Frequently Asked Questions for Amazon Web Services

How to connect to the server through SSH?

The first step is to ensure that you have an SSH key for your server. If you are using the Bitnami Launchpad for AWS Cloud, download the SSH key for your server in .ppk format (for Windows) or in .pem format (for Linux and Mac OS X) from the Launchpad detail page for your server.

SSH keys

Depending on your platform, follow the instructions below:

Windows

The easiest way to log in to your server is with PuTTY, a free SSH client for Windows and UNIX platforms.

  • Download the PuTTY ZIP archive from its website.
  • Extract the contents to a folder on your desktop.
  • Double-click the putty.exe file to bring up the PuTTY configuration window.
  • Enter the host name of your server into the "Host Name (or IP address)" field, as well as into the "Saved Sessions" field.
  • Click "Save" to save the new session so you can reuse it later. PuTTY configuration
  • In the "Connection -> SSH -> Auth" section, select the private key file (.ppk) you saved in the previous step. PuTTY configuration
  • In the "Connection -> Data" section, enter the username bitnami into the "Auto-login username" field. PuTTY configuration
  • Go back to the "Session" section and save your changes by clicking the "Save" button.
  • Click the "Open" button to open an SSH session to the server.
  • PuTTY will first ask you to confirm the server's host key and add it to the cache. Go ahead and click "Yes" to this request (learn more). PuTTY connection

You should now be logged in to your server.

Linux and Mac OS X

Linux and Mac OS X come bundled with SSH clients by default.

  • Set the permissions for your private key file to 0600 using a command like the one below:

     $ chmod 600 KEYFILE
    
  • Open a new terminal.
  • Connect to the server using the following command:

      $ ssh -i KEYFILE bitnami@100.101.102.103
    

    Remember to replace KEYFILE in the previous commands with the path to your private key file, and 100.101.102.103 with the public IP address or hostname of your server.

  • Your SSH client might ask you to confirm the server's host key and add it to the cache before connecting. Accept this request by typing or selecting "Yes" (learn more).

You should now be logged in to your server.

How to find application credentials?

Using the AWS Marketplace

  • The application username depends on the application. You can find the application username in the "Usage Instructions" section for your AWS Marketplace product subscription, as shown below.

    Server credentials

  • The application password is randomly generated during the first boot. This password can be viewed as follows:

    • Log in to the AWS Cloud Console.

    • In the left navigation bar, select the "Instances -> Instances" menu item.

    • Select your instance in the dashboard.

    • From the "Actions" drop-down menu, select the "Get System Log" menu item.

      Server credentials

    • Review the system log until you find the application password.

      Server credentials

    IMPORTANT: This password is only shown the first time you start the image. Please save your password in a safe place. We also recommend changing it in your application to a different value.

Using the Bitnami Launchpad

Your default credentials become available once you create a cloud server. To find them, follow these steps:

  • Browse to the Bitnami Launchpad for AWS Cloud and sign in if required using your Bitnami account.

  • Select the "Virtual Machines" menu item.

  • Select your cloud server from the resulting list.

  • The "Application Info" section in the left panel contains the credentials for your instance. The password is hidden by default but will be displayed in plain text when the "Show" button, adjacent to the password input, is clicked.

    Server credentials

How to block a suspicious IP address?

If you have detected an IP address that is collapsing your server or just making suspicious requests, block it using iptables. To do this, run the following command:

$ sudo su
$ iptables -A INPUT -s 1.2.3.4 -j DROP

Remember to replace 1.2.3.4 with the IP address you want to block.

IMPORTANT: Use with caution. If you don't specify an IP address, you will block yourself.

This will block all requests from that IP address. To have your iptables rules active even after rebooting the server, follow these steps:

  • Execute these commands:

     $ sudo su
     $ iptables-save > /opt/bitnami/iptables-rules
     $ crontab -e
    
  • Edit the above file with your favourite editor and include this line at the end of the file:

     @reboot /sbin/iptables-restore < /opt/bitnami/iptables-rules
    
  • Save the file and exit.

Now, on every boot, the system will load and apply the iptables rules.

