AWS LightSail comes with a Plesk license that can be used to manage 3 sites on a single server. Here is how you can install WordPress with Plesk on AWS LightSail.
AWS LightSail has worked with Plesk to provide a complete control panel for hosting management. The Plesk license is free for the AWS LightSail customer and allows 3 domains to be added to Plesk. If you want more domains, you can upgrade your license to get more features.
Last time I have written a tutorial on how you can install WordPress on AWS LightSail, which uses the Bitnami image. Bitnami image does not come with a visual control panel and most of the server management has to be done with ssh panel.
Many people who are not comfortable with command-line operations have trouble managing the server. Plesk removes this problem and provides a complete visual control panel to manage the WordPress installs. So, anyone who is not comfortable with the command-line interface can now use the Plesk server.
Install WordPress With Plesk On AWS LightSail
With Plesk, AWS LightSail also offering WordPress Toolkit Standard Edition to easily manage WordPress installs. You get the basic version that can be upgraded for many automated tasks for WordPress.
You can install 3 different WordPress sites on the Plesk server along with DNS name server management and email services. If you need more than 3 domains hosted on Plesk server, you need to upgrade your Plesk subscription.
The only restriction is that you can not run Plesk on the free instance of AWS LightSail. Since it’s a paid tool, you need to use a paid instance.
So let’s check how easily we can create a WordPress site with Plesk On AWS LightSail.
Create Plesk Server
The first step is to create a Plesk server instance on AWS LightSail. You can log in to LightSail Console and click on the Create Instance button.
You will see an option of Plesk Hosting Stack On Ubuntu, select it. Give a name to the instance and create this new instance.
If you want to set up a separate ssh key for the server, you can create a new key by clicking the change ssh key button.
Once done, wait for a few minutes till the server is starting. Once the server is up and running you can move to the next step.
Create Admin Username
Plesk allows you to create your admin username with an onetime special URL. You can open the ssh panel and enter the below command to get that URL.
sudo plesk login | grep -v internal:8
Copy the output URL and use that to create an admin user.
You get two different URL, one with amazon’s DNS name and other with IP address. Copy both of them and go to IP address based URL. You might see the warning that the connection is not private, skip that error and continue on the site.
Once you go to that URL, you will be asked for the Admin user name and password.
You can change the Contact Name, email and password. Once done, you will be taken to Plesk Control Panel.
Attach Statip IP Address
To easily access all the sites managed on the Plesk installation, we need to attach a static IP to the server instance. Login to LightSail Admin panel, go to Networking Tab.
Click on Create Static IP and attach that static IP to the Plesk server instance.
Update Plesk UI Layer
Plesk allows you to modify the UI components like colors, logo, name of the application. If you want to personalize the control panel, you can do it from Tools & Settings -> Plesk Appearance.
You can change the Plesk Title, Logo, default language, and colour scheme.
The next thing which you should configure is under General Settings. You should update the system settings and set the preferred domain for websites.
This means when you add additional domains, should you use www or without www domain name as primary.
One good setting to change is Plesk’s full hostname. If you have any domain name which you want to assign to Plesk installation, you can enter the name here.
You need to change the DNS record for that domain to point to Plesk IP address. Once done, Plesk can be accessed over that domain name rather than an IP address. This is a good option if you want to white label the Plesk installation.
Generate Let’s Encrypt Certificate
Plesk installation is secured by a self-generated SSL certificate and you can’t convert it to the Lets Encrypt certificate without adding an external hostname.
So this step is optional, only needed in case you want to issue an SSL certificate for Plesk installation.
This is different from generating a certificate for a site hosted on Plesk and only applicable for the Plesk control panel interface. You can set up the certificate by going to Tool’s & Settings -> SSL/TLS Settings.
Click On Let’s Encrypt, it will give the domain name used on Plesk. Generate the certificate for the domain. It will ask you to add a TXT record on your DNS server. Once done, the certificate will be issued.
Now, change the certificate in use for Plesk and Mail by clicking the change button in the settings. Select the Let’s Encrypt certificate and secure your Plesk installation.
Add Domain And Install WordPress
Now our Plesk installation is ready to add sites that we want to run on the server.
Go to the Websites & Domains tab of Plesk Panel. Click on Add Domain to add the new domain on the Plesk installation.
You need to enter the domain name and if you want to create a new workspace for that domain.
Create a new user by adding the username and password for FTP and SSH access. The user name has to be unique across system but the access for the user will be only for this site.
You can also enable the Git access for the site if you are going to deploy under development site in this workspace.
Once your domain is added to Plesk, it will show a Domain management section in the Websites & Domains dashboard.
Just click on the Install WordPress button and fill in basic details to automatically install the WordPress for that domain.
Correct Domain Name Servers
Plesk can act as a DNS server for your sites. In fact it automatically creates all the required DNS records as soon as you add a Domain.
