Frequently Asked Questions for AWS Multi-Tier Solutions

How to enable SSH?

By default, SSH is disabled on AWS Multi-Tier Solutions. This default configuration can be changed in two ways:

  • At the time of deploying the AWS Multi-Tier Solution, ensure that the "SSH Source" field in the "Networking Configuration" section is set to "0.0.0.0/0". The default setting for the template is set to "127.0.0.1/32" which disables remote SSH access; change this value to enable SSH access to the application server.

    AWS SSH configuration

  • Alternatively, after the AWS Multi-Tier Solution is displayed, enable SSH by following these steps:

    • Browse to the AWS CloudFormation dashboard and select the stack for which you wish to enable SSH.

    • From the "Actions" menu, click "Update Stack".

      AWS SSH configuration

    • You will be prompted to update the stack. Click "Next" until you arrive at the "Specify Details" page.

    • Locate the "Networking Configuration" section on the page and ensure that the "SSH Source" field is set to "0.0.0.0/0".

      AWS SSH configuration

    • Continue clicking "Next" until you arrive at the final page. Preview your changes and verify that the security group is scheduled for modification.

      AWS SSH configuration

    • Click "Update" to update the stack and enable SSH access to the application server.

How to connect to the server through SSH?

NOTE: A Multi-Tier Solution typically consists of multiple servers. The primary server will have a public IP address. Other servers in the group may have public or private IP addresses, depending on access requirements. The steps below explain how to connect to the primary server. Should you wish to connect to another server in the group, follow the same steps if it has a public IP address, or obtain its private IP address and connect to it from the primary server.

Obtaining your SSH credentials for your client

Obtaining your SSH credentials from the AWS EC2 Dashboard

When connecting to a server that's part of an AWS Multi-Tier Solution, you must use the SSH key pair that you associated with the template when it was first deployed. You will also need the public IP address of the server you wish to connect to. This may be obtained from the AWS EC2 dashboard, as shown below:

AWS server IP address

Connecting with an SSH client

Connecting with an SSH client on Windows

In order to access your server via SSH tunnel you need an SSH client. In the instructions below we have selected PuTTY, a free SSH client for Windows and UNIX platforms. To access the server via SSH tunnel using PuTTY on a specific port using an SSH tunnel, you need to have it configured in order to allow connections to your server.

  • Step 1: Obtain PuTTY

    • Download the PuTTY ZIP archive from its website.
    • Extract the contents to a folder on your desktop.
  • Step 2: Convert your PEM private key to PPK format (optional)

    If your private key is in .pem format, it is necessary to convert it to PuTTY's own .ppk format before you can use it with PuTTY. If your private key is already in .ppk format, you may skip this step.

    Follow the steps below to convert your .pem private key to .ppk format:

    • Launch the PuTTY Key Generator by double-clicking the puttygen.exe file in the PuTTY installation directory.
    • Click the "Load" button and select the private key file in .pem format.

      PuTTY key conversion

    • Once the private key has been imported, click the "Save private key" button to convert and save the key in PuTTY's .ppk key file format.

      PuTTY key conversion

  • Step 3: Configure PuTTY

    • Double-click the putty.exe file to bring up the PuTTY configuration window.
    • In the PuTTY configuration window, enter the host name or public IP address of your server into the "Host Name (or IP address)" field, as well as into the "Saved Sessions" field. Then, click "Save" to save the new session so you can reuse it later.

    PuTTY configuration

    • Obtain your SSH credentials in order to allow the authentication against the server. Refer to the FAQ to learn how to obtain your SSH credentials for your client.
    • In the "Connection -> SSH -> Auth" section, browse to the private key file (.ppk) you've previously obtained in the step above.

    PuTTY configuration

    • In the "Connection -> Data" section, enter the username bitnami into the "Auto-login username" field, under the "Login details" section.

      PuTTY configuration

  • In the "Session" section, click on the "Save" button to save the current configuration.
  • Select the session you want to start (in case that you have saved more than one session) and click the "Open" button to open an SSH session to the server.

    PuTTY configuration

PuTTY will first ask you to confirm the server's host key and add it to the cache. Go ahead and click "Yes" to this request (learn more).