To delete a rule, run the following command:

$ sudo su
$ iptables -D INPUT -s 1.2.3.4 -j DROP

This will delete the rule. Remember to replace 1.2.3.4 with a valid IP address.

Rerun the iptables-save command shown previously to make the new rules active even after rebooting the server.

How to open the server ports for remote access?

By default, cloud servers launched through the Bitnami Launchpad for AWS Cloud have their ports closed to secure them against external attacks. This is done for all ports apart from ports 22 (SSH), 80 (HTTP) and 443 (HTTPS). In some cases, ports needed for specific applications to operate properly are also left open by default.

If you need to access your server remotely using a different port, you must first open the necessary port(s) using the AWS Cloud Console.

To open other ports for remote access, follow these steps:

  • Browse to the Bitnami Launchpad for AWS Cloud and sign in if required using your Bitnami account.

  • Select the "Virtual Machines" menu item.

  • Select your cloud server from the resulting list.

  • On the server detail page, click the "Manage in the AWS Cloud Console" button.

    AWS Cloud security configuration

  • You will be redirected to the AWS Cloud Console. Log in if needed.

  • Select the instance in the dashboard.

  • In the lower panel, click the name of the security group used by the instance.

    AWS Cloud security configuration

  • The resulting page will display the details of the selected security group. In the lower panel, select the "Inbound" tab to display a list of all the ports allowing inbound traffic.

  • Click the "Edit" button.

    AWS Cloud security configuration

  • In the resulting dialog, select the "Add Rule" button and add a new "Custom TCP Rule" using the following guidelines:
    • Port: Enter the port number or port range needed by the application
    • Source: Use "Anywhere" to allow access from anywhere, or use "Custom IP" and specify an IP address range
  • Click the "Save" button to save your changes.

As an example, review the image below which demonstrates opening port 21 (the FTP port) for access.

AWS Cloud security configuration

Your security rule comes into effect immediately without any need to restart the server.

How to close the server ports and deny remote access?

To close a server port and deny remote access on that port, follow these steps:

  • Browse to the Bitnami Launchpad for AWS Cloud and sign in if required using your Bitnami account.

  • Select the "Virtual Machines" menu item.

  • Select your cloud server from the resulting list.

  • On the server detail page, click the "Manage in the AWS Cloud Console" button.

    AWS Cloud security configuration

  • You will be redirected to the AWS Cloud Console. Log in if needed.

  • Select the instance in the dashboard.

  • In the lower panel, click the name of the security group used by the instance.

    AWS Cloud security configuration

  • The resulting page will display the details of the selected security group. In the lower panel, select the "Inbound" tab to display a list of all the ports allowing inbound traffic.

  • Click the "Edit" button.

    AWS Cloud security configuration

  • In the resulting dialog, click the cross next to the security rule for the port(s) you wish to close. This will delete the security rule, thereby denying inbound traffic on that port

    AWS Cloud security configuration

  • Click the "Save" button to save your changes.

Your security rule comes into effect immediately without any need to restart the server.

How to upload files to the server with SFTP?

NOTE: Bitnami applications can be found in /opt/bitnami/apps.

The first step is to ensure that you have an SSH key for your server.

If you are using the Bitnami Launchpad for AWS Cloud, download the SSH key for your server in .ppk format (for FileZilla or WinSCP) or in .pem format (for Cyberduck) from the Launchpad detail page for your server.

SSH keys

Although you can use any SFTP/SCP client to transfer files to your server, this guide documents FileZilla (Windows, Linux and Mac OS X), WinSCP (Windows) and Cyberduck (Mac OS X).

Using an SSH Key

Once you have your server's SSH key, choose your preferred application and follow the steps below to connect to the server using SFTP.

FileZilla
IMPORTANT: To use FileZilla, your server private key should be in PPK format.