It automatically sets up FTP, Email and Domain Name Server for your Domain.
Using Plesk as DNS
If you want to use it, you just need to take the NameServer marked with NS records and add it to your domain registrar. Since the Plesk Name server is located on the same server as the domain, you need to add the glue records also to make sure your name server can be translated to IP Address.
Using External DNS
If you are using any external domain name server, you can copy the DNS records your server and disable the DNS management in DNS Settings.
Make sure to remove the name server records and direct the Domain A record to the Static IP address. If you want to use Plesk as a primary email service, you need to add the MX records also.
Choose Nginx vs Apache Server
Plesk comes with an installation of Apache and Nginx server so you can decide to serve your WordPress installation with any of those server types.
Go to the Domain -> PHP Settings and select the server which you want to use.
By default, your WordPress application will be served with the Apache Web server with Nginx running as a reverse proxy. It is a powerful combination as most of the WordPress settings can be done with Apache and you can use Nginx caching for the site.
I would prefer to keep it this way as most of the plugins can do Apache settings out of the box. If you are more comfortable with the Nginx web server, you can change it to serve WordPress with Nginx.
You should also update the upload_max_size setting as by default its set to 2 megabytes which might not be sufficient for many themes or plugins.
Enable Let’s Encrypt SSL Certificate
Once your domain name servers are set and propagated, you can create a Let’s Encrypt Certificate for the domain.
Go to Domain -> SSL/TLS Certificate and click on Let’s Encrypt certificate.
It will ask for basic details like what you want to cover with this certificate, if you want to assign the certificate to mail domain also. Select the options according to your setup and issue the certificate.
You need to add an acme verification record to your DNS and the certificate will be issued and attached to your domain. Plesk will automatically renew this certificate when needed to keep your site SSL enabled.
Enable SFTP Access
Now you have WordPress set up and secured through SSL Certificate. Its time to set up SFTP access for the domain. We have already created the user ID while defining the Domain. That user ID has access to the Domain file system.
By default, that user ID has FTP access to the file system. For SFTP we need to enable password authentication for SSH and SSH access to the file system.
Enable Password Authentication For SSH
To enable password authentication, you need to edit /etc/ssh/sshd_config file. First, create a backup of the file so, in case of any mishaps, you can restore the file.
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.back
Now, Edit the file and add the below line in the file
Once done, save the file and restart the SSH service.
service sshd restart
Update Web Hosting Access
Now, you can enable SSH access to the web hosting. Go to Domain, Web Hosting Access settings.
Bu default, access to the server over SSH is set to Forbidden, change that to /bin/bash (chrooted). This will enable the SFTP access and now you can log in with the user ID and password created earlier.
Update ModSecurity Rules For Plesk
Plesk comes with Web Application Firewall enabled which includes ModSecurity also. It has the support of Comodo Security Rules along with Atomic Standard Free rules. You can also opt for paid rules for faster and tighter security experience.
By default, Plesk has Comodo security rules enabled which is a bit strict for WordPress and might create some issues while using WordPress Admin functionality. In case you have issues while working with WordPress, here is how you can resolve it.
Most of the time, multiple security violations will ban your IP address for a period of 10 min. One easy and a quick fix is to whitelist your IP address. As long as you don’t have multiple users, this trick might save an effort.
Whitelist IP Address In Plesk
Every router gets a public IP address that is visible to outside sites. The same IP address is shared across your devices at home. You can easily find those IP addresses with the help of sites like – What is My IP Address.
Once you have that IP address, you can go to Tools and Settings -> IP Address Banning -> Trusted IP Address.
Click on Add Trusted IP address and enter your IP address. Now, you will not trigger any ModSecurity violations while working from that IP Address.
The only problem is many routers is set to dynamic IP address allocation which means they keep changing the Public IP address. In my case, my ISP allocates a new IP address every time I restart the router.
If you use the IP address based mechanism, you need to remove the old IP address and add the new IP address for whitelist.
Disable Problematic ModSecurity Rules
Another way to get around the problem is by disabling the ModSecurity processing. But this is not a good practice as it removes a lot of important security measures. The better approach is only removing the rules which are causing issues with WordPress processing.
How to find problematic rules?
If you are not able to access anything on the Plesk server that means your IP address has been banned. You need to wait for some time before you can access the server again. Most of the bans are from 10 min to 1 hour depending on the severity of the jail.
Once you have the access to the server, you can go to Tools and Settings -> Web Application Firewall (ModSecurity) ->ModSecurity Log File. This will open a new window with the log file where you can check which rules have triggered the ban.
On the same window, you have a section to switch off security rules. Here you can enter the security rule ID which is generating the false positive for your work. This will remove the rule but keep the other rules intact.
So this is how you can install WordPress with Plesk on AWS LightSail. Once you have it set up, you can do the regular server management from the Plesk control panel.