PuTTY connection

You should now be logged in to your server. Here is an example of what you'll see:

PuTTY connection

Connecting with an SSH client on Linux and Mac OS X

Linux and Mac OS X come bundled with SSH clients by default. In order to log in to your server, follow the steps below:

  • Open a new terminal window on your local system (for example, using "Finder -> Applications -> Utilities -> Terminal" in Mac OS X or the Dash in Ubuntu).
  • Set the permissions for your private key file (*.pem) to 600 using a command like the one below. Refer to the FAQ to learn how to obtain your SSH credentials.

      $ chmod 600 KEYFILE
    
  • Connect to the server using the following command:

      $ ssh -i KEYFILE bitnami@SERVER-IP
    

    Remember to replace KEYFILE in the previous commands with the path to your private key file (.pem), and SERVER-IP with the public IP address or hostname of your server.

  • Your SSH client might ask you to confirm the server's host key and add it to the cache before connecting. Accept this request by typing or selecting "Yes" (learn more).

You should now be logged in to your server. Here is an example of what you'll see:

SSH connection

Forwarding your key using SSH Agent

Forward your key it is an easy way to connect to a host (host A) with your SSH key, and from there, to connect to another host (host B) using the same key.

Forwarding your key using SSH Agent on Windows

To access the server via SSH forwarding your key using PuTTY you must have it configured. Please, check the how to connect to the server through SSH using an SSH client on Windows section for more information on this.

Once you have your SSH client correctly configured, you need to enable the SSH Agent forwarding. For doing so, follow these steps:

  • In the "Connection -> SSH -> Auth" section, activate the "Allow agent forwarding" checkbox.

PuTTY forward agent

  • In the "Session" section, save your changes by clicking the "Save" button.
  • Click the "Open" button to open an SSH session to the server. The SSH session will now forward your key, you can check it by running the following:

      $ ssh-add -L
    
Forwarding your key using SSH Agent on Linux and Mac OS X

To access the server forwarding SSH keys, follow the steps below.

  • Open a new terminal window on your local system (for example, using "Finder -> Applications -> Utilities -> Terminal" in Mac OS X or the Dash in Ubuntu).
  • To access the server forwarding your key, you need to have the following information:
  • Run the following command to add the SSH key to the agent. Remember to replace KEYFILE with the path to your private key:

      $ ssh-add KEYFILE
    
  • Connect to the server using -A option, remember to replace SERVER-IP with the public IP address or hostname of your server:

      $ ssh -A bitnami@SERVER-IP
    
  • The SSH session will now forward your key, you can check it by running the following:

      $ ssh-add -L
    

How to access a server using an SSH tunnel?

Bitnami strongly discourages you from opening server ports apart from those defined by default. In case you need to access a server on a specific port remotely, Bitnami recommends creating an SSH tunnel instead of opening the port in the server firewall.

Depending on your operating system, follow these instructions to create an SSH tunnel and ensure secure access to the application.

IMPORTANT: Before following the steps below, ensure that your application server is running.

Accessing a server using an SSH tunnel on Windows

In order to access your server via SSH tunnel you need an SSH client. In the instructions below we have selected PuTTY, a free SSH client for Windows and UNIX platforms.

Once you have your SSH client correctly configured and you tested that you can successfully access to your instance via SSH, you need to create an SSH tunnel. For doing so, follow these steps:

  • In the "Connection -> SSH -> Tunnels" section, create a secure tunnel by forwarding a port (the "destination port") on the remote server to a port (the "source port") on the local host (127.0.0.1 or localhost). An example of configuring an SSH tunnel between remote port 80 and local port 8888 is displayed below.

    PuTTY safe tunneling

  • Click the "Add" button to add the secure tunnel configuration to the session. (You'll see the added port in the list of "Forwarded ports"). An example of configuring an SSH tunnel between remote port 80 and local port 8888 is displayed below.

    PuTTY safe tunneling

  • In the "Session" section, save your changes by clicking the "Save" button.
  • Click the "Open" button to open an SSH session to the server. The SSH session will now include a secure SSH tunnel between the two specified ports.

While the tunnel is active, you should be able to access the application through the secure SSH tunnel you created, by browsing to http://127.0.0.1:SOURCE-PORT/ or http://localhost:SOURCE-PORT/. Remember to replace SOURCE-PORT with the source port number specified.

