Best practice to manage Information Technology System in Factory and Manufacturing Environment
最近,工厂又發生大件事,一名員工在宿舍被殺身亡,疑似是情殺,但是疑兇其後亦在它處被發現自殺身亡,雖然遇害員工是非工傷死亡,但是因為事件發生在宿舍,工厂仍有一定的責任,根據律師估計,工厂賠償不會超過廿萬元,可是,家屬要求工厂賠償八十萬,認真獅子大開口,家屬不肯讓步,談判失敗。這些大陸人的心態,不管合不合理,有機會便盡刮一筆錢,真令人失望。
現時,家屬開始搗事,在工厂門口擺放祭壇,滋擾工厂,而工厂管理層現階段十分忍讓,非必要時不會找公安或外經幫手。
時近年尾春節,發生此事,真是大吉利事,而且工厂的春茗晚飯也因此取消,各人也沒心情興祝啦!希望此事早點完結,死者入土為安,家屬節哀,重新生活吧!
Source: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html
By default, instances that you launch into a virtual private cloud (VPC) can’t communicate with your own network. You can enable access to your network from your VPC by attaching a virtual private gateway to the VPC, creating a custom route table, updating your security group rules, and creating an AWS managed VPN connection.
Although the term VPN connection is a general term, in the Amazon VPC documentation, a VPN connection refers to the connection between your VPC and your own network. AWS supports Internet Protocol security (IPsec) VPN connections.
Your AWS managed VPN connection is either an AWS Classic VPN or an AWS VPN. For more information, see AWS Managed VPN Categories.
Important
We currently do not support IPv6 traffic through a VPN connection.
Topics
For information about how you’re charged for using a VPN connection with your VPC, see the Amazon VPC product page.
A VPN connection consists of the following components. For more information about VPN limits, see Amazon VPC Limits.
A virtual private gateway is the VPN concentrator on the Amazon side of the VPN connection. You create a virtual private gateway and attach it to the VPC from which you want to create the VPN connection.
When you create a virtual private gateway, you can specify the private Autonomous System Number (ASN) for the Amazon side of the gateway. If you don’t specify an ASN, the virtual private gateway is created with the default ASN (64512). You cannot change the ASN after you’ve created the virtual private gateway. To check the ASN for your virtual private gateway, view its details in the Virtual Private Gateways screen in the Amazon VPC console, or use the describe-vpn-gateways AWS CLI command.
Note
If you create your virtual private gateway before 2018-06-30, the default ASN is 17493 in the Asia Pacific (Singapore) region, 10124 in the Asia Pacific (Tokyo) region, 9059 in the EU (Ireland) region, and 7224 in all other regions.
A customer gateway is a physical device or software application on your side of the VPN connection.
To create a VPN connection, you must create a customer gateway resource in AWS, which provides information to AWS about your customer gateway device. The following table describes the information you’ll need to create a customer gateway resource.
| Item | Description |
|---|---|
| Internet-routable IP address (static) of the customer gateway’s external interface. | The public IP address value must be static. If your customer gateway is behind a network address translation (NAT) device that’s enabled for NAT traversal (NAT-T), use the public IP address of your NAT device, and adjust your firewall rules to unblock UDP port 4500. |
| The type of routing—static or dynamic. | For more information, see VPN Routing Options. |
| (Dynamic routing only) Border Gateway Protocol (BGP) Autonomous System Number (ASN) of the customer gateway. | You can use an existing ASN assigned to your network. If you don’t have one, you can use a private ASN (in the 64512–65534 range).If you use the VPC wizard in the console to set up your VPC, we automatically use 65000 as the ASN. |
To use Amazon VPC with a VPN connection, you or your network administrator must also configure the customer gateway device or application. When you create the VPN connection, we provide you with the required configuration information and your network administrator typically performs this configuration. For information about the customer gateway requirements and configuration, see the Your Customer Gateway in the Amazon VPC Network Administrator Guide.
The VPN tunnel comes up when traffic is generated from your side of the VPN connection. The virtual private gateway is not the initiator; your customer gateway must initiate the tunnels. If your VPN connection experiences a period of idle time (usually 10 seconds, depending on your configuration), the tunnel may go down. To prevent this, you can use a network monitoring tool to generate keepalive pings; for example, by using IP SLA.
For a list of customer gateways that we have tested with Amazon VPC, see Amazon Virtual Private Cloud FAQs.
Your AWS managed VPN connection is either an AWS Classic VPN connection or an AWS VPN connection. Any new VPN connection that you create is an AWS VPN connection. The following features are supported on AWS VPN connections only:
You can find out the category of your AWS managed VPN connection by using the Amazon VPC console or a command line tool.
To identify the VPN category using the console
VPN indicates an AWS VPN connection. A value of VPN-Classic indicates an AWS Classic VPN connection.To identify the VPN category using a command line tool
Category value. A value of VPN indicates an AWS VPN connection. A value of VPN-Classic indicates an AWS Classic VPN connection.In the following example, the VPN connection is an AWS VPN connection.
aws ec2 describe-vpn-connections --vpn-connection-ids vpn-1a2b3c4d{
"VpnConnections": [
{
"VpnConnectionId": "vpn-1a2b3c4d",
...
"State": "available",
"VpnGatewayId": "vgw-11aa22bb",
"CustomerGatewayId": "cgw-ab12cd34",
"Type": "ipsec.1",
"Category": "VPN"
}
]
}Alternatively, use one of the following commands:
If your existing VPN connection is an AWS Classic VPN connection, you can migrate to an AWS VPN connection by creating a new virtual private gateway and VPN connection, detaching the old virtual private gateway from your VPC, and attaching the new virtual private gateway to your VPC.
If your existing virtual private gateway is associated with multiple VPN connections, you must recreate each VPN connection for the new virtual private gateway. If there are multiple AWS Direct Connect private virtual interfaces attached to your virtual private gateway, you must recreate each private virtual interface for the new virtual private gateway. For more information, see Creating a Virtual Interface in the AWS Direct Connect User Guide.
