For those that blog with WordPress and want to consider a good backup solution for their blog, there are a few options out there. However, one that is pretty straightforward and seamless is Vaultpress. It takes the heavy lifting out of backing up your WordPress files and database. However, when it comes to information on how to get it configured with a site running on an AWS EC2 instance and SSH access, the details are a bit thin. The following post will detail how to connect Vaultpress AWS EC2 instance via SSH that has WordPress running. Vaultpress can backup a site without SSH or other connectivity running just by having the plugin installed and your API key configured. However, for restore functionality you will need to have SSH or other protocol connectivity configured.
Connect Vaultpress AWS EC2 instance
There are a few steps that need to be worked through to get Vaultpress up and running:
- First, you need to signup
- Install the plugin and your API key
- Connect Vaultpress via SSH or other means to EC2
- Add a vaultpress specific user (don’t have to do this, but it is good practice, along with very strong password)
Adding a user
The particular environment I am using is an Ubuntu based VM in AWS. So below are the steps I used to get a new user added as well as the SSH key provided by Vaultpress added to the new user. Typically, you would have to generate a new keypair for the new user. However, when you signup with Vaultpress, it will create a keypair for you and will display the public key you need for using with the new user setup.
Login as your ubuntu user and add a new user of your choosing for Vaultpress to connect with.
ubuntu@ec-2:$ sudo adduser backup
Follow the prompts. It will ask you to add a password as well as firstname, phone number, office number etc. Besides the password, you can just hit ENTER past these prompts.
Add your new user to the sudoers file:
ubuntu@ec-2:$ sudo visudo
Add the following line to after the comment line, “User privilege specification”:
backup ALL=(ALL:ALL) ALL
Change to our new user:
ubuntu@ec-2:$ sudo su backup
We need to create a .ssh/authorized_keys file for our new user. Make sure you are in your home directory:
ubuntu@ec-2:$ mkdir .ssh ubuntu@ec-2:$ chmod 700 .ssh ubuntu@ec-2:$ touch .ssh/authorized_keys ubuntu@ec-2:$ chmod 600 .ssh/authorized_keys
Now, we need to get the public key that Vaultpress has generated for us and plug it into the .ssh/authorized_keys file that we just created. Go to your settings page in Vaultpress and select SSH and hit the Show Public Key button. Copy all the text, including the ssh-rsa in the beginning, but exclude the “Vaultpress” text at the end.
AWS EC2 Network Security
You will need to allow Vaultpress to connect in your AWS EC2 security group if you are restricting SSH – and you should be. Add a new rule to allow SSH access to Vaultpress CIDR range. Take a look at the Vaultpress post here on those ranges https://help.vaultpress.com/connection-issues/
If you are not familiar with security groups or how to add rules to them, check out the detailed post here on how to get the groups setup and add rules: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#security-group-rules
After you get the user name, password and public key setup on the EC2 side, you should be able to test your connection and save your credentials. You will see the “green” status on SSH and that you are connected:
Make sure the user you create for Vaultpress has both read and write permissions on the files you want to backup/restore.
After getting the user to connect Vaultpress AWS EC2 instance, the plugin and service is pretty hands off. The Lite version which is the cheapest solution is $5 a month and is quite a bit of security for that price – daily backups, offsite backups, 30 day history of backups, etc. Hopefully, the above post will help any who run WordPress on EC2 to be able to connect Vaultpress up with AWS.