Accessing a server using an SSH tunnel on Linux and Mac OS X

To access the server on a specific port using an SSH tunnel, follow the steps below.

  • Open a new terminal window on your local system (for example, using "Finder -> Applications -> Utilities -> Terminal" in Mac OS X or the Dash in Ubuntu).
  • To access the server on a specific port using an SSH tunnel, you need to have the following information:
  • Run the following command to configure the SSH tunnel. Remember to replace SOURCE-PORT with the source port, DESTINATION-PORT with the destination port, KEYFILE with the path to your private key, and SERVER-IP with the public IP address or hostname of your server:

          $ ssh -N -L SOURCE-PORT:127.0.0.1:DESTINATION-PORT -i KEYFILE bitnami@SERVER-IP
    
NOTE: If successful, the above command will create an SSH tunnel but will not display any output on the server console.

While the tunnel is active, you should be able to access the application through the secure SSH tunnel you created, by browsing to http://127.0.0.1:SOURCE-PORT/ or http://localhost:SOURCE-PORT/. Remember to replace SOURCE-PORT with the source port number specified.

How to start or stop servers in a Multi-Tier Solution

NOTE: This section assumes that you have already deployed a Bitnami Multi-Tier Solution from the Amazon Web Services (AWS) Marketplace.

Bitnami Multi-tier Solutions separates in different layers the application and the database. This means that you can manage each instance individually from its specific console.

How to start or stop the application instance in AWS?

To start, stop or reboot the application instance, follow the steps below:

  • Log in to the Elastic Compute Cloud (EC2) Console.

  • In the left menu, navigate to "INSTANCES -> Instances" section and then select your instance from the dashboard:

    AWS EC2 Console

  • From the "Actions" menu, click the "Instance State" option. It displays the different actions you can perform to manage your instance:

AWS EC2 Console

NOTE: An alternate method to stop the instances individually is to stop one by one running the following command on the remote server. Please check our FAQ for instructions on how to connect to your server through SSH:

 $ aws ec2 stop-intances --instance-ids ID_INSTANCE

Remember that ID_INSTANCE is a placeholder, replace it with the id of the instance you want to stop.

How to reboot the database instance in AWS?

To reboot the database instance, follow the steps below:

  • Log in to the Amazon RDS dashboard.

  • Select the "Instances" menu item and then select your RDS instance from the dashboard:

AWS EC2 Console

  • Click the "Instance Actions" button and select the "Reboot" option.

AWS EC2 Console

How to find application credentials?

When creating and deploying a new template, the default application username is set to user or user@example.com and you will have the opportunity to specify the application password. This password will not be displayed again, so note it carefully for future reference.

Server credentials

You can also obtain the application username from the application page in our documentation.

If you started a server (for example, MongoDB or similar) that isn't a Web application server, you can use the default administrator user to log in to the database (for example, root).

What is the directory structure?

The installation process will create several sub-directories under the /opt/bitnami directory:

  • Servers and related tools: apache/, mysql/, postgresql/, tomcat/, etc.
  • Languages: php/, python/, ruby/, tcl/, etc.
  • Application files: drupal/, joomla/, redmine/, etc.
  • Licenses of the components included in the stack: licenses/

Application files are stored in the /opt/bitnami/APPNAME directory.

How to troubleshoot Gmail SMTP issues

If you are using Gmail as the outbound email server and you are not able to send email correctly, Google may be blocking sign-in attempts from your apps or devices. Depending on whether or not you use Google Apps, the steps to correct this will differ.

For Google Apps users

If you are a Google Apps user, you will need your administrator to allow users to change the policy for less secure apps. If you are a Google Apps administrator, follow these steps:

  • Browse to the Google Apps administration panel.
  • Click on "Security" and then "Basic settings".
  • Look for the section "Less secure apps" and then click on "Go to settings for less secure apps".
  • Select "Allow users to manage their access to less secure apps".

For other Google users

If you do not use Google Apps, follow the steps in the following sections, depending on whether 2-step verification has been enabled on the account or not.

If 2-step verification has not been enabled on the account, follow these steps:

  • Browse to the "Less secure apps" page and log in using the account you are having problems with. This option is typically required by many popular email clients, such as Outlook and Thunderbird, and should not be considered unsafe.
  • Select the "Turn on" option.

