AWS Lightsail for Serverpilot

This is Thrive’s complete guide for firing up a fast reliable server for hosting multiple WordPress sites with successful email delivery and tight security. We are using Lightsail boxes from AWS and ServerPilot for the fast and hassle-free server management.

Create Your Server

• Firstly, you want to create your new Lightsail server. Check out this setup guide from ServerPilot.
• ServerPilot says that you need a manual install, but that isn’t necessarily the case. All you need to do is enable root logins via the Lightsail console then reset the SSH.

$ sudo nano /etc/ssh/sshd_config

PermitRootLogin yes

sudo systemctl restart ssh

• IMPORTANT! Don’t forget to create a static IP (check Networking tab). This can’t be undone.
• Now you can setup ServerPilot on the server. Refer to ServerPilots setup guide on how to do this.
• We assume at this point you have SSH logged into the server as Ubuntu.

Enable Password Logins

• To enable passwords logins for all user accounts, first edit sshd_config file:

$ sudo nano /etc/ssh/sshd_config

PasswordAuthentication yes

• Now disable password logins for the Root and Ubuntu accounts. You can use terminal via the Lightsail website or by adding your public key to the server.

PermitRootLogin no

• Enter these match rules at the bottom of the /etc/ssh/sshd_config file then restart the SSH. This will disable the password login for the root account ubuntu but keep it active for the other app user accounts.

Match User ubuntu
PasswordAuthentication no

sudo systemctl restart ssh

• Next, navigate to the Networking tab in Lightsail. Here you can click Add to create a new firewall rule.
• Select HTTPS from the new rule’s drop-down list and click Save. See more here.
• In terminal you can stop the server resetting the hostname on a reboot by setting the preserve_hostname from false to true

$ sudo nano /etc/cloud/cloud.cfg

preserve_hostname: true

Add Your Subdomain

• Create a new fully qualified subdomain (or use any subdomain you own, just point it back to your server IP). Make sure you replace servername with your own server name and subdomain.domain with your custom subdomain.

$ sudo hostname servername

$ sudo hostnamectl set-hostname subdomain.domain

Example: sudo hostname asterix.thriveweb.com.au

• You may need to replace the generated name with your custom subdomain. There should only be the subdomain.domain in this file.

$ sudo nano /etc/hostname

$ sudo nano /etc/hosts

• If needed, edit the last line to include your new subdomain.

Example: 127.0.0.1 asterix.thriveweb.com.au

• Now you can change the hostname and smtp_helo_name

$ sudo nano /etc/postfix/main.cf

From: myhostname = $myhostname.example.com

To: myhostname = subdomain.domain

Setup DNS Wildcard

We suggest you set up a wildcard subdomain in Cloudflare which you can do for free. This will allow you to have anything.server.domain and will automatically point the A record to the server without having to go into your domain control panel to make temporary domains. You still need to add it into Serverpilot under the appropriate app of course.

• Create a new A record in Cloudflare with your server nickname name with an astrix (*) in front.

Example: *.asterix.thriveweb.com.au

Check Server Health

• Use terminal to install htop which is super useful for checking the health and performance of your server.

$ sudo apt install htop

Disable PHP Errors

Run this full command and if you get an error relating to a missing PHP file then remove the lines that relate to that version of PHP.

echo 'display_errors = false' | sudo tee --append /etc/php5.5-sp/php.ini &&
echo 'display_errors = false' | sudo tee --append /etc/php5.6-sp/php.ini &&
echo 'display_errors = false' | sudo tee --append /etc/php7.0-sp/php.ini &&
echo 'display_errors = false' | sudo tee --append /etc/php7.1-sp/php.ini &&
echo 'display_errors = false' | sudo tee --append /etc/php7.2-sp/php.ini &&
cat /etc/php5.5-sp/php.ini &&
cat /etc/php5.6-sp/php.ini &&
cat /etc/php7.0-sp/php.ini &&
cat /etc/php7.1-sp/php.ini &&
cat /etc/php7.2-sp/php.ini &&
sudo service php5.5-fpm-sp restart &&
sudo service php5.6-fpm-sp restart &&
sudo service php7.0-fpm-sp restart &&
sudo service php7.1-fpm-sp restart &&
sudo service php7.2-fpm-sp restart

Setup Server Monitoring

• For the best server monitoring, we suggest using StatusCake
• Login or signup and navigate to the Monitoring page
• Select Create New Server and give it a name
• Put in 75% for all options
• Add email and Slack notifications
• Click Save and Generate Install Code
• Use SSH to login to the server via terminal

Test Server Emails

To make sure all of this has worked we suggest you check your email spammyness after these changes using mail-tester.com on a live domain.

• Use the simple PHP script below on a ServerPilot app that will send an email to the test email address you are given from mail-tester.com.

<?php
$from = "you@domain.com";
$to = "your-code@mail-tester.com";
$subject = "PHP Mail Test script";
$message = "This is a test to check the PHP Mail functionality.";
$headers = "From:" . $from;
echo mail($to,$subject,$message, $headers);
echo " Test email sent to " . $to ;
?>

• Edit the file with your correct details and Save to trigger the email send.

Increase Email Limits

AWS have limits on your email send count.

• You will need to fill out this form to request this limit is removed.
• It’s important to include a note like below to the form:

Please note this is a Lightsail server. We are using the server for websites and will in no way use the server for spam. We also want to host some busy WooCommerce shops that send a lot of email notifications. We build websites for our clients find out more here: https://domain.com/

• Include the static IP in the Elastic IP Address field
• Enter a FQDN (like asterix.thriveweb.com.au) domain name that points to the server in Reverse DNS Record for EIP 1 (they set up the Reverse DNS).
• Now, send it!

Did you find this guide useful? Let us know what you thought or if you have anything to add.