The t2.nano instance type does not come as well configured at the t2.micro, so if you want to run WordPress on one of these instances you will need to a bit more leg work. Assuming you have chosen Amazon Linux you should be able to get everything up and running with the commands below.
Install PHP, MySql and httpd
sudo yum groupinstall -y "PHP Support" (be careful, this will only install php 5.3, which is a tad old) sudo yum install php-mysql sudo yum install httpd sudo yum install php55-mysqlnd (this is needed with newer versions of php)
Delete the welcome page as it will give you trouble
sudo rm /etc/httpd/conf.d/welcome
Install WordPress
Follow the WordPress installation guide to install WordPress. If re-using a DB create a new schema in MySQL or create a new server. The WordPress installation guide will tell you where to stick the credentials.
Install SSL:
sudo yum install mod_ssl
Run a SSL test to see what rating your server will get. You will probably get a B because Apache by default allows SSL v3, which is dead and RC4, which is weak. Run the test anyhow to see where your configration is at before hardening it.
https://www.ssllabs.com/ssltest/
Update ssl.config
sudo vi /etc/httpd/conf.d/ssl.conf
Remove SSL3 because it’s broken
#remove SSL v3 SSLProtocol all -SSLv2 -SSLv3
Turn on Cipher order
#turn on cipher order SSLHonorCipherOrder on
Adjust the available ciphers (note, when copying and pasting into vi you need to get rid of the invalid space and new line chars)
#remove RC4 from cipher list SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+ SHA256 EECDH+aRSA EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4 RC4+RSA"
And finally provide the location of the keys to be used during SSL
#location to certificate file SSLCertificateFile /etc/pki/tls/certs/<certificate file name>.crt SSLCertificateKeyFile /etc/pki/tls/private/<prive key file name>.key SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crti
At this point it would pay to move the localhost.key and .cert files to a backup folder or delete them all together. Update Apache Config to redirect all traffic to HTTPS
sudo vi /etc/httpd/conf/httpd.conf
Modify the Virtual Host to redirect everything to https:
<VirtualHost *:80>
Redirect permanent / https://<your domain>
</VirtualHost>
Add the following to the SSL Virtual Host
sudo vi /etc/httpd/conf.d/ssl.conf
Modify the HTTPS Virtual host so that it always forces SSL
<VirtualHost _default_:443> #force HTTPS usage. Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains"
Restart Apache
sudo service httpd restart
Re-run the test
https://www.ssllabs.com/ssltest/
Some useful configurations
If you are missing the .htaccess file then you have to tell WordPress to download the updates explicitly, otherwise it will try to get you to update via FTP.
#to force direct update, over ftp define( 'FS_METHOD', 'direct' );
#increase memory for php define( 'WP_MEMORY_LIMIT', '64M' );
If you want image cropping (if you are seeing something like this: “There has been an error cropping your image”) then you will need something like this:
sudo yum install php<php version>-gd #eg yum install php55-gd
sudo amazon-linux-extras install php7.2
SSH to EC2 killing consoles
sudo vi /etc/ssh/ssh_config#under Host *ServerAliveInterval 240
Make sure HTTPD starts in reboot
sudo chkconfig httpd on
Change the host name
vi /etc/sysconfig/network
https://gist.github.com/sl-digital/9838411#file-amazon-linux-ami-php55-L23
add to .htaccess Options All -Indexes this is to prevent the display of WP directories
https://www.danielmorell.com/guides/htaccess-seo/redirects/https-www-and-trailing-slash
// disable WordPress’s Canonical URL Redirect feature
remove_filter(‘template_redirect’,’redirect_canonical’);