    Security settings

If 2-step verification has been enabled on the account, you have to generate an app password. Follow these steps:

  • Browse to the "App passwords" page.
  • Click "Select app" and choose the app you're using.
  • Click "Select device" and choose the device you're using.
  • Click the "Generate" button.
  • Enter the app password on your device.
  • Click the "Done" button.

Here are other options you may try:

  • Browse to the web version of Gmail and sign in to your account. Once you're signed in, try to enable access for the application again.
  • Browse to the "Unlock Captcha" function page and sign in with your Gmail username and password.
  • Disable IMAP from the Gmail web server interface and enable it again.

    IMAP settings

How to open the server ports for remote access?

IMPORTANT: Making this application's network ports public is a significant security risk. You are strongly advised to only allow access to those ports from trusted networks. If, for development purposes, you need to access from outside of a trusted network, please do not allow access to those ports via a public IP address. Instead, use a secure channel such as a VPN or an SSH tunnel. Follow these instructions to remotely connect safely and reliably.

By default, AWS cloud servers have some or all of their ports closed to secure them against external attacks. In some cases, ports needed for specific applications to operate properly are also left open by default.

If you need to access your server remotely using a different port, you must first open the necessary port(s) using the AWS Console. If the server was launched using Amazon Lightsail, ports should be opened through the Amazon Lightsail dashboard instead.

Using the AWS Console

NOTE: For servers launched through the Bitnami Launchpad for AWS Cloud, select the cloud server you wish to modify in the Bitnami Launchpad and click the "Manage in the AWS Cloud Console" button to access the AWS EC2 dashboard.

To open other ports for remote access, follow these steps:

  • Select the instance in the dashboard.

  • In the lower panel, click the name of the security group used by the instance.

    Security group configuration

  • The resulting page will display the details of the selected security group. In the lower panel, select the "Inbound" tab to display a list of all the ports allowing inbound traffic.

  • Click the "Edit" button.

    Security group edit

  • In the resulting dialog, select the "Add Rule" button and add a new "Custom TCP Rule" using the following guidelines:
    • Port: Enter the port number or port range needed by the application
    • Source: Use "Anywhere" to allow access from anywhere, or use "Custom IP" and specify an IP address range

      NOTE: We recommend that inbound connections be allowed only from known and trusted IP ranges. Entering "Anywhere" allows access by anyone on the Internet. This is very strongly discouraged and may result in unknown parties gaining access to your application and data.
  • Click the "Save" button to save your changes.

As an example, review the image below which demonstrates opening port 21 (the FTP port) for access.

Example

Your security rule comes into effect immediately without any need to restart the server.

Using Amazon Lightsail

To open other ports for remote access, follow these steps:

  • Log in to the AWS Console.

  • From the Amazon Web Services menu, select the Lightsail service and choose the server you wish to obtain credentials for.

  • On the server detail page, click the "Networking" tab.

  • In the "Firewall" section, click the "Edit rules" link.

  • Click the "Add another" link and add a "Custom" application using the following guidelines:
    • Protocol: Select "TCP", "UDP" or "ALL".
    • Port range: Enter the port number or port range needed by the application

      NOTE: We recommend that inbound connections be allowed only from known and trusted IP ranges. Entering "All" allows access by anyone on the Internet. This is very strongly discouraged and may result in unknown parties gaining access to your application and data.
  • Click the "Save" link to save your changes.

As an example, review the image below which demonstrates opening port 21 (the FTP port) for access.

Amazon Lightsail security configuration

Your security rule comes into effect immediately without any need to restart the server.

How to close the server ports and deny remote access?

NOTE: For servers launched through the Bitnami Launchpad for AWS Cloud, select the cloud server you wish to modify from the Bitnami Launchpad and click the "Manage in the AWS Cloud Console" button to access the AWS EC2 dashboard. If the server was launched using Amazon Lightsail, ports should be modified through the Amazon Lightsail dashboard instead.

Using the AWS Console

To close a server port and deny remote access on that port, follow these steps:

  • Select the instance in the dashboard.

  • In the lower panel, click the name of the security group used by the instance.

    Security group selection

  • The resulting page will display the details of the selected security group. In the lower panel, select the "Inbound" tab to display a list of all the ports allowing inbound traffic.

