Skip to main content

Amazon EC2 instance with LAMP and Git and multiple Git collaborators

Brace yourself, this is going to be --long. I'm not going to explain a lot. I basically followed what was here, but procedures are outdated and can be confusing if you don't know what you're doing.

I'm just going to give an overview of what's different from that page now:
  •  When you launch a new EC2 instance, the wizard is now different. You will no longer have a choice between "Classic Wizard", "Quick Launch Wizard" etc.
  • Select Ubuntu server 14.04 64-bit with HVM (not PV).
  • Remember to add an EBS volume or expand the root volume. I don't recommend expanding root volume, but rather to use another volume to store your data. That way you can wipe you root volume and start over again without data loss. (I almost did, coz I stupidly sudo rm * in an important directory - but I managed to recover.)
  • You won't be creating key pairs in the wizard itself. You will be asked to do so after you click on Launch to start up the instance. The procedure to create key pair is still the same.
  • Remember to convert the downloaded *.pem file to *.ppk if you want to use PuTTY (my favorite SSH client). There are separate guides available for it.
  • WARNING! Half of the commands shown in the guide are to be executed in the local machine, with the other half on the EC2 instance. The guide assumes that your local machine is a Unix/Linux machine, but I'm on Windows. The local machine commands become unnecessary if you're on Windows, and procedures to achieve similar results would be different. For one thing, there's absolutely no notion of "Unix-style permissions" in Windows. If you have a hard time figuring out, here's a rough guide:
    • "Connect to server with your PEM Key using SSH" - commands for local machine. Not needed on Windows as you will use PuTTY or some graphical client.
    • "Install Linux Apache MySQL PHP (LAMP) Server" - commands for EC2 instance. Just run them once connected by PuTTY.
    • "Connecting with SSH without a PEM key" - commands for local machine. I actually skipped this entire section because I don't mind using the PEM key to connect to shell. For Git access, I set up additional user accounts which have password access and are limited to git-shell. More on that below. If you want to do this anyway, you will need to do this on Windows - and yes, you will need to figure out how - or just use PuTTYgen (easy peasy!).
    • "Setup GIT for web deployment and version control" - mostly commands for EC2 instance, until it says "local computer". This section should not be followed ditto as it's showing you how to set up a bare Git repo as well as live Git repo, and to link them so they are updated together. Be sure to understand the section well. The mod_rewrite commands at the end are also for EC2 instance.
  • The guide uses editors like nano and vi. I stick to using vim for all required edits as it's awesome. If you don't know how to use vim, you should learn. Just Google "vim cheatsheet" and you'll get a lot.
  • The added volume will need to be formatted and mounted manually. For this, see the answer here.
Outside the guide, I also set up users for each person I am going to collaborate with (including myself). Here's how I did that (following some parts of this guide, but my users will have write access):
  1. To make things easier, create a group where you will add your Git users. Let's call this group gitusers. So just run sudo addgroup gitusers.
  2. We will create the users one by one and add them to our gitusers group:
    sudo adduser username --ingroup gitusers --shell /usr/bin/git-shell
    • Be sure to replace username with the actual username of each user. Execute once per user.
    • The --shell part is important so that your new user can only do Git stuff, and not SSH into the server with terminal access.
    • Every time you need to add another user, just do this again. To remove a user, you can deluser or just move the user out of the gitusers group.
  3. Allow password-based authentication for your Git users. Note that you can also set up public-private keys as described in "Connecting with SSH without a PEM key", but I chose to go with a password route. To do this, I enable password-based authentication for only the gitusers group.
    1. Edit using sudo vim (or whatever) the file /etc/ssh/sshd_config
    2. At the end of the file, add this: (vim tip: press Shift-G to quickly go there, then press i and start typing)
      Match Group gitusers
              PasswordAuthentication yes
    3. Save (vim tip: press Esc to exit Insert mode, then type :wq Enter)
    4. Execute sudo service ssh restart so that ssh will pick up the changes.
  4. Remember you changed owner to ubuntu for two folders in "Setup GIT for web deployment and version control"? You need to change the group and add group write permissions to the same two folders, like this:
    sudo chgrp -R gitusers /var/git/
    sudo chgrp -R gitusers /var/www/
    sudo chmod -R g+w /var/git/
    sudo chmod -R g+w /var/www/
  5. That's it. If you ever need read-only Git users, just create another group for them and give the group password-based authentication in sshd_config:
    Match Group gitusers,gitreadonly
    Create the users the same way, except change to --ingroup gitreadonly.
  6. When you clone a git repo to a local machine on a command line, connect by ssh as follows:
    git clone ssh://username@hostname-or-ip-address/path/to/the/repository.git
    For a GUI tool, provide repo URL as above (without the git clone part).


Better to install extundelete using sudo apt-get install extundelete so that you can run it if ever you accidentally rm some important file. I accidentally rm'ed the entire /etc/ssh folder contents losing everything, but managed to recover them using this tool.

I also set up and used No-IP service to give my instance a fixed name, so it's reachable by same host name even if I stop and restart it. To have noip2 always start at boot, do sudo crontab -e and add the line:
@reboot sleep 30 && /usr/local/bin/noip2

That's it!


Popular posts from this blog

Disable auto save in JetBrains IDE software (IntelliJ IDEA, PyCharm, PhpStorm)

JetBrains provides the following IDE software:
IntelliJ IDEAPhpStormPyCharmRubyMineWebStormAppCodeCLion Google also provides Android Studio which is powered by the IntelliJ platform.

If you come from a different IDE such as Eclipse, you will be unpleasantly surprised to find that JetBrains-branded IDEs automatically save everything the moment you look away. The proponents argue that as you work on your project, you should not have to worry about saving files. But to others, this auto-save behavior which is enabled by default is a curse that catches them by surprise, and a shocking departure from the workflow they are very much used to.

You can change the behavior by altering some settings.

Stop having to click Unblock on every downloaded file

CAUTION: The blocking of downloaded files in Windows is a security and safety feature to help prevent your computer from being infected by viruses and other malware. Only disable this feature if you know what you're doing.

I had been plagued by this annoyance since the days of Windows Vista. Any downloaded file, no matter what browser I use, gets tagged as "blocked" by Windows. You can open downloaded documents even though they are blocked, but when you run a downloaded application (such as a setup file) you're presented with a "Security Warning" before you're allowed to run it. It's worse if you extract a downloaded ZIP file with the Windows' built-in ZIP management. Every extracted file is blocked by default.

Being a geek who finds unnecessary "security" prompts annoying, the first thing I do in Windows is to disable the User Account Control (UAC). But I couldn't quite figure out how to disable blocking of downloaded files until …

Setting up a local Oracle XE database and importing DMP file

The experience of setting up a local Oracle Express Edition database is not a straight-forward as it should be. The following is supposed to outline what could go wrong and how to go about it the right way. It also includes importing a DMP file (a dump) from another system.
First of all, download the installer from Oracle website. You will need to sign-in to download - the account creation is free. Be sure to choose the correct bit as per your computer (x64 or x86).Extract the download and install XE by running DISK1\setup.exe (and feel nostalgic of the floppy disk era). During installation, you will need to choose a new password. There will also be some details displayed after you enter the new password, such as folders and ports.Be sure to save both password and details in a text file for future reference.I saved it as C:\oraclexe\details.txt.Save password only if it's generic and you are likely to forget. The installation will take a while, but usually, no restart is necessary.O…