How to Create a Blog

Hey! Welcome to my new cyber security blog. Here I plan on sharing my latest projects, findings, write-ups, and walkthroughs! If you want to know more about me, check out my Whoami page. I thought a good first post on my cyber security blog would be about how to create one, so here we go!

What You Need

• An AWS Account
• A custom domain name
• A few dollars a month
• A want/need to create a blog!

Set Up Your Blog’s Domain

If you’re going to publish your blog to the Internet you’re going to want a public domain name to make it easy to reach. I recommend trying to buy a domain on AWS Route 53 because their prices are consistent, regardless of how desired a domain name may be. Domain privacy is also included for free, keeping the domain owner’s name and address private from the Internet. Their renewal prices stay consistent when it comes time for your yearly renewal too. No increased prices after each year!

Buy a domain on AWS Route 53:

1. Log into your AWS account as an IAM user that has full permissions to the Route 53 service.
2. Go to the Route 53 service at this page: https://us-east-1.console.aws.amazon.com/route53/.
3. Make sure you’re in the us-east-1 AWS region! Route 53 domain registration only works in us-east-1.
4. Go to “Registered Domains” and then “Register Domain”.
5. Here, you can search for your desired domain name and can select from a variety of top-level domains (TLDs).

6. Don’t see the domain or TLD you want? Check on other domain providers on the Internet! You can always transfer a domain from another provider into Route 53. Just make sure Route 53 supports your desired TLD first.
7. Once you have purchased your domain and have it in Route 53, you’re ready to make it official!

Pick Hosting for your Blog

There are two main things to consider when setting up a new blog: (1) What content management system you will use and (2) where you will host it.

Pick a Content Management System for Creating your Blog

When searching for platforms for a new blog, the two names that will consistently come up are WordPress and Medium. WordPress has the advantages of being more configurable and SEO friendly, while Medium has benefits of being easier to use without any hosting needed. There’s also always the debate about who actually owns the content posted on Medium. You or Medium?

In the end, I chose to go with WordPress to host my blog. However, I will be cross-posting to Medium. The extra configuration and SEO ability was important for me, plus I wanted the extra hassle of setting up a hosting server for the learning experience. If I didn’t pick WordPress, this post wouldn’t exist!

Pick a Hosting Provider to Create your Blog On

These days it’s hard to beat the top 3 public cloud providers (AWS, Azure, GCP) for hosting. Any of these could be used but I chose AWS and this blog post will focus on set up in AWS Lightsail. AWS offers Lightsail which brings AWS’s typical IaaS EC2 service to the level of PaaS, making it much cheaper, easier, and faster to get up and running for something like WordPress. Let’s get up and running!

Create Lightsail Instance for the Blog

1. You can get to AWS Lightsail through the link in your regular AWS web portal or by going to https://lightsail.aws.amazon.com/.
2. Click “Create instance”.
3. Select your instance location.
4. Select “Linux/Unix”.
5. Select “WordPress” under “Apps + OS”.

6. Check “Enable Automatic Snapshots”.
7. Select your desired instance type. Usually the lowest or second-lowest tier will be fine to create a blog like this.

8. Name your instance. I highly recommend naming your instance based on your domain. For example, “exampleblog.com” or “blog.example.com”.

9. Create your instance! It will then power on.

Create Static IP Address for the Blog

Your new Lightsail instance will automatically be assigned an IP address, but it is not static and is subject to change. You will want to assign a static IP address so that SSH to your Lightsail instance will stay consistent and your domain will always be pointing to the same IP address. Here’s how:

1. Navigate to the “Networking” tab within the AWS Lightsail dashboard.
2. Click “Create static IP”.
3. In the “Attach to an instance” drop down, select the Lightsail instance you just launched.
4. Name your static IP in a way that it can be easily recognized. Perhaps in the format of “static-ip.exampleblog.com” or similar.
5. Your static IP address is now ready and attached to your Lightsail instance! You can see if WordPress is ready by visiting the IP in a browser.

Create CloudFront Distribution for the Blog

An AWS CloudFront distribution is a content delivery network (CDN) that helps to cache your blog content in multiple physical locations to reduce latency. CloudFront is also necessary to set up HTTPS for your blog. Better speed and better security? Let’s do it!

1. Navigate to the “Networking” tab within the AWS Lightsail dashboard.
2. Click “Create distribution”.
3. In the “Choose your origin” drop down, again select the Lightsail instance you just launched.
4. If prompted to “Use the WordPress cache behavior preset”, click “Yes, apply”.
5. Important: Be sure to edit the “Origin protocol policy” option from “HTTP” to “HTTPS only”.

6. The lowest distribution plan tier should be adequate for a site of this type.
7. Name your distribution in a way that it can be easily recognized. Perhaps in the format of “distribution.exampleblog.com” or similar.
8. Your CloudFront distribution is now ready to go!

Connect to Blog Instance

The great thing about AWS Lightsail is that it has already done the work of setting up WordPress for us. There’s not many reasons for needing to connect to the server directly, except for setting up certificates for HTTPS. Let’s connect to the instance to set this up!

1. On the “Instances” tab of the AWS Lightsail dashboard, click the instance you are working on. A “Connect” tab for the instance will then show.
2. At the bottom of the “Connect” page, a default SSH key is available for download. Download this SSH private key. Take note of the username too.
3. Save this SSH key in the “.ssh” directory of your home directory. This is /home/username/.ssh/ on Linux or C:\Users\usernname\.ssh\ on Windows.
4. Open either a PowerShell or Linux terminal.
5. Run the following command, specifying your IP address and the location of your SSH key:

ssh bitnami@34.194.46.152 -i C:\Users\nicpa\.ssh\LightsailDefaultKey-us-east-1.pem

You are now connected to the server! If you have any issues, make sure your local network is not blocking port 22/tcp outbound. The Lightsail instance allows port 22/tcp inbound by default.