Follow these steps:

  • Download and install FileZilla.
  • Launch FileZilla and use the "Edit -> Settings" command to bring up FileZilla's configuration settings.
  • Within the "Connection -> SFTP" section, use the "Add keyfile" command to select the private key file for the server. FileZilla will use this private key to log in to the server. FileZilla configuration
  • Use the "File -> Site Manager -> New Site" command to bring up the FileZilla Site Manager, where you can set up a connection to your server.
  • Enter your server host name and specify bitnami as the user name.
  • Select "SFTP" as the protocol and "Ask for password" as the logon type. FileZilla configuration
  • Use the "Connect" button to connect to the server and begin an SFTP session. You might need to accept the server key, by clicking "Yes" or "OK" to proceed.

You should now be logged into the /home/bitnami directory on the server. You can now transfer files by dragging and dropping them from the local server window to the remote server window.

If you have problems accessing your server, get extra information by use the "Edit -> Settings -> Debug" menu to activate FileZilla's debug log.

FileZilla debug log

WinSCP
IMPORTANT: To use WinSCP, your server private key should be in .ppk format.

Follow these steps:

  • Download and install WinSCP.
  • Launch WinSCP and in the "Session" panel, select "SFTP" as the file protocol.
  • Enter your server host name and specify bitnami as the user name. WinSCP configuration
  • Click the "Advanced…" button and within the "SSH -> Authentication -> Authentication parameters" section, select the private key file for the server. WinSCP will use this private key to log in to the server. WinSCP configuration
  • From the "Session" panel, use the "Login" button to connect to the server and begin an SCP session.

You should now be logged into the /home/bitnami directory on the server. You can now transfer files by dragging and dropping them from the local server window to the remote server window.

If you need to upload files to a location where the bitnami user doesn't have write permissions, you have two options:

  • Once you have configured WinSCP as described above, click the "Advanced…" button and within the "Environment -> Shell" panel, select sudo su - as your shell. This will allow you to upload files using the administrator account. WinSCP configuration
  • Upload the files to the /home/bitnami directory as usual. Then, connect via SSH and move the files to the desired location with the sudo command, as shown below:

       $ sudo mv /home/bitnami/uploaded-file /path/to/desired/location/
    
Cyberduck
IMPORTANT: To use Cyberduck, your server private key should be in .pem format.

Follow these steps:

  • Select the "Open Connection" command and specify "SFTP" as the connection protocol. Cyberduck configuration

  • In the connection details panel, under the "More Options" section, enable the "Use Public Key Authentication" option and specify the path to the private key file for the server. Cyberduck configuration

  • Use the "Connect" button to connect to the server and begin an SFTP session.

You should now be logged into the /home/bitnami directory on the server. You can now transfer files by dragging and dropping them from the local server window to the remote server window.

How to configure a static IP address?

To configure a static IP address:

  • Browse to the Bitnami Launchpad for AWS Cloud and sign in if required using your Bitnami account.

  • Select the "Virtual Machines" menu item.

  • Select your cloud server from the resulting list.

  • On the server detail page, click the "Manage in the AWS Cloud Console" button.

    AWS IP address configuration

  • You will be redirected to the AWS Cloud Console. Log in if needed. Note the instance ID of the server.

  • In the left navigation bar, select the "Network & Security -> Elastic IPs" menu item.

  • Click the "Allocate New Address" button.

  • In the confirmation dialog, click the "Yes, Allocate" button.

    AWS IP address configuration

A new static IP address will be generated and will appear in the list of available IP addresses.

AWS IP address configuration

Next:

  • From the "Actions" drop-down menu, select the "Associate Address" menu item.

    AWS IP address configuration

  • In the resulting dialog box, enter the instance ID of your server and click the "Associate" button.

    AWS IP address configuration

The elastic IP address will now be assigned to your server and will persist across shutdown/reboot operations.

How to associate an existing IP address with a new instance?

To associate an existing IP address with a new instance, follow these steps:

  • Log in to the AWS Management Console.

  • In the left navigation bar, select the "Network & Security -> Elastic IPs" menu item.

  • From the "Actions" drop-down menu, select the "Associate Address" menu item.

    AWS IP address configuration

  • In the resulting dialog box, enter the instance ID of the new server and click the "Associate" button.

    AWS IP address configuration

The elastic IP address will now be assigned to your server and will persist across shutdown/reboot operations.

How to configure a custom domain?