If your existing AWS managed VPN connection is an AWS VPN connection, you cannot migrate to an AWS Classic VPN connection.
Note
During this procedure, connectivity over the current VPC connection is interrupted when you disable route propagation and detach the old virtual private gateway from your VPC. Connectivity is restored when the new virtual private gateway is attached to your VPC and the new VPN connection is active. Ensure that you plan for the expected downtime.
To migrate to an AWS VPN connection
Note
From this step onwards, connectivity is interrupted until the new virtual private gateway is attached and the new VPN connection is active.
UP.
Note
If you need to revert to your previous configuration, detach the new virtual private gateway and follow steps 8 and 9 to re-attach the old virtual private gateway and update your routes.
Important
After you’ve deleted the AWS Classic VPN connection, you cannot revert or migrate your new AWS VPN connection back to an AWS Classic VPN connection.
The following diagrams illustrate single and multiple VPN connections. The VPC has an attached virtual private gateway, and your network includes a customer gateway, which you must configure to enable the VPN connection. You set up the routing so that any traffic from the VPC bound for your network is routed to the virtual private gateway.
When you create multiple VPN connections to a single VPC, you can configure a second customer gateway to create a redundant connection to the same external location. You can also use it to create VPN connections to multiple geographic locations.
When you create a VPN connection, you must do the following:
The type of routing that you select can depend on the make and model of your VPN devices. If your VPN device supports Border Gateway Protocol (BGP), specify dynamic routing when you configure your VPN connection. If your device does not support BGP, specify static routing. For a list of static and dynamic routing devices that have been tested with Amazon VPC, see the Amazon Virtual Private Cloud FAQs.
When you use a BGP device, you don’t need to specify static routes to the VPN connection because the device uses BGP to advertise its routes to the virtual private gateway. If you use a device that doesn’t support BGP, you must select static routing and enter the routes (IP prefixes) for your network that should be communicated to the virtual private gateway.
We recommend that you use BGP-capable devices, when available, because the BGP protocol offers robust liveness detection checks that can assist failover to the second VPN tunnel if the first tunnel goes down. Devices that don’t support BGP may also perform health checks to assist failover to the second tunnel when needed.
Route tables determine where network traffic is directed. In your route table, you must add a route for your network and specify the virtual private gateway as the target. This enables traffic destined for your network to route via the virtual private gateway and over one of the VPN tunnels. You can enable route propagation for your route table to automatically propagate your network routes to the table for you.
Only IP prefixes that are known to the virtual private gateway, whether through BGP advertisements or static route entry, can receive traffic from your VPC. The virtual private gateway does not route any other traffic destined outside of received BGP advertisements, static route entries, or its attached VPC CIDR.
When a virtual private gateway receives routing information, it uses path selection to determine how to route traffic to your network. Longest prefix match applies; otherwise, the following rules apply:
If you have overlapping routes within a VPN connection and longest prefix match cannot be applied, then we prioritize the routes as follows in the VPN connection, from most preferred to least preferred:
In this example, your route table has a static route to an internet gateway (that you added manually), and a propagated route to a virtual private gateway. Both routes have a destination of 172.31.0.0/24. In this case, all traffic destined for 172.31.0.0/24 is routed to the internet gateway — it is a static route and therefore takes priority over the propagated route.
| Destination | Target |
|---|---|
| 10.0.0.0/16 | Local |
| 172.31.0.0/24 | vgw-1a2b3c4d (propagated) |
| 172.31.0.0/24 | igw-11aa22bb |
You use a VPN connection to connect your network to a VPC. Each VPN connection has two tunnels, with each tunnel using a unique virtual private gateway public IP address. It is important to configure both tunnels for redundancy. When one tunnel becomes unavailable (for example, down for maintenance), network traffic is automatically routed to the available tunnel for that specific VPN connection.
The following diagram shows the two tunnels of the VPN connection.
When you create a VPN connection, you download a configuration file specific to your customer gateway device that contains information for configuring the device, including information for configuring each tunnel. You can optionally specify some of the tunnel options yourself when you create the VPN connection. Otherwise, AWS provides default values.
The following table describes the tunnel options that you can configure.
| Item | Description | AWS-provided default value |
|---|---|---|
| Inside tunnel CIDR | The range of inside IP addresses for the VPN tunnel. You can specify a size /30 CIDR block from the 169.254.0.0/16range. The CIDR block must be unique across all VPN connections that use the same virtual private gateway.The following CIDR blocks are reserved and cannot be used:
|
A size /30 CIDR block from the 169.254.0.0/16range. |
| Pre-shared key (PSK) | The pre-shared key (PSK) to establish the initial IKE Security Association between the virtual private gateway and customer gateway.The PSK must be between 8 and 64 characters in length and cannot start with zero (0). Allowed characters are alphanumeric characters, periods (.), and underscores (_). | A 32-character alphanumeric string. |
You cannot modify tunnel options after you create the VPN connection. To change the inside tunnel IP addresses or the PSKs for an existing connection, you must delete the VPN connection and create a new one. You cannot configure tunnel options for an AWS Classic VPN connection.
As described earlier, a VPN connection has two tunnels to help ensure connectivity in case one of the VPN connections becomes unavailable. To protect against a loss of connectivity in case your customer gateway becomes unavailable, you can set up a second VPN connection to your VPC and virtual private gateway by using a second customer gateway. By using redundant VPN connections and customer gateways, you can perform maintenance on one of your customer gateways while traffic continues to flow over the second customer gateway’s VPN connection. To establish redundant VPN connections and customer gateways on your network, you need to set up a second VPN connection. The customer gateway IP address for the second VPN connection must be publicly accessible.
The following diagram shows the two tunnels of each VPN connection and two customer gateways.
Dynamically routed VPN connections use the Border Gateway Protocol (BGP) to exchange routing information between your customer gateways and the virtual private gateways. Statically routed VPN connections require you to enter static routes for the network on your side of the customer gateway. BGP-advertised and statically entered route information allow gateways on both sides to determine which tunnels are available and reroute traffic if a failure occurs. We recommend that you configure your network to use the routing information provided by BGP (if available) to select an available path. The exact configuration depends on the architecture of your network.
