1. Find where Java lives:

which java

2. Set JAVA_HOME:

export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.131-2.b11.30.amzn1.x86_64/

3. Set the Java path:

export PATH=$PATH:$JAVA_HOME

4. Confirm path is set (as above) correctly:

echo $JAVA_HOME

1. Install mod_ssl and python

yum -y install mod_ssl python26-virtualenv

2. Change into /opt and clone letsencypt

cd /opt

git clone https://github.com/certbot/certbot letsencrypt

3. Run letsencrypt

/opt/letsencrypt/letsencrypt-auto --debug

Select relevant options when prompted.

4. Setup auto-renew

Auto-renew certificates every Sunday at 6pm:

crontab -e
# Renew Let's Encrypt certificates at 6pm every Sunday
0 18 * * 0 root (/opt/letsencrypt/certbot-auto renew && service httpd restart)

Simple steps to ensure Pure-FTPd works on an EC2 instance:

1. Enable passive mode

sudo echo "50000 50100" > /etc/pure-ftpd/conf/PassivePortRange

2. Allow access to Public IP

sudo echo "public_ip" > /etc/pure-ftpd/conf/ForcePassiveIP

3. AWS Security Groups

Allow ports 50000 – 50100 to be open to anywhere

4. Restart Pure FTPd

sudo /etc/init.d/pure-ftpd restart

5. Test FTP access

After installing WHM on EC2 I started to setup the individual CPanel accounts with FTP accounts.

When trying to connect via FTP with a new account I got the following error with Filezilla:

‘Failed to Retrieve Directory Listing’

From carrying out some research it turns out that a range of passive ports need to be added to your Security Group. To find the passive port range used by Pure-FTP, shell into the servers and run the following:

vim /etc/pure-ftpd.conf

Search for Passive and you should see (version 60 of WHM):

PassivePortRange 49152 65534

Add this port range (49152 – 65534) to your Security Group and test with FileZilla.

* Make sure ForcePassiveIP is set to the correct external IP

**Try to lock down the passive port range to an IP range where possible

Simple guide to installing CPanel (WHM) on an Amazon EC2 instance.

Add and configure a VPC

1. Networking & Content Delivery > VPC
2. Start VPC Wizard > Select
3. Set CIDR to range of your choosing
4. Give a relevant name
5. Create VPC

Add and configure a Security Group:

1. Networking & Content Delivery > VPC > Security > Security Groups
2. Create Security Group
   1. Give relevant name, group and description
   2. Select previously created VPC
   3. Yes, Create
3. Highlight the newly created Group
   1. Inbound Rules (scroll down) > Edit
   2. Add rules for the following ports:

• 80
• 22
• 2083 – for CPanel
• 2087 – for WHM

*I would suggest setting the Source to ‘My IP’ until testing is complete