To use a custom domain with a server started through the Bitnami Launchpad, follow these steps:

Configure a static IP address for your cloud server

Follow these instructions.

Configure the domain in your DNS provider

The next step is to update your domain's DNS settings, specifically by adding an A record that points to the static IP address of your cloud server.

This change can only be accomplished through your domain name provider; it cannot be made through the Bitnami Launchpad. You will therefore need to log in to your domain name provider's management console and make the necessary changes. Step-by-step instructions for some popular providers are listed below:

Remember that once you make the necessary changes, it can take up to 48 hours for the change to propagate across other DNS servers. You can verify the new DNS record by using the Global DNS Propagation Checker and entering your domain name into the search field.

At the end of this step, entering your custom domain name into the browser address bar should take you to your Bitnami application on the cloud server, as shown below:

Custom domain in browser

Update application configuration

For some applications, such as Prestashop, it is also necessary to perform additional configuration so that the application "knows" its domain and the domain name is correctly reflected in application URLs. This is easily accomplished with the command-line Bitnami Configuration tool, bnconfig, which will update the application configuration and database to use the new domain wherever needed.

To use this tool, follow these steps:

  • Log in to your server console (instructions).
  • Change to your application directory, usually located under /opt/bitnami/apps/APP-NAME.
  • Execute the following command:

     $ sudo ./bnconfig --machine_hostname DOMAIN-NAME
    

For example, to configure Prestashop to use the domain my-shop.com, use the commands below:

$ cd /opt/bitnami/apps/prestashop
$ sudo ./bnconfig --machine_hostname my-shop.com

Or, to configure your WordPress Multisite blog to use the primary domain my-blog.com, use the commands below:

$ cd /opt/bitnami/apps/wordpress
$ sudo ./bnconfig --machine_hostname my-blog.com

How to backup a server?

IMPORTANT: We strongly recommend creating a backup of your server prior to any major changes or upgrades.

To create a backup, you will use AWS Cloud Console's snapshot feature. This feature creates a new snapshot of the disk, which can later be used to restore the server to an earlier state. Follow the steps below:

  • Browse to the Bitnami Launchpad for AWS Cloud and sign in if required using your Bitnami account.

  • Select the "Virtual Machines" menu item.

  • Select your cloud server from the resulting list.

  • On the server detail page, click the "Manage in the AWS Cloud Console" button.

    AWS snapshot

  • You will be redirected to the AWS Cloud Console. Log in if needed. Note the instance ID of the server.

  • In the left navigation bar, select the "Elastic Block Store -> Volumes" menu item.

  • Review the list of volumes and identify the one attached to the server you wish to back up, using the instance ID in the "Attachment Information" column. Note the name of the volume.

    AWS snapshot

  • In the left navigation bar, select the "Elastic Block Store -> Snapshots" menu item.

  • Click the "Create Snapshot" button.

  • In the resulting dialog, enter the volume name you identified earlier. Also, provide a name and description for the snapshot.

  • Click "Create" to create a snapshot of the disk.

    AWS snapshot

Your new snapshot will be created and will appear in the list of snapshots.

How to change the server type?

The Bitnami Launchpad for AWS Cloud only supports server sizing during the initial server build process. Since the server is accessible via the AWS Cloud Console, you can get a resized version of the server from there afterwards if needed.

The procedure consists of creating a new server using the same disk as the server to be resized, and then deleting the old one following the steps below.

  • Browse to the Bitnami Launchpad for AWS Cloud and sign in if required using your Bitnami account.

  • Select the "Virtual Machines" menu item.

  • Select your cloud server from the resulting list. Note the server name.

  • On the server detail page, click the "Manage in the AWS Cloud Console" button.

    AWS snapshot

  • You will be redirected to the AWS Cloud Console. Log in if needed.

  • In the left navigation bar, select the "Instances -> Instances" menu item.

  • Select your instance in the dashboard.

  • From the "Actions" drop-down menu, select the "Instance State -> Stop" menu item.

    AWS snapshot

  • Once the instance has stopped, select the "Instance Settings -> Change Instance type" menu item.