Source: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/SetUpVPNConnections.html
Use the following procedures to manually set up the VPN connection. Alternatively, you can let the VPC creation wizard take care of many of these steps for you. For more information about using the VPC creation wizard to set up the virtual private gateway, see Scenario 3: VPC with Public and Private Subnets and AWS Managed VPN Access or Scenario 4: VPC with a Private Subnet Only and AWS Managed VPN Access.
To set up a VPN connection, you need to complete the following steps:
These procedures assume that you have a VPC with one or more subnets.
A customer gateway provides information to AWS about your customer gateway device or software application. For more information, see Customer Gateway.
To create a customer gateway using the console
Name and the value that you specify.To create a customer gateway using the command line or API
When you create a virtual private gateway, you can optionally specify the private Autonomous System Number (ASN) for the Amazon side of the gateway. The ASN must be different from the BGP ASN specified for the customer gateway.
After you create a virtual private gateway, you must attach it to your VPC.
To create a virtual private gateway and attach it to your VPC
Name and the value that you specify.To create a virtual private gateway using the command line or API
To attach a virtual private gateway to a VPC using the command line or API
To enable instances in your VPC to reach your customer gateway, you must configure your route table to include the routes used by your VPN connection and point them to your virtual private gateway. You can enable route propagation for your route table to automatically propagate those routes to the table for you.
For static routing, the static IP prefixes that you specify for your VPN configuration are propagated to the route table when the status of the VPN connection is UP. Similarly, for dynamic routing, the BGP-advertised routes from your customer gateway are propagated to the route table when the status of the VPN connection is UP.
Note
If your connection is interrupted, any propagated routes in your route table are not automatically removed. You may have to disable route propagation to remove the propagated routes; for example, if you want traffic to fail over to a static route.
To enable route propagation using the console
Note
For static routing, if you do not enable route propagation, you must manually enter the static routes used by your VPN connection. To do this, select your route table, choose Routes, Edit. For Destination, add the static route used by your VPN connection . For Target, select the virtual private gateway ID, and choose Save.
To disable route propagation using the console
To enable route propagation using the command line or API
To disable route propagation using the command line or API
To allow access to instances in your VPC from your network, you must update your security group rules to enable inbound SSH, RDP, and ICMP access.
To add rules to your security group to enable inbound SSH, RDP and ICMP access
For more information about working with security groups using the AWS CLI, see Security Groups for Your VPC.
After you create the VPN connection, download the configuration information and use it to configure the customer gateway device or software application.
To create a VPN connection and configure the customer gateway
Name and the value that you specify.169.254.0.0/16 range for the inside tunnel IP addresses.For more information about these options, see Configuring the VPN Tunnels for Your VPN Connection.
It may take a few minutes to create the VPN connection. When it’s ready, select the connection and choose Download Configuration.
To create a VPN connection using the command line or API
For static routing, you can add, modify, or remove the static routes for your VPN configuration.
To add, modify, or remove a static route
Note
If you have not enabled route propagation for your route table, you must manually update the routes in your route table to reflect the updated static IP prefixes in your VPN connection. For more information, see Enable Route Propagation in Your Route Table.
To add a static route using the command line or API
To delete a static route using the command line or API
If you believe that the tunnel credentials for your VPN connection have been compromised, you can change the IKE pre-shared key. To do so, delete the VPN connection, create a new one using the same virtual private gateway, and configure the new keys on your customer gateway. You can specify your own pre-shared keys when you create the VPN connection. You also need to confirm that the tunnel’s inside and outside addresses match, because these might change when you recreate the VPN connection. While you perform the procedure, communication with your instances in the VPC stops, but the instances continue to run uninterrupted. After the network administrator implements the new configuration information, your VPN connection uses the new credentials, and the network connection to your instances in the VPC resumes.
Important
This procedure requires assistance from your network administrator group.
To change the IKE pre-shared key
Source: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario4.html
The configuration for this scenario includes a virtual private cloud (VPC) with a single private subnet, and a virtual private gateway to enable communication with your own network over an IPsec VPN tunnel. There is no Internet gateway to enable communication over the Internet. We recommend this scenario if you want to extend your network into the cloud using Amazon’s infrastructure without exposing your network to the Internet.
This topic assumes that you’ll use the VPC wizard in the Amazon VPC console to create the VPC and the VPN connection.
This scenario can also be optionally configured for IPv6—you can use the VPC wizard to create a VPC and subnet with associated IPv6 CIDR blocks. Instances launched into the subnet can receive IPv6 addresses. Currently, we do not support IPv6 communication over a VPN connection; however, instances in the VPC can communicate with each other via IPv6. For more information about IPv4 and IPv6 addressing, see IP Addressing in Your VPC.
The following diagram shows the key components of the configuration for this scenario.
Important
For this scenario, the Amazon VPC Network Administrator Guide describes what your network administrator needs to do to configure the Amazon VPC customer gateway on your side of the VPN connection.
The configuration for this scenario includes the following:
For more information about subnets, see VPCs and Subnets and IP Addressing in Your VPC. For more information about your VPN connection, see AWS Managed VPN Connections. For more information about configuring a customer gateway, see the Amazon VPC Network Administrator Guide.
You can optionally enable IPv6 for this scenario. In addition to the components listed above, the configuration includes the following:
Your VPC has an implied router (shown in the configuration diagram for this scenario). In this scenario, the VPC wizard creates a route table that routes all traffic destined for an address outside the VPC to the VPN connection, and associates the route table with the subnet.