  • Click the "Edit" button.

    Security group configuration

  • In the resulting dialog, click the cross next to the security rule for the port(s) you wish to close. This will delete the security rule, thereby denying inbound traffic on that port

    Firewall rule deletion

  • Click the "Save" button to save your changes.

Your security rule comes into effect immediately without any need to restart the server.

Using Amazon Lightsail

To close a server port and deny remote access on that port, follow these steps:

  • Log in to the AWS Console.

  • From the Amazon Web Services menu, select the Lightsail service and choose the server you wish to obtain credentials for.

  • On the server detail page, click the "Networking" tab.

  • In the "Firewall" section, click the "Edit rules" link.

  • Click the cross next to the firewall rule for the port(s) you wish to close. This will delete the security rule, thereby denying inbound traffic on that port.

    Amazon Lightsail security configuration

  • Click the "Save" link to save your changes.

Your security rule comes into effect immediately without any need to restart the server.

How to upload files with SFTP?

NOTE: Bitnami applications can be found in /opt/bitnami.

When connecting to a server that's part of an AWS Multi-Tier Solution, you must use the SSH key pair that you associated with the template when it was first deployed. You will also need the public IP address of the server hosting the application. This may be obtained from the AWS EC2 dashboard, as shown below:

AWS server IP address

Although you can use any SFTP/SCP client to transfer files to your server, this guide documents FileZilla (Windows, Linux and Mac OS X), WinSCP (Windows) and Cyberduck (Mac OS X).

Using an SSH Key

Once you have your server's SSH key, choose your preferred application and follow the steps below to connect to the server using SFTP.

FileZilla
IMPORTANT: To use FileZilla, your server private key should be in PPK format.

Follow these steps:

  • Download and install FileZilla.
  • Launch FileZilla and use the "Edit -> Settings" command to bring up FileZilla's configuration settings.
  • Within the "Connection -> SFTP" section, use the "Add keyfile" command to select the private key file for the server. FileZilla will use this private key to log in to the server.

    FileZilla configuration

  • Use the "File -> Site Manager -> New Site" command to bring up the FileZilla Site Manager, where you can set up a connection to your server.
  • Enter your server host name and specify bitnami as the user name.
  • Select "SFTP" as the protocol and "Ask for password" as the logon type.

    FileZilla configuration

  • Use the "Connect" button to connect to the server and begin an SFTP session. You might need to accept the server key, by clicking "Yes" or "OK" to proceed.

You should now be logged into the /home/bitnami directory on the server. You can now transfer files by dragging and dropping them from the local server window to the remote server window.

If you have problems accessing your server, get extra information by use the "Edit -> Settings -> Debug" menu to activate FileZilla's debug log.

FileZilla debug log

WinSCP
IMPORTANT: To use WinSCP, your server private key should be in PPK format.

Follow these steps:

  • Download and install WinSCP.
  • Launch WinSCP and in the "Session" panel, select "SCP" as the file protocol.
  • Enter your server host name and specify bitnami as the user name.

    WinSCP configuration

  • Click the "Advanced…" button and within the "SSH -> Authentication -> Authentication parameters" section, select the private key file for the server. WinSCP will use this private key to log in to the server.

    WinSCP configuration

  • From the "Session" panel, use the "Login" button to connect to the server and begin an SCP session.

You should now be logged into the /home/bitnami directory on the server. You can now transfer files by dragging and dropping them from the local server window to the remote server window.

If you need to upload files to a location where the bitnami user doesn't have write permissions, you have two options:

  • Once you have configured WinSCP as described above, click the "Advanced…" button and within the "Environment -> Shell" panel, select sudo su - as your shell. This will allow you to upload files using the administrator account.

    WinSCP configuration

  • Upload the files to the /home/bitnami directory as usual. Then, connect via SSH and move the files to the desired location with the sudo command, as shown below:

     $ sudo mv /home/bitnami/uploaded-file /path/to/desired/location/
    
Cyberduck
IMPORTANT: To use Cyberduck, your server private key should be in PEM format.

Follow these steps:

  • Select the "Open Connection" command and specify "SFTP" as the connection protocol.

    Cyberduck configuration

  • In the connection details panel, under the "More Options" section, enable the "Use Public Key Authentication" option and specify the path to the private key file for the server.