Create DNS Entry for Blog

Now you need to point your custom domain name to your Lightsail instance. For now, you need to point it directly to the IP address of your Lightsail instance, rather than your CloudFront distribution. CloudFront will not work until the entire chain from client to server uses HTTPS, and your server is not configured for HTTPS, yet. The SSL certificate set up will also not work until your DNS resolves, so this is a temporary DNS configuration you need to make. You’ll come back and point it to your CloudFront distribution later. Here we go!

1. Access the AWS Route 53 dashboard in your AWS account.
2. Click “Hosted zones” and then select the domain you will be using for your blog.
3. Click “Create record”.
4. Make sure the type of record is “A” and enter a subdomain if you are using one. If not, just leave the “Record name” field blank.
5. Copy your static IP address from your Lightsail instance and enter it as the “Value” for this DNS record.
6. Finish by clicking “Create records”.
7. Your DNS record will then be ready to go. It points your domain to your Lightsail instance IP address! Visiting your domain should show WordPress.

Create SSL Certificate for the Blog

Setting up certificates for HTTPS can often be confusing and complicated. Luckily, once again AWS Lightsail and Bitnami have made this very easy for us! You’ll make use of Bitnami’s HTTPS Configuration Tool to automatically configure the server with a free Let’s Encrypt certificate. Let’s encrypt!

1. Run the following command in an SSH session with your web server:

sudo /opt/bitnami/bncert-tool

2. You will be prompted for some information to set up your certificate. Type carefully!
3. Enter in your domain name like “exampleblog.com” or “blog.example.com”.
4. When prompted to use “www” subdomains, this is personal preference. You will need to add an additional DNS record. I prefer not to use it.
5. Enter “Y” to Enable HTTP to HTTPS redirection. You never want users of your blog to access it via plaintext HTTP.
6. Enter another “Y” to agree to the changes.
7. Enter your email address.
8. Enter “Y” to agree to the Let’s Encrypt agreement.
9. The script will take a minute or so to automatically configure HTTPS and certificates on your web server.
10. Once the script finishes with “Success”, you’re done with HTTPS! You should now be able to visit your site and be redirected to HTTPS.

Configure HTTPS in CloudFront

Although your site is working great with HTTPS directly on the server, you still need to make use of the CloudFront distribution for the speed and security benefits.

1. Under the “Networking” tab of the AWS Lightsail dashboard, click the CloudFront distribution for your instance.
2. In the menu for your distribution, click the “Custom domains” tab.
3. Under “Certificates”, click “Create certificate”.
4. Enter in the name of your domain as the Primary Domain and click “Create”. You will now need to validate that you own this domain.
5. Access the AWS Route 53 dashboard in your AWS account.
6. Click “Hosted zones” and then select the domain you will be using for your blog.
7. Click “Create record”.
8. Create a “CNAME” record with the record name and value provided in the Lightsail “Custom domains” page.
9. Click “Create records” and give the validation service some time to update. It will see that you added the record and verify your domain ownership.

10. Once your domain is successfully validated, your SSL certificate will be available for use in CloudFront.
11. Simply switch the “Custom domains” switch to the On position, and the SSL certificate will then be in use for your distribution!

Reconfigure DNS for Blog

Now that everything seems to be working, there’s just one more step. Remember, your DNS “A” record is still pointing directly to the IP address of your instance? That means it’s not getting the speed and security benefits of the CloudFront distribution. Let’s change this.

1. Access the AWS Route 53 dashboard in your AWS account.
2. Click “Hosted zones” and then select the domain you will be using for your blog.
3. First, delete the old DNS A record pointing directly to your Lightsail instance IP address.
4. Next, click “Create record”.
5. Make sure the type of record is CNAME and enter a subdomain if you are using one. If not, just leave the “Record name” field blank.
6. Copy the “Default domain” value from your CloudFront distribution in Lightsail. If will look something like: d21sorbb9vb43g.cloudfront.net
7. Enter this copied value as the “Value” for the new CNAME DNS record.
8. Finish by clicking “Create records”.
9. Your DNS record will then be ready to go. It points your domain to your CloudFront Distribution!
10. After some time for DNS records and CloudFront distributions to update, your domain will route through AWS CloudFront.
11. Once it’s working, you will notice that your WordPress site loads extremely fast.
12. You can verify CloudFront is being used by checking that the SSL certificate is issued by Amazon, not Let’s encrypt.

Turn Off IPv6

This is optional. Overall, it’s always best to reduce attack surface by disabling features not being used. IPv6 is one of those features.

1. Disable IPv6 under the “Networking” tab of your Lightsail instance.
2. Also, disable IPv6 under the “Networking” tab of your CloudFront distribution.

Get Started With Your Created Blog!

To begin making use of your WordPress instance and using your blog, visit your site and add a “/wp-admin” to the end of the URL. This will take you to the administrator login for your WordPress instance.

But what’s your username and password? On an SSH session to your Lightsail instance, there is a “bitnami_credentials” file containing initial data. You can print the initial username and password with the following command:

cat ~/bitnami_credentials

Copy and paste these credentials to log in to WordPress as the administrator and get started!

Basic Security

Right from the start you’ll want to implement these basic WordPress security measures:

1. Change the default administrator password to something new. Ensure the new password is long and complex.
2. Turn on automatic updates for WordPress core and all WordPress plugins.
3. Make sure regular snapshot backups are working properly in your Lightsail dashboard. I recommend taking a manual snapshot at this point too.

From Here

Wow, this was a long first post. I hope it helps anyone interested in creating a blog. I’m excited to continue with more posts on my blog about other projects, discoveries, and studies that I make!