This guide shows you how to install and configure DirectAdmin on Amazon EC2.
Prerequisites
- Active AWS Account.
- AWS Security Group open on ports 80,995,143,465,53,2222,443,35000-35999,110,1194,993,22,21,25,53,587
- Basic linux knowledge
- DirectAdmin Licnese
Lunch EC2 instance
Login to AWS Console.
Go to EC2 Dashboard, and click “Lunch Instance” button:
Choose an CentOS 7 (AMI):
Choose any Instance Type that suit your needs, add storage, configure Security Group then lunch your server:
Installation
To begin, login to your AWS EC2 serevr via SSH
1. Update your CentOS and install some basic programs
sudo yum -y update sudo yum -y install nano wget perl
2. Enable SSH for root account
sudo nano /etc/ssh/sshd_config
Set PermitRootLogin yes
Set AllowTcpForwarding no
Edit this the authorized_keys to allow login via root account
sudo nano /root/.ssh/authorized_keys
Then delete the lines at the begining of the file that say “COMMAND….” until you get to the words ssh-rsa
Restart SSH
sudo service sshd restart
3. Set your hostname
Assume that I’m using the domain hosting.xyz, and you want your server hostname set to server1.hosting.xyz
hostnamectl set-hostname server1.hosting.xyz
Check if the /etc/hostname shows the hostname
nano /etc/hostname
We also edit /etc/hosts to make the hostname point to the server IP
nano /etc/hosts
then add xxx.xxx.xxx.xxx server1.hosting.xyz at the end where xxx.xxx.xxx.xxx is your server public IP
AWS will reset the hostname everytime the server reboot, so we need to fix this.
nano /etc/cloud/cloud.cfg
and add preserve_hostname: true below the syslog_fix_perms
Then reboot the server
reboot
4. Activate Quotas
On CentOS 7, xfs is used by default and Quotas are not activated, so you need to enable them manually
nano /etc/default/grub
add quota options rootflags=usrquota,grpquota into the end of GRUB_CMDLINE_LINUX line, it will look like this
GRUB_CMDLINE_LINUX="rd.lvm.lv=centos/swap vconsole.font=latarcyrheb-sun16 ... rootflags=usrquota,grpquota"
Make a backup
cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.back
Generate a new configuration file:
grub2-mkconfig -o /boot/grub2/grub.cfg
Restart the server, the root directory will be mounted with required options. We can check by running this command
mount | grep '/'
/dev/xvda1 on / type xfs (rw,relatime,attr2,inode64,usrquota,grpquota)
5. Add network eth0:0
By default, AWS EC2 use private IP for eth0, to install DirectAdmin, we need to use the public IP
nano /etc/sysconfig/network-scripts/ifcfg-eth0:0
Enter the following content
DEVICE=eth0:0 BOOTPROTO=none ONPARENT=yes IPADDR=xxx.xxx.xxx.xxx NETMASK=255.255.255.0 ONBOOT=yes
where xxx.xxx.xxx.xxx is your AWS Public IP, then restart the network
/etc/init.d/network restart
If you wish to you IPv6, set your eth0 live below:
IPV6INIT="yes" IPV6ADDR=2600:1f16:xxxxxxxxxxxx
6. Setup DirectAdmin
echo 1 > /root/.lan wget http://www.directadmin.com/setup.sh chmod 755 setup.sh ./setup.sh
And follow the instructions. Note when you asked for the network, enter eth0:0
Configuration
Since EC2 runs on a LAN/NAT and behind the firewall, we need to do some config.
Enable LAN
nano /usr/local/directadmin/conf/directadmin.conf
Add this value lan_ip=yyy.yyy.yyy.yyy where yyy.yyy.yyy.yyy is your AWS Private IP
Link the Private IP to your Public IP using the DA Linked IP feature
- Add the LAN IP to DA’s IP manager. Don’t assign it to any Users or Domains.
- View the details of the external IP: Admin Level -> IP Manager -> Click the public/external IP.
- Link the internal IP to the external IP: Select the LAN IP from the drop down.
- Only select Apache, do not select DNS
Restart DirectAdmin
Open ports for FTP
If you use ProFTPD, edit it’s configure file:
nano /etc/proftpd.conf
Add after PassivePorts: MasqueradeAddress xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is your AWS Public IP
Add rule to the iptables
iptables -I INPUT -p tcp --dport 35000:35999 -j ACCEPT
nano /usr/libexec/iptables/iptables.init
add $IPTABLES -A INPUT -p tcp –dport 35000:35999 -j ACCEPT below the ftp section, like this
######################### # ftp $IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 35000:35999 -j ACCEPT
For optimize performance and improve security, see this guide.