    Cyberduck configuration

  • Use the "Connect" button to connect to the server and begin an SFTP session.

You should now be logged into the /home/bitnami directory on the server. You can now transfer files by dragging and dropping them from the local server window to the remote server window.

How to troubleshoot VPC errors during deployment?

When deploying a Bitnami Multi-Tier Solution on AWS, you may encounter an error similar to the one below:

Value (us-east-1b) for parameter availabilityZone is invalid. Subnets can currently only be created in the following availability zones: us-east-1d, us-east-1a, us-east-1c, us-east-1e. 

This error typically occurs for one of two reasons:

  • Older AWS accounts created before 2013-12-04 do not have a default VPC configured and therefore cannot use certain availability zones. In these cases, we recommend that you create a default VPC via AWS technical support. Alternatively, you can also create a new AWS account, which will come with a default VPC already configured.

  • For newer AWS accounts that have a default VPC configured, the selected availability zones may be the same or there may not be a default VPC for the selected availability zones. In these cases, modify your deployment configuration and select different availability zones.

Find more information in the AWS VPC documentation.

How to connect to the Amazon Relational Database Service (RDS)?

You can connect to the Amazon RDS database from the runtime server (the EC2 instance running the application) or the principal server, that includes the mysql client tool. Follow the steps below:

  • Obtain the hostname for your RDS instance from the "Endpoint" field in the RDS dashboard, as shown below:

    RDS host information

  • Log in to the runtime server console via SSH.

  • Use the mysql command-line tool to connect to the Amazon RDS database, as shown below. Replace the HOSTNAME placeholder with the actual hostname for the Amazon RDS instance.

    $ mysql -u root -p -h HOSTNAME
    

    You will be prompted to enter the root user password. This is the same password you configured when deploying the Multi-Tier Solution.

How to reset the database master password on Amazon RDS?

If you don't remember your MariaDB or Aurora database master password on Amazon RDS, you can follow the steps below to reset it to a new value:

  • Log in to the Amazon RDS dashboard.

  • Select the "Instances" menu item and then select the MariaDB or Aurora RDS instance you wish to modify.

    RDS password reset

  • From the "Instance Actions" menu, click the "Modify" option.

    RDS password reset

  • On the resulting page, enter a new password in the "Settings -> New Master Password" field. Leave all other settings as they are.

    RDS password reset

  • Scroll down to the end of the page and check the "Apply Immediately" option.

  • Click the "Continue" button.

    RDS password reset

  • Review the submitted modification and click the "Modify DB Instance" button.

    RDS password reset

The RDS master password for the selected database instance will be modified and you should now be able to access the database server with the new password.

How to upgrade a Bitnami Multi-Tier Solution?

This section describes the general process to upgrade from an older version of a Bitnami Multi-Tier Solution for AWS to a newer one.

NOTE: By default, SSH is disabled on AWS Multi-Tier Solutions. Before following the steps in this section, enable SSH access as described in the FAQ.
NOTE: Before beginning the upgrade process, we recommend making a backup of your current instances.

Step 1: Backup files

First, create a backup of the files on the application instance. To do so:

  • Connect to the instance as explained in the FAQ.

  • Create a backup of the database (refer to the FAQ for more information). Issue the following command (replace APPNAME with the name of your application, such as wordpress or redmine and DBHOST with the host name of your database instance):

        $ mysqldump -u root -h DBHOST -p bitnami_APPNAME > /home/bitnami/db_backup.sql
    
  • Create a backup of the configuration and data files (such as uploads, plugins or themes) with the following command:

      $ sudo tar -czvf /home/bitnami/conf_backup.tar.gz /bitnami
    
  • Download the backup files to your machine. To download the backed up files to your local machine (so you can upload them to a new one), open a new terminal window and use the scp command, or use a separate SFTP client.

    This tutorial uses the scp command in a new window, as shown below. Remember to replace KEYFILE with the path to the private key file (.pem format) and APPHOST with the public IP address of the application instance. For more information on using an SSH key with scp or an SFTP client, refer to the FAQ.

      $ scp -i KEYFILE bitnami@APPHOST:/home/bitnami/conf_backup.tar.gz .
      $ scp -i KEYFILE bitnami@APPHOST:/home/bitnami/db_backup.sql .
    

