Bootstrap Multisite WordPress on AWS Lightsail

I wrote one on how to do this with Digital Ocean Multisite WordPress, but if you are on AWS, then you have some different options for Lightsail which is the easiest option. The instructions are really confusing, but basically, you use the Lightsail instructions to get it running and to get Route53 configured and then the Bitnami Multisite WordPress instructions to configure it. Those instructions are super confusing because they are a set of 60 or so random articles, so you have to click through them all to get a sense of the recipe. So here are those instructions laid out linearly 🙂

Note that you can also now be modern and bring up an EKS which is enterprise Kubernetes to bring up something that is containerized (but that’s another post coming up on this as an experiment, but it should we be nice not to have to maintain a bare-metal image, although inside docker there are many of the same issues.

This guide is based on the theAWS instructions and the short list of procedures is

  1. Create a WordPress instance on Lightsail
  2. Connect to the instanced via SSH and get the password
  3. Sign into dashboard of WordPress
  4. Create a static IP and attach to it to that instance
  5. Map your domain(s) with the AWS Route 53
  6. Run the bnhelper-tool to disable the banner and to get an SSL certificate
  7. Now add additional domains. These can either be mapped to a domain with the domain mapper, so that way site1.com points to site2.com
  8. Or you can have them each be individual sites like foo1.host.com or foo.com depending on whether you want sub domains or a separate domain with a separate site.

So here goes the long list of what to do:

  1. First you need an Amazon account for AWS, so type Lightsail into the console screen and you will see a wordpress Multisite type by bitnami
  2. Note that this really needs a PC. If you try to do this with an IPad for instance, it doesn’t work. There is some incompatibility with the Safari browser that prevents the aws web consoles from working. Neither the raw AWS consoie nor the simpler Lightsail ones work.
  3. create an instance and then in network create a static ip so you can swap between versions without messing up service
  4. now ssh in from the aws lightsail console and find the temporary password.
  5. Unlike the DigitalOcean version, the configuration is in a different spot with this Bitnami version, wp-config.php already has multi-site enabled.

Now make sure you have the right Lightsail ssh key loaded so that you can ssh in from your terminal:

  1. Now make sure you tell Lightsail to use an ssh key that is for this purpose. While lots of people use the same ssh key for everything, I like to have a different key for every organization and then to every cloud server, so the keys look like `me@company.com-amazon.com-2020-04.id_rsa` which also adds the date of the key to it.
  2. As an aside, if you have too many keys on your Mac Keychain, then you need to `ssh-add -K -d _unneeded_key_` to wipe it from the keychains, then delete them all from the ssh-key list with `ssh-add -D && ssh-add -A`

So the first thing you need to do is to get rid of the Bitnami Button

  1. This is a little complicated because you need to run tool to do this by running cd /opt/bitnami/apps/wordpress; chmod +x ./bnconfig; sudo ./bnconfig —disable_banner 1; sudo ../../ctlscript.sh restart Apache
  2. Unlike the Digital Ocean setup, this image does have the bncert-tool.

Now you are ready to configure WordPress for your primary domain:

  1. SSh into the instance and then you can configure with cd /opt/bitnami/apps/Wordpress
  2. Then configure a sudo ./bnconfig —machine_hostname host_domain.com
  3. You need to reconfigure to disable sudo my bnconfig bnconfig.disabled so it no longer reconfigures.
  4. Cat bitnami_credentials to see the username and password and then go to http://lightsail_ip/wp-admin

This will get you unsecured access and it will set things correct for the main also know as the host domain. Let’s call that and add the SSL script according to the Bitnami instructions

  1. So use the attached tool in the image sudo /opt/bitnami/bncert-tools
  2. If you want a simple command-line interface, then you can run sudo /opt/bitnami/bnhelper-tool and you can select it.
  3. You will now have to tell it the host.com
  4. Note that when you ask for host.com, it will automatically also ask for `www.host.com` so in Route53, make sure that host.com points to the static IP and that www is an A record that points there too. You actually need to create them both as A records for reasons that I’ve forgotten 🙂
  5. This process will take a few minutes and it might end with a spurious error, but you can check by seeing if you can navigate to https://host.com

Now you want to secure the site by starting JetPack and other tools:

  1. Change the default password of the login account and save it in 1Password. Tie this to a company account like webmaster@yoursite.com
  2. Also, install the backup UpdraftPlus plugin as well. I normally use and push the configuration to Google Drive. Go to the WordPress Admin > Settings > UpdraftPlus Backups > Settings and pick Daily upgrade or whatever tempo you want like weekly and save a lot like 1,024 backups. Google Drive has lots of space so why not and mail sure to get an email every time it happens.
  3. Make sure you Network Activate your plugins in My Sites > Network of Sites > Plugins > Installed Plugins

Now for the rest of the administration, use a different account:

  1. Now create your own account, so you are not logging in as super administrator.
  2. Connect it to JetPack by clicking on setup JetPack Security Wizard and then run through all the security entries including Downtime Monitor, Activate auto-update for all plugins. The user interface is a little weird here, it will lead you to the pane, but then you click on the popup to go back to the checklist. You should not actually click on the checklist, just let the wizard do the clicking for you. Otherwise, the checklist doesn’t update properly.
  3. While you are doing this install the defaults that are already installed, with the most important being AWS for WordPress, Akismet Anti-Spam, Simple Tages, Google Analytics Dashboard
  4. Turn on login via WordPress.com, this is safer than a standalone login as WordPress has things like two-factor authentication that you will want to be turned on and integrated editing of all your websites in one place.
  5. Now complete the rest of the setup, go to Settings and change the site title and the Site Timezone in https://wordpress.com/settings/general
  6. Turn on discussions in the settings as well and allow authenticated users to leave a reply, but make sure to moderate first.
  7. Install the basic security plugins. I normally use Wordfence Security to provide additional security. go to the Plugins section to add these.
  8. Now go to WordPress Admin > jetPack > Akismet and set up your API key with a dedicate WordPress.com login
  9. Setup My Sites > The current Site > Insights so you can monitor your site with Google Analytics. So first set up a Google Analytics account. You will need a real google account for this, but don’t use your personal one. Use a company one. Hopefully,G you have a dedicated admin account with Gsuite. It costs a little extra, but this is the way to get authenticated access for an organization.
  10. Once you have logged in, you will need to set up a data stream. Note that MonsterInsights doesn’t support Apps yet, so make sure to click Web only. If you made a mistake, that’s not a problem. just choose to create a property and then pick Web. You can have up to 50 property so that isn’t a problem and you will bet a unique tracking id.
  11. Now go to the WordPress Administrator page and to your site and set up MonsterInsights. It does the rest of the work so it’s easy to figure out who is looking at your site.
  12. Setup WP Mail SMTP so that you can send an email via Gmail. Again, it’s convenient to have an admin account in your Gsuite to do this. Although you can also buy bulk email from SendGrid. This uses an authentication token, so you don’t have to stuff your password into a WordPress database.
  13. Create a Web app in your Google Account by enabling that API. This does require that you create a Google Cloud Platform account, but you do get $300 to spend in the first year. This will create a new project. Make sure to give it a descriptive name. This you have to do in their IAM. It does create a default first project, so you can just rename it. Although this doesn’t seem to take properly. Maybe there is some propagation time?
  14. Now continue and say you a called from a web server and want to access user data, so go to Create Credentials, and then setup consent screen which will lead you to the OAuth Consent screen and then it needs to know the redirect URLs that are allowed and make sure it is set to internal since you only your organization to be able to logon and send mail and make sure authorized domains are just for your site. And set all the Application links to https://yoursite.com whatever that is.
  15. Now that the screen is created, you will create the OAuth 2.0 client IDs, make sure that you are creating a Webapp and that the authorized JavaScript origin is your website and that the redirect URL is from the Settings > WP Mail SMTP page on your site. This will give some important magic numbers which are a GUID that is the client id and then a secret just for the site.
  16. Then type that into the WP Mail SMTP page and authorized all plugins to send to it.

Now you want to create some themes and things. Since this is a multisite WordPress, some things work differently, if themes and plugins are handled centrally and shared with all subsites so now to:

  1. At the upper left of the WP-Admin, you will see a button that says My Sites > Network Admin: Network and then go to Themes to add themes that can be used. For a quick default, for a business, go to Add Themes > Popular and try Astra or Ocean WP. These have lots of demo sites that you can adapt. Note that when you install, you first click on Install and then this changes to Network Enable so you have to do both.
  2. For Astra, you have to install starter templates and to use them, go to the site at Appearance > Starter Templates and select Gutenberg as the default editor. A good initial business with a first product are the templates Entrepreneur or Sierra Industry are good for a company with projects and testimonials. Anyway pick and then choose Import Complete Site and you will get something to edit.

Now to add other domains:

  1. To add other domains is pretty straightforward. Assuming these are new sites. You have two choice
  2. Will these be add-on domains, so will they look like new.host.com and new2.host.com. This is a good layout if you are building test landing pages and are moving ahead from Instapages for this. If so, just choose Network of Sites >> Add New Site as the super admin and you are will have it.
  3. Alternatively, if these are separate sites like new1.com, new2.com and so forth, it’s a little more complicated. You need to create a subdomain site. When you go to edit the site, then you can fill in the correct name.
  4. Finally, you need to rerun bncert-tools so that they all get an SSL certificate by ssh’ing into the device.

I’m Rich & Co.

Welcome to Tongfamily, our cozy corner of the internet dedicated to all things technology and interesting. Here, we invite you to join us on a journey of tips, tricks, and traps. Let’s get geeky!

Let’s connect