PID: 12701 (code=exited, status=1\/FAILURE)\r\n\r\nMay 29 13:35:34 ip-172-31-48-7.ec2.internal systemd[1]: Starting The Apache HTTP Server...\r\nMay 29 13:35:34 ip-172-31-48-7.ec2.internal httpd[12701]: [Tue May 29 13:35:34.378884 2018] [php7:crit] [pid 12701:tid 140520257956032] Apache is running a threaded MPM, but your PHP Module is not compiled to be threadsafe. You need to recompile PHP.\r\nMay 29 13:35:34 ip-172-31-48-7.ec2.internal httpd[12701]: AH00013: Pre-configuration failed\r\n\r\n# pwd\r\n\/etc\/httpd\/conf.modules.d\r\n\r\n# cp 00-mpm.conf \/tmp\r\n# vi 00-mpm.conf \r\n# diff 00-mpm.conf \/tmp\/00-mpm.conf \r\n11c11\r\n< LoadModule mpm_prefork_module modules\/mod_mpm_prefork.so\r\n---\r\n> #LoadModule mpm_prefork_module modules\/mod_mpm_prefork.so\r\n23c23\r\n< #LoadModule mpm_event_module modules\/mod_mpm_event.so\r\n---\r\n> LoadModule mpm_event_module modules\/mod_mpm_event.so\r\n\r\n# systemctl restart httpd\r\n\r\n# ps -ef | grep http\r\nroot 9735 1 0 13:42 ? 00:00:00 \/usr\/sbin\/httpd -DFOREGROUND\r\napache 9736 9735 0 13:42 ? 00:00:00 \/usr\/sbin\/httpd -DFOREGROUND\r\napache 9737 9735 0 13:42 ? 00:00:00 \/usr\/sbin\/httpd -DFOREGROUND\r\napache 9738 9735 0 13:42 ? 00:00:00 \/usr\/sbin\/httpd -DFOREGROUND\r\napache 9739 9735 0 13:42 ? 00:00:00 \/usr\/sbin\/httpd -DFOREGROUND\r\napache 9740 9735 0 13:42 ? 00:00:00 \/usr\/sbin\/httpd -DFOREGROUND\r\n<\/pre>\nCERTBOT:<\/p>\n
On the old server delete certs.<\/p>\n
\r\n# \/opt\/eff.org\/certbot\/venv\/local\/bin\/certbot delete\r\n[..]\r\n-------------------------------------------------------------------------------\r\nDeleted all files relating to certificate blog.domain.com.\r\n-------------------------------------------------------------------------------\r\n<\/pre>\nOn the new server install certs.<\/p>\n
\r\n# yum install mod_ssl\r\n\r\n# wget https:\/\/dl.eff.org\/certbot-auto\r\n# chmod a+x certbot-auto \r\n# .\/certbot-auto --debug\r\n\r\nSorry, I don't know how to bootstrap Certbot on your operating system!\r\n<\/pre>\nWork around the fact that certbot does not know about Amazon Linux 2 yet.<\/p>\n
\r\n# yum install python-virtualenv python-augeas\r\n# .\/certbot-auto --debug --no-bootstrap\r\nCreating virtual environment...\r\nInstalling Python packages...\r\nInstallation succeeded.\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\nError while running apachectl configtest.\r\n\r\nAH00526: Syntax error on line 100 of \/etc\/httpd\/conf.d\/ssl.conf:\r\nSSLCertificateFile: file '\/etc\/pki\/tls\/certs\/localhost.crt' does not exist or is empty\r\n\r\n\r\nHow would you like to authenticate and install certificates?\r\n-------------------------------------------------------------------------------\r\n1: Apache Web Server plugin - Beta (apache) [Misconfigured]\r\n2: Nginx Web Server plugin - Alpha (nginx)\r\n-------------------------------------------------------------------------------\r\nSelect the appropriate number [1-2] then [enter] (press 'c' to cancel): 1\r\n\r\n-------------------------------------------------------------------------------\r\nThe selected plugin encountered an error while parsing your server configuration\r\nand cannot be used. The error was:\r\n\r\nError while running apachectl configtest.\r\n\r\nAH00526: Syntax error on line 100 of \/etc\/httpd\/conf.d\/ssl.conf:\r\nSSLCertificateFile: file '\/etc\/pki\/tls\/certs\/localhost.crt' does not exist or is\r\nempty\r\n<\/pre>\nHave to fix ssl first apparently certbot need a generic localhost cert.<\/p>\n