Step 2: Retrieve new database credentials

  • Start the new version of the Bitnami Multi-Tier Solution for AWS.

  • Log in to the new instance via SSH.

  • Obtain and note the database credentials for the new Multi-Tier Solution. Typically, you will find these in a configuration file in the /bitnami/APPNAME/conf directory. The name and structure of the configuration file differs per application; refer to the application's documentation for more specific information.

Step 3: Transfer data

  • Upload the files to the new instance. To upload the database backup and files downloaded earlier to the new instance, use the scp command as shown below. Replace KEYFILE with the path to the private key file (.pem format) and NEWAPPHOST with the public IP address of the new application instance:

      $ scp -i KEYFILE db_backup.sql conf_backup.tar.gz bitnami@NEWAPPHOST:
    
  • Restore the database and other files on the new instance (replace APPNAME with the name of your application, such as wordpress or redmine and DBHOST with the host name of your database instance):

      $ mysql -u root -h DBHOST -p bitnami_APPNAME < /home/bitnami/db_backup.sql
      $ sudo tar -xzvf /home/bitnami/conf_backup.tar.gz -C /
    

Step 4: Update database credentials

  • When performing the previous step, the database credentials for the application would have been overwritten with older (incorrect) values. Update the application configuration file with the correct database credentials (obtained in Step 2) for the new Multi-Tier Solution.

  • Restart the server:

      $ sudo service bitnami restart APPNAME
    

Step 5: Move the IP address

Once the new application instance is up and running with all the files restored, point the old application instance's IP address to the new application instance.

How to block a suspicious IP address?

NOTE: The steps below should be performed on all instances that receive inbound Internet traffic.

If you have detected an IP address that is collapsing your server or just making suspicious requests, block it using iptables. To do this, run the following command:

$ sudo su
$ iptables -A INPUT -s 1.2.3.4 -j DROP

Remember to replace 1.2.3.4 with the IP address you want to block.

IMPORTANT: Use with caution. If you don't specify an IP address, you will block yourself.

This will block all requests from that IP address. To have your iptables rules active even after rebooting the server, follow these steps:

  • Execute these commands:

     $ sudo su
     $ iptables-save > /opt/bitnami/iptables-rules
     $ crontab -e
    
  • Edit the above file with your favourite editor and include this line at the end of the file:

     @reboot /sbin/iptables-restore < /opt/bitnami/iptables-rules
    
  • Save the file and exit.

Now, on every boot, the system will load and apply the iptables rules.

To delete a rule, run the following command:

$ sudo su
$ iptables -D INPUT -s 1.2.3.4 -j DROP

This will delete the rule. Remember to replace 1.2.3.4 with a valid IP address.

Rerun the iptables-save command shown previously to make the new rules active even after rebooting the server.

How to configure a static IP address?

AWS instances are launched with a dynamic IP address by default, which means that the IP address changes every time the server is stopped and restarted. In many cases, this is not desired and so, users also have the option to assign the server a static IP address (also known as an "elastic IP").

To configure a static IP address:

  • Log in to the AWS EC2 Dashboard

  • Select the instance in the dashboard.

  • In the left navigation bar, select the "Network & Security -> Elastic IPs" menu item.

  • Click the "Allocate New Address" button.

AWS IP address configuration

  • Click "Allocate" in the next screen.

AWS IP address configuration

A new static IP address will be generated and will appear in the list of available IP addresses.

AWS IP address configuration

Next:

  • From the "Actions" drop-down menu, select the "Associate Address" menu item.

AWS IP address configuration

  • In the resulting dialog box, enter the instance ID of your server and click the "Associate" button.

AWS IP address configuration

The elastic IP address will now be assigned to your server and will persist across shutdown/reboot operations.

How to configure your application to use a third-party SMTP service for outgoing email?

Bitnami applications can be configured to use a third-party SMTP service for outgoing email. Examples of such third-party SMTP services are SendGrid and Mandrill. Instructions for using both these are provided below.

SendGrid

SendGrid's SMTP service can be accessed using your SendGrid account credentials. These credentials can be obtained by logging in to the SendGrid website and visiting the "Account Details" page.