The following describes the route table for this scenario. The first entry is the default entry for local routing in the VPC; this entry enables the instances in this VPC to communicate with each other. The second entry routes all other subnet traffic to the virtual private gateway (for example, vgw-1a2b3c4d).
| Destination | Target |
|---|---|
| 10.0.0.0/16 | local |
| 0.0.0.0/0 | vgw-id |
The VPN connection is configured either as a statically-routed VPN connection or as a dynamically routed VPN connection (using BGP). If you select static routing, you’ll be prompted to manually enter the IP prefix for your network when you create the VPN connection. If you select dynamic routing, the IP prefix is advertised automatically to your VPC through BGP.
The instances in your VPC can’t reach the Internet directly; any Internet-bound traffic must first traverse the virtual private gateway to your network, where the traffic is then subject to your firewall and corporate security policies. If the instances send any AWS-bound traffic (for example, requests to Amazon S3 or Amazon EC2), the requests must go over the virtual private gateway to your network and then to the Internet before reaching AWS. Currently, we do not support IPv6 for VPN connections.
If you associate an IPv6 CIDR block with your VPC and subnets, your route table includes separate routes for IPv6 traffic. The following describes the custom route table for this scenario. The second entry is the default route that’s automatically added for local routing in the VPC over IPv6.
| Destination | Target |
|---|---|
| 10.0.0.0/16 | local |
| 2001:db8:1234:1a00::/56 | local |
| 0.0.0.0/0 | vgw-id |
AWS provides two features that you can use to increase security in your VPC: security groups and network ACLs. Security groups control inbound and outbound traffic for your instances, and network ACLs control inbound and outbound traffic for your subnets. In most cases, security groups can meet your needs; however, you can also use network ACLs if you want an additional layer of security for your VPC. For more information, see Security.
For scenario 4, you’ll use the default security group for your VPC but not a network ACL. If you’d like to use a network ACL, see Recommended Rules for Scenario 4.
Your VPC comes with a default security group whose initial settings deny all inbound traffic, allow all outbound traffic, and allow all traffic between the instances assigned to the security group. For this scenario, we recommend that you add inbound rules to the default security group to allow SSH traffic (Linux) and Remote Desktop traffic (Windows) from your network.
Important
The default security group automatically allows assigned instances to communicate with each other, so you don’t have to add a rule to allow this. If you use a different security group, you must add a rule to allow this.
The following table describes the inbound rules that you should add to the default security group for your VPC.
Default Security Group: Recommended Rules
| Inbound | |||
| Source | Protocol | Port Range | Comments |
| Private IPv4 address range of your network | TCP | 22 | (Linux instances) Allow inbound SSH traffic from your network. |
| Private IPv4 address range of your network | TCP | 3389 | (Windows instances) Allow inbound RDP traffic from your network. |
If you associate an IPv6 CIDR block with your VPC and subnets, you must add separate rules to your security group to control inbound and outbound IPv6 traffic for your instances. In this scenario, the database servers cannot be reached over the VPN connection using IPv6; therefore, no additional security group rules are required.
To implement scenario 4, get information about your customer gateway, and create the VPC using the VPC wizard, The VPC wizard creates a VPN connection for you with a customer gateway and virtual private gateway.
To prepare your customer gateway
Use the VPC wizard to create your VPC and a VPN connection.
To create a VPC using the VPC wizard
00).For more information, see VPN Routing Options.
For this scenario, you need to update the default security group with new inbound rules that allow SSH and Remote Desktop (RDP) access from your network. If you don’t want instances to initiate outbound communication, you can also remove the default outbound rule.
To update the rules for the default security group
172.0.0.0/8.After your network administrator configures your customer gateway, you can launch instances into your VPC. If you’re already familiar with launching instances outside a VPC, then you already know most of what you need to know to launch an instance into a VPC.
To launch an instance
Note
If you intend to use your instance for IPv6 communication, you must choose a supported instance type; for example, T2. For more information, see Amazon EC2 Instance Types.
In scenario 4, you need a DNS server that enables your VPN-only subnet to communicate with servers in your network. You must create a new set of DHCP options that includes your DNS server and then configure the VPC to use that set of options.
Note
Your VPC automatically has a set of DHCP options with domain-name-servers=AmazonProvidedDNS. This is a DNS server that Amazon provides to enable any public subnets in your VPC to communicate with the Internet over an Internet gateway. Scenario 4 doesn’t have any public subnets, so you don’t need this set of DHCP options.
To update the DHCP options
You can now use SSH or RDP to connect to your instance in the VPC. For information about how to connect to a Linux instance, see Connect to Your Linux Instance in the Amazon EC2 User Guide for Linux Instances. For information about how to connect to a Windows instance, see Connect to Your Windows Instance in the Amazon EC2 User Guide for Windows Instances.
from Web Source: https://aws.amazon.com/getting-started/tutorials/launch-a-wordpress-website/
Now you are in the EC2 dashboard, click Launch Instance from the dashboard to create and configure your virtual machine.
Now you’re in the Amazon EC2 configuration wizard, we will be using an existing Amazon Machine Image (AMI) from the AWS Marketplace that has WordPress already installed. The AWS Marketplace provides access to thousands of pre-configured images for common pieces of software.
a. Click on AWS Marketplace on the left-hand side, search for WordPress, look for WordPress powered by BitNami, then click Select.
b. You will be presented a detailed pricing page. In this case, the price will be $0.00 for the software regardless of the size of the instance that you use.
Scroll to the bottom and click Continue.
c. For this tutorial, we will be using a free-tier eligible t2.micro instance. Click on t2.micro in the Type column (it should be the first one), then click Next: Configure Instance Details. It may take a few seconds to load.
On the following screens, click Next: Add Storage and then Next: Tag Instance.
d. We will set a name for your instance in this step. Enter Name in the Key box and WordPress in the Value box. Click Review and Launch to continue.
e. You can review your instance configurations, then click Launch when you’re ready to start your Amazon EC2 instance running WordPress.
f. The next screen deals with key-pairs. Key-pairs are how you can connect to your EC2 instances via a terminal program using Secure Shell (SSH). Select Proceed without a key pair, and check the box acknowledging that you know you need this key to access your EC2 instance.
Click Launch Instances to launch your instance. Be aware that starting the instance up may take a few minutes.
