This guide shows you how to install and configure DirectAdmin on Amazon EC2.
Prerequisites
- Active AWS Account.
- AWS Security Group open on ports 80,995,143,465,53,2222,443,35000-35999,110,1194,993,22,21,25,53,587
- Basic linux knowledge
- DirectAdmin Licnese
Lunch EC2 instance
Login to AWS Console.
Go to EC2 Dashboard, and click “Lunch Instance” button:
Choose an CentOS 7 (AMI):
Choose any Instance Type that suit your needs, add storage, configure Security Group then lunch your server:
Installation
To begin, login to your AWS EC2 serevr via SSH
1. Update your CentOS and install some basic programs
1 2 |
sudo yum -y update sudo yum -y install nano wget perl |
2. Enable SSH for root account
1 |
sudo nano /etc/ssh/sshd_config |
Set PermitRootLogin yes
Set AllowTcpForwarding no
Edit this the authorized_keys to allow login via root account
1 |
sudo nano /root/.ssh/authorized_keys |
Then delete the lines at the begining of the file that say “COMMAND….” until you get to the words ssh-rsa
Restart SSH
1 |
sudo service sshd restart |
3. Set your hostname
Assume that I’m using the domain hosting.xyz, and you want your server hostname set to server1.hosting.xyz
1 |
hostnamectl set-hostname server1.hosting.xyz |
Check if the /etc/hostname shows the hostname
1 |
nano /etc/hostname |
We also edit /etc/hosts to make the hostname point to the server IP
1 |
nano /etc/hosts |
then add xxx.xxx.xxx.xxx server1.hosting.xyz at the end where xxx.xxx.xxx.xxx is your server public IP
AWS will reset the hostname everytime the server reboot, so we need to fix this.
1 |
nano /etc/cloud/cloud.cfg |
and add preserve_hostname: true below the syslog_fix_perms
Then reboot the server
1 |
reboot |
4. Activate Quotas
On CentOS 7, xfs is used by default and Quotas are not activated, so you need to enable them manually
1 |
nano /etc/default/grub |
add quota options rootflags=usrquota,grpquota into the end of GRUB_CMDLINE_LINUX line, it will look like this
1 |
GRUB_CMDLINE_LINUX="rd.lvm.lv=centos/swap vconsole.font=latarcyrheb-sun16 ... rootflags=usrquota,grpquota" |
Make a backup
1 |
cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.back |
Generate a new configuration file:
1 |
grub2-mkconfig -o /boot/grub2/grub.cfg |
Restart the server, the root directory will be mounted with required options. We can check by running this command
1 |
mount | grep '/' |
1 |
/dev/xvda1 on / type xfs (rw,relatime,attr2,inode64,usrquota,grpquota) |
5. Add network eth0:0
By default, AWS EC2 use private IP for eth0, to install DirectAdmin, we need to use the public IP
1 |
nano /etc/sysconfig/network-scripts/ifcfg-eth0:0 |
Enter the following content
1 2 3 4 |
DEVICE=eth0:0 BOOTPROTO=none ONPARENT=yes IPADDR=xxx.xxx.xxx.xxx NETMASK=255.255.255.0 ONBOOT=yes |
where xxx.xxx.xxx.xxx is your AWS Public IP, then restart the network
1 |
/etc/init.d/network restart |
If you wish to you IPv6, set your eth0 live below:
1 2 |
IPV6INIT="yes" IPV6ADDR=2600:1f16:xxxxxxxxxxxx |
6. Setup DirectAdmin
1 2 3 4 |
echo 1 > /root/.lan wget http://www.directadmin.com/setup.sh chmod 755 setup.sh ./setup.sh |
And follow the instructions. Note when you asked for the network, enter eth0:0
Configuration
Since EC2 runs on a LAN/NAT and behind the firewall, we need to do some config.
Enable LAN
1 |
nano /usr/local/directadmin/conf/directadmin.conf |
Add this value lan_ip=yyy.yyy.yyy.yyy where yyy.yyy.yyy.yyy is your AWS Private IP
Link the Private IP to your Public IP using the DA Linked IP feature
- Add the LAN IP to DA’s IP manager. Don’t assign it to any Users or Domains.
- View the details of the external IP: Admin Level -> IP Manager -> Click the public/external IP.
- Link the internal IP to the external IP: Select the LAN IP from the drop down.
- Only select Apache, do not select DNS
Restart DirectAdmin
Open ports for FTP
If you use ProFTPD, edit it’s configure file:
1 |
nano /etc/proftpd.conf |
Add after PassivePorts: MasqueradeAddress xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is your AWS Public IP
Add rule to the iptables
1 |
iptables -I INPUT -p tcp --dport 35000:35999 -j ACCEPT |
1 |
nano /usr/libexec/iptables/iptables.init |
add $IPTABLES -A INPUT -p tcp –dport 35000:35999 -j ACCEPT below the ftp section, like this
1 2 3 4 |
######################### # ftp $IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 35000:35999 -j ACCEPT |
For optimize performance and improve security, see this guide.