SendGrid configuration

To configure your application to send email through SendGrid's SMTP service, use the settings below. Replace USERNAME with your SendGrid account username and PASSWORD with your SendGrid account password.

  • SMTP host: smtp.sendgrid.net
  • SMTP port: 25 or 587 for unencrypted/TLS email, 465 for SSL-encrypted email
  • SMTP username: USERNAME
  • SMTP password: PASSWORD

Here's an example of configuring WordPress to use SendGrid:

WordPress with SendGrid

More information is available in the SendGrid documentation.

Mandrill

Mandrill's SMTP service requires an API key for access. To obtain this key, log in to the Mandrill website, navigate to the "SMTP & API" section and create an API key. Note the SMTP server name, username and API key, as these serve as your credentials for accessing the Mandrill SMTP server.

Mandrill configuration

To configure your application to send email through Mandrill's SMTP service, use the settings below. Replace USERNAME with your SMTP username and API-KEY with the generated API key.

  • SMTP host: smtp.mandrillapp.com
  • SMTP port: 25, 587 or 2525 for unencrypted/TLS email, 465 for SSL-encrypted email
  • SMTP username: USERNAME
  • SMTP password: API-KEY

Here's an example of configuring WordPress to use Mandrill:

WordPress with Mandrill

More information is available in the Mandrill documentation.

Similar steps can be followed for other third-party SMTP services as well. Consult your service provider's documentation to obtain details on authentication credentials and available ports.

Does Bitnami collect any data from deployed Bitnami stacks?

Yes. Bitnami Multi-Tier Solutions include a small agent that starts on boot and collects a few pieces of information about the system. For users of Bitnami Multi-Tier Solutions, we may also collect information from downloaded, pulled or deployed images or instances, such as the instance type, IP address and operating system version or the Bitnami account used to launch the image in order to improve our product offerings.

We encourage you to leave this tracking on, but if you would like to turn it off, you can comment out or delete the following line in the bitnami user's crontab file:

X * * * * cd /opt/bitnami/stats ; ./agent.bin --run -D

Our complete privacy policy is available online. If you have any questions, please feel free to contact us at hello@bitnami.com.

What does the SSH warning 'REMOTE HOST IDENTIFICATION HAS CHANGED' mean?

This warning is normal when trying to connect to the same IP address but a different machine - for instance, when you assign the same static IP address to another server. You can fix the problem by removing the IP address that you are trying to connect to from your ~/.ssh/known_hosts file.

If you use PuTTY, the SSH key mismatch warning looks like the image below:

SSH warning

In this case, click "Yes" if you know the reason for the key mismatch (IP address reassigned to another server, machine replaced, and so on).

How to troubleshoot server performance problems?

There are several possible reasons why your server might be under-performing. Use the list below to identify what could be affecting it.

  • Check the server type and ensure that it has the necessary CPU and RAM resources to meet your application requirements and user load.

  • Check if your application is using a cache. Consider enabling a cache if one is not already present. For applications like WordPress, caching plugins like W3 Total Cache can produce a significant improvement in performance.

  • Check if there are any cron jobs running on the server and consuming resources.

  • Review the server dashboard or monitoring page and check the list of processes consuming CPU and memory. Alternatively, log in to the machine console via SSH and execute the following command to see a list of running processes:

     $ ps -e -orss=,args= | sort -b -k1,1n | pr -TW$COLUMNS
     $ ps -e -o pcpu,nice,state,cputime,args --sort -pcpu | head -10
    
  • In case of problems with the disk size, check the free disk space and which directories have a large number of files:

     $ df -ih
     $ df -h
     $ cd /opt/bitnami
     $ sudo find . -type f | cut -d "/" -f 2 | sort | uniq -c | sort -n
     $ du -h -d 1
    

What are the Bitnami Cloud Tools?

Bitnami Cloud Tools are a multi platform, self-contained and easy-to-use prepackaged software that allows you to manage and monitor your cloud deployments.

By downloading it, you will obtain a wide range of command line utilities and a pre-configured version of the major programming languages such as Python or Perl. These tools are really useful for those developers that want to use, in a more advanced way, the Cloud APIs offered by different cloud providers.

Select your cloud platform and download from the Bitnami official web page the package that corresponds to your operating system.

aws-templates

Bitnami Documentation