Note: To connect to your instance directly, you will need to create a new key pair. For instructions on creating a key pair and connecting to an instance, see steps 2 d.-2 f. and 3 of the tutorial: Launch a Linux Virtual Machine.
g. Click View Instances on the bottom right of the page (you may need to scroll down to see it). Then select the WordPress instance, make sure the Instance State says running. If Instance State says launching then AWS is still preparing your WordPress instance.
h. Once your instance is running, you can now test your WordPress website. Find the Public IP for your instance at the bottom of this page.
i. Copy the Public IP into a new tab in your web browser, and you should see a Hello World blog page appear.
Now that you have your WordPress site up and running, it’s time to log into its administration page so you can customize your site. To find your password, please follow the steps below:
a. Switch back to your EC2 management console in your web browser. Select WordPress instance, and click the Actions button. In the drop down menu, select Instance Setting, and choose Get System Log.
b. In the system log window, scroll through to the bottom to find the password that’s surrounded by hash marks.
c. Now that you have your password, switch back to the tab that you used to access the WordPress Hello Worldpage. Add /admin to the end of the URL so it looks something like 54.192.32.144/admin. Hit enter.
Enter the Username user and the Password that you read from the log file.
Congratulations! You now have your WordPress site up and running. You can now manage, customize, and configure it as you like.
Now that you have your WordPress site up and running. You need to make it easy for people to get to. In the next tutorial we’ll register a domain name for your website so people can find it easily, and we’ll connect that domain name to your currently running instance.
Associate a Domain Name with Your Website Using Amazon Route 53 »
from web Source: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/hosting-wordpress.html
The following procedures will help you install, configure, and secure a WordPress blog on your Amazon Linux instance. This tutorial is a good introduction to using Amazon EC2 in that you have full control over a web server that hosts your WordPress blog, which is not typical with a traditional hosting service.
You are responsible for updating the software packages and maintaining security patches for your server. For a more automated WordPress installation that does not require direct interaction with the web server configuration, the AWS CloudFormation service provides a WordPress template that can also get you started quickly. For more information, see Getting Started in the AWS CloudFormation User Guide. If you’d prefer to host your WordPress blog on a Windows instance, see Deploying a WordPress Blog on Your Amazon EC2 Windows Instance in the Amazon EC2 User Guide for Windows Instances. If you need a high-availability solution with a decoupled database, see Deploying a High-Availability WordPress Website in the AWS Elastic Beanstalk Developer Guide.
Important
These procedures are intended for use with Amazon Linux. For more information about other distributions, see their specific documentation. Many steps in this tutorial do not work on Ubuntu instances. For help installing WordPress on an Ubuntu instance, see WordPress in the Ubuntu documentation.
This tutorial assumes that you have launched an Amazon Linux instance with a functional web server with PHP and database (either MySQL or MariaDB) support by following all of the steps in Tutorial: Install a LAMP Web Server with the Amazon Linux AMI for Amazon Linux AMI or Tutorial: Install a LAMP Web Server on Amazon Linux 2 for Amazon Linux 2. This tutorial also has steps for configuring a security group to allow HTTP and HTTPS traffic, as well as several steps to ensure that file permissions are set properly for your web server. For information about adding rules to your security group, see Adding Rules to a Security Group.
We strongly recommend that you associate an Elastic IP address (EIP) to the instance you are using to host a WordPress blog. This prevents the public DNS address for your instance from changing and breaking your installation. If you own a domain name and you want to use it for your blog, you can update the DNS record for the domain name to point to your EIP address (for help with this, contact your domain name registrar). You can have one EIP address associated with a running instance at no charge. For more information, see Elastic IP Addresses.
If you don’t already have a domain name for your blog, you can register a domain name with Route 53 and associate your instance’s EIP address with your domain name. For more information, see Registering Domain Names Using Amazon Route 53 in the Amazon Route 53 Developer Guide.
Connect to your instance, and download the WordPress installation package.
To download and unzip the WordPress installation package
[ec2-user ~]$ wget https://wordpress.org/latest.tar.gzwordpress.
[ec2-user ~]$ tar -xzf latest.tar.gzTo create a database user and database for your WordPress installation
Your WordPress installation needs to store information, such as blog post entries and user comments, in a database. This procedure helps you create a database for your blog and a user that is authorized to read and save information to that database.
sudo service mysqld startsudo systemctl start mariadbroot user. Enter your database root password when prompted; this may be different than your root system password, or it may even be empty if you have not secured your database server.
Important
If you have not secured your database server yet, it is very important that you do so. For more information, see To secure the database server.
[ec2-user ~]$ mysql -u root -pCREATE USER 'wordpress-user'@'localhost' IDENTIFIED BY 'your_strong_password';Make sure that you create a strong password for your user. Do not use the single quote character ( ‘ ) in your password, because this will break the preceding command. For more information about creating a secure password, go to http://www.pctools.com/guides/password/. Do not reuse an existing password, and make sure to store this password in a safe place.
wordpress-db.
Note
The punctuation marks surrounding the database name in the command below are called backticks. The backtick (`) key is usually located above the Tab key on a standard keyboard. Backticks are not always required, but they allow you to use otherwise illegal characters, such as hyphens, in database names.
CREATE DATABASE `wordpress-db`;GRANT ALL PRIVILEGES ON `wordpress-db`.* TO "wordpress-user"@"localhost";FLUSH PRIVILEGES;mysql client.
exitTo create and edit the wp-config.php file
The WordPress installation folder contains a sample configuration file called wp-config-sample.php. In this procedure, you copy this file and edit it to fit your specific configuration.
wp-config-sample.php file to a file called wp-config.php. This creates a new configuration file and keeps the original sample file intact as a backup.
[ec2-user wordpress]$ cp wordpress/wp-config-sample.php wordpress/wp-config.phpwp-config.php file with your favorite text editor (such as nano or vim) and enter values for your installation. If you do not have a favorite text editor, nano is much easier for beginners to use.