\r\n# openssl req -new -x509 -nodes -out localhost.crt -keyout localhost.key\r\n\r\n# mv localhost.crt localhost.key \/etc\/pki\/tls\/certs\/\r\n# mv \/etc\/pki\/tls\/certs\/localhost.key \/etc\/pki\/tls\/private\/\r\n\r\n# systemctl restart httpd\r\n<\/pre>\nNow try again.<\/p>\n
\r\n# .\/certbot-auto --debug --no-bootstrap\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\n\r\nHow would you like to authenticate and install certificates?\r\n-------------------------------------------------------------------------------\r\n1: Apache Web Server plugin - Beta (apache)\r\n2: Nginx Web Server plugin - Alpha (nginx)\r\n-------------------------------------------------------------------------------\r\nSelect the appropriate number [1-2] then [enter] (press 'c' to cancel): 1\r\nPlugins selected: Authenticator apache, Installer apache\r\nEnter email address (used for urgent renewal and security notices) (Enter 'c' to\r\ncancel): E@MAIL.com\r\n[..]\r\n\r\nWhich names would you like to activate HTTPS for?\r\n-------------------------------------------------------------------------------\r\n1: blog.domain.com\r\n-------------------------------------------------------------------------------\r\nSelect the appropriate numbers separated by commas and\/or spaces, or leave input\r\nblank to select all options shown (Enter 'c' to cancel): 1\r\nObtaining a new certificate\r\nPerforming the following challenges:\r\nhttp-01 challenge for blog.domain.com\r\nWaiting for verification...\r\nCleaning up challenges\r\nCreated an SSL vhost at \/etc\/httpd\/conf.d\/vhost-le-ssl.conf\r\nDeploying Certificate to VirtualHost \/etc\/httpd\/conf.d\/vhost-le-ssl.conf\r\n\r\nPlease choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.\r\n-------------------------------------------------------------------------------\r\n1: No redirect - Make no further changes to the webserver configuration.\r\n2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for\r\nnew sites, or if you're confident your site works on HTTPS. You can undo this\r\nchange by editing your web server's configuration.\r\n-------------------------------------------------------------------------------\r\nSelect the appropriate number [1-2] then [enter] (press 'c' to cancel): 2\r\nRedirecting vhost in \/etc\/httpd\/conf.d\/vhost.conf to ssl vhost in \/etc\/httpd\/conf.d\/vhost-le-ssl.conf\r\n\r\n-------------------------------------------------------------------------------\r\nCongratulations! You have successfully enabled https:\/\/blog.domain.com\r\n\r\nYou should test your configuration at:\r\nhttps:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=blog.domain.com\r\n-------------------------------------------------------------------------------\r\n[..]\r\n<\/pre>\nTest your site here:
\nhttps:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=blog.domain.com&latest<\/p>\n","protected":false},"excerpt":{"rendered":"
I recently migrated a LAMP server from Amazon Linux to an Amazon Linux 2 image.\u00a0 Several reasons for why I<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[73,98,9],"tags":[],"class_list":["post-1222","post","type-post","status-publish","format-standard","hentry","category-aws","category-certbot","category-linux"],"_links":{"self":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/1222","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/comments?post=1222"}],"version-history":[{"count":0,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/1222\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/media?parent=1222"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/categories?post=1222"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/tags?post=1222"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}