AWS Raw WebDNA LAMP-Plus WebServer

Amazon Web Services (AWS) README for Machine Image ID

About this Document:
Amazon Web Services (AWS) README for Machine Image ID (AMI ID): ami-9504b4fc
Created by Donovan Brooke - Sept. 2012

AMI ID: ami-9504b4fc
AMI Name: WebDNA_Server-LAMP_Plus
AMI Description: Ubuntu_Server-12.04-LTS-x86_64-WebDNA_6.2.1-Apache2-MySQL_Serv-PHP5-ProFTPD-Webalizer
Base AMI ID: ami-a29943cb
WebDNA 6x Developers Lic. Installed: WDEV-5aMT-bla0-eiCL-lLIC

Installed Applications (The exact 'history' of the installs is appended to this document):
- WebDNA (6.2.1)
- Apache2 (2.2.22)
- MySQL-Server (no password)
- PHP5 (5.3.10-1ubuntu3.4)
- Bind9
- Webalizer
- phpmyadmin (not configured, see 'man phpmyadmin')
- ProFTPD (not configured, see 'man proftpd')
end description-------------------------------------------------------------------------

** Initial Notes ** ================================================================
- Access your AMI instance using SSH with the default username 'ubuntu' (instead of root).

** You can get your access info in the AWS Console by right clicking on your instance
and selecting 'connect'. This will bring up a connection box. Click on the Arrow next
to 'connect with a standalone SSH client'. Copy and paste the connection info into
your local terminal to connect (changing 'root' to 'ubuntu' first).

- After starting the instance, you can test that your webserver is working by
extracting the I.P. address out of the 'connect' information and plugging that into a
browser. For example, if your connect info is:
'ssh -i dbkey.pem'
Then your IP would be: '' and you can test your instance by plugging
'' into your browser.

- ** in going "live production" with your server, see the 'OVERVIEW' section below. **

SECURITY (3 Important Steps):---------------------------------------------------------

Upon your instance being started, you will want to secure certain aspects
of your server. These are:

1.) Create a new administrive username. (This is optional, but it is our recommendation
to change the default user to a custom administrative user.

To add a new administrative user, type:
'sudo adduser --ingroup admin [username]'

Then create your SSH Public/Private Key Pairs in order to give access to your new user.

(Key Pairs are considered more secure than a potentially crackable username and password,
but don't lose your local key!)

To create and configure your key pairs, reference:
(If the link goes away, just google 'Generating RSA Keys ubuntu')

Once done, log out of the ubuntu user account and test your login with the new admin user.

Try to morph to superuser with your new user as well ('sudo su')

Once you have successfully tested the new administrative user, you can delete your
original 'ubuntu' user.

As 'sudo su', type:

'deluser --remove-home ubuntu'

You now are left with your one custom administrative user. Note, you will now log
into your instance without the .pem file via ssh. (ssh [yournewuser]@[thedomain_or_IP])

2.) Set your MySQL root password (via terminal).
'mysql -u root -p'
[just hit return without a password]

You should now have a prompt like 'mysql>'

Set your password so you can't do what you just did (replace '[YOURNEWPASSWORD]' below):

First, select your database:
mysql> 'use mysql;'
mysql> 'UPDATE user SET Password=PASSWORD('[YOURNEWPASSWORD]') WHERE User='root';'
mysql> 'flush privileges;'
mysql> 'quit;'

You can test that you successfully secured mysql by typing: 'mysql -u root -p' again
and trying to log in without a password. Try it again to make sure you *can* log in
with the new password.

Thats it! Optionally, you can setup a non-root user if you wish, as well as review
the users that are currently registered to make sure it is secure. Google 'securing MySQL'
for more info.

3.) Secure WebDNA:
- go to: http://[your_domain_or_IP]/WebCatalog/ in your browser.
(https if you install a secure certificate first)
- click on 'security' and at the prompt enter user 'admin' and password 'admin'.
- click on 'display all users' and then click on 'Set Password' on the admin line.
- You may also want to change the default password for price changes, though it can
 be later when you actually use it. Click on 'preferences', then scroll down to
 'price change password' to change that.

4.) Your server is now secure. From here, you may want to configure the rest of your
applications that are installed by default. type 'man [the_application]' to start.

end security------------------------------------------------------------------------------

This is a raw LAMP plus WebDNA Server that includes website extras. It is based off
of AMI ID: a29943cb which is a Ubuntu 12.04 (LTS) x86_64 bit OS. It has been updated
and safe-upgraded to Sept 17 2012.

 " Just fire it up, perform a couple security fixes, and start using it for
 free (other than AWS infrastructure fees) to develop your websites and/or
 develop in WebDNA!

With the free WebDNA Developers License already installed, you can build and test all
your content without paying a dime to WSC. Once you want to go live, just visit to purchase the *server* license that fits your needs the
best. The production license takes away the 3-connection limit.

After installing the items above, the server was hardened according to
Amazons specifications by removing bash history, SSH Keys, etc.
end overview------------------------------------------------------------------------------

Bash History of Installation:-------------------------------------------------------------
1 aptitude update
2 aptitude safe-upgrade
3 aptitude install apache2
4 aptitude install mysql-server
5 aptitude install php5
6 aptitude install bind9
7 aptitude install proftpd
8 aptitude install phpmyadmin
9 aptitude install webalizer
10 man webalizer
11 getenforce
12 cd /tmp/
13 ls -la
14 tar -xzf WebDNA-Linux-6.2.1.tar.gz
15 cd WebDNA-6.2.1/
16 ls
17 ./
18 dpkg --get-selections |grep openssl
19 ln -s ../init.d/WebCatalogCtl /etc/rc2.d/K03WebCatalog
20 ln -s ../init.d/WebCatalogCtl /etc/rc3.d/K03WebCatalog
21 ln -s ../init.d/WebCatalogCtl /etc/rc5.d/K03WebCatalog
22 ln -s ../init.d/WebCatalogCtl /etc/rc2.d/S90WebCatalog
23 ln -s ../init.d/WebCatalogCtl /etc/rc3.d/S90WebCatalog
24 ln -s ../init.d/WebCatalogCtl /etc/rc5.d/S90WebCatalog
end history------------------------------------------------------------------------------

This server AMI is offered to the public free of charge (other than AWS fees) and without warranty. Use at
your own risk. Though WebDNA Software Corporation provides instructions on basic security, it
is ultimately up to the administrator to make sure the server is and remains secure. WebDNA Software
Corporation cannot be held liable for any damages done in using this virtual server.

For additional help, WebDNA Software Corporation may be hired as a service. However, WebDNA Software
Corporation is not obligated to provide service for this virtual server.


Donovan Brooke


Top Articles:

AWS Raw WebDNA LAMP-Plus WebServer

Amazon Web Services (AWS) README for Machine Image ID...

WebDNA Libraries

A list of available libraries for WebDNA...

WebDNA Modules

A list of the currently available modules...


A compilation of some user's questions...

Tips and Tricks

A list of user-submitted tips ...

Technical Change History

This Technical Change History provides a reverse chronological list of WebDNA changes...

Related Readings:

Using a simple Array of Variables with [interpret]

The [interpret] context is very powerful command in the hands of a skilled WebDNA programmer...

Handling credit card numbers

Encrypting the credit card numbers does the job quite nicely...

Database backup

How to make a backup of your databases...

Spaghetti code

How to get rid of very long search strings...


Use ImageMagick to manipulate images when you upload them...

Setting a 30-minute Cookie

Configuring the expires time for a short-term cookie is tricky...