[ec2-user wordpress]$ nano wordpress/wp-config.phpDB_NAME and change database_name_here to the database name that you created in Step 4 of To create a database user and database for your WordPress installation.
define('DB_NAME', 'wordpress-db');DB_USER and change username_here to the database user that you created in Step 3 of To create a database user and database for your WordPress installation.
define('DB_USER', 'wordpress-user');DB_PASSWORD and change password_here to the strong password that you created in Step 3 of To create a database user and database for your WordPress installation.
define('DB_PASSWORD', 'your_strong_password');Authentication Unique Keys and Salts. These KEY and SALT values provide a layer of encryption to the browser cookies that WordPress users store on their local machines. Basically, adding long, random values here makes your site more secure. Visit https://api.wordpress.org/secret-key/1.1/salt/ to randomly generate a set of key values that you can copy and paste into your wp-config.php file. To paste text into a PuTTY terminal, place the cursor where you want to paste the text and right-click your mouse inside the PuTTY terminal.For more information about security keys, go to http://codex.wordpress.org/Editing_wp-config.php#Security_Keys.
Note
The values below are for example purposes only; do not use these values for your installation.
define('AUTH_KEY', ' #U$$+[RXN8:b^-L 0(WU_+ c+WFkI~c]o]-bHw+)/Aj[wTwSiZ<Qb[mghEXcRh-');
define('SECURE_AUTH_KEY', 'Zsz._P=l/|y.Lq)XjlkwS1y5NJ76E6EJ.AV0pCKZZB,*~*r ?6OP$eJT@;+(ndLg');
define('LOGGED_IN_KEY', 'ju}qwre3V*+8f_zOWf?{LlGsQ]Ye@2Jh^,8x>)Y |;(^[Iw]Pi+LG#A4R?7N`YB3');
define('NONCE_KEY', 'P(g62HeZxEes|LnI^i=H,[XwK9I&[2s|:?0N}VJM%?;v2v]v+;+^9eXUahg@::Cj');
define('AUTH_SALT', 'C$DpB4Hj[JK:?{ql`sRVa:{:7yShy(9A@5wg+`JJVb1fk%_-Bx*M4(qc[Qg%JT!h');
define('SECURE_AUTH_SALT', 'd!uRu#}+q#{f$Z?Z9uFPG.${+S{n~1M&%@~gL>U>NV<zpD-@2-Es7Q1O-bp28EKv');
define('LOGGED_IN_SALT', ';j{00P*owZf)kVD+FVLn-~ >.|Y%Ug4#I^*LVd9QeZ^&XmK|e(76miC+&W&+^0P/');
define('NONCE_SALT', '-97r*V/cgxLmp?Zy4zUU4r99QQ_rGs2LTd%P;|_e1tS)8_B/,.6[=UK<J_y9?JWG');To install your WordPress files under the Apache document root
my.public.dns.amazonaws.commy.public.dns.amazonaws.com/blog[ec2-user ~]$ cp -r wordpress/* /var/www/html/blog:
[ec2-user ~]$ mkdir /var/www/html/blog
[ec2-user ~]$ cp -r wordpress/* /var/www/html/blog/Important
For security purposes, if you are not moving on to the next procedure immediately, stop the Apache web server (httpd) now. After you move your installation under the Apache document root, the WordPress installation script is unprotected and an attacker could gain access to your blog if the Apache web server were running. To stop the Apache web server, enter the command sudo service httpd stop. If you are moving on to the next procedure, you do not need to stop the Apache web server.
To allow WordPress to use permalinks
WordPress permalinks need to use Apache .htaccess files to work properly, but this is not enabled by default on Amazon Linux. Use this procedure to allow all overrides in the Apache document root.
httpd.conf file with your favorite text editor (such as nano or vim). If you do not have a favorite text editor, nano is much easier for beginners to use.
[ec2-user wordpress]$ sudo vim /etc/httpd/conf/httpd.conf<Directory "/var/www/html">.
<Directory "/var/www/html">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>AllowOverride None line in the above section to read AllowOverride All.
Note
There are multiple AllowOverride lines in this file; be sure you change the line in the <Directory "/var/www/html"> section.
AllowOverride AllTo fix file permissions for the Apache web server
Some of the available features in WordPress require write access to the Apache document root (such as uploading media though the Administration screens). If you have not already done so, apply the following group memberships and permissions (as described in greater detail in the LAMP web server tutorial).
/var/www and its contents to the apache user.
[ec2-user wordpress]$ sudo chown -R apache /var/www/var/www and its contents to the apache group.
[ec2-user wordpress]$ sudo chgrp -R apache /var/www/var/www and its subdirectories to add group write permissions and to set the group ID on future subdirectories.
[ec2-user wordpress]$ sudo chmod 2775 /var/www/var/www and its subdirectories to add group write permissions.
[ec2-user wordpress]$ find /var/www -type d -exec sudo chmod 2775 {} ;sudo service httpd restartsudo systemctl restart httpdTo run the WordPress installation script
httpd and database services start at every system boot.
sudo chkconfig enable httpd && sudo chkconfig enable mysqlsudo systemctl enable httpd && sudo systemctl enable mariadbsudo service mysqld statussudo systemctl status mariadbIf the database service is not running, start it.
sudo service mysqld startsudo systemctl start mariadbhttpd) is running.
sudo service httpd statussudo systemctl status httpdIf the httpd service is not running, start it.
sudo service httpd startsudo systemctl start httpdblog folder). You should see the WordPress installation screen.
http://my.public.dns.amazonaws.com
| Field | Value |
|---|---|
| Site Title | Enter a name for your WordPress site. |
| Username | Enter a name for your WordPress administrator. For security purposes, you should choose a unique name for this user, because it will be more difficult to exploit than the default user name,admin. |
| Password | Enter a strong password, and then enter it again to confirm. Do not reuse an existing password, and make sure to store this password in a safe place. |
| Your E-mail | Enter the email address you want to use for notifications. |
Congratulations, you should now be able to log into your WordPress blog and start posting entries.
After you have tested your initial WordPress blog, consider updating its configuration.