    AWS snapshot

  • In the resulting dialog, select the new server size and click "Apply".

    AWS snapshot

  • From the "Actions" drop-down menu, select the "Instance State -> Start" menu item.

    AWS snapshot

The server should restart using the new type.

How to clone an AWS server instance?

  • Log in to the AWS Management Console.

  • Select your instance and then select the "Create Image" option in the "Actions" menu.

    AWS server cloning

  • Specify the name for the new image and then click the "Create Image" button.

    AWS server cloning

    AWS server cloning

  • Launch a new instance with the image.

    AWS server cloning

Remember to select your current key pair or create a new one as shown below:

AWS server cloning

The new instance, once launched, will be a clone of the original instance.

How to migrate an Amazon instance to a different region?

  • Log in to the AWS Management Console.

  • Select your instance and then select the "Create Image" option in the "Actions" menu.

    AWS server cloning

  • Specify the name for the new image and then click the "Create Image" button.

    AWS server cloning

    AWS server cloning

  • From the "AMIs" menu in the navigation panel, select the new image and select the "Copy AMI" option in the "Actions" menu.

  • Specify the new region in the resulting dialog window and click the "Copy AMI" button.

    AWS server cloning

You will now be able to launch a new instance with the image in the new region.

How to launch T2, C4 or M4 instances using the AWS Launchpad?

T2, C4 and M4 instances can only be launched in an Amazon Virtual Private Cloud (VPC). A default VPC is usually configured for an AWS account when it is first created, but some older AWS accounts may not have this default VPC. For these accounts, it is not possible to launch T2, C4 or M4 instances using the AWS Launchpad.

To resolve this, create a new AWS account and associate it with the AWS Launchpad using the "Account -> Cloud Accounts" menu. Read more about this in the AWS documentation.

How to configure your application to use a third-party SMTP service for outgoing email?

Bitnami applications can be configured to use a third-party SMTP service for outgoing email. Examples of such third-party SMTP services are SendGrid and Mandrill. Instructions for using both these are provided below.

SendGrid

SendGrid's SMTP service can be accessed using your SendGrid account credentials. These credentials can be obtained by logging in to the SendGrid website and visiting the "Account Details" page.

SendGrid configuration

To configure your application to send email through SendGrid's SMTP service, use the settings below. Replace USERNAME with your SendGrid account username and PASSWORD with your SendGrid account password.

  • SMTP host: smtp.sendgrid.net
  • SMTP port: 25 or 587 for unencrypted/TLS email, 465 for SSL-encrypted email
  • SMTP username: USERNAME
  • SMTP password: PASSWORD

Here's an example of configuring WordPress to use SendGrid:

WordPress with SendGrid

More information is available in the SendGrid documentation.

Mandrill

Mandrill's SMTP service requires an API key for access. To obtain this key, log in to the Mandrill website, navigate to the "SMTP & API" section and create an API key. Note the SMTP server name, username and API key, as these serve as your credentials for accessing the Mandrill SMTP server.

Mandrill configuration

To configure your application to send email through Mandrill's SMTP service, use the settings below. Replace USERNAME with your SMTP username and API-KEY with the generated API key.

  • SMTP host: smtp.mandrillapp.com
  • SMTP port: 25, 587 or 2525 for unencrypted/TLS email, 465 for SSL-encrypted email
  • SMTP username: USERNAME
  • SMTP password: API-KEY

Here's an example of configuring WordPress to use Mandrill:

WordPress with Mandrill

More information is available in the Mandrill documentation.

Similar steps can be followed for other third-party SMTP services as well. Consult your service provider's documentation to obtain details on authentication credentials and available ports.

What does the SSH warning 'REMOTE HOST IDENTIFICATION HAS CHANGED' mean?

This warning is normal when trying to connect to the same IP address but a different machine - for instance, when you assign the same static IP address to another server. You can fix the problem by removing the IP address that you are trying to connect to from your ~/.ssh/known_hosts file.

If you use PuTTY, the SSH key mismatch warning looks like the image below:

SSH warning

In this case, click "Yes" if you know the reason for the key mismatch (IP address reassigned to another server, machine replaced, and so on).