Install DirectAdmin on Amazon AWS A-Z Guide Sep 17, 2016

AWS DirectAdmin

This guide shows you how to install and configure DirectAdmin on Amazon EC2.

Prerequisites

  • Active AWS Account.
  • AWS Security Group open on ports 80,995,143,465,53,2222,443,35000-35999,110,1194,993,22,21,25,53,587
  • Basic linux knowledge
  • DirectAdmin Licnese

Lunch EC2 instance

  1. Login to AWS Console.
  2. Go to EC2 Dashboard, and click "Lunch Instance" button:
    Lunch EC2 instance
  3. Choose an CentOS 7 (AMI):
    CentOS AIMChoose any Instance Type that suit your needs, add storage, configure Security Group then lunch your server:
    Configure Instance
    Add SSDEC2 key

Installation

To begin, login to your AWS EC2 serevr via SSH

1. Update your CentOS and install some basic programs

sudo yum -y update
sudo yum -y install nano wget perl

2. Enable SSH for root account

sudo nano /etc/ssh/sshd_config

Set PermitRootLogin yes 
Set AllowTcpForwarding no

Edit this the authorized_keys to allow login via root account

sudo nano /root/.ssh/authorized_keys

Then delete the lines at the begining of the file that say “COMMAND….” until you get to the words ssh-rsa

Restart SSH

sudo service sshd restart

3. Set your hostname

Assume that I'm using the domain hosting.xyz, and you want your server hostname set to server1.hosting.xyz

hostnamectl set-hostname server1.hosting.xyz

Check if the /etc/hostname shows the hostname

nano /etc/hostname

We also edit /etc/hosts to make the hostname point to the server IP

nano /etc/hosts

then add xxx.xxx.xxx.xxx server1.hosting.xyz at the end where xxx.xxx.xxx.xxx is your server public IP

AWS will reset the hostname everytime the server reboot, so we need to fix this.

nano /etc/cloud/cloud.cfg 

and add preserve_hostname: true below the syslog_fix_perms

Then reboot the server

reboot

4. Activate Quotas

On CentOS 7, xfs is used by default and Quotas are not activated, so you need to enable them manually

nano /etc/default/grub

add quota options rootflags=usrquota,grpquota into the end of  GRUB_CMDLINE_LINUX line, it will look like this

GRUB_CMDLINE_LINUX="rd.lvm.lv=centos/swap vconsole.font=latarcyrheb-sun16 ... rootflags=usrquota,grpquota"

Make a backup

cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.back 

Generate a new configuration file:

grub2-mkconfig -o /boot/grub2/grub.cfg

Restart the server, the root directory will be mounted with required options. We can check by running this command

mount | grep '/'
/dev/xvda1 on / type xfs (rw,relatime,attr2,inode64,usrquota,grpquota)

5. Add network eth0:0
By default, AWS EC2 use private IP for eth0, to install DirectAdmin, we need to use the public IP

nano /etc/sysconfig/network-scripts/ifcfg-eth0:0

Enter the following content

DEVICE=eth0:0
BOOTPROTO=none
ONPARENT=yes
IPADDR=xxx.xxx.xxx.xxx
NETMASK=255.255.255.0
ONBOOT=yes

where xxx.xxx.xxx.xxx is your AWS Public IP, then restart the network

/etc/init.d/network restart

If you wish to you IPv6, set your eth0 live below:

IPV6INIT="yes"
IPV6ADDR=2600:1f16:xxxxxxxxxxxx

6. Setup DirectAdmin

echo 1 > /root/.lan
wget http://www.directadmin.com/setup.sh
chmod 755 setup.sh
./setup.sh

And follow the instructions. Note when you asked for the network, enter eth0:0

Configuration

Since EC2 runs on a LAN/NAT and behind the firewall, we need to do some config.

Enable LAN

nano /usr/local/directadmin/conf/directadmin.conf

Add this value lan_ip=yyy.yyy.yyy.yyy where yyy.yyy.yyy.yyy is your AWS Private IP
Link the Private IP to your Public IP using the DA Linked IP feature

  • Add the LAN IP to DA's IP manager. Don't assign it to any Users or Domains.
  • View the details of the external IP: Admin Level -> IP Manager -> Click the public/external IP.
  • Link the internal IP to the external IP: Select the LAN IP from the drop down.
  • Only select Apache, do not select DNS

Restart DirectAdmin

 

Open ports for FTP

If you use ProFTPD, edit it's configure file:

nano /etc/proftpd.conf

Add after PassivePorts: MasqueradeAddress xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is your AWS Public IP

Add rule to the iptables

iptables -I INPUT -p tcp --dport 35000:35999 -j ACCEPT
nano /usr/libexec/iptables/iptables.init

add $IPTABLES -A INPUT -p tcp --dport 35000:35999 -j ACCEPT below the ftp section, like this

#########################
# ftp
$IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 35000:35999 -j ACCEPT

For optimize performance and improve security, see this guide.

 

Advertisement

Latest Updates