Use a Custom Domain Name
If you have a domain name associated with your EC2 instance’s EIP address, you can configure your blog to use that name instead of the EC2 public DNS address. For more information, see http://codex.wordpress.org/Changing_The_Site_URL.
Configure Your Blog
You can configure your blog to use different themes and plugins to offer a more personalized experience for your readers. However, sometimes the installation process can backfire, causing you to lose your entire blog. We strongly recommend that you create a backup Amazon Machine Image (AMI) of your instance before attempting to install any themes or plugins so you can restore your blog if anything goes wrong during installation. For more information, see Creating Your Own AMI.
Increase Capacity
If your WordPress blog becomes popular and you need more compute power or storage, consider the following steps:
Learn More about WordPress
For information about WordPress, see the WordPress Codex help documentation at http://codex.wordpress.org/. For more information about troubleshooting your installation, go to http://codex.wordpress.org/Installing_WordPress#Common_Installation_Problems. For information about making your WordPress blog more secure, go to http://codex.wordpress.org/Hardening_WordPress. For information about keeping your WordPress blog up-to-date, go to http://codex.wordpress.org/Updating_WordPress.
Your WordPress installation is automatically configured using the public DNS address for your EC2 instance. If you stop and restart the instance, the public DNS address changes (unless it is associated with an Elastic IP address) and your blog will not work anymore because it references resources at an address that no longer exists (or is assigned to another EC2 instance). A more detailed description of the problem and several possible solutions are outlined in http://codex.wordpress.org/Changing_The_Site_URL.
If this has happened to your WordPress installation, you may be able to recover your blog with the procedure below, which uses the wp-cli command line interface for WordPress.
To change your WordPress site URL with the wp-cli
[ec2-user ~]$ curl localhost | grep wp-contentYou should see references to your old public DNS name in the output, which will look like this (old site URL in red):
<script type='text/javascript' src='http://ec2-52-8-139-223.us-west-1.compute.amazonaws.com/wp-content/themes/twentyfifteen/js/functions.js?ver=20150330'></script>[ec2-user ~]$ curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar/var/www/html or /var/www/html/blog).
[ec2-user ~]$ php wp-cli.phar search-replace 'old_site_url' 'new_site_url' --path=/path/to/wordpress/installation --skip-columns=guid冬春季节,天干物燥,发生火灾机率高,要求做好以下5点及十项必查内容:
1、严禁擅自装修、装饰。如使用圣诞树,应摆放室外,不可通电拉灯;
2、进行一次消防设施维护保养;
3、安全出口及疏散通道保持畅通;
4、内部员工宿舍全面检查(不可私拉电线,使用大功率电器);
5、进行一次员工消防宣传培训;
十项必查内容:
(一)各类建筑(场所)供用电线路均应安装漏电保护开关。开关应选用合格电气产品。
(二)各类建筑(场所)供用电线路均应根据国家电气技术标准,采取穿金属管、封闭式金属线槽或者绝缘阻燃PVC电工套管保护措施。
(三)各类建筑(场所)均应保持楼梯间、疏散通道、安全出口等紧急逃生通道畅通。外墙设置防盗铁栅栏一律拆除,居住类场所确需安装的,应设置长宽净尺寸不小于1米、0.8米且向外开启的紧急逃生口,并设置缓降器、逃生软梯等辅助疏散设施。
(四)住宿场所与其他生产经营性场所合一设置的,必须实施实体墙物理防火分隔。
(五)各类建筑(场所)均不得违规住人,一经发现必须彻底搬离。
(六)各类建筑(场所)内部均严禁电动自行车违规停放或充电,一经发现必须立即清理。
(七)各类建筑(场所)内部均严禁采用木质材料搭建阁楼,一经发现必须强制拆除。
(八)各类建筑(场所)内部均严禁使用彩钢板、聚氨酯泡沫等易燃材料,一经发现必须强制拆除。
(九)群租房必须明确消防安全管理责任。严格《降低群租房火灾风险十项措施》要求,所在建筑应配备消防安全楼长,楼长应由物业服务企业人员或出租人担任,组织建立健全消防安全管理制度,履行日常消防安全管理职责,实施专职管理员夜间巡查措施。住宿3人以上的场所,一律加装独立式火灾报警探测器。住宿30人以上的场所,一律按照标准安装自动灭火、火灾报警等消防设施,明确专人实施24小时值守看护。
(十)建设工程施工现场应落实消防安全保障。严格按照《建设工程施工现场消防技术规范》(GB50720-2011)要求,建立健全消防安全管理制度,明确专人实施现场看护,配置临时消防设施和足够灭火器材,保障临时用水,依法依规实施动火作业,确保施工用电安全。
Because I got a free training account from CloudAcademy.com for 14 days, I took this benefit to self-study the cloud technology during Christmas Holiday. CloudAcademy.com is a on-line learning web site for IT professional to continuously leaning IT. I strongly recommend it to you to try, it is Good Stuff…
I completed the following courses:
– Completion Certificate for Set Up VPC Peering between Amazon Virtual Private Clouds (VPCs)
– Completion Certificate for Introduction to Virtual Private Cloud (VPC)
– Completion Certificate for Diagnose Cancer with an Amazon Machine Learning Classifier
– Completion Certificate for Deploy WordPress using CloudFormation
– Completion Certificate for Automate Image Labeling with Amazon Rekognition
– Completion Certificate for Serverless Web Development with Python for AWS
– Completion Certificate for Securing your VPC using Public and Private subnets
– Completion Certificate for Amazon Machine Learning for Human Activity Recognition
– Completion the Overview of Azure Services Course
– Completion the Introduction to Amazon Web Services (AWS) Course
– Completion the Introduction to Google BigQuery Course
– Completion the AWS Virtual Private Cloud: Subnets and Routing Course
Note:
CloudAcademy.com is a provider-neutral learning platform that helps both companies and individuals learn Cloud Computing technologies. Actually, Cloud computing is changing how people interact with information and knowledge, how developers build applications, and how companies organize and collect data both on and offline. Today, a developer with a great idea has access to the same infrastructure as a Fortune 500 company, and is capable of creating, deploying, and selling a solution that will rival global technology companies.
Although Amazon was the distinct pioneer in this area (and continues to innovate and expand), many other companies have entered the Cloud Computing frontier, such as Microsoft, Google, and Rackspace. What we see today is the birth of the next chapter in IT, where boundless technological resources are available on-demand to whoever needs them.
Changing the very shape of modern computing and the Internet itself, Cloud Computing is a relatively new technology that can be defined in a number of different ways. At its core, however, it just means “running your applications on a computer infrastructure other than your own”. Computing in the Cloud makes many different solutions available to you. Both the tasks and the methods used to achieve them can be quite varied. You might need full infrastructure or perhaps just a back-end where you can build your application – or maybe you just need one narrowly focused service.
The primary distribution method for the AWS CLI on Linux, Windows, and macOS is pip, a package manager for Python that provides an easy way to install, upgrade, and remove Python packages and their dependencies.
Current AWS CLI Version
The AWS CLI is updated frequently with support for new services and commands. To see if you have the latest version, see the releases page on GitHub.
Requirements
Note
Older versions of Python may not work with all AWS services. If you seeInsecurePlatformWarning or deprecation notices when you install or use the AWS CLI, update to a recent version.
If you already have pip and a supported version of Python, you can install the AWS CLI with the following command:
$ pip install awscli --upgrade --userThe --upgrade option tells pip to upgrade any requirements that are already installed. The --user option tells pip to install the program to a subdirectory of your user directory to avoid modifying libraries used by your operating system.
If you encounter issues when you attempt to install the AWS CLI with pip, you can install the AWS CLI in a virtual environment to isolate the tool and its dependencies, or use a different version of Python than you normally do.
Standalone Installers
For offline or automated installations on Linux, macOS, or Unix, try the bundled installer. The bundled installer includes the AWS CLI, its dependencies, and a shell script that performs the installation for you.
On Windows, you can also use the MSI installer. Both of these methods simplify the initial installation, with the tradeoff of being more difficult to upgrade when a new version of the AWS CLI is released.
After you install the AWS CLI, you may need to add the path to the executable file to your PATH variable. For platform specific instructions, see the following topics:
Verify that the AWS CLI installed correctly by running aws --version.
$ aws --version
aws-cli/1.11.84 Python/3.6.2 Linux/4.4.0-59-generic botocore/1.5.47The AWS CLI is updated regularly to add support for new services and commands. To update to the latest version of the AWS CLI, run the installation command again.
$ pip install awscli --upgrade --userIf you need to uninstall the AWS CLI, use pip uninstall.
$ pip uninstall awscliIf you don’t have Python and pip, use the procedure for your operating system:
Sections
This section explains how to configure settings that the AWS Command Line Interface uses when interacting with AWS, such as your security credentials and the default region.
Note
The AWS CLI signs requests on your behalf, and includes a date in the signature. Ensure that your computer’s date and time are set correctly; if not, the date in the signature may not match the date of the request, and AWS rejects the request.
Sections
For general use, the aws configure command is the fastest way to set up your AWS CLI installation.
$ aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLEwJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEYus-west-2jsonThe AWS CLI will prompt you for four pieces of information. AWS Access Key ID and AWS Secret Access Key are your account credentials.
To get the access key ID and secret access key for an IAM user
Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests that you make to AWS. If you don’t have access keys, you can create them from the AWS Management Console. We recommend that you use IAM access keys instead of AWS account root user access keys. IAM lets you securely control access to AWS services and resources in your AWS account.
The only time that you can view or download the secret access keys is when you create the keys. You cannot recover them later. However, you can create new access keys at any time. You must also have permissions to perform the required IAM actions. For more information, see Delegating Permissions to Administer IAM Users, Groups, and Credentials in the IAM User Guide.
Related topics
Default region is the name of the region you want to make calls against by default. This is usually the region closest to you, but it can be any region. For example, type us-west-2 to use US West (Oregon).
Note
You must specify an AWS region when using the AWS CLI. For a list of services and available regions, see Regions and Endpoints. The region designators used by the AWS CLI are the same names that you see in AWS Management Console URLs and service endpoints.
Default output format can be either json, text, or table. If you don’t specify an output format, json is used.
If you have multiple profiles, you can configure additional, named profiles by using the --profile option.
$ aws configure --profile user2
AWS Access Key ID [None]: AKIAI44QH8DHBEXAMPLEje7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEYus-east-1textTo update any of your settings, simply run aws configure again and enter new values as appropriate. The next sections contain more information on the files that aws configure creates, additional settings, and named profiles.
The AWS CLI uses a provider chain to look for AWS credentials in a number of different places, including system or user environment variables and local AWS configuration files.
The AWS CLI looks for credentials and configuration settings in the following order:
AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN.~/.aws/credentials on Linux, macOS, or Unix, or at C:UsersUSERNAME .awscredentials on Windows. This file can contain multiple named profiles in addition to a default profile.~/.aws/config on Linux, macOS, or Unix, or at C:UsersUSERNAME .awsconfig on Windows. This file can contain a default profile, named profiles, and CLI specific configuration parameters for each.最近,工厂有名會計主管離職,可是因為補償問題談不合,雖然他手握一些黑材料,但是公司不願意妥協於這種勒索行為,最後該名主管公開投訴本厂,引來地稅、國稅和海關立案,前來查厂,認真麻煩。現時公司要花錢疏通,比補償给該員工的錢多幾十倍呢!
對此類員工的勒索,應該要衡量利害,千萬不要意氣用事,而立刻拒絕。最重要,是自身要奉公守法,才不怕勒索。
I test to display two 360 panorama photo on web using VR-View plugin in wordpress, as below two picture:
Anyone can be a seller of Odoo ERP/CRM/… system. Its partner can get 10% commission in starting phase, and can get more in future. Check the following youtube video for how it works..